From 686becb94de94cc36132c1d65ec3204a3bc3814d Mon Sep 17 00:00:00 2001 From: Fenil Savani Date: Tue, 16 Jun 2026 12:32:08 +0530 Subject: [PATCH 1/2] change in ui page of Function App data connector --- .../BitSight_API_FunctionApp.json | 60 +- Solutions/BitSight/Package/3.2.0.zip | Bin 50129 -> 50423 bytes Solutions/BitSight/Package/mainTemplate.json | 16674 ++++++++-------- Solutions/BitSight/ReleaseNotes.md | 2 +- 4 files changed, 8332 insertions(+), 8404 deletions(-) diff --git a/Solutions/BitSight/Data Connectors/BitSightDataConnector/BitSight_API_FunctionApp.json b/Solutions/BitSight/Data Connectors/BitSightDataConnector/BitSight_API_FunctionApp.json index 758b02030db..541e7ca8c14 100644 --- a/Solutions/BitSight/Data Connectors/BitSightDataConnector/BitSight_API_FunctionApp.json +++ b/Solutions/BitSight/Data Connectors/BitSightDataConnector/BitSight_API_FunctionApp.json @@ -2,7 +2,7 @@ "id": "BitSight", "title": "Bitsight data connector", "publisher": "BitSight Technologies, Inc.", - "descriptionMarkdown": "The [BitSight](https://www.BitSight.com/) Data Connector supports evidence-based cyber risk monitoring by bringing BitSight data in Microsoft Sentinel.", + "descriptionMarkdown": "The [BitSight](https://www.BitSight.com/) Data Connector supports evidence-based cyber risk monitoring by bringing BitSight data into Microsoft Sentinel using the [Logs Ingestion API](https://learn.microsoft.com/azure/azure-monitor/logs/logs-ingestion-api-overview).", "graphQueries": [ { "metricName": "Total Alerts data received", @@ -236,30 +236,27 @@ "read": true, "delete": true } + } + ], + "customs": [ + { + "name": "Microsoft.Web/sites permissions", + "description": "Read and write permissions to Azure Functions to create a Function App is required. [See the documentation to learn more about Azure Functions](https://docs.microsoft.com/azure/azure-functions/)." }, { - "provider": "Microsoft.OperationalInsights/workspaces/sharedKeys", - "permissionsDisplayText": "read permissions to shared keys for the workspace are required. [See the documentation to learn more about workspace keys](https://docs.microsoft.com/azure/azure-monitor/platform/agent-windows#obtain-workspace-id-and-key).", - "providerDisplayName": "Keys", - "scope": "Workspace", - "requiredPermissions": { - "action": true - } + "name": "Permission to assign a role to the registered application", + "description": "Permission to assign a role to the registered application in Microsoft Entra ID is required." + }, + { + "name": "REST API Credentials/permissions", + "description": "BitSight API Token is required. See the documentation to [learn more](https://help.bitsighttech.com/hc/en-us/articles/115014888388-API-Token-Management) about API Token." } - ], - "customs": [{ - "name": "Microsoft.Web/sites permissions", - "description": "Read and write permissions to Azure Functions to create a Function App is required. [See the documentation to learn more about Azure Functions](https://docs.microsoft.com/azure/azure-functions/)." - }, - { - "name": "REST API Credentials/permissions", - "description": "BitSight API Token is required. See the documentation to [learn more](https://help.bitsighttech.com/hc/en-us/articles/115014888388-API-Token-Management) about API Token." - } ] }, - "instructionSteps": [{ + "instructionSteps": [ + { "title": "", - "description": ">**NOTE:** This connector uses Azure Functions to connect to the BitSight API to pull its logs into Microsoft Sentinel. This might result in additional data ingestion costs. Check the [Azure Functions pricing page](https://azure.microsoft.com/pricing/details/functions/) for details." + "description": ">**NOTE:** This connector uses Azure Functions to connect to the BitSight API to pull its logs into Microsoft Sentinel using the Logs Ingestion API (DCR). This might result in additional data ingestion costs. Check the [Azure Functions pricing page](https://azure.microsoft.com/pricing/details/functions/) for details." }, { "title": "", @@ -287,30 +284,11 @@ }, { "title": "", - "description": "**STEP 6 - Choose ONE from the following two deployment options to deploy the connector and the associated Azure Function**\n\n>**IMPORTANT:** Before deploying the BitSight data connector, have the Workspace ID and Workspace Primary Key (can be copied from the following) readily available.., as well as the BitSight API Token.", - "instructions": [{ - "parameters": { - "fillWith": [ - "WorkspaceId" - ], - "label": "Workspace ID" - }, - "type": "CopyableLabel" - }, - { - "parameters": { - "fillWith": [ - "PrimaryKey" - ], - "label": "Primary Key" - }, - "type": "CopyableLabel" - } - ] + "description": "**STEP 6 - Choose ONE from the following two deployment options to deploy the connector and the associated Azure Function**\n\n>**IMPORTANT:** Before deploying the BitSight data connector, have the BitSight API Token and Azure credentials (Client ID, Client Secret, Tenant ID, Object ID) readily available." }, { "title": "Option 1 - Azure Resource Manager (ARM) Template", - "description": "Use this method for automated deployment of the BitSight connector.\n\n1. Click the **Deploy to Azure** button below. \n\n\t[![Deploy To Azure](https://aka.ms/deploytoazurebutton)](https://aka.ms/sentinel-BitSight-azuredeploy)\n2. Select the preferred **Subscription**, **Resource Group** and **Location**. \n3. Enter the below information : \n\n\t a. **FunctionName** - Name of the Azure Function App to be created. Default is BitSight. \n\n\t b. **API_token** - Enter API Token of your BitSight account. \n\n\t c. **Azure_Client_Id** - Enter Azure Client Id that you have created during app registration. \n\n\t d. **Azure_Client_Secret** - Enter Azure Client Secret that you have created during creating the client secret. \n\n\t e. **Azure_Tenant_Id** - Enter Azure Tenant Id of your Microsoft Entra ID. \n\n\t f. **Azure_Entra_Object_Id** - Enter Object id of your Microsoft Entra App. \n\n\t g. **Companies** - Please add valid company names separated by asterisk(*). For example: Actors Films*Goliath Investments LLC*HCL Group*Saperix, Inc. \n\n\t h. **Location** - The location in which the data collection rules and data collection endpoints should be deployed. \n\n\t i. **WorkspaceName** - Log analytics workspace name. Can be found under Log analytics \"Settings\". \n\n\t j. **Portfolio_Companies_Table_Name** - Name of the table to store portfolio companies. Default is BitsightPortfolio_Companies. Please do not keep this field as empty else you will get validation error. \n\n\t k. **Alerts_Table_Name** - Name of the table to store alerts. Default is BitsightAlerts_data. Please do not keep this field as empty else you will get validation error. \n\n\t l. **Breaches_Table_Name** - Name of the table to store breaches. Default is BitsightBreaches_data. Please do not keep this field as empty else you will get validation error. \n\n\t m. **Company_Table_Name** - Name of the table to store company details. Default is BitsightCompany_details. Please do not keep this field as empty else you will get validation error. \n\n\t n. **Company_Rating_Details_Table_Name** - Name of the table to store company rating details. Default is BitsightCompany_rating_details. Please do not keep this field as empty else you will get validation error. \n\n\t o. **Diligence_Historical_Statistics_Table_Name** - Name of the table to store diligence historical statistics. Default is BitsightDiligence_historical_statistics. Please do not keep this field as empty else you will get validation error. \n\n\t p. **Diligence_Statistics_Table_Name** - Name of the table to store diligence statistics. Default is BitsightDiligence_statistics. Please do not keep this field as empty else you will get validation error. \n\n\t q. **Findings_Summary_Table_Name** - Name of the table to store findings summary. Default is BitsightFindings_summary. Please do not keep this field as empty else you will get validation error. \n\n\t r. **Findings_Table_Name** - Name of the table to store findings data. Default is BitsightFindings_data. Please do not keep this field as empty else you will get validation error. \n\n\t s. **Graph_Table_Name** - Name of the table to store graph data. Default is BitsightGraph_data. Please do not keep this field as empty else you will get validation error. \n\n\t t. **Industrial_Statistics_Table_Name** - Name of the table to store industrial statistics. Default is BitsightIndustrial_statistics. Please do not keep this field as empty else you will get validation error. \n\n\t u. **Observation_Statistics_Table_Name** - Name of the table to store observation statistics. Default is BitsightObservation_statistics. Please do not keep this field as empty else you will get validation error. \n\n\t v. **LogLevel** - Select log level or log severity value from DEBUG, INFO, ERROR. By default it is set to INFO. \n\n\t w. **Schedule** - Please enter a valid Quartz cron-expression. (Example: 0 0 * * * *). \n\n\t x. **Schedule_Portfolio** - Please enter a valid Quartz cron-expression. (Example: 0 */30 * * * *). \n\n\t y. **AppInsightsWorkspaceResourceID** - Use 'Log Analytic Workspace-->Properties' blade having 'Resource ID' property value. This is a fully qualified resourceId which is in format '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}'. \n4. Once all application settings have been entered, click **Review + create** to deploy.." + "description": "Use this method for automated deployment of the BitSight connector.\n\n1. Click the **Deploy to Azure** button below. \n\n\t[![Deploy To Azure](https://aka.ms/deploytoazurebutton)](https://aka.ms/sentinel-BitSight-azuredeploy)\n2. Select the preferred **Subscription**, **Resource Group** and **Location**. \n3. Enter the below information : \n\n\t a. **FunctionName** - Name of the Azure Function App to be created. Default is BitSight. \n\n\t b. **API_token** - Enter API Token of your BitSight account. \n\n\t c. **Azure_Client_Id** - Enter Azure Client Id that you have created during app registration. \n\n\t d. **Azure_Client_Secret** - Enter Azure Client Secret that you have created during creating the client secret. \n\n\t e. **Azure_Tenant_Id** - Enter Azure Tenant Id of your Microsoft Entra ID. \n\n\t f. **Azure_Entra_Object_Id** - Enter Object id of your Microsoft Entra App. \n\n\t g. **Companies** - Please add valid company names separated by asterisk(*). For example: Actors Films*Goliath Investments LLC*HCL Group*Saperix, Inc. \n\n\t h. **Location** - The location in which the data collection rules and data collection endpoints should be deployed. \n\n\t i. **WorkspaceName** - Log analytics workspace name. Can be found under Log analytics \"Settings\". \n\n\t j. **Portfolio_Companies_Table_Name** - Name of the table to store portfolio companies. Default is BitsightPortfolio_Companies. Please do not keep this field as empty else you will get validation error. \n\n\t k. **Alerts_Table_Name** - Name of the table to store alerts. Default is BitsightAlerts_data. Please do not keep this field as empty else you will get validation error. \n\n\t l. **Breaches_Table_Name** - Name of the table to store breaches. Default is BitsightBreaches_data. Please do not keep this field as empty else you will get validation error. \n\n\t m. **Company_Table_Name** - Name of the table to store company details. Default is BitsightCompany_details. Please do not keep this field as empty else you will get validation error. \n\n\t n. **Company_Rating_Details_Table_Name** - Name of the table to store company rating details. Default is BitsightCompany_rating_details. Please do not keep this field as empty else you will get validation error. \n\n\t o. **Diligence_Historical_Statistics_Table_Name** - Name of the table to store diligence historical statistics. Default is BitsightDiligence_historical_statistics. Please do not keep this field as empty else you will get validation error. \n\n\t p. **Diligence_Statistics_Table_Name** - Name of the table to store diligence statistics. Default is BitsightDiligence_statistics. Please do not keep this field as empty else you will get validation error. \n\n\t q. **Findings_Summary_Table_Name** - Name of the table to store findings summary. Default is BitsightFindings_summary. Please do not keep this field as empty else you will get validation error. \n\n\t r. **Findings_Table_Name** - Name of the table to store findings data. Default is BitsightFindings_data. Please do not keep this field as empty else you will get validation error. \n\n\t s. **Graph_Table_Name** - Name of the table to store graph data. Default is BitsightGraph_data. Please do not keep this field as empty else you will get validation error. \n\n\t t. **Industrial_Statistics_Table_Name** - Name of the table to store industrial statistics. Default is BitsightIndustrial_statistics. Please do not keep this field as empty else you will get validation error. \n\n\t u. **Observation_Statistics_Table_Name** - Name of the table to store observation statistics. Default is BitsightObservation_statistics. Please do not keep this field as empty else you will get validation error. \n\n\t v. **LogLevel** - Select log level or log severity value from DEBUG, INFO, ERROR. By default it is set to INFO. \n\n\t w. **Schedule** - Please enter a valid Quartz cron-expression. (Example: 0 0 * * * *). \n\n\t x. **Schedule_Portfolio** - Please enter a valid Quartz cron-expression. (Example: 0 */30 * * * *). \n\n\t y. **AppInsightsWorkspaceResourceID** - Use 'Log Analytic Workspace-->Properties' blade having 'Resource ID' property value. This is a fully qualified resourceId which is in format '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}'. \n4. Mark the checkbox labeled **I agree to the terms and conditions stated above**. \n5. Click **Review + Create** and then **Create** to deploy." }, { "title": "Option 2 - Manual Deployment of Azure Functions", @@ -325,4 +303,4 @@ "description": "**2. Configure the Function App**\n\n1. In the Function App, select the Function App Name and select **Configuration**.\n2. In the **Application settings** tab, select **+ New application setting**.\n3. Add each of the following application settings individually, with their respective values (case-sensitive): \n\n\t a. **FunctionName** - Name of the Azure Function App to be created. Default is BitSight. \n\n\t b. **API_token** - Enter API Token of your BitSight account. \n\n\t c. **Azure_Client_Id** - Enter Azure Client Id that you have created during app registration. \n\n\t d. **Azure_Client_Secret** - Enter Azure Client Secret that you have created during creating the client secret. \n\n\t e. **Azure_Tenant_Id** - Enter Azure Tenant Id of your Microsoft Entra ID. \n\n\t f. **Azure_Entra_Object_Id** - Enter Object id of your Microsoft Entra App. \n\n\t g. **Companies** - Please add valid company names separated by asterisk(*). For example: Actors Films*Goliath Investments LLC*HCL Group*Saperix, Inc. \n\n\t h. **Location** - The location in which the data collection rules and data collection endpoints should be deployed. \n\n\t i. **WorkspaceName** - Log analytics workspace name. Can be found under Log analytics \"Settings\". \n\n\t j. **Portfolio_Companies_Table_Name** - Name of the table to store portfolio companies. Default is BitsightPortfolio_Companies. Please do not keep this field as empty else you will get validation error. \n\n\t k. **Alerts_Table_Name** - Name of the table to store alerts. Default is BitsightAlerts_data. Please do not keep this field as empty else you will get validation error. \n\n\t l. **Breaches_Table_Name** - Name of the table to store breaches. Default is BitsightBreaches_data. Please do not keep this field as empty else you will get validation error. \n\n\t m. **Company_Table_Name** - Name of the table to store company details. Default is BitsightCompany_details. Please do not keep this field as empty else you will get validation error. \n\n\t n. **Company_Rating_Details_Table_Name** - Name of the table to store company rating details. Default is BitsightCompany_rating_details. Please do not keep this field as empty else you will get validation error. \n\n\t o. **Diligence_Historical_Statistics_Table_Name** - Name of the table to store diligence historical statistics. Default is BitsightDiligence_historical_statistics. Please do not keep this field as empty else you will get validation error. \n\n\t p. **Diligence_Statistics_Table_Name** - Name of the table to store diligence statistics. Default is BitsightDiligence_statistics. Please do not keep this field as empty else you will get validation error. \n\n\t q. **Findings_Summary_Table_Name** - Name of the table to store findings summary. Default is BitsightFindings_summary. Please do not keep this field as empty else you will get validation error. \n\n\t r. **Findings_Table_Name** - Name of the table to store findings data. Default is BitsightFindings_data. Please do not keep this field as empty else you will get validation error. \n\n\t s. **Graph_Table_Name** - Name of the table to store graph data. Default is BitsightGraph_data. Please do not keep this field as empty else you will get validation error. \n\n\t t. **Industrial_Statistics_Table_Name** - Name of the table to store industrial statistics. Default is BitsightIndustrial_statistics. Please do not keep this field as empty else you will get validation error. \n\n\t u. **Observation_Statistics_Table_Name** - Name of the table to store observation statistics. Default is BitsightObservation_statistics. Please do not keep this field as empty else you will get validation error. \n\n\t v. **LogLevel** - Select log level or log severity value from DEBUG, INFO, ERROR. By default it is set to INFO. \n\n\t w. **Schedule** - Please enter a valid Quartz cron-expression. (Example: 0 0 * * * *). \n\n\t x. **Schedule_Portfolio** - Please enter a valid Quartz cron-expression. (Example: 0 */30 * * * *). \n\n\t y. **AppInsightsWorkspaceResourceID** - Use 'Log Analytic Workspace-->Properties' blade having 'Resource ID' property value. This is a fully qualified resourceId which is in format '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}'. \n4. Once all application settings have been entered, click **Save**." } ] -} \ No newline at end of file +} diff --git a/Solutions/BitSight/Package/3.2.0.zip b/Solutions/BitSight/Package/3.2.0.zip index 19d3c5cfc6d1081853115b8f4f09a6f9de2e310b..b9338a34e328043a7224cc9bdf40dc84e940dbbe 100644 GIT binary patch literal 50423 zcmZsBV{oQX(`IZ;Y&)4?Vp|j2HYRyu+s4GUZQI7gwrxGh=6!c-Yrm@fbN8t}_m9)n zeXesg6r{l+&_O^zU_ex(W^_8E1oNt3K|qM;K|rv+wZ;ynhEArcmZGL+mbR8omH=A@ zD@TCsr54b3eH7(uTmF}UwgxKsxC?`&A*<`?>Td?Wf4I$zLWX#K5%`MQjIQoH(i80q zf;mO8OH?#wuQcH?`-5`xdSBsW4zAtD91RU#J)l26vh#6@Nmqgmj&#I3_U&)UWr8tb zi%WH>eWvI`;(t%LvTnh(3}h*q-74*Qb($-3e!MR7%M~Td;SzLDCnW&pZ>~)qt^-IK z(qRec8Yj=1qAE#PoOfB|+r@G@&Rd3nR)Cx~#m1^OyIY2-HMo-FQ&bC4P z3tR5g4fhSOiiJ^-DzMOmn5~-M%zr7Fm>x+L`zBk0nG}?mH)&R;hK4&ec>P6N8?_iI zHY{)>i13vdDa~3a9WEmdb@4Jl71<{$;z=Hx40cM(gk(yo%i!aK|9s)>;D$E{`KbN` z0@L{a1@`Gj4Q%#-AYs4>*K&%%Py1z%$V4ldF*t*vW#UE>vvK923+z6ds7#k%fc<-W z7Wjgc*z%HQ+-z9mZSqltN^(xvv3^EZt-w&=c-^9v4SQ6L($FEI?FFw@&LX9Ht}f18UCBAkDnKmifnXpwuQ?2fV`D=AWxrDQ=l#RvAyaEn)9;-f}i$}y!|7RdCIJM_D`GEsjp zl-ZY|VM!7b4q)F!n95OaBG_P@C=Hw%`s-COJ=dlz zF`d-0&1h8A^^2C;!@80Al=C9MvpHBO@7X!w>kJE@MH|LD9Hu6O8OQbrC+V3(M%(18 zP=_IKt(o$K{g4A7mxx;h_n%>ubx}HZ$B@My6qFWnmlwWp++oEq~)1`5+oG%)iK-MVkYS{WatEKN+ z&DM?F|MBPPB{8v@)hJPt7TT-b62b>Bxfg87{0R?uo|v*mmLVnUu`8d<3|MNvfBRad zSEfM=XJ9Ehfe7pycf6u7!7r#;5cnNJP%4RF7!#KZehN2v$g4&Pswj>uWE0qIKyTj) zj3cLltC-GHJ{b>XtQu=j9fJfPxu=7Yn34@|aE}}pe+T?-IF%|Fv~Z@Jp| zC0nBCY{wZ|I5>WwRhFB%U67R0C*4h@mM@swzG3U{sRuA_@f^A3?brqm(|0UhM?z*2 z;n}Hg;+RVM7q&_N6mQ4qiDauD54a~#VR&FlZNc|X{s%EL7w!9836D09c0rXubaOMu z`*B~pL@39*?Weu%I*X;1Q!7BW8F19zr4bHGtG9^*nudxp9TgFY`M$yfDN45?u=Bc- z9!1ADS)`P^vMgSqhTWL&cZCUcP#L$TXdYqkAzq6AYHF7rQK=qeP$L<#b>z?scp8w_ z;}3GsCCc`hiAHh_TyQ+SA_b-_F5!;)i#c z378_eVeYYp$uRG``FZo#si$k};yERt4Z+;L+U0NYE-K8 zYSA=^R$2cg8ybZXZ~S!RZCt_9DD^hNTAlLIlB$BYv!X6;-{HISkO~b;T3m5X6A2izT1q7=Eefu8WyS` zbLG&dVzRY3iqvuP<6)7JL(l@wg-RGs%|`Bd@|3zATTLtKw}9e;!{J|l)LWqP)P%3d zfKB&R?-g9@ygdiGL4-sp{0r+(0K3~wSYWfTVPRqSiu!I>y0a57GNs~O;Q?&slc z9J)lavFXvERm>R0L-4x;Nvz3^WT9NxJpvq5Iaqyzg{4vl?vClOft^k3E>nq$w+78h zs6KO}4(}s%d}g@Vz?3ym`gfaxLA-<=gyX5%Alw1&CyZ)m|oTJ8MHn))iB zIBHuu&xOlVr&RIu17#UXzxldFM_qj5)8d`L5n!}d@@gugGGyo6hZx?;pxxr73k$T2 z=^k2@9s?>#Zf%VtZhf2X*Ohz< z56VLkcM6P5OhoByB{2QN*0sB}NH zg~|}OE8+H^h(3r!Q}VT!uGeyRTaS8FRg}*cHawZY)qw#G12$IgzJAs$Fc(1ox-6vM zJ?f8BKB+H;r5F5);LS1My7O6`fM`%$+w};&-GH95UnR6$Z^(~acfE6&6?)S=%=N;< zkeaSD@_c?cJ-4EMS8t(0AsNTGoOMl}(RP&La8M9xM=nvsRz@D>k9ojUr1V&%9qM^w zbqsSvcf_D~H}X^V(?zo%`dQun$rU+Z?h%VBx#xFy(7@oz5IEOI2Vi5DLv#O}3wSGn zX?FE)Mr|}?zMl`XS<^%0EApBAPgOTOOK){A((`Fd1jFz%_h&kvD2C77l4-_PyKdV06!mgQ+Fe*T*>_3bML*Xj@e(^Nxo-O?>~IUg7d9Hd$?;>miO-1 z-sUm7ddzB^EcEMI1W4fIDu}wCB93@q^yd32KC%O=+`H_%Ziy8B2gBw4?o>n|Y9jn^?BBiUGTC*^a|3}^Gd%YT}@ z&HsQ$gWgUgsDGLAB-wwj+MC~PZqxiEmju&k)Nl}<;d1;(x+I(jq5>>GJC}#C`OvnA z9)kdMisJ24-wmX6bbO>tLv*-_QVvFQzg$}iawl`3Z1-<&={<{iUgvf#Z#IQryTvM8 zCChk0OBCL3=N*3<7eHQWXXBx8yk$X62Ey$^ zxX;LR;^G^6+-wFE<}1Zb@#m6@gv)Koyizhme$gykDPu^(?N;P0E4d3iVlj#XY+ZOX zDe@~P0tyo4CG}erDXRF1K0plXGNX>e`Qpiw(W-~?Qs3S{J6ra`*ZId=An{oUN*{Y; zME)u~`Q*S4EDvmD>nMw`Kd7^wMg@jDvKqH7CDhd*D#1N~3tt>>l(o?o z_26nvxTV5>R1=Q$_%=3r2`Kwu$o8M2c_s*LgZd$7m%En6^I?JMq4r5O34zhGgcn&%Mh$<9!r zF)lR9TY;N2ZbDB=(*xy6s zg<1;^!E=jlOoK$uA*0NqXJ69}$Lnb|G=RAfaby0MG;rLqYJe|y-OT#luy*XzpYzq0 z^HmgY_^h(rgk?(*XULrqH(iQSo)Hd{YUOc(gb3HSuX^U`GKn_=Fon}j%>yyt}@`n=FBq zM}21YTny) z>#{1$wL&(Z`}#?3rX#7i@W!?U_4+F1=E}#kZ9-~If+}!-0BwWNsbl04+}duQpG3FA zM%&FU4A~B_a-Qzy>I>@7BK(}>?&_=R&@xY6et-3eJGx1$Tu$$bEamo`%Y1$JS3=k5 z+PH%6gy7-Z{41aLL2leeWcip5iG#RKH~S5i+pE5hPVJ)i@lMZL(yc1?@U!oQ$5s_< z(ORdcMt?_Wl6y)LzEg+D`kKHWqD!KzM&zH?HQw`=-wV&=O)|cT=G*LWSLEa4P1;TM zqs;+~Tid4JD#x1xi}$ugG>b=@1*ltmpQ4qDYQ!*=^_6 z9~&t|{QUx^A+-E1qeFi=E_7GatB{xM6%GjKrB+GR1z|Dp-F=O4xW1VNQ;*zBI`&os zqC1q5Mcz#f99*nfIuT{WjOA`~jd#7vCSQUdlS>jEZ(Sui-j@mw=iA!1ZxeZHJAQgx z(6yu?#Z$bsfE|C}8n4}vtk(s9b^?s@NH6TW{1_}G`279AXT&QB-wvEko&GdNrKBOW z*%l|$&2V33r+qZpSqvQ4fdM4G5n*z+JknC2ywX5*Fa7Pn_9T6!WU%cducO6I+Q6&Z za4&r*-F`BymqV+Zmr}3@(!?PwozjYb8b=I5r@cxB$8?#9#9-5C4Qo`VpVmrSxSgm- zEB(3V;R%gq(c8;IremYgG!4Elq&PRNIk{S)oUd6oH~Y=v?S+@>ugl7b0iDi6DnK{Cq(*uc1^H*r;Kvgd;)nR2{ z1Uf6=C>#qa+wB*N{Duq_8b0sY>fR9TiZBN$pLwSS+Vl^y>Rx=t@w7k;nyWlP`DSya z#LLB_IDN2-*eOzx#uw4aJfbKe!{!#F?l5R=G0SFkA?xAsR4v9GsDib|?yZOUrV^%^ zJGx4Xk8tb)Cmkq4%_cQfjw{*=C9$#e`Fczzm0m8&BD!~lSVw*YVbqNVF-FrYs>Qx! z zC92j=k>(1)bw-7npvFZ`ok{I7jw^}T?pJX!%xZ<$o>{Ne0fR~MaNPJG)YH7n6lw=J zGAj1_kfw_<2tzVi&*(S0JoIRWaMbmv z`z1CQTr{aAH9v?|M^Eto+FGMvTd$|D+WJ<%~mK}$PHK<0YX1Q$~C{ay%{FY6` zat(Su3buYHjE?TFb3Ca&>w&`4Ajo=)wgDyz7&JRgAI7QPf?sE^k;7oL#iInT{xZW` zYX3sOzwj~hna%;*<5?lq&H#t13;ZhK?p8HRT*yn)={qud1X7tk0@Ew?*!OW(ySswf!BeX`z#cmaZ`3N!PAq+sZlg>0{srA%FF3dfHKZnqwVDt6z_eCw?WFx`^&12 zQb{$zI9jM*w4nwA+d&PJf$hVorpBD&AE7RTrYkmm7IK?lgeZ@J770~J?p zj+WEv^3oS=+2^AN>{4|gZ06rbu^wss{4MDxkbot%^GfdbERo0KyyT8G^yQX2#|dj{ zKa+x7#(}%E1);3YAX8p)DDe{ZJ|^)tTPN?}DXpf@f0XElzpb>bq_=k}|0+xVr9z6$ zuDW%}#a2AumFwwCqiVi^U=N&GF#XGbzwfv5dfkS&X>*;`_>8LK+)u<^;)BNV8Bhkl zD}-(N!QkKbjM|4UE=87T~ z$G{%f#@(AM-e57x%^;lTs0#>B!r}+C$8#72^P%m&_IXSl^E-Mx;}4Y*XaOqOE^6F! zfG?N2Lp%c+b9iXR&n#^0CQV4smjHx|z=H1w$hgAW&W`g>&&sz=m%ssF!q(?4$ThMC zc#=nWsO=bR(-k{DFEP@)stg*aNS(Zql%Nl;UP4bXD=||wb?V=x&0&3IRNne@56PWP zT|3v~PvrVts}n87_FX*GU%AL7N}NxG)9#be-v)?W1RZ2t2>;yIJ7>UDxgDo81noRH z$$u?~M1#$Dw?o|x>#vt9W;m=T`;#ZVe70fZ_1@szf+8N%wZ*#3G$&2Vqrk#q5rduzyv{anj`36*%zJ7YW>d`hA_+_+3?tc?w}@{w25)MEJ?E{?Pb`+rd5@5eb4^aHf|8Zf0nJOkXnC)QI6G-&*yb~Kw_xKJ!aJ`8( z5DFwyjt&GLNC^aH?@o-xm&rZ1n&S#x-vpO+6?B0sS21XFibO)|8YkET(gC5H3E=-) z_VIHvcV~}*nRS=;`(rQKJg44_+(UA)c870Vm#fz$ zoS{F&bz{RqRi2bjpV&zCML!Wb`9tuF@ z$=DZESBg{txj08g8Qg`w6Ae`wPi01~yQDuc)hcxt#NWN_hoI^m9jUWEY{u0x{ z{!{xz(c`V{7p5&iL%CXDbgLmr0|pnG+XgiR{P&dpOw&MC!!^+{s1r*-Ram5?McVG3}3G)gYCO1H4_$BD# zJ%ZA0q&0Q`_nd0TJZ$*xsbCt=(>vzd`h1y@tc)y^3FqBqW=(vJ1#cpaab$Tg*}@rR z3uAwNXX>D(MaczT6R-K`DEN&P9j^@Bz-PN6x*?Y@%z z6>JV9Fd?*Ggup=>uklTZ{{1kxsg>2|CdUtEI zYJ#r7(}n5(e1jQd=7!%V1mEQ;^zf$0A4JCd8f}NFp8#7&a~{wU%L_(OGsZ-`i+!P^ zoXc$vus8_R*xPCm=%KIEop7`kTMk)PZe@`c+Hi4#RAIN{g-v2eNJ?#wremD5SZqeW2tMG2zz9c|=Ms9cG zjMRlaT2|M?3qKNgN22*fFIy}p`pPEW#Nl3>`i-9Kns_qz5^W2n0+s%WVJX^4KkE2} zJ9rQ=e<^g|M3X4u5$!qdC$yGyd4&^%vM_T*XL8HkA*}x%d{Ne1st5O^Rqg8glUz5& zUvW=4^t*Cl>1diVpJDB-{GtJ{J__$p)8tilNwnAMv6euUAN)+vynKMez0bEmGGI}x zZNd0Sf`WHZcM>NlsmL46Tj$*!`ff$ASh)K~K%=yiI!eS4ow$Lzb0|ARcP&RIqJ_=6 z$4we~YoV#-251p^iqWFY*W4v`PfsqUD(B1K10eAdID?m#Wu~^RUH?19)Yk0mfxOhy z5#0%^pf;G7A!Q{k6n?Q37M{6D zaQlXRRZAsM{Y1%-GiTG^vaEOT7e=>T1Qcz#^X@`@QokCx<%8akVN1Mz_Mls~`(+jq zNd)y*MFsF=54NdUZa0O=T1nPJq$ZAfEtYqy8)$hwgOmixEy9~Oz2D6AJ3B#A#Y-Z; z&RqJvq!~pU^GaUBa1|yF546kF#;5b)G|nr}5S_WBT?frf@0hi1eZ`i9olG|N&lSPb zSBsOP>@LX zclEq#dkinY*3m-kQlTMuv>m$FPrkZ^-?OkP+csKq^z*u=2_;-Q3mDXO`+S9=CBI6} zcS>^u16#po%&@UZXslf9m1c+RHy~rMt=yX#+C8)QjENXch%T1l62eRk<;HIzt@WOy zJy#i_0MF!}oRGe@L(h|#5!%*y@L0qzg~8Kki~&&y1|yl3QAUO7oXvP`wbKs%EK2!3 z@l%e6vVG%bQtDs_w?}?0sc)k7Vf{9hgTV@5W7h$Y@WhU5Bxmpc9`g*Z*g(KkTEn|a z?a|&@7KO)M$?svoG0QzVm==07B)99NeUkpVGp}nNb1XI5X&F-#Ew6=%@1Oc{l?^fI zbd+>o!w7^mI~`k16!&lX?<2ZUaYjiJ^R64|Gae1NwA@}!FLGhS()|de^iPbXhQ&1PF(Uzf!oGH%cQ{bM{796w~mLMD8 zTlIHRZ9k5xUqVnyn=M(!xu>y_YQxtn3GqvuP~Q~iF=zBvd<*Z4N&e==k*bpjh(<%- zMeAJpPW4Xo17nxVF^HmC?DtDV&nFM>(OijudmVX%l)YvhcM95#c2dDYB3kBW#1P6W zl@Vadjrl7oOTH#Nkjz8A+KzQPKH##*H{XtXXED!pTEl)0K#M>+*7ZCwsI~G zxs~^S78j7kiW9ek9U20}Hsxm7y=`}bqRc1t@q_PY;)#reaWcQ?8#w52idj@irTh@^ z)H%a+P*32w7J!v+ngYDMgW-9rZ9_l@$yub5WU>BQ`V!S}sOI`@*`S>i_+}HllIxkr z{YJ1^M1{=zv}E7*;(P7r5_Q90bZ_Q>Cf%accO96vk3Wbk)%=Oe0prZuBU*@3I)!iS zJzmx8wL3mLF-ta1b!`O#F*XW7CU)VfZKh?wA0>|2OSg1~oFNz4B@j z01f--BQ8OU{ysHcZ@G!!Z+l=VYtLtzKw~5kK;ZO@_I~rmJuz*2GDS#p@P{b{k;93+ z>>=kxNHrz$Sz(2mM}bOtm};A${FTa2ezt&P9amS)M~?eN?;}n!yfr`N_PImhpJurE z4eC|5TQ9#4nfesZ@nvXp*cv<9Hff}?R&4@g=&45++;?76Y`IMp^@~>qk$wn>+K!dZByVWi0RDzF+HIuNxy0Ty9Q_24tm`U_WEUr_hMgMrAl`Bi9`%!4^Hh7u(wW0_p` zo9uwB_Ej~f=pR_gNRp#@sjsLqL&yYz2Z&6!i2ea57-s}gUui+1l9`Lf#z@W*(A>RaZ!uYQ|$5$437$_jp_qb?ggw4Y_;!Ry8Qc|_UQ*m^?u zoRP)aE2E+Zl)|quD{mu9!r&e0K*;RaxcJi3_$antDGExEp?WDi@b)mhSlIClYoUhW zwiw?mKj2$<$#cLRjg38UKc{jtA?aHC3lDi`B(oK?h8 zx`%&~=JYh4Gd$n!mOK3bWmsX3Hr&S*EseCq2Aep4wEfWx-|?g08>rkuyf(njo(QRQZC7tORyFV z)?8XpKdbK#;`&MnA64QNRD2Ymi-sBaIq28>k0!TS(S~t+7#eXTZ=}&r#FRYn9Hbt{ z8(1E7yxxMO@%LH>#Rz(EL;B&-n)IRDyQ9Og2K5!jm4iB7vJ0^N*^-UmWih6ih(OOD zuSd!+g}pLkcQ6Jng)d`=Y6h(n9kS3=Dy!obgnUYk;;%*O@bF$#N-CzmIr4~Xi4$FO zYS-~ALt+BZmEz)RZ}u;>kGUqymY_ku=+`m}^t3yoT6Ggm`*JPD^xMaeDt7k4;Si0H zkd;z0tm2qVO&62JM9R5e%N=zp`kLM^;oSA2v0SbR@Nw}o`q!&;bDmGQUB>|r+1F#> z9ar6;SbanqyJ?4s(dH~cy97QzKj8HMCK?xDa2ijT~*5}B1OL&DN zSO*l3K$9eb3Ahbb(Z?1qE4N#!We4cI)yhN3g`J~1+JFP^qe z?YK|yHJH9J5gtnq?(l%B6k~Xt*wu+y(#6MQ4d_T}YOxh97;#;JzO<1I=B=3!6d5)3e<@Rqmn2HlyDY0q!45Q(z~) z!yRPw!&xZw&W}s_HszyfPTLpD7HdOps2Xpey!-<1wda-3-|r9&~=+G3)7W`O~#5K{<>&P6Dg^(PC)km zsos|r!J;8Ql~u_9I~Z*N3T z5pRFj&TKhFdguuc_og*~J|RY17luvE4&I;X1`MB9Z;ejD!I7Ii_3*L(XT|$xc+w`8 ze%MeJ0#@}k_cSYdA&e{rjLft)^dHqURI zzMG9-ElgtV4q(0NhXSkSYMKm_(uG{TSOw1N5~eDhSQ6=)Xk9#mI1{c3uSNcmGkGpE z{2dIJz{85o=VRp#>tWuSwXP+eKQva)R@eG-Rs}AAg{$Z_Z`p+_4AT*?@9!cO%gK(c zV_3#YO;upc>H!$U;r((SQR2xCGA_YKzLDwZiQd_Lx#GYvr$TK@zuR^J?q@G`KMUH| z?ZS;qW+t`YaYfW0-WJ-eg)2wZ5vsCVT#64gx?K#u$ntnV;*IQ1+@oTD3vCc)*@7`A z!G;MYD?qTGsGIZ81z5E1j%UznO)tZbZE{>|K{URjaK)F^1`eBc#5G5yy}MQ)|DtZqa={o1`? z;~F(J9;9hOt_~Wcsn}{=@6FQCbr+6PLNU$v>6eydm%dN$aQAvn87t+KAQ5frU{6x* z4t7DrH|(5zC@L2GuUn$(AYReLobr=wu$8bjy0#X3Ilt`?x-A*!;uy)1Pnk1Ty+)zM zY$xVh)cAybi`h?MBYQvo-6(g6^*YMMDG>h}zXBqS%u@`=6x%)9O5yM~z5I z#J%~)!ByA(BJV~ozS}u352J6FEut-ZaQ+mN*SYMY)UtUPjLvSIL#qkTZvA$d0;lBw zix<>kt>uP2nnY9509%HRpPiTOxFHcV3GCm>n2(+YI715AgG#s}#Eh50rU7KzGsL>v za7#ghmu2B_S4+Te@2&6Vpk|Ur2E7TBEudxAtglM!4r04&b{Z9DhPbjp` zgMnTXAisN?Y-W5(p$=8667Fv+xVeKWano77XLqK>l%*WH$JApQ1O*n&!bWF21{*0Ka$rSf%QbEjKwbnh_(Zx;;AYHh|M4#OrHDN_Ag-@oT( zSfuH@mVdJa<<00h{q(=nGFzLN;)Sh0c~et1vJ^}B7B)_7t1NBEl^QxktYAlP>@ky% z0Mb9zMExUsZ*a7-%K?(58=+m=OCjMt_0huI#mql(Gg6^q>Vi44jT3rV!${t>c%ile z!qM}Cg{4Z(0ym7p0K?;?V=2|Pg95kZXM`x+KC;G6!angHC2G5rw5x0(SxSvq5igx# zp^>i*srPX1<#D=jTzLlZQ_`aXqik~Ud}2ZTMV;E<#c4{ORjJ|vgk!A!#%8$QQ(S4o ztY3JjIBSVH(JUw~B&7@*N`RFF31E^3^aiz>`eUPz&Y2e9L6$;S7TyKn^GaHMJ>Fu# zq=}DZJ|4j4ZX#O~Xx$pEzqSdMRr5)J<6CXF-qYA|E5e}Hy~c5p=;M|QZT$vo;M3ha zYo--*&hQ~dOA73`kiophv`U=9dU}7=_fJ|FahSoB;E&B?+Uu%jq);yt6;U5c4l0>j zfgcwqa18VjGzln6z(ag*x)ba#yY>`PN%A@QZ_;4#D6l6}lUyRL3}&Qpz|h(+bYSHU zN!a+EHJniq5)$q~9Ldla$_|WX#N`smX)+u)XR2jG4dp*kWhs0nFaP^AJHpl+%smNf z6Z4v(b`~>z^;%jAiapQeuO`E*$KB7gNENfsRY!;CF$xk$phu(73ibSMTtAsv|3hY9 z6_`zg6zK^69&l*>Z*!TJh_ps8@MmYolx@lPctxO8Nt(}+W2#~+qZ+VkIX=ny@JInT zRk_7}>hB!Uy!!N8c1Q~`SgSzN8r?FQv`Vp%Euv98eu;X1Nk3k#TJRs;v=dyzLqc6Z zfJ_axw4San13Xx~V`R-0lE8hHZ8V0FxS$vxqz2btLtS)Tc#lC`4DEZm#)pVXqeYcE zkBa7gsYOQ%3>AuqvT-zTf4qiFR;Fw|=fLE;sXS|5{ybx2Heqgbq6-UX>^j-~3TJN~+qE8k~CtmPyhtvbO!!*^qR$G(_m9oJ!LFF|&1Zk!H z(SQ(^EvVG+jY^MUnn5g3^F(5acs37EWU1g-hAb%Fq=6SHJJkXt21nP|Dq`06h-;>P zu#NYNYpzhkiv{rCKgaepT zcY2e-0eXaX>0yGYqH;(L?w(_Zq}`;@)if++Yu(;0O;yeO-uRXbZk;YZSi?H+_{|lY z!qwi{0Z+f<+)vXi&UGN20s==+i4$g|AL)XTr8z9&c9U%Cf0#Ra#Fl|;pBD(g)yis2 zL)av;Yt{-JQs5X(A%J=EIrHm-jDA98^YzIF6_gQ{vpe%U7WxX9h`p20X+t4;irBFt zJ_IHy6Gbo|HA8TJWgX9tf)DhkaX2^miNPLR%kR~D!^2?_pTpVvs`mPjc6WgeQ70Y- zQxB&Z;0Yf<9uGnv&=6PrQ3V}z=M;`}A{d#=MXYz}O^e680ZlB4;PM)OYh zz&npTnepSrtkUyz>m`AXF)SoogijZ3;WG5I@Opw7Qg-zp6I^4j25oneTDN_1K|a)5 z9t%O5_U$!t)K6*Pdmt)d7lOXL?)u!{zac=-cMXO2pAU$tRkMtx&sQj|$D7~02R+uH zAMS~&(&W`GD2$brQq))o7;76w)h%+NJaS9;aAS=7R8p@&bnh@sDXY}3K&y{3;~HkK z>;2SbVp=1~lt;4RHC^j@)~;vL>+^2kR|_y~i4|M5qR;U}uHHAyd-v$1thFh3GLDR> z!-myZwCd8UW!3(8;WzbBRc${QYkPaH)FNu|SbTfW`Ww1{K=(LODSmpocyb+$B^YK^ z;h`>~S>QpHa>dkZh%Q6VNlo`Gs=R3BbetouC~Y4W=vuZ@CbtQwYAK9Ua`Os_bg15}+6H`sKPKLut2A?IZMw_{LSRUMWn<#DKj z53BmK{Y~0o_o8YF(bQr|V7~QlPJ%%?og&14m!dW$FCh*r1cT2y2^_Mei8LiB0#6SR8ihs1qrrxsA!}w^a>ci$RLj=pY?u%W=mx~tmn9&I z-h*AWQ_GfCX(><7_>k|e_oNs%%K^*f@^g2grjN%)x9c@Gn(CXe)IiFLr+H?9EGZ&! zNXF#9BQkSzMLUp29(pQX{ODa!w3`ozuFrex?u(w!GA$=>DLZe=D_U4{Z&>4RuKk*} z&Z+=Y)0E1H6smjE(th2N7cgZXHkx)j^i9f$*w;I0!Qh70HGAFXk1G2pT)9Cd`Tj8(Y6@sY?2^)??Bvv8Q1Lt0b=`Ijv3_MF$lblh^0$R$RK z%0LfCc0>@|{-G`A!J~eYNUgK}Cd8{U)tWHW-Fx^A4s+Bc`1WDlX}3$7u6@-mty6$m z&)!WYrwPPg@p&oy?xXjIBEFHs?vHuBT?jb=j&b?SJ^0XOpMA*84>rBtM-YFw>D~D) z{Z1^qcA)tgWM((+)INM?PAJM1;|x|Sf;pL%m6t!B{?0I#+hKRFX}uvzcdvNr!kZ_= z`RM%yZ-DiTp*YEx3~#^`@r3g&48sZ|{5?GT^PC_i-l!3{rp)*F(6{(Q9EoUB=l_#E zZV0M=<^SycKgvqg0{@?8|DS(H|F6y(M)Qvm$|p!2%tUUevoQ*8Zpb-KWG#$RD{hpVLpwTF%H2^V>AzdUw9glCkki;*PB-Vbw1!K1_r-Eb$Bxj zm*p;J)jgJ4pJkEtTR#D&1SZZy1LO82iFTYlfbXJpm+0Zev~o{Te&4I!==J-892n_U$pMKC1*f`!VyciBJ>G#spVC#t*?l- zD6@yO*6G7luTAO*NE!=)Y!67gDm=gbQB0Qy8fpEx15xPD9XKfi)jO0gTbk-6g_u^{-}j11eZHcBNJ6Z5gh=Mb#Ix!l&V<5vfl zgF7`wAI#82i)Pn~y*EY2RX=g#MEQc#9G-g`k+G2fO16CQ`H>$5NZ=o-T8B;qN+fpi ziAf{!=KD*q-h?F$kd2!R^zWj~z+>l;%{WFTYJb1xCE#`ju8L(|?Z$a7cZEBTr z)^XN|4mPHvO=M&am!(40^e}BMas=F@)nYzHB;=k=wcwWWme`8t&>-~`KPlnpGMgv` zn+qEGX;=h-$<}^=n{Qf+>8ZiInaISA!a* z`yb%^!9t53d*2%qbLSCXaM%|!t_PQ21m&{O8-u$t zH*P5LALOYmC}-?=lpr}RecVuxY&vEtnDnKjCU01>&{dFJY?Wyb@9h(=E;7~O@=-eFKxav{4)`DW#|!S!&IEDxc}__gmIt?`*$-+rKTi{1MttR zQ&Pl%c_QA%o9hzWc#tbZ0~l|lFrCB;O=x99Z$U{cEw4`>u0L8mDwPgayeVVhe@M6J z1rd;~(FD|ZL*6%foP?~TzImIkXdO)%ui!ylF&9ln(qS-5?6#{*$Zb~o zmwxK?Ggb+hGiLD-bijGCkCsmAClp)p+hpINw>8FM#YRcBd~L)lM)rvi96S4rObm!5 zb%lOk2g33`5jMBdr2V|_>mYoqFoO-IGSrD)L1&*1MJa34B#hV28dp5uSMyN4&4RpTHV-nh9d-mj!3Z?gp^I zOaC6B*B{CZuaB)S?>O82Ei=3b97f}@`w*j0jrX3CII1a?N7{>};9zv{`9DQQE0nnS zkBt&D@`I#c;P;F}u_*kz7@K^kh>=(xmp17Uq$m=YBaflv14QpdBo{Nz%vK4a9OZm= zM!8;Z(L~cIKok!>I&20wGl-9UiHO*L67qvy)CGpWK=mKzZc7{A_}950!a$+~oot z0XQ-g{brp1!dCDzB@vCoBOl!t1htrQ*9@T_slbXEq>-!)fi7_rZ|vxrSTGKcbVC;$ z{#?^HtH|2{#tknDtc0$nC26;b%sIkCp)zx~igv7t6F^i;J**3Dl9_V3N=%q`IObX6 z6)7=wf6;PEfYm_hzxq7%e8L`{?9Z_}4||nPay@)Op~_^SPd3fpy}A0JJIkF|Jim~|~x{8ir=*G8rw+OqLiG<&h)?Q*I(-am`~ zq5J%=?&N3j9A#HO@{Wb3*$4{cS{pV|wG^Ql#%A5IgPR(w~^+RUx1wj4qn9{_I{JFX2?5WPvU|h?4 z;jH;DEE|fvub*Ly`a7z7NL)&4*D9nv>0MKtk}BtxM{7e2fB)1EOTIvKm&f0v?36rJ zV5LJdJ@warKI*AMBB@b6XYJ|0Il7yQafZoAqkosd#JJ^=XuCL!KHPOPgCSCdrO3W^89b+-13DlTU13zBSf_U3wE`};}-`t+OU>B3y@%7hZ)f6tfG z%U!J>M8@jkjf-K~4t_xHZtr@)sA5N~RK;UC>?rdt$h%%F*|pr37*2@EFk8?mtt-$| zL^i3Sx&N^srBEb`ZC5PsCRIX2ECu_eFAyIVa#qf}G)){oHXG1B|8=Q|)%Wi;NhBnm zBU&=|uFT`d7r(RLE!0AuT^)nbrq+dLHb`zgJG&1?@O(^!lP>&!1miTE&Pc-`M9`=90X+mVHC@r4Y3Z)oAM`RSy$U&>8B z(x81a-PdRNh5u8Lv_Ui8O%fN1p><+0kThYda)(X}u+USn)@lDll z{3YE~y-TlpeAbwoJ8t{Vq`o0o=`+o(GL>!r{HQK}oeADmYtCu@B<)qdz})s>GCDgA z$mVe*K2!PeU-9z`m(Q`lTrVlR4fOL9q<5Ry+g^94Mo6G@t5?5@&`pRtyREio=xqz? zecixUJp_1ph11uw*#!mcAbz-J1brG25O=@`&J(pvid}+uoq#H%=4=r84kf7fjNPLW zAt0s;MfY^nLU}Dn10_Dy*IMYz(a!a-3FgN{W&H6BtyuQ)K*<0JY%QqG zPfEj);3Y_f^x3VKI-k}{1R*KV^n9+}Wga|!G!QM1ACyEfL56o-tS@5Vpm$;-I{5GL#ryVfG!$qfGZDIo|5ilW zSv0An@61XiQGgC10W(xI*DL%s8pQQUTA6I^bpYxaR#e2#zYsMI>lhVWJEYXlTzC6P?sp$FCp~^njYN1Ee ze-zQIS=l8b#?<#IR^v-(G7w?<7cN-BFA<59l}tH`C{8m)rX7B;2q|G&;x0o8Qt&NMj^X+CjS}lD=^e`zdr)$bg(*KLCbBxg>YS(q!w)wVg8`HKiZQJIw zZQHhO+qR}{P2=>p&)&&N_W8GJ{i;+_m8|Qz@2iX;yHw4w6lp$yi7dCX_LMa&b$=F7 z2b3(LpT1T^mZl@VI89p1IcAFfWHv8@ZFdy?b$?Aw{GYJ`=`lvNjhEejI~yJM%=X}J za&}Vy6CkJieBud&bhI!sth9=?_e2wlu=LQ$)z(eDBAW^KWRzEZ(v2xo&_OOAXNey`QO?g+2dyv{M6U!^O?%m(b{lkqt5h)EBBH@D7W-0S z_*Sd%QLvRwb!}}0GZrfeHH)a4o2YHiL+6X`C}0yJ=aF2FF|sv|59&sX&FF z7DP+&`PCC*4Tdf|2fwA@i`F#dZ5CWxF>g*2(^~B9SreY=t3Fk!!lvmE2K#a zWdbaTEa?xql&?UM_;m&8uYGwcnm3?x0n)lQ+cm=?vUJl0VXGKCoD1Qm=m%FHB2+*V zk*V)`Ji%o%yHMg-y0fzv%*poWnOM%yVZb@9yS%U=7JZU!xJcW< z7F3VaY_7TBc3z)fbrjzlAiHi)q;{I=?=7RyvPWO@p@Q0dYEIF9IJpLG`B@e2U4Y@c#FZ`gHAVnY^O;%nH;43GC zew4mrN@yf325eWMECBwbv7?XpWJ^S9f`w|T_*YTJb=)WS>*@Ur#^5EOD5Gg5&u>Ph zk`9QdmKr81N?8%6-HqW$LXAZoogs6z3ju3$90KnoS*!{HKT`!IG}TVV}CyDY5(p2NMX zgKmAQep?I>8DxT1@_J6uFj{r$LMAhSHAHcHY)d3?q^!K+7Q;6;;Zt&%I zbGda{w9m%#wIonguMN>Al+yCYX%bjgxU)gLY(TsaYXW87WtL&nGs$J1awyRH+7YNB zvZuVYNSE;%nXxEmt~9~H)B4CwZa3R%(DCbR)iIN@rZ$HWeTGFsEok6=4DUZy6Id2G zR&^f>W%Qbwvnl!g(_McHUf5*gu`l=a8Xz zA8Fu)x-{2>q%;!Kx%h3{1Y&UIAoa>5vtZ!)fs-+$Glu65!^4R5{x!<$v@jN;O{waA zsgP}1e^G@p;hC;z($LY`9MGn2UpAU7o9S#jZx>H9LbJBUbz4uYC_CMcn5KwBg2VP8 z31b;uE)@l}dxuVWzp+_hui+A^Ou9l2mq_3)aJ=Xx>`QkK6SrOD>&6&_Vq`*P~>DEZH2{ud1XY}?+0 zHyY(wR6DmJ*7ZCSTSU+7ub6_e6qdQddodi1+voY*V-z}BahK*^plP7!&t~_uB=f*U zgIASP)I12!V8<_t&2?%-BNQZ2kyX${gU7K5JBEfJJo@54CnFzOl#0KcbfjRf zy5G2z3PZHonH8Nm&QC=%J(ebmMJt@keRGzyc*Ap8bSr3zq@fGi0|ca{ROXe{Da6m^ zzOv2~6%%!(!Y`{ox#shFY&(oTZ!A(pRTvHQDgyY^z^JR}i{RO|~ym0t(z*$Lv zUku9LDC5eiCKdJ^01i=2N#U(e`1K?%gb;QPSlv(JjxN-Ss;^O`CVOY9HO0Be1RmP| zyjlWw-iG!X@6MFQH9mFcks9LSTnNbEsc7OGMwCnP&56ZMJziLgswFl;aw0k7Dg;__ zMykZesO6hOQi7YRUe~P3G$e-K?S?|~g2A%)P1-}ysy}Fle?n|qzt9QR-XRwukPKmJ zmutQ_H}dwAZ%IAFL)M_j<=UCexovyI{wx&4ZJAka{ z%AyXM{W5_ueU2hz=;dIB0=E$zUz?Mhu}ROUet9*)K3UY!-U8*_U#v2(Fg_i`K}YvR(c}ytgHaEq{jgC!VY7`gWznPodmedB`11<`z{*><6M5t?@#f zk4U0GW{Gb>W$1}Wal`>c>;pYF3j3xS*^ewQ!2ZKS$yWo>AW`(Q%2su789I7fTY>6$ z+^}KrUruY#Zf1uaU`1Xo;kMngL$Xdt%#L%VLBS}d*r=m7a6|bx$Uj~N6YDFKRz7$) z2PDNw;(gmzueMb_PA;x>0WOQ&-?}ZDt5`w( zv$0-Z9%iSXp_`GZJUnNvG9ttOoNy8pIukvh$F0iQ!g-J6@ge6aMfYYj`u&)1_`_Rf zW@}n`ym?VqTz^L6sKB5`nBLgkF!)O~Bpg^Hzdm*}VbK1bW@lF;UiM-gM7(bD@Pu(`p`IcK5Ky?Vce0b>{6`Fs z=jW92Ekn>cU~>dc3E~^%r>tIeVt0i68B;2^H2&p3^oCCoCA>nMfn*h>izBCRYq*9iW1G!&9mA4T2E+yGbl3vxJ+lj z25X8H(0kAWwDt$r6q;{h}cb&s!5adw5(N|)aXPXnX{XzA_bIYnSr9tO`Y4vr7&M%+abGes> zllLV=LnOR{J4k${*Eae5HI(`XsG}C+|`2*fmpgMV-hF5yZYXRY%oab7(`ny!K8G{+(rP9NGiZihvQvK&|=td~6cIItiSQu&$PPQ%oot^K9c7KsW-E+B>i zcw~&GN~ZEA?b`po_i+M!0hr6&W^LFs*c)O=&c)jF_wd%B{BrMLhY1G_-J6Mt!3ebD z?_h_{gX*NbylhI)($wnf=%qj`-*xAK#5Yd^gCa#bIaiXa$@rwM7eEsf^AIDMEfSk=uIqhb#pnAsW!M+B#Yj|4Xp3XAvb7 z1%MtIr8>{~c_^brOyU%ZcLiyuh^!~WK#fauH#$k{T#9EkK^Y3)GTVCvgWQ=tv4=5s zPQm?^Fy2=)+#2$h?LmqhE(87>&&gF}DCw-9+abWB1VbEvckUZPvselfK+u;bx4{mt zVHMlS-cAv7dh^9rymHDo0Gws*9lf#kLIWOKwtn)=JUq%DhPWxNQ6nW$2i!B466tpGQq@n$8VimFD1H^`PNc3Y>3=C`91VsqzDTGdxP|6d5eweU3+{IRtGs$#QL zhhQy@LLp-v<h3ak}?=yfDDYi|=(6tWk3q_FcicX!n~_d+|P?s_>g|2cKq*(z8O4U{Oz+=YJkj zqYyv-L@5Dkno~|6Ox;`!9dG~O(uaP8)HMzo14tnloGorHiBgfYC2W0Ddwo-b+>LPP zYi2T!en#W22Lp~i8;>Y#;(08DFn2RD(Gu&d zQT)dpqtcqo{S3|Yxn5YQvETk$AGcK0Jg5CYk4O148(D@n^#dQ$4eSOy|L!&Q3#HND ze(h!OKX=9DA>J^ctdEJYD%0@0Q$kOL@d~I_-|A`JiOy50L8kOIQfePJeTCf|=DNAk z@9O%r_3-)l!B*a7zzN}wWF~FMh}2DBm=$F8Bwf^{!^A$BlTkZ1k=eSXo>o8VHYW4B zYmEmqM)z5ZW&Z+P79(iJtn3+4)<~nGMDx*C-Lc-24-hlu|6}CaPs70{GE={n^2N)F zOhz6l%*JO;6OTVF0Cwnt?4h|XkpI3&q;#i&q4wOGZDWBJ6P+0|s+!zfn?Z*OCg`Ap zTs0l`*uLW7;7T!Y=3hkUzp^tsHRTQ~2QC;R3Uzbci8zb%mcE%(=WQA-2`b}x41^Zo z|4qUq6vSh0_KP{k{iGH7Lu7%ab`z`u-Vk|N=+tb)o2%S3y^(CRmqKn6I`!|mt z2hG%#vyK#Z-Evxo{W+sVlfN-U=vzvx7(4u zr7kHQZn5gs_ULogJ7wIe{uYz2Za&9dh@G(z^J7kkNZ~z8nfMZiaT52g3n+{lFrba# zds9gujisLH2Jy4-AOD1oDFQUXuiDVnqfMe#1MWtA;g)~#BB?eR$-Rlu8Z9LnU+}MB zHEm5V+?L^bji4J~7rHIaKeP$@Ad_2!jN9k=6>}B)fTS?7A(o`%btD1_d;%s!qPaF4 zD6_ykV^QjITpP&jKTW1Kr z5WVAS2AsBxV+s(#-K+>{W8Qakhd$3CeD_|pJuz5be7@du=n3$2{>!K#SWljPAuHqT z;U0w+>x0;YhyvRPlD;c%Ln~}E?)-dE%^KB5g~zi-b@%G;@4*&`W|-v=YK0pfLIIrX zM};VldWibT){BHD0kuh-Fe1x?Lr?>W4TAkLcj8dl+1tNXe-dE0vg>T%_9_hO)KmV3 zr~Q&02UX;98CreatqPYVIuL>sY61Dm0^3^e`xp3A-q#=4T5lJ1NAr)*Bt;-Wk$F8F zxz~v?gkAp)(tOa@Nui@^Pl-+%;TmTYp(1-QBln?QwMq@ej(+O7*T)>9abUOZ9?dC5 zET~<&defqq#cbk14Nx_KjJSK=tB3#21Qn&y;!$Q!gLW;&Y6~OoYv}8(eh{T`k!O0( z4p9!N&fHiMG0Tx{v6@4;WxmnyldxFDHSN?*Kxu*%PDKX5mtbf~B>{1NOT#EKRx+Yh z5&9GO=k401jXOhZIe*l$uU0pOvO*QM32ypDjpY186d;;1o?tw|V;L_eg(WeNL`%Ud zLF9cQ&>02dmy2+p9Y~|;GnzrJqy-YF?X?I}?U#`n$R}Ee z3W`B<3o_b+)ccEZD_wkqa8F^u7Y1DlPZ5>kK=8i?Y5G{N%=k*BVtMp%riWAk2}D2< z5~cN&iS#M?BDtlWeUugZmxyLTu=WA}IULdpYWQn15JtoS5~w{UrKQ4FbC;pNN0RS; zwbh;~gAVSpJq=|5i8d7rmGn6zz9ie+x`upxNoh`(kCbw_Zmbo$r6E35H(Zr|Bs~Ns z6$-7qAD4*CS@Dc6%~s2CS9nV%fR|39MvJFMy{2R+Yj634#Xx3B#vu5o&kJb4eatD} zY^rG&xx{u%x)NY^>4yoQgrG{-xIo83Oq~k`r^c#Z9>N}@0-Pnau`jG| z+8X4l38OLP5DGT79=R!Vh)+g|MepdICn)-zo!@TX zLun-^*deG*rDq*(zo-(3+a!BaK3yY87td!WLpccjN_&ZjEaBT^vLDwZB0&!&VApG1 zr5x>2Q7^}~Qa-}HtWk<{p<}O{JH1z$oh0Agj99g^|QOX&&)$Y|8&`DzE?5M0i;_xjuP*ZlPcH)+F$# zdu^L1lSh&75zSk<+gcm4vLkz5sh+NQ+_5GGrEAePZ}i71FBf7N@%YmSh3oF7%wb1R z$1PQ&R!(fglS?)0ldeUe+y5`fYw2348ybP-X;{)GOcg!$Xv8TEHlP2h6Qw7Ms_m)x zsNf_FHDZLp2Fu9z&{BN5FfvU%JCdQ85Gh^%{78Jzx0*N3{v6b{#Trnb{rW$t@Fjcr zcWUJ0{`DGrq;}C!01|FaM{a)H($PEx%eIgK!u2CW9sxx0RGX#q1sjc)w8D-|>l zQkODTKHC4Ac`k^K;DXYqaAW1s9o_wTi5lO%#o6`4dFI_EcuSs|0cIyL(<%Sd{prCg zd-m#oY7*4$>ivP?Wbag{#P%XM#OtEXEY_1G=O~%9zUQoZ0>BXN{w-W zIeD7dPSM2zW*ZfTmfqbp=_?KnpGc2Oo@oV!^Sak#P0oC|?THQ);|!;@4gbsfh9*oL zaHHLk0>TC4UUtRDm;f|!oM;UQ@Bq3Qw#}eDP$5@?Lg~UJ0fF7q8o>U)g!lI74-^d= zulN=+=PUdk;q48pP6IF2VW~Ikh?IdamV`o-0Vaq*!}n^;AC{JS`AudSQ3$K{eueM2 zjgZ>=Qp4dsFcL(q`vsQ^;ItsGj5|pP5=NJ=?8`Xh{U|ji-MZXvQV(`!H%&DCkN-=cW1OZFS*eNiU5uMZBG6ci#6;r#WhxJMSA= z93m}ppG7pRO?~SOrV|g-PW_3IEOo0n3KlgopE8ci7#!f~qQ1}NXn;=I^k^lgYv?<) zyJj=RtO6y0FX!y`Up4YizrDzlQDx65Ose=_KH$bTt>o)Gdn7*Lrk|$IyC2aP(;E4H zg=TPVtg>==ty`|n^!K#1uU^bFO@LeaI91MaZ^E=zHP2@McDrue>d29|eOxcE=S1NR z^+?^_Tw!Z{n_{8sSgCfnzVCRTYX_<^vAyqbs`6#idD%L2G5dWu)ArmxJdL?%$u$&h zpSxhZ3eF{#D;9GrU?wa?7esrJ{ooZGr1^rkVuRorZGq^b;hR9*y02tyFRN5}6g%nk=Noh>$vo^ERdLT0SMw6Q`&;9oLWsN6gx?H%?4^y%8_S#s z&H*;McaBX6ILGX<{EEL_n3?vYPs?A7ZBnbLRrh+-aqBV>(lZX(aQHI^n3rx_&mvsb zE)@UMRP(UxxDR8Z>yV6a{?#65cO)h-(CKWgQ~UI!8o1h(b{J|Ap3@%j)+1P=Qx2kc zVpz^+AZphlw50KkB(Qy<1XN|rV^)HiGZ7Ng1EgLp2Jy*T5B zvbPis?KS#$ThuWt8mT4cLg{)uEGDdXfvT1bF2e8`LgTtgklYH`!a{jdT)j+nHiX<% zux8bV_!1*t^1swPXN%Ee4OU(&Xn~J+(}W&zugv!IL1cGW?u(S0{c!yTtxgDsT$nQ; zAmlm)#zTX=Vp&jER8F!b%6Mu-S5r0@EdPqld1td~8EkDe&x;!Y539C(HS+*8X$K%? z$G*}a@PuIk)X`WU0}{jNb2EOD@3Hl`G;)2P6dr#Xky)tHsJm_KS|` zLJ1L$&4lVG$tjl1Im&`$_c@L@!TRTaU#9?a=1A@w_W&6Y6iYV@24W9VvBNQuuO$bh zXrcx3$SRE!^?0{RLG4qs)lCwZ_n>C{xVYdX2jWOnSVV;W@b<%ys&U~^VRL;F=2DXZ zKxo{*xji(I1iO8HzC5<%AEsAOw zT`xTtp3plM?EauAIL;RkBMLQz@Saq3W!xT`73uL!CU`g6rK{O7cjTeUQy$Li3b(Q zT?4&9_=(gAUE#2`I)0|)&g@7rk~JYc+p1KIV7$0`2oisFT4*XomOUvm%5)eDiX(F! z{}OMI1DX@r%Qc+jfwUb8$zm`C%S<1FuAz;{Q=uy+{MQlytO(4G9mACrhVr9QG0nm9%FVTj zmQ@>7Hl9!HHiJg}JAml-uPHphA1vW}(69(JAH(!PbqURWQHi3)`jUl^|7L$W|6zYy zg+7M!#6=?eH?Bu>#M)yBp3)S&(aJYKIz@#JX~}}Lxm=edNYp&5L-!!s7Je*A*oCh~ zz-MJK>c@y3Layu`YrZ*aY@}w#C0;n8KVR!5Uhm8yNIuHP)Hmrt$S)yrWTaKa$p??dxI?+PKZHZPooNYnA;^C)4ck+R zX%gb*J`j9A5yVKY&{yHe(yw^ju1Pr0kYcE6ybbZ)Mb@H!qJqkE;{KKuBowM#R6!Y$ zRIR+BX!wW;E=}W8%c#PZL-SBDP&En7@|sm>Dd*(3cug)I@3z{GXouu&dR&3o2gew~ zZOH%*Y1@L9Y~AqJgY+yJXmEqR{4!vV6=Tde6p6ZdvI_-Dpf`6?c`nFraJx#3+~1M- z3?Hgs5$LN0{H|YQHF*ik3Pi4j6Ev$x^b@^=X6Vgz%t;Vj-7qKtkTWp(u7~|k zF_MdfEvorHGMuA}9d8}1&fy@6rv3c}XPQaXrdoQW3k_G7Iz655_C8+kUl?Uy8E~5C zIx9s>C^!k5&76%#k8wJylPacFzi1SR3+WtaI(hAiZ^EjNgchU_;%vZ9(9d~E4D6i7 zyldTZ_7PPw0XSYdV+R&TvO&NKvYDwF8oXBNXfZbp))UO>LlLLcBA^HEh|JZ;rQc7I zXkF;wPT_~IKqRsCBz8ufyq!9k=%+5N9)WED;<(u+CVQUEb;U)u0CT1>)iK=(F}~e` zfA?(gSM^lI3rXFgvN$>9@bZZvrILe-Mf(;Dx2zWK8LYhjzwH$cctla)6Hn4U8~84U zv3^hx@{#Op>7ZZ0Sefm|0wn!lK+x>w!kjR)qCid%Y{Y=VlZrr*axBFrAH2arO9&GJ zd)wcq5wP%OJTb{r0a|d_L#k5s8-ayjAWbfwpSHN$Fm!JqDxwwV@M!B-{YJQ79FUAk zO?D7`*ctk%CLAYY<+O~p(vp9C{u?hy{tsTDnS;2cywMP_)UvTlyRwxtF;O?Yn(_Av zW=AIT7YCxLtJ=|@(Jzw|AVL}^{PZ1^NnqJ?KlE#E59#1562ck=-{7B&|N0MI0F2ko z;IWLABbCBorf?ew8N7En-SoTgT3^gXG7dVjZTY$}5Wws~&c$&T{h{v>1%_~P(2pig zZ64wh8guxC4?UPJLkdDIKDQqLj2s3|I~TvP&#`1M@*C?I?D0Y$N*Vo$(0ibYk=@En zpcpoamym0Yn31E;IxQ#t7C3M`oEwaGUjI?5q0dQ6K^mAaT#(z`9~8nWyca5QWin`A ze-{$0b*byVVnjvukbp++=UpUYF%Z^uV-a2h7P}<{Ip(QHc2T~fa}DC*fjO6?bUt=x z2hK<*oD9RxNJEeJ4o~YlV>F<|V`T;rTh1{oFL@&OMe8}LFx(1IybV5-2G^FVf|jc$ zI4lM$KLAJUA`TT zC-MiCo!7o#G{zZWyGyp9Av?DTizz7SszP9&+DJ z%j7nXbQaHkWqkF!g)A{nLr@%xQe<=iMkttjjeurs+T{ueHa@K=u0Qdq-SNwDsWSDmYid^D5!UJ;pG^RuB zX`}nRlWRDyWDt8UN>}oHr? zM}o|L5lb5JI5bK|VwP1B(dgy%By9g{)551(f-o&`+~E-i zI0Tsh>3{^plGm^m4B%~c3c=E-xE#lm@iDI)Z^Dut-bM?3jz=XfcJSN697a72RBM_i zYr>lv5;79)+g+{?5xrz>bBleIkEb)@p}ewO!Av&aa)PS+o_2;OGcx%+)MVR#U^% zXVdiPK5@sA8BErSlAYMh5D3~IUVRs@Fhnv=!7tU7&&_v*Yj&MS- z`+LItAfM3*V8S4q0&*E6skVeck%Lpc=HX4w#)q7-Q7I9;tfI8hqCxGr4Kad?GNM$- z4DkSYusKg$DjUrQl%4uO2L>j{qC43AuR8ZgBZH=>^0C>W_$02(qwefjAvomm3fi=4 zKNfq+qQM>yI8tWh>N+T@{}KkuAB{mct&jZyn$MO2q$X*rQp>C;9T)NT@`KhxogOd&bi zgtQL_)SG2wSLr(VHvHDHu~>{KoSR{#)9gHHI%Q8UjMr}Z9~vbj^30!dM02>{FT`DRnEK@Ju4DEh+aKBx*nP-M{^y&{0!p1 ztP%#>DJW%$(UaBgl$4~JV|?ea2P?;ok{j3Cqb}=#kerLg?x~g~jDDz7luLO0tZRv>(M{?N(8J9}w<1<`H%PCEm>!B|u{j$vW~j2RJ_egUE|^gU2sghW@Z%aJ z$m^c9_g~S;0>rHzG@l@LEN@;!vGFcNyKd^q)CHhj6WH`KU}D24q>~()trY#slS10Y zlrAZ8vymkg12iPw_zDIQ=jV^82&~31HdV5E6>1FIj;53DJmZ3k(2?)ESmPY%zry}< zuv#)dw#j`p9r0L%4j?F}`$!lPP|plLS&uk850}92dm{GgF44=& zJa*J&UTQSfQHAveOk@YO4#K*zovCl2=h@x^C#;B1Sj`-k?7F(J+dOwP990m5KH^uS zU)&nmU$K_EY5$ zzL*v$=&<6Do6nFhtOvly5^LBHNo_5IvCj!1uxA2?OB!7>xGl37Jaqaz^Vf;;FzmxW zzNiOTiL5;Q%SG7LXTEdsViu|o+cw=H5#aA$={g1#{rzYsS7j+{^D+lW5ytg06 zwJKec7ulxikT|rO+Z`nCW@7B8eyXLz+^;fe3m1=9!%tVT#}4%sMBo~_wn{dUGBpcw zGuMBnROG;7h;62r%DPNXveqfS-`@`&FIOY6O9{1gH@#0CY5lWUFB$P`h{!{#diakx zd%eBhCWrquMy{X58+$~ok*o+Z>6+DvqN0VVqzQ*?ggI3m7f<{gMg2e7CI;3T*=hNo>d}^|*8@)DkP^NBu0vgEaNosY9W>3=%%JNlGRBzgBA3vlL+V z8MgCZVuFYX;*T9oKAxWom|lDk=Z$ej_9sR4NipiExiU03iNpBE2Z91B21-OyWW|dp zVLkSKbQL+Q!&`KQY4A)g+-w?uLeREkD<~6^Etg!%q^05^1&%!Zuhs7%`E< zQq)*xFK1$!>PmE^?Hk7`dt8Mz#+zi(uCtj>RjDfo%`4JF^k37KeI}Rj!IKV)$})e- zaXS)P)0xs{j%%wN5*M*AD&B+atN&VRL1uj`XiO(wxAD$rg~w=iJo@~tQ)eT?Er<^e z0!WqAnCG;BgcRCe2tqz|{EhzD0w#Xd=ksl+_iFeUSfrB-`gp*yWPJKnEM{OB{$~ne z*KFuWKZdWpv?G%~xtZ<`-2Bm0$!+PDdR)dwj2wcz>Xshzy6xcpCwbJKkt=Jqk@Kxt zQ%WN=i>8wbL`3J-x8@eI0J(>gT)?f}xm~kjpV9fMqEl8KF{r)1q^K{NGOM@Vf`AM6 zHs%3jQRc{8>f>-6Oqqhi^4W?yOJ@Ejm4`SR*$@wK01|yW01j9C7I_-w5W|V%P9<^- zC&mK?sH#>&aH;#ns8R^=WZf5)I%*}G_Z4;_tujL+tckF6*3t$(oNkU0sdxs%OOvM* zFkYEA*58XT;&&ZEe=A_x@9DodmC^lnEh`?S zRm}7tU`l2Qca7=crbq!rss^!24KqTaNZ4bj_*&O)R7UN^n*FQIoPj}7e&~Wgs!)lY zO{>)yOLRB%JJdn2?|V6hG$@PEiV0qTv%H ze^eer!bO!v1co+Pjy{<1am)LkoPg=oJ=d(L!dh-JflSigK1jP9;;>tPSAmglb?m7B zlIo^3ga_l0Yh@x=Kb6xc9#0Cm5Cftx_x9?0&l633yJL_LTvXOk-E;LQah;Gou@rD_7v4! zF!#qJ)!0CP@U3PELhmiLPDY756a_lbWev+|KJjWKAuDC)DK}JzW%f+ znlp)iGlcDISu3AV|F)hTV+dzCn2?^BA&hmU$ zky?2MI16&`6=S;NdbHn29^K6{w7K$C*I0Zu&sw}>(EpCo6)Qd!N%gyBP#2b+7LZ7G zVMk8|$YoAdCODZaC?2bJCD2X>=|#yNMt8@yyna~T{fvGvCG=uH9#2oXIqKUjrerhN z#n!XXO!Ecp1K1bCS$-2oJD}*wf2`l4_{`bZqv8^lj|;KxD83AB%zn_mATO25089vP zBg1}-US}{G4l?7V8d-|>R42V-l;;t8=9W@l>6xx2-t>#>#{vXqFkQl2x~=N{!bb@m zzby7>D48n}QIn{vReG9)G@EJvF**W!#2v?OI3BGE%DLO7JaIM47{o+Q$wkJ$H#Z{d z-aW0?A^+S+T|C+-`(47;C`?E}DtL`!agtx@LD9uTUkD%^cEUDR#S)J)UfH5pY$trm z-2ym35{SRhF< zP@f%UtQScI=wSw)DR#^(7>ol2tNlnFuOMC~;#<2xAprkdT=Wlj3T=io@iuQMi%_@W z0!!ahai8{Z*X%)EflollgnLxiF&=-#Gt4ilW$}GKs1ATVB~+qcm^SQfmlMKi_N%R@ zI<^77$22lVFNVH$O$c)Ep{g7>R>~ENPlj|H^Y1qodxsaAJk1iCS<0Pk5k9g&4x2evVe;wO4Sd$a-Yl_vE0zj>=p2$PX$;9rgW!WU7g_THds_^ zJGu@|Usi1qG}vIbQ=Nyw?5gw=PI|y4Z+DXC=KuN3;1@x^uBew7+e&#r+In~Lf)NAT z8qg2^F#70oLg(A&5R|qsywsu(P)(3!LWOc)z`P*g*QHiKU^yx~-dAx{R3tKldBSH1 z0D%S6PG_`;4$5{v(LwvrwVPDR)KD)5A8Qog>&Yk@P<5_LE4j+p+8+!v=PIR3e;07g zu=eQk8HW>SPhz{uP`g(2Q74IdAJ_e4396FBpciU#MxYN~H0??66(W6!Af@-9YCPqQ z;>kKxC-!h`vKsVua|mi4eS$_=d-v~=8$E<~nQ%mJWFD6ekte^1m_m)YqCwCxYVS^h zL3)=$Lcj5KD)9X_+rPfP_uBSXOtCh7d5#S}O{(UKuPUf#0JS4ExFYjh=OoECt!2xo@eW)@ul~LR!yIn5ctm0gf{HBsGlCq!C7d&gWQqz2Dotp` z{Hh`$_V0-W3Op*uwgoSN2IGPI`15=xs_18CUhEcYDfsiJAfUn6r)b}_*p%WwCBdT3*S4k zj`ADh2qpKZ@#lHMfx7_)azeqBc0Ro7wwT+1ui;WOc~KgISRL@3bd7NK>&OUnO>DAQ zyt70|@Z+J*9PdCUp~2TRZA6IDhJ81YFHi(ZeosU=k{|{vwCXg2ly_SY8Lo8z8;l_u zQi+DGCiT^8Cw;<|y-b{ff<%i2jpH?8Ip8a0NLPp**zEZ}l)gsqEgY;OV?Mpfn9rKT zZ|YLkg++=Z+7MVaUK=*kAf9d^I^II5AB=OEJMF{bWMH(rc1$Y|p*z+->}a2CdSokC zZt*N9R1ozf6cC8$*hE~H-$1<3N$R)&eT9HWKSoR>^~$1}EkLvT^2@XE`Fr=nkUbGW zlid?J0nUbE!!YfAl;;?y^KPu~C<86=mC!w#o*Glt*V$vZ(G1NammY@1YzGqc#(-9V zI1)LbZJMfypNmv7$E;cwDO!u=YjRGhs~vlS3vA!W1FWf)IEKCP8YGc6(WZ#Q7aDY0 zm#KoUewms|YAZ7JpnI^hvfZ**P02+-mp>KwcBIHk=g}y^a8&1|gDL9ZaGMxBp*GQC zc~+v0B~Cl_wHlfLwJi9vyfe-2QKNPJvJ(n$-4f{K^l@`vZrhPz8MFODF2wd~?O;Ad z&OSKX=LE9oa9}pR&<__O856&}_uU}-Yr;ropcxn+%(XULSr9!W`n>$Of&w96@>e#M zm?T!&F$pCL5lNw-ahLUvYU3sC&^(>IVgtwqAY)i1H%u;5uSR)SR%0u$MxG5W#Dz#( zB$O`tb3uBK;#}Jw^Lp?|3m?b~-|RJa(wjXzyO<`o-}x_DTF8 z6iWT7LmcHJn0|fV|BOg3?~dIlZZkOAWW@i@ZF6vt-?&5D-3Y?W41n|puZK6tK zxIq72nI~(twaAh<1HaqS3A^)+I|RP=EnJY8yn271zQBkI1dlw0*~FO2IR+m{uJvJ@ zA973ctowya0q7`1;7YZCQZH$do|mbk2dc&ZUxej~C_zS?LL0z9ZooldgA2k{DC<24 zW9<%NU_zB_C1t#PFuEMN$Y)Y1MACvTweWsV;*z8R9R5YCGiYddmRDn-U!kZl3Sr|>vDiw= zkp<5iLjD>9HHo1PUxf~p7ehDMB~JrR52xe>1zNN+Gx)6lEn_D_FV>G+psKCEOeiH9 z`tg}Jm-&1PKYtDzcnGje?!%o2@3`wT4=r_vG>cKgRKx+V8PFBd1Ts}WfDiAZ`qNyf zlmxrVD<)N*R#98T0Ww5(?j+IE>_#|uqX>$UjKFE4!$eqU@`Q|x_ z>}o4LxAc@g1Fhe{lBXRFtb1&|%33(ttjt;hE6EB(`WnC*m}<{Bq}1i|$BVHQmIN3Y zQ>2Pl!>GgAK;4?cYFkl?|3(5(JzSv?8L0chx9(bw3JMncwfp@+7}V``Ywhnv&<+jE zwlqHv`}i`+Q9J9vD@2g3v`_!ht1uwJq_r_~ioYn*Dm*of%$SNR#rr}*yyYX;Z#KiU zns;(Ii{%z5UQE5#)c8jtL&DzgeTQ1Um0s%K`3$6Uaz3I) zD;Thv(LU93iD5LIB(R&OfRXB7OH^5W`7v1WSft38`Cb*Z_vJYdjb7;+ul}kaCUNSe zPM%g5)BG<@>U=xWxU@Y7Y+g0AWk{0|7r*WGheC;V%wN1)bC@?RGBv-h-+D$)dDM?v z4OJl^k*f&MfjhbZH_gjsl$GAdP?n;Av=N5$qU}6Uf87#03rNpIEtHU!Z#rKf_(0m* z)fuF0Zaq&F&AqDlDMY_@m$~L!j2~C~U4Xs7fIa*(3`M<) zgczen@F`X(%@kFw+eE}5$^wnG!Q_0y5wnr`=864m3H{0-c2GvO_byNPD0pfC{Q+Do ztA>fQNC7E66BCDTYVIEunA?Eug@%ZoAxo0MT!rpNBcQ5T$AgF!xO+q>CT2Kwg`eyppUg@4`_XsKn6k3!bz^*dGqJL zxk9>Zzrh#rSo9q;an|kT#J%l0_1)t25s2zjItN`4Ch1& zr-!v13a{%6dL&}n+wub=JfKQ_%w0??z41zQk9V>W=7FSmjBEntMO>%$6S$Xv@pI+a zV`VbY>=@;>iyC%`cgOfgZYx4Fpfy7wN(kr*Wsht^|AzWRXcGd@4nW#On(+tMMoR=x zT9ZN)niBrogZ3$GtP}#QBhKGnDOGHu4WV4exWtq8;c0%-zueE1!_y>mS{7C-0ehrY z3_~o;^%{x`P%%UN-d{A^&_rh3nQJ)G#?CD=nH8C;v}X`U zS`)@x%!CXz(+VSq&_r}###(SLNk66Uqn3vXDM7LPtxUu4@RO&)Sir*mi{E~!t@(*y zXcY@7`7u&YZ2H(RnTNjt6oDi1oiGZL+M=aT8zD~6>BzXif1Ef>;`16PT(SH{dZM^=ARIY35l zNfuX&Bu%x(>fAZYrr+{m)(fRiHJ^n#+|o_cg2pjr?3Nenx42gvDX5KH=rM&XeVX9P z0pBG@6@_{g^9Z@bQxd=L=t176bk3S<77ZARVfbO}1_oD2D<6a)mf-vOb)#QfY=PY| z&!R~UBgZJ^aF(rkGmm}++Xc31CKrIP{I4xU}&o21+{io>STHHR6^VsoVG04)whto@I* zA{`r%22G?Dy1+S71*)i0%rpxDwJBMuGfBi@y_2dUvQ~6xzG6kPnfG6WbY+XHbUWHv zIJ((A9zJWYN6sYIks}cA*?d%sQDrI~`+tY3oopPw=oe4{svA#Qz}2t*vC1&*lXBM= z6?%eA{Iw4<4C9OIg9&!N*;v_WHeu3!YEW@8D{%Ug2cyuJEinw$>eb=9qG$>Ig7gMl zq03(~3`2tEt942m{?X3Iup)S9DF7}31F#!avOVpwcvW(<6gIni9eCFC;T*OTM+kV} zsFkFUa#E1RD)v}D>Sv>wL6UpWf(3^#qW+5*>dY z&&!ea`S5c@S#1+ri@??PF6~p)Clzm{PYM!S9K}P7aEuSMc;^A1oG7mDYKJ9JF^{zbg+fmxKOfG*|tU;h?c}9(w zQ|`pZY?R&QuluII%%bbKUjIfQ5AHSG%Tu7+@o-b@RiPo1q1ZT1(VD~r?-F7N`+yQ+ zVz|xAbv&@ z;!%=6!DnMVp$hPS!Kbbq;lZjp(I>SgzQ#vEfQ_T>MU$tdOkh(GZ?w%{uvehTi2b*JeW4%l|1hr@q6~VMG#pduF&L_T><1JO! z9Tar)0+++>^ZxidS1)MrVXl(qx9kQl-*xOQg^FZJ$zV_bs&2av9rJbBk8~$Q5>Q zagM0DRTe>?m;sT-UthbOp^f12QulkW@CP40Zm$2^d(j#lR=Ng{h~6H%sFu2`&;Oc? zm~dSv=H0yWtS--n^cs%`zlBCe}NJek>(+!?@`jz=jpq|vS=JzY@*ONaY%=uuYI6P3+k zXFfdH=`XnAtq0s{!?NCQcoFY4vRtA^wjQac$1F^Z46QV*RzHSLZYNti>+x7!q|K@( z#BI45EFI~i@ynR+X&wf6tlc#D^{rXwvYMUOQ;JuF#`Tr%$NR|d zChI77uY=lp+YlPTwtle9GX3k3RdXJ$@ za@BVblb_Sad;u$zO2EAU|I(56hl@HmB{+uwTcE3z4-pe#^^hYuR@SW!pc0n_SqbMD z*uaHi`O0HFX`qE{k zLcbCS#$i0^Vz>;}81%Opej1=obS5`Y9W@!vAZ~uWUGMZrt_;Y>p5HA=%;HcKg}9Q6 zGweKsd1-?lJQ41!atMKYmylf<(YfQ|C&0!wid@|GHt)u^iWWo15Rnm>jyn>Cy5shi5E?i+oR6mr}mn+EG1cHH2HViMg8_@(>cQE+C)iz|ypv zLO4ce7(?2laHFaXXt%;y%eY=kuPEwZj3$|KEx7@lDc@MC1v$1 ztQSOWIzg4tWryA8Abad7c?1MjMbcxJh*S`2_a?Sb7=}pdCpI&a^%`tL_X;RX=Ka-h z5!Z(z%2E;qSokV=xm+66I?YmZq4#5a;{M> zwXY>VbMfA-E@9E_YG1g!ce%FOzws25Nm?dy+r6U}Pil-}l@L4Ph^lQ+86TQFLVRoA z<3%OaxF|GWkF@s=m%zFiR^%TQm`pZzDRy@I*Ym@J^M(dLT@YEF^MJm&KRWu2t+cH) zhUQ#wuxR)J?P{LB2RV9K*tp%?>4{y+T#WE!;%sS%T-!yhQV}Z4YI4_iXO)Y3a=Lig zQ(|@%SX0O}K#yD)PYAF=`IwIq&}o74kiT+eC{v_L^RklnMzG3wWPXmmyJCXbp_N2PZhKY%9?vIq3=(nz+`%Q4XR~-HaTw3&LXC5oC}qx03*0=KDhKcp;#k=r!p zPOAkr6?nNh7?PaHIc9_U``n`}cehjkyczW;oV?J^P9f)mAl@}RqST#R@W1u1pyic3 za2)Ig!fILof3U&gZ&sPY+@@fzV;LcT$2jw6sAj$6K1HZJyogkGF(xSMAsqM44!|?$7zYDtY#FMj^u-(YpAMeiwlnv!`*W5PYz$}QqsK>PqO

~dJ0WGL0@ zwp=x4BIGKmNqbMpN>YkiCi8tc&)-}vlZtmr);X3$!5zKfQN+qT8($L=C`xvw%wKCW z(2RPBQiAb)H#{dk_l!B5!Wxo)7QPlDb6n12u!emJ3^!85zO-p^zJc4$si_^alw-gpUK_n5etyWqZ zr{3=Le=tIi-osrrS~C=Qx`NBCrFhPDz*|s2F)jUY0KCG63gN+%)BNR?jeO^K1D!tA-^$UT1WNS%yPENusXIlb2h; z#w|7n5&f*2VxM6Z?#tY@)N<)@&$bkH$ zx4X;16%OT~(k+cHguMP?mR`zkAp7+U|PL=_~=qt8i?51!x~2fZ3NP-2roJ& z;ACYuZm-fV%(dJX6QtMK-gx3f!|2c;T*bh@zX$Ln`yg>9AWJ;l+}!+^rmF|?7zym2 z@MpDtf^jre){=q5yiXt&Q#(Jw`mIajmvau{W1}I1bBQS|UVkRmxNE*&_TJ8xkIri8 zYC*-qYJWG+-!Asw=eLme@zB3(NbQ^+k8G|BAQaAO*&sXJUS5t4PbUUK`+77ZRm+ zNli+Cez7@Bi%5B(>(nU^#VgJ`e3U?4RgU`#&mPr5P|wt^n$M;JZczzCQR|Vj&erIJ z&2S#)_aUTjjeWf&=q(zYulL8(^bphd%O;+|wF$7oZ0%sRYd@8c=!A|OHrN*A&&>-D z`P@faA{>&YW>63To?D9Kv6%)h1&^cuduZ&{L9U1EmEDv?y!-Vo(0Nn{7`WCOjrvaH zQR|MQ{Zzj$=A`}&*QTUTseyf@;N}NDF?rB9eGIoOC%z88v7{6JQndpPHl& z$EBWEcY|23F>1Xi0P@D^DX2nw$EoN+Pgp5}&=l9|@z6$*HOLo|V zl0?|m;KYhwHo($FhO<*ZNGOue3wvVSveo4)6-rjV&ESe)cs{lj6R^CRjWxGaA#qh4 zrj9IJujUM|Zx2U@D*q33COhqu=Wm4m

l6OUZ8Y{tyVgZ_EM=(np*0N-= zqKP2+*$Dq?@MX!-&*47J(6$wvzT_HBFngCjslJh1A7!w6h+O$hp=#6(Ky94GxLMd3yMgULdFy$aS2N>1+2+An79}SH=HlZcueN<@lnLR9A^J1ir`LXIigTM> zqXy>f(wFM%%e7Yt)H5V|>Q6UJ_}}M=;cD2|bLvjc);>Cf*NJW{&auj%uISB@psrVD z=lIoCFb@^8tX=6kDzLIG3 zz(Em(gw#^xv?Hy?o2a2}aXq`cXD^`LzI2Y+xIb#RLW$MtSbHwhcc~&y51^i?MrFx= zO-I>1oP>2%k=(`;6U?PRbu~XGkGB50bQ%jal8(l8771mhIG5FNKak*cL_0`pNN1BE z!TY#)gh?t2RB_P_7I2l?qK4wBAtGr@y{+jw+wa%%|00$QK6dx>zjrAqToT~za@jqX zQ_1a?x8S1ntGDgT!WG5Oe?3NW!UmVfO%u4p9NmZE^ z@OyTRZ%(R_<7=e!RDOb%XlcZPrI(J9KWWT4JU{4&CQ#qZfu^gX)~r?do=sZNXGkM# zou9yw+AiOTd)B-tMb8bx(@@u!7g53uj1-YzjsU`D{%!RWH$n9i6!#tUCqoGAW16}% z0GQ;g#IO!}HXx8Ip17P~alearOHN!EUYPzhx$k~tNMsfs7i^R7x|6F5{2!I{5Ai7q z@n~%E=PlH)^5GfDXLDltGOvIrz{;&)4Hkn7|2UcnNeKSVb&Qp<|~!tcR6_m`lqNm+ z8j!kfVd{qL1df?Y_%JJTRQ@epTIw!9$IIm87%G#KbicZBprpKU4c6<~V=23uVOqJ) z@eXJ@@_C@;Z5w^%6WeIyhd|5Bv2x72*3i~{r+I|3($5F;Uc z_j!=Gz}-FMVFcQ8d3%dflB0~cHprpqO6y|Cm(MO~{mW8V<<_J#JUB=jOG1T}Cio%L z5M>n4FlLK6tBG|4BGyY3N2Uw=sTv!WLVc;7=hY68*nYd)*N!;Tb`AOyRN?o-@xz@Z zhz>GXP(tP>N>J?YJ25pibbevX*McSc2}_EgYCBkmN|ih3A0XW8SpC=vjY!x4qHB%G7wa$eJJ@d=$BrJ^Du zlWf39?-whPM$iijQ77CtnBL6X@4+VF~3!T5?oPg#;=o)bG;J?9UEaBm;<)pcy3JD{)(xMIXA zhYn?O$CG(-{WzjtL`EkCUCAe=0#^m!OHalDJu-vxl~#{uSp!3Tutn1BCoDORQ%!)| znv^?Ky2*5%zA(?!O-_SLxq1Ld1Q##|GIPNvF|$-Ax2_fb`6qIBw|g@-%l!)WIl@RK zImMUlbQnn(BZ;r$gwU$8-9fbxEshDQ$`McPQJd38r`#RKvxL(Lb`DMwAATi>(03X( zLeA&ioJ(_Nv7wnU8n-f4Z&5{t;W)XCOxiRF{xg2=mfDty3Jur#r!EGE^)^VF7-`0Z z@(QZxv4x8-fJuF|DT*d+=;_}{WbhKLdfB#>I8uQ=@Qz%0Gefi!{Y!0BH(`8E+Xhs* zvYuz5$60&P0x_kBk>05-ZvMH*uc6k7YVu69(b0{C0!%yok#)p*%Z{D zWs*oYdnxt<6*MNM767r`CGjg(%d4p2h)M%(4GFFM7#O1JoPiqH0G2BFRsLf`&JsmW zGIF(eeb z%QS$Fo9OCh^86gm@YF~pZjE)_-PP$OVYp9w4~@eq8~@7S8R~A{^Z@Ri03g4Ir!u^) zQ`|G{!DD2{KI)qn9fTA5LXxd8q}5s!0Cl% z9FZAD=v|}ghOJ=WBJx$hx&t*LNwf<=fbo#4w{BzlV$6j4*~@K)kInUI~V#! z{mZQXoM0-{HR(;G)LNo3lb4Ve*JBUt1)g{dk#+zU0ki!-l*0l05eYGDM_z1or21Ob z996V}TFDecetRI$6=Zj6F=O7gofCZ5P=g>PO1MZ-^04VP1l{2wguDW)@HDR)T|^1d z2>tGJK2Q+bWWIZ>H0_n%7{%{qXc(=7@S{-$k3t6qwZ*78CKt%)8@%g6w?$x#*||c3_8i5#uBfN6UAFXo=++p5&;r;tEzsjI-ruph% z0PYA->i_bN1Qjb-ZA8Rfk{%-?Z2M5u=LieK6FRr}fO2kH8+98)C-Q~rX1%~hht1eH z+H)NtKImt-b8SA5mZ~rk+uu64o^T?#kJc&mu5-i5IF0nsnQJ614lFM;Rq@fGySg@j z>Jy>hJ1q6Cl-fAm_3e`2q^_bDNm@ath}}p{_qopxqe?C@zqf>2^+hWjh$shSAS?BU zX!zZ2e+B<>qDm&5F;tonxL?k|TKRzK&_g+tj^6rrMlb3|5nphWDBq*i#L1CTYP z0doC0n|OA8Y3@rsRtSdnF+d1FW3qEeZOFB6ut^SRtJEEh#z_-os~4#$rlC$SBg>gg zMbqvNF^D&+e+pKi@q11+M|?GIge7G9p4bPjJ6;eXuFHgK7R#7eM42D~#vi6LH93)v4nS_XySCz%8D2kcmO9w_HcO zVgGr}vT`Zq(sFl5*{6$N)-0;p_=9fo^&Y_7{~{WFka5DO&L!J00$|;@$UvL`RC4`f zyvcg9zX8#8ul#T|JJR8HIC5$(I;5Y`ZYbf~X!o|@Pq^*UdrL{<kMH8;~w>Y_S`QSSbnw3Ed-(185gZ} zYnNmJ3?K?G$gdS3QBQd3Lvgi2i1VIk(q2pfH{!vgha1WJ8#Owg@=^7oz+QT2Y~=|t z6+SHuzHOTM23YjJqPLY9e9)f-v+DG6o5yhmlg^8p{SdU$&d}7{@N3K+VN=D$`mEt4 zI=8H+z`OjoZZO;yciWTurEPX7LxsmT7G#Pi5IM5{4QDuhv;M!~j07oVUf@n`#X*qu zuCC*Ba@w5c%>|DJ7F=S7v>`$+U}@KAR~Wy3rlS6(33syBC)xE3v;h%Pn_Cb8Ky_;+xUCIf4|W7X+wbs(z5qOMG8L2V$9=c`sI<~phQg#mWZFQ5G02Y< zGsEPGH}5Bp4)O!@CVlUeOh(LS=@Y&lz61}so#7gKCunYcG5db!%gW{FdJ1FX-Q%Eu zSKLXvZF9CF&URXSKaSEV@l|Z6J7zo7J1{-Khiw+f`;!Op{n62?_-lIv2+G7sm5Hwk%qZER>#WVEVrzM72E z!s#=fvGpaHwmp8|A%sdt+(W52+h&AJXZ4)Ea1LHVyq&g`Rh&t*Ex|;~Gg8o-;EZF6 z<8NwtI<;_`J7~rIAJ6pmZ~LJvW8W|$gLx)Uj5dNn-xpO`%~8f_4ow5R8@&QYf=PYX zV#L~eT6rT1g2x}o9sG){@H|WeaC;zJ42yjXJ(&8NH7DCZx|VFlvDDnddga~2^rX^% zj9EEUt$-f9_dTEu2~4)Pej`_34?gMI0LH~cs1=H^P$)K|6TG_9*9lFrauL+^dB4SG z&_d^^v1k^T*pmT+ie;Ranv5o`gmu%lTd*7GpT|6u3U$9L7yn{#;=%mvkXqzE>=|? zeVGs5?kQ*IQ!KN;jcjEhmF79R z|yrD;dm%5KNz|m(R1bUk^*n>I_D2W~%?d zrCl2>2ZCGqMOibf;ZYoKoe+%(+T+n%KY*#JCoezINW0l5&w?vBrlz%QGfc^f?ZfOF zR%Z|?VYK+LcH||-j~O6v6**C!mDYEhx!+=H57}SMCc#LsG+UOB&{@r9eXqG(7GKOJ z`XbTLe?C>!74Gd83KVahs5h_-=BIAh5kvYe<@?wM{>X2+9_)U;pru9D^zq7Jhv3K0 z$-#@~Aw;jv6klZs%Q`!;G5}-t-j=ynQV=nH?@O}1aPF_@LLz1`{1Ptim+ZPx#3RNJ z>N^bTV#X;!rYy~6krJBVG*6EGb?QlvC7(?0%~gAXTWU*-#{Piq|do z0MYQ!J&P0kyMIo$DM>yFu9ApHd&h#K3!10seB{xC`l3w(g)Bm9Ij9ePs~+@{GK9Qg zP70EJC$7}8K4B-Q?*%i$Ic2j4{K{IZKCEJe8A+jV<5e{>yhe*~9Y?w}-5bSCR*4xP zccb@Q>b5#Q?jrtdSM4(?pCuF8hWlf$P&Gvqn&17t)8=m|BDT%x|h z_!NLe0Q=s?7i7-2&b#_~16dI12bd5HDeM9qmGbGj6}nO3ax{klfm=b)+ZM%m@);WP zhw%sH;7%AICcX}!7GPoVv2!BqqJG5j*^pHn`2Udah|Z-KIEMkY7Ty2a_=p>q=0H)4P@9V7yfsXzp$7F#2&8V5 zqf{?d9YJ=64aPBE;gcZ9*+E;y?_$ldZ-ipI`z%2@T=qp>ZS=>#20yw|V}PNNDF4fh zS^Qv3H}r!?xV&%dQ*r2z2{|k|t1y`9Cf9lAfV7?auaB37IK`j5MDKF0&ekh}(tA6G zb9Y&pY&!>mBj@R}1Y{Ix4Eb{(_%Y&U@x5W2aaw3N(D#XuO{yymwq(X|`s#k&t92e1 zCZ(aB0)?`hc5a#2ieh+z8aHk?T%_74!aU!f#ypueE3V?pqt`)`{0e^WOd303MWnPj z{F-9Dx#06O|MJ20wUf7c(=HqLBXn%leQ5Q+B9_y7yf9UisREKvSt3|PyoH?1Hul@} zQj?Bjgs4{C=-}6WkFNbUw#x1)m*h3R%T~sO&hG?iZX?MuJehQe)Nyh1$-`8Zp1i%x z;|RnX)^{>#vFByNd&ZmuZdWDT>b)Lrkv_W_!nGc~vxDyIC^;^SQ*K$8Zr+LuJNnk68 zHP5oZL8b~8c%&z%_WvMxnz<`mdl*X(1xTMT?uPD9a}7lIk?-@=Ki&9YNqk?_R=4Z^ zm<)**0&?UGhmW@^2q>lVOy3(9zsn?*AGp*oq4}W1EE6{^vFAzrPDyui*vKdnSMsh4 ziD+O}Or$MzwDy=tvJIe?O|6fxtf;DpIf_sWhf|E76^yQ5lbjBr?30;PQtDegCMu9` zKW<18a@Trh)429Ea>w*6dInK*_x_eNB-Zp_b^W?HkDI7G{|}nmTMmJJKGDJ*gikh3 zj?`I@0R(ZwZ%_Nv*&)=G8y}8r|7Et7cs1(d7KUcvEpnO*+&#cxkPZeOJF=?uX~Ct| zsZZD)Bnqc3)0cUG8hI;KLo$_BTv}#~Qh9yGcfK_rQ*#o-`6L|{)xVZLEI0!rQKaev zH*|nmNQ<2pxy%zEwTUbd`c`WU|)z_85QuflO^PY7Sk`~}a)Dyqe zpcz=LnJkugkRJ432sh*U|Albtnv{M`3c}TLUPlxg_V-a}^Pfqx9*ArKr;Zjr-xTCF zH$i$lcr2xbN9*RMu)IVQ({%oC7Hlnz<4c=*kWL78Hm3h9YT-vuaziR6y_X*hk`a=+ zCvn=UM3_kthL;Zl1qb@?WW-uDwrzilCcxOtpeb6&U(X#bb;#Eq9%dh!$hNruVNL!$ zxgVcm#v7+6o6wunH_)$xm3Y{l&Ih0;2YkwxKzT)ZLl&w;1MbBB_`*R29NJq-g%bl7 zIgASy9b!qBDk@xTKIhA?-d&cLc1c4DUM^N{&9KU!emue*vC(d9qPa}*0h{LcfJ(EH zYV{TTuLpHy+7Bvw{9yRB((A5eADv~iQKCWBg$O%u%_0n737-fB&MkWYk@vi(Hp&N& z$^zd>4>WVf63z`@&UL_FJQDbAt*>h{H zyQW3v_C~A%mq9=MsYy-`fbMM>Wvk@4{};O9Iv9om=JKoK_fY+cP7p?&of#w0?wF?0 zu>pzs+d4Mg{t8#ugz|9F3Xj?FU~%}K7Oyi+j8ae1MhJsZ5)%h1%x1$h7g&q8o(G&IfPUjxtN z3TISiwrEi&M6r$YcJZ`2_SdU!g*W|x9{3_DgwQRLME*t60Av!dG9vP(E;T%hzg*Na zT<0am4}BB?hlIgkP_V8Al<4RP%n$q?)|@w3$BoEHP4wUj=KX)r+nV{24dW02&)qgX zc@!9T>eFk|>$rvVMD;%cRzYdTNr3;zPI$Ip_Y}ONyc(Zd{_K#ylB(33et4bxPK5p@3RIxg#d%_Ibb%M7ZAVYhtvv#ly<=y~Q%m+!jm3Otk7j?2AEiXU z3QBBRxxK;mjB|$X6_F@&q8{zM#^UtI-xmi^vPxBzf5aQzg@VTky|l`oolpDZ@j`W%+Md23-cFgD? zAT}sm3b*5k!U8mAB}l~GXcUSgmM=?~T;AcP-4XUtHugF8fYa0gp}bCskNN*EA&C(K zh5Lgkg*qkG3+(Dz_pf@|D6dc$EZluyP5_o)u<)mr`|Dj?#ldxrV&`F3WSyDodH*ccshWGpoHzjc8ss;IVgN2hr?meH)xo&`@gX1lv2-3yL|Fw? zrneOMAC+jJ=TNG-XJLE_x8H$#`!MLzh3!x6eoM{#21dAXcPtC-AZGv7A_eDiBgyil zkFYoQeP8T1fq0vUXs`-!@_#^E0_gvOHnEG%e+82~o7KD08SGv$8J?YX6P6kUuvG&= z+AA|$w`kb6Cr&iA_cVOw8?D}whR{S+&+o7duO(xzf4E`MplK%Go2#k+$!=fiZYMnc zHlMz5`7BYTduPghGA7zV+Ukdg(aUAFlP0(N*mhE*kqP`)CyKO_+BA(h&&!SV+-G8* zSn$XFuTR8kDWHs7rl+2 zC%a&cETjw+_sPx$-kQ|YUlNm9KjI(!2&m&RAjCHzx9Fl4^V@yZ9M#SS!_qv~BR1 z5(d3fLusVn(qB!=)^85@62t9RNPFtL#Xi9JBAx0_{?0++=4G85z3x)q_D(a&aGbhH z)t58g`9TfrQ&O=7d6BM$7pvOe?0y{L9!%I~qN`!HLajumIrgIF3~MdDNF-rQtzrb2 z?6NUpo2i;6VAVTn%Y>fS$N82lCB4^%^Tm>ZfW>NTT(g;`=#VjnN-)L@?Q!C>^01vE zzEuZcH9ID_A3Af&xHrl5k3`0ZM2NvJPk1W@ycRJbMdKgXyk!|1 zBv7r6n0hBahZTaSf;o~?f>=Fj=8IZ;ca}gVVj4A4s$t@(Ku)ZpC!_S)c`Jh`SB$pH*@4)eMr6FkbC{LhRy(2^r_dCR^V%QrG?isIn*!w}c zvU%>O&yxR`3rv7LBX@BypwY%rgs0Vv@rGZ%xwJpZ$(THSb^-k#)dofwrKfhn8R$A+alhw=F<@wv&WPN*mcyRwXeX)grTc%&{g6aM6{xm+noEg=B zG1!RI%>j<_RpwfQ!*FuK(sg4?e)kIOn6m+PYi6LP6`wQMXQn#tzlFeO>Sq?<7yB<_ z8_N8m(?A&gaNNDuiv2ID*9{HA5vuwAg__lv_eG{Z*j45IvX_(7VEEAl%qv@(!*I?J z9c%9xLwk{*VEfI>i&RumRN2PU9`hXnMNR$R&`Iu?d-#jB{d;OK&q~REq;kap5eW=N} z>8Wrrqj9xsc64L0_glBoqb7AyX`Rw$gQ5G(K1!i@qORz&VTXXyD|Ve0x@rOlVNdp4 zwsc!pl+QtfuXDm|Ak2kocEzQoa?M4XUz~q*4L#;WWoSoSsoj*zx13HDB!~~Op>>f3 z3uZp2x@^>)MjJ(mAG&Ylrs(!gS0x4%B>b>YVL=^5bR^Pu*jNhT* z2Fq-Z;yp*vdmPqX4PZR{YUYY3;QNO&7C$Wl#^{VM^q))62qI^EKJHjv5nck0r4vEu z6A)-f`a9!(AS}-5TmZ>jKrIwz8MJ6KF=M=4FA!*je*oQ`fv!8S-CQR(T4ciGjqVAi)T!>tlkUmE6KQUiwUgdSZXp1_fo?0>_>+VMM8R=!RgzV!i5em-lBkBl;xNzF0{SB}K#?B{6(M66Y zPrB;HsMkeXRiM#CTdj|}P-h?2(H^C(DO`il(H47b9(93kfJ$@W7m?b*X_5FAtcT3r zf~`5-i-fIF$E>06Nz4GFj^1`ILC&TaJ|}>(p=y{0pn1hB?aA~y&nScyc^DfVNZ+>` zJBSO=CQ?kU@96l3xt=ksCgL_eX(!Q|A~YsWZXS z^)1Hn1WtN%?q<5O7i$aIB+p4(Lg!U9iCVhV&G@W|ZP6IlxoM1BbQ!)orfyYoGynDr zKZmwcu#-0$>5AhHT#~dt|C7{$X&D{t0sT`|rV7$Dodk`0zXmUw$G(beNvuL5fYI1~(R4*WU~_ zuL(85<=_g_HyWa!ARKrLR0(e`TpHs`GX* znI-Bg`T_?jFJE)`I2v2vHgza0ue-Z2i)&>u!dkteiFi#m-XbBGqb@q8( zj4_FnGcFM89AQOl4?Zwh3>;Ggc(P?L4Z!R%3ZQCf(I8^m1?{#&c-p%Kl>KvGm`2uRyJ zY$6Sv)8sjKK|&Yqva>Ej_MAbBi8%u*#(t+~ZpM+FoWnt&*JUE5gV8mtA>s_iwZ@Z! z%C!at>ppxzC0+x#d#c)=98$Aq(2;5C+v|vf58Y_xX*Xb$Bv_u;t4Z;57hO||FhzMoXitX z+w1nWY=zasI~m;<{tw|{DqD{J=D&g(o-oy2BFTK#U6IID1}h@aMEUc1EpH`;)!?8OxLi4WGDz2E%pr1_G^t8;Anq=zzWRr->UydyR__c11YQ`o%t zu_k%*&*ap{y5!|< zKlONB0-;#}a=ATZlP;yt>}|#;3#Qg4;vb#J9I?j#voB{3W}ns7JsCfJ(esZww#6TU zioLx*onQK*(#ZR~%$`ekE=~GVs9Cjd{?c^5xQx6^&wtxRZ0*lnGG<>7G{o=Ux9yQt z|F%ik)@xt-yuI|o=aOmjmUmzLyv5`EWgzddj;+0(+xdRis=AodwY&0n1bi3Y6Zk!S z-Ic#vFQf^oU(f!}4?NwS zNrYL1fq{X8A++aw%$^>Hg=;w(802*s7{r01FtDT%#7ZtoO)Nmjm}NX%nM1)Eyw{H1=Y^V22#ZYge^ci I_6Udv08V-%X#fBK literal 50129 zcmY(pb8x0XvpyW#+1TEVZ5z9>ZQHhOI~&{flP9)q+fKfH-#X{3^ZV!Oxx4PEn(6Mj zs=KS@WxyeRfPjF&fG~Cgw0+T@1zTZ3Kq%=!K(PL4jT}u3oJ~|LL`_UBY%QEE>}=^R zo$PEcH9uwXM^V4O$$LdC62mtauV{A~(FBK*h zr7(>m=iV-swTp<#nzC8u|M-n>=NjWOaMG7};bsiw>0TNEC|b3pzFp{P{gU1U@F>1_ zVhC!3N9FS=b!$EHQxp;&-3Tr*LmY1*EeBKn4iT6hIs;i{W((Q3kh)4qKp5ni_Z(P2 zb{y_gzsH{SJIAW}(p4o3@Oi=;pbriT8RQxIwf1jq{p3nRFlN>*RUIP%im@ zDG(EEH>4talZ=v6Wq!;j<3xFS<{O%n2-tf~>;vA8NckW2`$e*Nc^44fpbNe{lx+v3SLCh(AVR zR5GD|_tl%E;*Eo|gkoujUJ(y_WHL`itkB>b0naFm!*Rh3OWGAg<3>@o4ulI$o#-Wh znlTQO7^e#T9V19A0;M-7chs>$VJ^1$3!yd@Uo4Au02&o$C{k#~&uUp{ z<&IlLN@96nCczx|y}^@#o8@23k)|%nW*#Ym+WEfSSMs0bvX%_ajEuOKNj6rhp&(bc z*y2SZC5V{4ts8w>#nZ>qIangB4Kx|*nuL7{^fQP86q$|SiExUMcI;~Hm$11Q-VTat z!pOUMb<)M+E$bZ1Fc=m3>IY@a#p&K#Q@^UM!FMcJsh2?sEnWHtNwX%`X!3JtzIB5p z&bhhdtfp*gIBbmfRA9xF8mdOs{Y^7fHcEfzx5(DF%Ad#E1KUk*10p?kRK#Im^5PO=;q-h?mMt(&5AG}fo6#wNOI_vsV_SX7QO1hCu-E7rlg*mF2 zI2JWac+pcGH zN7j~UDKs(2yyv@Dsb!Y#=v9CNLNY=+K~sEiS*mMrpdb{2~QlodNa9wx)kX!stCH8q0bIxfv(+!4j0BoQf4R_X8IM<~nC7{0RFQu9 z>+W3r&VZw#%&uc4Mk+9Tm@9>bnYNZrLOrM(LQ~2CF-H5&?EbDmYeeV!hzxYM_`vw_(m4sTWav~ z@@?S$%xLYK?c;6I>!@|LbXGY}nMagN(}Ceoa*K%0TSY&%rF&_A5YC}J+5H=5eY3UJ z_(Of;z|PH2beL^KqgCzQ}UT5^dcF7$^hFLiSqS5g~CY zQ#*KIEu8fgw5+vkiJ76IXMZqSICvV{!IN~37E$e}5t!oQDVj5eBE?h+21kfnod2ir zQ|K$z+NVg%b?}D_(B%GbsNGYCFy5qw=P8oS6KaZ|0dj$E`0Iy!bIUaqId}P)!G`G^!~T6d%O)x#mi0$+ z-Bi(8xyR3Iue6_ske|ny%SkcsAxEb8dMytAiYSKWu@*eWU~jGZfOkk@hC&`s6L_>` z-+}qvZ=cD}ArwgJL^KJHK1eF0hB&+I`K*$G*6{h{ zY0cmOdKHB)N}aabz24PJ^Q_NqHW`2jkc62U=3!Om1X5H@{0A>R%9gO=~U#+r>*!fTukO zzW3DA^Y`~RNz<)ey^{pceV<~jO(v1ix4m=R?=-qTPQv*2$KRmuOwqsl5JtCjTbGwE zdQHzrYhIf=X~DXTA&wlz_@103Ip2}s-$ZzHO9ALFu(wIuQa|SV!hAb&_+Ii}_$gss z9l*$5@O%Z$!Q~P=i31C-%h4en7=O#-4J9!m6dr63-*I50*af?=gpvT{&$(|XVG+HP z!$AuSPzsh=+e?Z%jlnIw_jAHH2aFQqe=c=AgF%ZtK2Qa-Ct676Uvfs22_$X~yp(^( zz7!qU?o*tV2y_~UQ|aFEJW*C{m4*ZQ$sI?g6&PV#TX-7MraiS-now+pWJN`oN@BJH zA^sTdwan-z66c|$wf%&Z58ub$HQ$g;WcW$q5cu^d>pa)f15cT|{zWIbRx9<6h2Ji_ zgZ8XP5d1|P{^lTD2VY%y5S#DE2Qiz*2|%(KH~50*+fX=0n#FD>FMI}w4gSP#+`E=d zsOT$$_v^XswHGF9Vp=z5dpm;F$kNWs?sKzmX!Z~jkNyP)(7+r@lsi}hlx>PLf!2VO z1iX&+7pA)d0(xy)6l+%3lD9cpTLsdl`B)AEGgjNH=aRqUKS_wYa;UG^W5vYn4~BTc9o%oZi?4KOOCaKo6%+56owE-#8GN_T4}8loVCmx(HlK*QVp+>NirI#6UmxE4A0Ym3?u~h2EPzz+DY9jzdcl@4~v28@XKe?}I%78uZE5 zBC_4*h)U_{k*k#x2f;9#110L85=-8!>V~z;Fd?r-w%gM@^nq4jD*H{3!@=7MBE_AI zi6t422YV)s*cy&>Y1Ib_Icld(T`6VxlxKd2Nnr^peES76+(twZ6g^Dp4g?^n-M#ni*FQObLa3SxS9PNKZ#E3CAYhMII_Ln%DJY7yB}<+eaKg3_gbEz;nz`){v&Vrnm8$vT_frQCVZM0i-*1$*;iHz(e0sc|w z^RhSO@V>LcWr-ZhH^;v==tUJ<k~rRM&7bi)OqF_o-&KTU46(Z+jsWJW+K3t+t75 zaf5w$QMxE4ZQ-=QqI-y43p<7JaQd$)=1}uGY!gNysfsjr4&XDOo08M6glNukE zXe3D=ahKM~RAQ~iIB497jK~oa{j3D0g4#e_p5+f#z2Gzutb2|2hMP3KIxz#*Gj0^( zs6Kr){~2ISJggal>WP6JkW$a83xIoPS6!){gfr{s1bjVYlc#&Khpzbj4*iLnkU{s9 zmrmC}Rx^PAj*%Xe^6R27Tnx#Y){&7RN_#i>t;kTE%NUKZ4S4nf5Vm9aL!BoQ~t#0F(ANIIR!wjKSx`3+aX(W^5XdWi>!- zIHKZyAO=ZjU=sQMGkEo>igR7pM*Nj)U{|Lflr+cb4*j_9o0ZdHzo^^gT#GzK1WI!H{ z%G7c{`)d_qkAp7z+>hAm{sU` z4!Vr8J>i08W@)MdWHP;HX->?4`9m^{ZEHB5cjzjmF&eSzQmgyrXm+ub>@o(Mjkj2D z_6uJvhp6Rrn%n1oHR?7f9Uk)S`n>_&2K}jH8XfI67jrK3$<7Dod+W)F_q)>>`1VOh zD}oj5<#f=7)?O2Me%u>Pa9BS{;kvJU5Ae1Mh><_kiL|goPt+iPG3=+SWoR)kn^R}e z0dL;p#%|tSaC)q#?wLQ&N+&(bfe-K7u=ADhlzx?y4&_5z8)=!*DU4oulgX1KTwLF3 z4qg_z9b=`w`xI}0W8U*v?bp!+`XJ&o=G+B3QjrRsr0(u5eq@DNBr-?2(I8c2&RRS^ zHnZT0i+53Yy}H}cwkhfXp_W1!;l0jVXn|sw_s>%b&C$S>*FcFX0z5KvAtZh)yY!zh zQVxHbE^wWMQ`+*SQdB|X}C)_QR$U<4yMqY8+`4$4o7HS~U^>SPbWBe_fl7KD{D*YqL8 z%+276zX@uCg2hvOMz!4#28e(4Y@*;Dx$Ym*1&5K$OxU(Ix^>QWZ05t_47cJj2z>gC zyYIQ~o3t)>q-cA0-p$CKDVUSHw88XPA`d&Z@&E5B0sna zPy-w&W`mn-Ili*v&BrV=t5NOjiq^HhdlTRrimu65Lu;i5svg1F&9;jL#j5Ox<|u!kadNt+ITMJPVX07Mf6|`2?g6 z!wS?BdtRq|pm+DrE6e)|{ybf>c3N-fCU%qxhEn>uEH_SqQfHjO2q$4$ayv8xt0h>&8IFccH}hf!c9s&{c1PwF z*?vNxC1=A`o@Y%FAcM~h%!P?d(RjdAY+U_nddAV!4(xEDanmsAL2x;L;(gd$;sQOc8)DUHa1<_eN%~otu2pQ((9u&fZ7^cnr<8yIkZSpOd!wc`d|`PJXoY4 zDsCO}gN%G{DzPrYoK&3XN(vC0V4`PiUo__qHqFbGyp9<62528t80cy2HEG{HKUIVC z>)w<+9vK&hpgIt7lpuZDK?675?EGxN*wXz}}wUnRse(+q+uZuuvA>rfuUSe#VZDdQcjPy?;PW zIH-@wUC;{mqgbet*IN_Z9%21tXYchX_mq(3A(aPx9%RS< zOe)ZC4WG6nn|K&F)4ImP%7UxqVe2k`IaT65n?@sV)r}Unbn}uJ{0yQeoGMZae0^+Q7LWWm-X@`_D82>A{KPVH_E7?fdcAWsN^0(p z7Z{V%c^bscMzd^xL>Jyg1#Vi*hJ(HgaD=iRzT{uU$O+4Oy`p&$ni<#Nay@oE;It$W z?#C5tj3Zyv=X*x2(UxZUs6PJ*O;Rtfp3M0p>eKYt+A`f^Q$(EUQ9YTu_C-=tIo$1m zrup-_uAB0DhU-v14k4-i?@aC+2_O54(JWa6r`RnyEa2&t@L-X9=I^1cfclw-0`}#A zr~d@FdlVmHXOjRSmYvm-?`>*qV8pfU?)xm}AV#YeUrV>xJso*m1wrj6f_8$ zg%2-e*}|tBa7l>{J(IV?YnOksvhR%zd@|9{;(R+Qi|zk5=UOkr#-g1c>U!7rnp}XbqYv9>NI-aLIrglde0K@I=U`Q}XV?jJ3w!18 z*{k-;%(a& zX>Fevks}$R#`Rx>{xz$d@Q6G_(_G`t2qu|He)SqXC}ojVT_w8XS5xWQqV7zk4y%W= zHRHRXVQWvFdYh%Azz>s7hmCF1jMWWF%7x(u&G2NIHMevxH__Su`m|eps5O40o^JjY z)n$a+QjBYlshrMv@qLi{+x$?mFnE=BAz*I{IG#{TeL3MS*A zQ7?#PbYq=T#F~uG`yB~M{7PkrEXS7NN4>p3v$q?(l_ZnBF&Q6dQ{`9a&b+f&;5MaQ zanc$qt3BTW;{ed6wc$@^KOSFTaA~PwDz9iqJPpW@gRy)}ioVAeMCYFiKce8W@$A^d7J zf0iAs&s#h)tY+3?sAFzBO1esZu`b&MYm>w#W#ns61WAu;iJQK?Htv=%cp;p9FPxpT zY{PiSXX(KkOKSkprcKzFX3dmrFy;r9Q-+h6muOOcKXMyJ)T{>aqoXsTt2o!U`d7VM z^(*OrNmAkg{nbi9rvP3Pt)f_ETKlkMRtbjIU*%@TI+xrt4J0( zmz~m^{F!NzudhfRaphlbWaVQvTfC3=lh|4${8hv=30Z--k&Fc3&Y%SXg2S8;%!O)Y zZuZa9to&kUbhS-V3q%R&uwK8}+GBi$-G5k@v$wQ!!w2%i5ZQ9$C&IiVt%`p`Us_ZQ z#f$D-2TRO2Xq};&Szem*TiabbKR?agn#X)Vz_IB>u%63ok8!V;rqEeJh?lmazB&ne zhoN3Hc-b;|NRi?)LiKc=5_}j&_yQL-32A4THLHia3Ku=!dKo4k3aNfZ| zej!4(tS8VLOEwsyp3QqPFZ(A!F;C|=m+Xb61(a{bK+vWTocD3m?ASjt#TczXVCEwW zM;L7LJ(9rLpg}f{QE6QR+V>4?tHIk&340g;IEz27l$Lxdm|mf&fklgE@xpl~`KNm}^t%wB zx`Io(up?_$f=k7LRlNz&lm@+!-@`WB|CfD>IG;>7$B#e(n&Ycdo>#K`d^XD8B9)|lm zHz29Y?86|z(Ka6ro{#I7Q2C1`wa0c3gj?uovOp(iM^_gICkNNJSPpQ1GbyqOxkMr4 z3w>y}&}4Qn`xo~|dY22?n2COr0B%vKDu2g%aD=d3Tl|5Wd8n3Z5_KiD47^xR>V=p6 z#ZF9UZO*cf`{Ag2D6X%s1f!muJaB7oCZu{JFAiNnRrZUVhO~9Xg1sQHvNkPn>L>Kf z-`o2r`Fm?t+`%^uCMoc^`Z4x$5BP*1w-tSv5qy&R2O_tCFYFBa7qGzsFv7hb2JDJ6 zcZ;1NZO0M$FK_v+yn)lql_Y+25Oq;Ijs$ey?{*Fye(z9@Vn`F>JCDIX9+;?%bEWA) zAM$OHwu;eAIPK{-xde2(!PR+9_@J`yp>_uX;%>I>wsGq|c)-W+r}N-jpRx5l?1btz z7%xKl?>uV@7X1$~^oj~sp=j;;?x1M(oa(yH>KhR1xE6 zf+UL;LxXh1pac7xg?ng3Tq(ZDQh2Wj~hc}(ND`>qt#HCwJ(X7lkDbxK~Eg!-#WM??~euF9sgbk_NQ+CcM#gicYeTE8eXudxYm50Gvb?_p_qcgao;uO zr$8Oy)$8eZ`blr4qpa9XQ*wO;)-uQnu5XW~KkKPM(5C?NQ*A$S2Wfu)7v6;K#$5!q`0>E2>$KpK(`&O77DZ zfcpE(Fa<07^c=H6+ZSVZ?7q|iJ@l|sMCAVNBE;(j+x%oV(7eoG1-_`@5wO0PUx1N^ z^)HqYZDwYm5OthboBqY}MEW7c^e~sd{5q{Nde~#Y%zw=P<5SmvrU;Grp$t?wji5E# z%+L-jZTjXPH8pOy!3Pj(Am4vH_$Bupg16A6Vzp^EJ!2<~zs6EV4b$h18^0~mEL2^OIa4O{k|Mj{K$T7%1S>^OtV)^c&`JgRG`M%%BS z`yz?1u{$pU6nsQG{^Kg{JStLxy`Pi{nH0(2JaNM39ujyzJRN>y9v^|>Llw!0-(JI6 zva_U6*gTW&hDt{TI4f&CRJw`_MD91+s#Xs&zJ@lD?#6(ZiJFQ%PX9K|NA$d|70 zu&CF@^m{muig+D3t^)mpOPLXY5wwCgt0C5-Tgj3LUY_}MEBX=E zmRG$bz+B0Pbxy<#qL52}BBo7Y*9C)1gnbdj`B_Ga#A6DzqVR%=YgWr1p%=PpTSICg zXbN3EGuGFId4rf_uYIQ&O2c7wd5@Yqly=*uhV}J5exM7KeeSVNmJj}lUOQb=2H#o? zLjbA%=!YXu($Jq;QbaKN`2Fj&8^x+n2{njJnt>%m!p)so4>)%B2jO9H!oXZUwj(gS ziIK)O6SR*I>(!B2?u~U@n-&hOEQ6-euRzKPqyz4MQvqveHtLm)72eTZo`_>NSL~fR zwr0rmEMyCxT~tiRv%TKDn_%@S{*RbK$j8Iu)nyH+UFoGuot1PA)rYl*S(#6IsiH+}NJkJrzS0~vmh0RqiD3+k8wU)G& zkz(jT(HaE}C{|Qqg;j~}#`MWd!z&TiDv&HpxElr4F$yZV<5ifHn}39#t>3p2pKH*K zc*a1kD$Mq4AzlaGi-B@ zs7$QA{oQCQ5YO~m3cL~p5VZK(k|&qtFECezJwT+kX2?0UgCdjD4+gJabtO~#7Yg`t zKqLIwUYLQ|G6A4oYeQwMYs;+u7zs52k>|v|H)47-3ThVopZ)p9IxnVsO-|i5)U4Zf z3PzWHLT%Ds4tB?wm<>k|zDrcc-6vH8vb4+H*R_$+B3BZc_AOe76|LeF?Ncpv)S*dfe0?-Z!;4rHUIdUgq&=Tb=qmgsTJQK zc6M{4Aa+Mh4s#>dQQW3_Aw0bQ01>>6^#zC@Cr_W^N?i*jY31SPzquiI`c+xtF9eT_=DdZ$d zI`x(bUu=bfwmf83LKX8u&Rr_hXtkhV8U1=3ukEXL_wa{K;{(1ph}E9YuA`)Ysn|Pj ziUf}SL+Xw(S_U*tDgO_X3me$-U7wwKa*#hm8jQCwj3qx9-;7jRt_63&x~fqStH3}b ztsyY2m8>6xt)1v^Ua;`tskcP|BgSr=stBo~fGPdnofl?O5j3$Iz!S-5cy+gY>iJ+! z2mz0YUqG(JQ2?Y7*mji*!^gS3H;(8i6Y{?3`a^oNcazrH zR5SH1nH2Ry;oQP#|aEsGi0B%59jhoZVh0 z4x~y`>aHxPQs_>C_ru=hjG#o)PEPSE%&=tZfR{@mF9d&5ujFUKeX3Wj_4HdN?iuiSJm551&C3<`(VU0r@ia)zIBCFI@$kxYci9p@A-Jan^475!3)PQdyc_6lkG6TOJ-AsO-XVuL(%kN;$$mrMCi0k0L=#yqw zI9c_eSk41vtMxVBNz>QOYm?O;{Np#??SnvF+^k{XQGLC~LZ-PjA>RLdSpPrEs0a6$ zNh72Cl@(rg_PAAnn8_mDih7TO?f>2Te||Ui`(LH^zXc`X9x@hk{epYFE3ar){ay!9 zgqBrWJ5^=YPytmY8ab;h{EsrAIWp2+KPJ+BMpR5&Oj(qE@Jq5DRS6S4#AQmeXeAt4 zBdhb{=Oj;UL=2}Da=O8-L~OkJR%-(eZN;cy&X|5I;T?g_?92G|Z+E{iXh4wZ-Ht4U z{4ms!F%ULB7Ids$h|}~02)3Hu{OjoE>GZD?wrDJFJA+vu^25`R98uv#kUJF5NN+iV z)By;%31NQKjK+@1QC94)?FiHjk3VSHB!WjaOPqy=_(Zr8O>lNxmo@G7$f~>Hsh7K} zJcTB*-60#ZNTz!J(3Q>-G#GxON-;c|`>{)HMb*_jny2;kzuj0Xe{_DyT2ONT@~i1K z+e=pULvzxFm>&C8y%W&oD{BF%Wqw*?@zj$!Y{~nq^+Q0^AJZk+Qzf&nwU7!d(^F>uN zqdO#0^8{MnFeQL~r`|N$8I&lpvYsQi*>*c%di?RGb*?h~_bJQbo&jx7s{7?yj_dM} zOx?;o!*iKxiYaKoN9jjaccw({(As)9@`ylc!8(*a1n~ipgSGO5QN~cAaX*EDVw|^n z4G%}AP_?3cCH}#j3~k@KDgz>(9@d>9$^3eMz4R4(i_fMgf-M4DDnz@5Tp;|jJw_<* zDq#=0NX*c0RwT3j_Cb|Q^W+{mF{PLYaihZ7bn~j}2=RZm_C}8}GtD+AoN0{0*8Y!` zL8r$!i$FTH)%K%@na0(10XtC86V4ku{)k8`|3AF^cIX3!UWGLl&_F&|uFtH3beS25 zaO6E|zsh(qowuV2*3{=(RUI#ld0vfJ^0_UjPtz@WUj6Ujl2JI+>^YL&ESsk8{0Bn{@!$t~`nUH8?ZN z{w?d#Jh(<^+Td&n&-h-CVs+6+4fBjG#0Uz%Z4M!KH ztti`?d+GVp6T0H|TDASciwFKL(KQvF2eBa6GAHEMv8i9>*Lm9>e49jkq*-8Xq5yIx z;PfI+=Zpwqf|P4#owFlnbl!wuE}FDLzfq*J!fo=8TUum8sE&k7eUvx;R2SECZ&Oep9d7vR;_t1^M&%9$56 zD2^wW3NuURIuLy__}=Vf5eLA28$Z7f)XZMOcP>%;?ToA}g2!Hbeuz^_1@jfPqJJA# zzhNpB_0FRxb#~5A3+ZRC{Diq+k?}!^wv}c5n(H;oJBBo;Zr{@hgOEsbW9?~t(HfG^ zCyGRSDlQ(?iVFoE7EAe^%+6>&o8m$h!GyUHJM=~r5=Z{IB=@Z6H#oeo>EZb%kkw^b zNOiZ(Bbb2nU;h)YKMl7;anoEY?ZLs?#{8bZ^Xq-MbWxc3g z9?u20+|7OC)(s``_`K)a@|E4~`1G(reX*);)}IIDwi0vCe-duDk5el2_97}eX3)I7W+&EZH$V)6YKJi@yO?e)&ntc(9;?g4`s3D|1(A~ zl825)1?VOn3y2aEVgPaA@73r%8k!Jy%5CYr~h)>CN z+x#${JQ6_NXZpO!+DJK(J{tS*TYH>AP%F3G0t0WJ%=)pXOv$Q_!tGp%qoW7^+hBun zq`Y&=TkD^afeynu2AV%2Aw^l{B835@47~uJ6Y$~ANKdYN>FKckt5}^*3~~9k57!tt z=Qb+a{;Wql2Wo~7G?aTz-|+SCn7zdc+1luaqWxhv^+f1~!vg`c){8hq7)w2*_Gz7W z`AjT7|FwD}nM3^D60+EWx@3H+vBD;u5|(5#f32?u9HY9S`Cy8e(V)Diuq zh#sX~iKA9Hc7ovrfdoH$ zR>Km=Q3-yd?KyrVXaWl(AKUl&=&X{L81&SUFd^2#h0o;Ki22#^rVXrt6`p z?;z!U-_fnysV4H;uIHG!JakWU(7{Mh2??ze!ZPDn zmqMrmNu}6)U(!-S?!}&LS+LN#f18Id=ZBARJt)SeSZQ z<|$`grN>xOoF}*VG=71~KfJ1GpNVCCl1FwCFM~GQ=d-UB6xMh6j3))6T%Xo~9fl26 zmOd!kv>jOKg_#h%T;Hm(n?IFJ2?=1covMJYKm2LKOSvPr&s2}VR|3_n+eTG+lRolv zO%YG`iSbA=4DwnM|wo*>B)OZs%f(-I%u661YJmUtH z7q2eDFlq#`3)K`#6~xDRI&>mh9MuAB9-L^5ax0mMio79U#i@t21*ucvU00o_&!uED zYd%qUNi|j+|KCx7}+3sIyw2=t8#C+U!HrPJNTJGyl$j= zE9QG{DcYYNNQcBzF-;g?LC&OQS_AT`landUK%UKymy>P%j-2Fm-2%U;6|Z^D%wz1+ z+LQ1GqK-t;rB9W2ZwBt6DA}_@bX_yhaWk9K;{oTxJfL2Qetb;t@24Tp-5&Lj-rp@@ z$JY#GHPIp3rn(b_!wjmY%u11Y|MKj#44_GgLxzS{TE@RTyPTc{iq`tG+w?cNr>ic@ ze;AhFrmD*nuJ4iUA(QDU_mF2Qy~D!aQllBP0x!Sgf4~f89b^$vo=(%;{|u_kmo&eF ziT`UiI!*@lcnvtr9_+Ch6E`V&*N~q-bP*?mvJd=fs~6CvdEdXvT?A?GTvjJ$SOj}D zlazfPB+r=Tlu4dqT)@>JYD}<%Ii28~%&MsuSlZDVT8}gF(B9bPm8ZA5y)`5*hfN13 zW-^n<6CLh-+HK^M4`RDP_->e+7&d%y<|IdL0U0$!tD$b9S2vLMIv-xE-Q^XMuIHG| zzG=!q_6%xm#nIazOn|}rR{L1s%`@pT6uyfo*de#!&$H!l7o~tQ&|>`6%*B~&QlYDU z5BFX)0Qyq2S2GP3r%>k(g_JxNWaxlG;pl=Io0BSwj?a_PKwh{~J#L>Ji+$q}DlI7xK??<}~I5TceO5Ee&1MjH82)Ig;bG>)e}V zQJW8SDvKeyQMMwfet8H}y}dPp$6#8PDzynP{G!(&fTv8;>jNgDf3c=!(+n&+pMDQq zUR4jIvTP6EHyByudU1X+XK~>=V-ZTy2QndV(83_##dJyYpUtYLW+!jEoF;) z8+=}JP9Au;re@#&HoDT<(a>QwJrk8IrKE=FkpQ%LP&Y_yH=T6J3-bUJOcTkB)ADr`1Fu4M&@frQw1 z^PB~;A4ch;E@rV}Iju{hziYBYa_{z8uX};NWkrU5TYsrzI;FhlLW{`YnMEABpT~if zW|Wu+;n4DT4_$Rt;Z7InS8pJ%x_L2|dZF#2CamI4-7aKLL|~ndAISS)$?aoM{-{KJ zsUEaizKAQXR%Cm_LTgG_6+_XrWznu3)Kw2t(W1?XaZ#c7hW36>RA~@1vWD=(H7Y6= z#K=T&*>&xtVPYS9y!DQW`8~X9=qjNDJ~pdUzNyge&VXxm5sTYd1iUi$xr`l)i!ELu zNa>!-4S-EdP@JBIu!yyo@FC%4K>tfhY##GFeynxwt|~$L-BK_m!xFJ<&Y$|f5JMti zG@^h(P;NJ3@c$8ZkHM8jUH_ni6P(x`+ji2iZL?!{Y}>YN+qP|VY`c?m@XzzSQ!`Wb zPSuGY zEEn^Oe|^nIae1(u6wK&c7%$CFb{{<)u-f*GlnD=FMR|Q{sNpSh=R*0Ny+F*Ep+4^;kP)7pyi9rq@fUF{fjE21;qo@W8U z?@rEeO@e(Zs2}+bYTuYoaj&d)6~3QpM7WEeIbLC{xnfE_yXezRY~TL`|IzOgPmZv_b9q-Qs+`I#c5 z6Ke{7bn&Q%rpM(b9q%)abZoJf2O5Rm2a^onvl)U!_TxUEM0gKM z)0fePk2E7Rn4+?H4)-3N@kWMbDTb!>RLwh(y>L^vjP)GjIPsh=5 zB-Yy1({XhFy+JyT&i8j&6qs==N}3uyXGO<(Mp=)0uyaxq+E39t#H5b7GA-RVj%dY+lQ*b`&=CIVIg!5blG; zMM|%)7WqSFOGZwhd~z_%L(Me&LU5+Ji+DB$6BzE=BKH+uHfU}GpjsEqb-TY0ljXLt zLJ>BsQC>qhtwt(4u$Fe*Gv1wliP6KiMBPC;nL+H*7m?fwP!PkDcD_P$i!EfZx$VQ) zJ&wtfZ)l#?erqQ2HQ{#7v}#@+Ahy363hV3mhhTwdC!=#H14SyNuNpDpFP{hk0_mm= zzsqp@_YzdZoAsYtldK^?()ZIyh`6Ul>?&6E3*797B=N*GD*Io;etfPcXqiBGa$%rw^)mM8U} zdIoe6A~xf%rnJ$Sy2*JB*IDp%JR?=24U@yBbSyITJg@5^YLbDD=kv&utuL_Ad(aMb zp-p+T54Ir74qtN3S?l_gd6pv}HR#F&m zH1ca4<#nwLlN-%m!GEMVkVm@w88@Y=b;z)A>OQ)()sEWkK&xwMlrl8OIGxN7S$V;c`c&G>DffS^*_64-qlMV0XTc zcqbE`M-%wEvZ^F()FRKNdx7=RWOZoZG)%3pPI19TJ0T@A?EE=kU>!xpt zGkk`lV^ML5lYXiE>kMs4N##@Em{rL8D`bOGFXYgmI6^l8~be7t$G-E z+>lY9*lb*!@zPv*RQ7)>r|L7YVY9x`J+ohEM0aPB{WC|8K%Kad0(B6p&T zM)WX9Boz3eKFk$`tif-&vB008wzG9R@OtJ#zUmHke(8&NlB z*WTNS69<@ILgn$ulvKSuFQie+hhsxKQPIKOKd}^kpVT{&@WrV9r7IO7IOwJ`lE3~- zpEn}{=}b~c7P&Q(u1AkMOJ6L3+|`vr3+(#TDOUtS*2=|20lucpmCz{|ip747_?kMU zfpapDNxBbood{*S`#mb%tAw%tm3S<_`;Bxg_?Sb!*ce7my5ED+oQt#&bU}^T&0F8<*lHAYP|PY6yKBNdkw%q39yx$C{d&``}c zjPC%NQ<}ml7;z|8gK=f>A zNNx7(E;>%c2s@A^X_$rbVAq*yD3d=y4sNgH1_ zNZxseBDmon(4u*&=)i$u*8Sk8L!9&=bz0#*mRrO;q~GnFF?u26sjF4 z0;?}0!KB|$=G=R*r1~^xGo5>G-?)Ao8B~;uE>($=tgEr)4@T*Lu2ItWLlMAMO8pyp zb_h|yomW@JMILkGL>cAXwTqci`$-__{c`37j+2MG{|xbdKqu+*{-2-aSy~Qyzw$D7 zVecBzgw-Ovr6f~OPGa2hVbtP~PGaUyX4c7kJW+1;Df45*_y5@ZwX5~Cb8u+zby(o* z?lNzz*}O>(eQD8w{8zA|mkdUFi7zrv?>;eo*AIG&}qI^xEa#-WX_eZC>^I zE@y~>^O~CK*9+FqLX!xf%yPpokc{fm2beBN>fdJ^Wk+ichYg`JfJRzfb|mQ$EgZOr z7`DX8AyL>vW&c4wfxUQE_AxdP!Mk0Dzmw25zwXQZ16gob(+BC=T-|4beCKJVx?;+I zb@|&{|I0AMnRIJ=U2rNo$4wcqt96X=pev?@ZyfYFjP;*?dUzB1nrD~mh5KpP@%jNO$)@#8gkD+7D<(!vPZz$di#^Dw{bB#DfFJo=$ zDa;tL>t<;z66BRqJT+NYo*6p;7GdxYC+>}5D4Fwy7!W^CKdhvmRH*b_yv0cCbfs6; zCNUTM^elsPi)5EV^^_v%BHepw^v}UTPkWcvLSG`IM^^mJLwv3~XH0ov$`RSVbpt(r z__5RoUgT$MWlZ(sz6J*P-@Y3vxOsG}dCt88t_Un~>G{|11oFh7rg0!%*IgoXVWeaK z#^q&+kC0damObL=Z>tcZh(|t3--SCmSU$G33-eClDF5UFCS2+JW3_;U@01)p&Zcya zbIngBmk`2&Fw z!TKX*`6+gjca*5PesNJt+}s>Pqdo(Yk%Svi41x4BnxIdbsqaXp#FKF`A`LWjMe+Mq z_sN{Jq{z60<)PB#QW8)t679Cd+&)~RAu&1W^z*Wo{c zI(_BJ9?0bE0Dp1x3fU0`lh9LFkDnvtUS{w+kfP3v@fzct2*{+3PgghZ!9kJ}X!W3WxC4WzhW!7gFy$t zEC|D8$8kDw2CEt{*d5LjX^$azh>s@G$=`tNpOU)Tf7)?5>#i-lcdfS*%OSOE{mZP^ zP&maX;yX7RseA}UZ4=?aAKG#L2%bQN;j{|clVl1~cE*<3J@Y~oM~+_qv*izk zm~K%#(BCj~GQnSW(PE#eTr*A48qqkiG+Qy73vM?=yjwK*1UQkxukv`yVm8&!#EC)H zHrLqm!#q1cG6PG!zibHTSzI?E5Mw2O+cj#tD%78PdmdvHG}@Oh3X}3qMO>#q z+*Zj_wDGyGqK-ywf{?k~c%?*GG5$SN4D~NbxRcJdOTmuUGg7y?rNiohaNz}-f^bSxDvv(6dIecI~xr@JAP zresI>OItzc8Ek1^T|sdjq82KTBGz>E7|kjY{aA0IIehb#Vh#mI_o?3(P!Dq*KuCT% zXluKGnn18*mq39CDm7?dK&T=C`<09?pD$Z4PzU2Lye?#hOxBa^yRqKx=KH#Le*D;q zqY<}i4E=&>o8Vk|kh>liPB$a2AY`F;C{6yc$6PQKiH%f4$5{!*I2AY0&dD-q4d7xt zmyK7D_bghp=x^~L%z^sK?l*#H&~F8w^Dj4a^fTmDVCS*_2swVJ;fc=yzktV4fS&o(Z zlZ>-*7*iTs?2DjZGBi8q4zFsI0wjzSEXLk^;BlThOS%6EG6YJlzXc56;C3H}$ro--kuC)2l zwG5nyz!mr0n;IQ?u_!J3=&X?yU0k-qk=ox|Hd7^jG>w)7l_8!x&}(*!7zRMQ&dtQ| z#6h5~h~55>oYkZQQLxUlxk2Ef5H8`!t0(RuCBzo^SDO06yF}0+`oX`LTI{t)0hVIU zd^u!r!_VOH6}5X-M0*(pC(o@*uMGohFq=`q2r@S@yNxB=j&fiH`Acgn-2=Qnk|_{& z%tms9E_7SQF)=Tz(wvRvM zo;6E2rCc{Sc~`R@q#by07~!y+fbbKr!G|jtT!xO4x#o`JrEB*eQAp4A93}=dN@OH) zC4n<-Ak1*&J(1*aD>G_sf8w~JHsP0-eFfE1nbp+v=)}Gt5w3ddPsnenmN_dVv<<5X zUBql|n9(EiQ)6^&IRt#-@)&}G-WBkb_L(q4-MfkQhu{DF6X1>Q-obLcEhbbX&Cl2b zcpG?4bdOZXgEhj8*jwS7S7O#e9jL}=E{pRZsYV&iaC%f5E*&^s$XUT@U7MB{b42r= zs5VE;|9d-i2WjpJqv9AfZfjL4{%L}jsm9a{Qj*e9Sfn`jW-*qD?dYUhRk!2_UFz4o8;FZd_1*j*2~Dr#G-O$eG@yJobHSo(VbgDBy)k zjrC16+mQ(_yVG5TfJ2% zY!jwF84HW2T$Q2aU!5h~Zt!OKOn_czx0`%uFn@oSl##M zXJOdx_Kr8ZWx?9L2y_<1#E3mvO{i0hhWZZFSX4QgXlNrydjGFcfcUuHSU6bk zcdZlI05T7+=}9bN)6*RB>h{aJa;5jY`fu`Ws|G)J=f9Ae5}89-VT+C$5wm0?;3e9I zzElvqASEBVkUh+C^CrJ;g$jM9`L01~-zF^mv+NUV59bbG8Ws&zI*wYJ5nGPOHsZU5 zGZq09AhXC7UJAz21)66Nh1%4PV`Y2m_Sg0!_s4asu4Z<(;{KmrmM=(*uM(5N^4}9* zt#8~`hNxj~ATY#rY5+ndxKB(R&*Ad$GSgoAx-%9)+At)Spub1u=f;t8$6 zXsYyZeBWehOUKMCXzT1>-8*8`KbEBK2=P)OArw3rtp|P0qCnWpH&V_lqdtI;Df%I? z?uo0_4`_xRrI;Ub2S668>^4>bGk@upi#bHvq3uS5_!T?GslT0EO}((Clq6CsT)+D6 zD4SJ3<=v?RFyhnQLy>tdfo~rfSimU*=-SVfKYp^c@1Cg|NkO%Bt zjKM5{211k$$NV;9kRA8iT~AOK*_KJhK?fb1-p<{iHbF=(AjBvbE4SM)=anjrCc- zKuM&CO4Biz+s@!y&;YSO55R9>1Ql1RFmb$TC553RL2z6q9M&h%JaGo)Uw}9!;gRjUC1NI=3y`x66Z3&8nf8eo9PN}~*jpxY-tH`~y@hIVyfMHThGow)nWjA>v> zOHwjqGU0j8W)LcMvci8!xc89C?c~IXF1^K$87ldnu;T)!i4HrO3e%FLftsbsJ0eXb zhbCf<1c4}!1_HtN7=@JuUn9%JP@R}n|7FcQ$F*c&RIOb?zsd)MwVU@Vq)BeK#?UY| z;WZD^e3?Pm;6l{bd}4FDslP!|FN17#Z-moKc1a~+z^rRbIl(yzL0MQ5&qaGk1|efU zHo=6aWHBtL(}ymMRliXPOXRj0Et8>7JJ(Dx#xzFBWBLSBjx`q6MgAIr3?=HGwWCKXwNv3ftXci+K zBAxk>3e?4kL`|<%-*k?_;`g;czOy>N0GGq$F-#^>W+66HpCv|_zgX} z&=*jPB2l)c%#*k`6GgWUW8LkESEp^Ddk2x$Ev_t$`jN@pn1;pW32Rc7Z-Q73>L}lw z-u#e!PXO)gmX|K}WotTMj)bo1I1q!3B=HI(Jx^WkYy!3FcS^O&2^E}5#Nem@BmA3NvL?bE%<_z}|Ier+4H{?NF&y~&ZA3yZt8j@MZq zR48Qwz>v=7B4DV%H99B%lxTnR3F%Ja-33$UjM8VmCG^oqGFZmh-+J}`5k(2W0M9n5 z$uJ$i#TVDx+Vw|S_kL5`&(NCXK$M2hs8 zrY-76K;Hg%@m#@VK|L29W|)T0@h?Sk%w7CYULW*@+hfC{V*UfrXCF{?=~|Qs>g4DO z;AJNEdaX3o+4c)hHCEp)gVjwlB}8{~oXY1>Z*a$8c}ihI%zqIQ>Qu8OSG~v0JTWY5 zpIWy|-pgt%k1K3*Q)+~#HL{Va3|7j{&q?d%BbiBbTH|?up`%L$NN4;FNYwp=EAIIn zqnS+c!6t83vaNJN)Km~TRZ3}XJD${3F`0(03^&7+obbEzSkjn=&gi9_+OGaXnb)Gm z-E`$`GOeftUFUZSTf$C8sfBGG^yZ{w1ZTg#udd|6MClD3dWw|elbS3==N6#*2sSs@ z0wTV`sb;ycoA2p2O}K9HLv><|v#zO*C~GCp9kzvXuE(dNq-AlC2I=hCn}Tt;u^YK# zE#X7j~9GDWW4M{KGz#~TmW==A1j zT%&XU4m+gbU&$=Kz%qu1p{OHSRGo9(NI7k0?fxw3;Ng?AT4X6XR89}_6?a%p!tgZ* zs321RigVHux%})0t|*Ml6`!Mg#LDJS-+v)W=116u5G1fa5&YmMO+R)Es)ERd$)RU@ zur4>a(VsqswMBe9&UtNZEd~Pqam1EfOMbACO(BZDTH}CeTfb|0S6m>y@mGIFnKEwb<; z;hUtGkfT|yB*V-|221UKkt7zTK}zSoBu=TNla^tb`ldUoLDv7XFD0R)H7!kkZ8&{o zHhd_YiqqCEv#|Kea-??${i|qdz}}(INd3ZdLJKRhES_FB3?e+;cKR<%nI47vVyayL z4$Y#hOdR!;OFRbt)ER8wfP-TT9$OCv_9E3htUK*=r%`1aTJrnajLMDO=XN4*1`*Ps zG15pJUD3t+Wb2M-{Fsf~nRb$;Z?i4=hl4Z{AFS*FVn<*BVUjS+ij4xGPfiz)CemK^ z6Qx+_5q}NH{KJqDUshA>bdO#*s0Ay+!)*7@i08JIJu~aOI*wnL9rRl)g z*$ZpyO*qqutYn}9Sm{USGZ<%-7?fVi z@Jpc?ZAKrt>O{K3?E33^2d&i1r?3N$zwZkGhhATo(}geF9O>Eo6e`(l=A4u2LT4l} zE;pgDQk@z9jGNVO>Hni16@DW_%YJaR_!JOay^PpgGq6|3i1y*?@ zll;M}8}({GZhu0nSs{hWW@$p0x^0cE#_k}?82hns#G6|yIl7r6o+(v8720c30%`U; z-ks3VPSUr-PJjLXIxNo`r&A-{cvgu%t)Tt?`>_VvhN^^F z$!GAMEqGP}0B=Z3WZ{(UW*lK*0ULt33nIg`Cmz^YJrnjwA=dFe>R;SC1XrGzI+-Rg zL8;bVbcR1?qjE(phF>v9X*Z4wDv6m#g`_}Q%=Dpo>>lZhkks*QEJJ5VZD;01$UjC( z0F^x6EFuqGJzj_hzTp~NdhMQkg2#qV5lJc*y z#9!<|C>^qHNQPKcs2@czA3+Yhjj?ZSo?crVsp`_$ZYW~0EDjRk_#&rMfk8ttS}Cc- zq%0TriRLxNTg;|&F3a_rh|lg==nf2h!9K;o2k2*m#gy(^OkbR_SBDhFq#4M6iH2NE zyibXIRYg4MPTWeBU>wQf1j23?woZu$+cDmLac@7Amk%?(l+R>wLzMn{ka@lotQsw3 zpBJhd6UR_-`Bu*vEp~ehFB)N34MS+D>aP-qj7iEn;thzRg5CH{l~0doNaFl<7|mJr zWC0W>m*#+H(!B)W6IB>rV||)C`2#;;tAJ^L$P(1eMjKnBjl*vqM5mtqX-w}nsACF5 z+I7#+qq(qPzoh7m?%@L#TNa@R+8X9-=C~A5bPT2}Q8}w`8SNvi(;>fY$9NRDV|$gt zJ@!L{5{(!%?Q;JilZbE=;_o42uusjfLo%U4pmAX46$-b+;XTI0xX%r3gT6FV zeDf#LH-F~%W6dOI)9eG{E1P?%@6C2cQ?m z%CcZ@(Sm8&6wt3X5O^fUWN6S4;+*;TKmB!Eqc^i0tohniv#3gZQk-XS{XG0ZoTjH? zW|DE$pOSu>MAqzoPIjbwucNr*MIZ*m^C8s#ZFe&5{r7}7O@G5!fKzBy4 zjfF!^xsr%TS#o`i^Sae_`ow@Uqs3}+xu{vAmK@sbFbm{K|F*=5l;$!q<-4bLH#$)wvy zUIGIAKh&x5O`WhFgZBiY{-G`Oayz!tC5CVi0Vx!mQq^so5!%etaJMoZVkbX@CG*Zc zl9Z4jaU-#NX!bK9`6f}xIL`u{$EX7T%bf7v%vtqc=45^k1}H@S4|6t@v4cuDGm#&F zhHLoHq(K$2Z>%e3;$jjE=^9BPMUN##KePq_1dn!nR{v@D32+a ziVxW1awgH4WAr1Ry}7v1Z|nKAb^QFef`tCcfYTiESSgYL7)g4q?Z1POB|QuDur3hL zlT0|h`cYcf$$dFtgD>Qxa*jqf?A}m_Sfn9t0m42s}$-V>gr&FTNz1{Z>t5 zuTgB)G9#^6`5*l#-%rOaA*yNs^ahAb-%hqwy zQiUYRC%0=6R>EJmgoSCoZv?p_{Wywt@mH&_BOYSLPiGcB^*ii}gyXYd5fgiON7ssbjiRn9AMcI_K9C4Gg$CD4vA86~z z5v5yvyk3Z4iT?{yR#>4|!CDHKo;A0fY~oTm+PApmiHbZU=5JVY7?nrErNNyr+KfA4 zy!!^ucrTzW;2{USd?O3DbvYr{iyBuJz*5A@=`MXIl;N9zm8(??I>`dN#Mz>-;R<;vJCeh zM}g8$GMZcV`=zS><^>I0JZ-Pa{(x&s1?0C;hg5;|;y@D+68>8v(ciSo>yQ@YJU7R% zCT_yO-VIxqDrW%ua8JL-^$SAor#md7J4Y(hLWR>IjhmaP_U*4DD!Z^HhxW`fNF!D_ zMEaq~zqsun-qu){z5onTi!n>=2VpV7Vk#z6mP)JzaWYUlcBjsneo5Kq5DEoSx`7M;C~x!4rgqKkB*Wb;vJay^Y!m%g z@)7=7{$YNqdzRF|kA%e44WF=%>}#OBP$Zg)cXgRtaR-^KsLl6`^$u+l5^b5zG#M*v zLd13N_scFu&Hem|3<UKaw&_@+~Rj z|F@(F{Z~>@za_;!8B+2;lA>Sqza_<3>Q3}OlCu5A6v_!j3K|ehYWRD^#(GEeyXebK zvI~`m$`{h^3#P+$8#(>yj>UL?0{Uj!jpFC@+iA$;fG=Scf_rDpnURp>+;xr$dSnYF zim15WW|fpKqoE2W*olq#mw8~#!7G>^0iO~$y zXBR)TiB%y#E?L){!}>^NWoC9;`i7w7|C9 zBO;g8y(_1JClO5(0Wn4T!%ePl5sQ3%bE{>Qm%9^fag5A0hr6?Z4d)~A#OFt)`?%nc z*S#xmZ2O2oZsk!(O)}zkm&7{hwGF$BN=Bp3loVv|CRjFcSuBs8tkeTXF9ZyzHS=rn zk%BLstN>yJMX|$lX~$>lT04mm99>x-(q-z52E^U`KH{zIosDhnzknMQgB64$V~YQ| ze7=2X&aiDm?w?94mp*8=P~&8^uq8jcTG2~$eb&8B74&XXFlcGTBT78`tNr5BUm`q~9<%^E2K zPm6~e2N#G@aXb`m8ND7SD!KG^*)UiV0q294onqci$BAs2FF)LI}~|+bgi6u&}d5i0qa)@R%G} zL3dtQJ$CYgf4Z?UGBdJq(KU0ECr62#kwt#feyYKzsGN`4gpdm$zAG4Ib?5&q zh+$cduX#lXHmsSvHY;6R;txt)_Xfvil09k&hMy3u%ouESg3ojUVum6*B;RGB$NF`S z4r@VkN&aH^G;Bisa`)49Y+1gkWcI;+Olc&TpNA8a7)ZfPxJ#J!llaP`NY zy&?sy*>HRDRa0;hDzm%cBriN3n8QFtjhk9r#E2^4y8BKZX#71WiWy_F#3K(UDs-1wvO*)2eK``;pszs0dro_dmrm`B8oZ(r}`WP6`g55y26)C~359+N{eoW=av4P-mNvzTkeg5>dKqSTQ znHR6XNQiMhBu1H;Q4x8297pKSWJ27Lx=%}d?5J)<*JaBruA}@j=~Wg{Od_yo&MR;| zPWgT~nCs51gnO=^j4^w9_9)0aDQOvWy?vKeFz!up($0ihU@60!by8?WU520;U!(jB z<0XJ7K}T9><{UR5gndU8CEg=sRN10l5Rg6cZ6Y96DRk9D4%*rzbWHe0LJ;;7U0}(C z%7*a|EABqe6c+2~<$wvpK#ky=0HZMEF#y!_Oz*rQ#PADDdvQDsi+|9_nEF<$BswIm z1n=y~Im70c>CPK-Hs7Sj?d0?{nMX8{n_Ej+oM{@6L)w*4E(9o$$0^3m9Z1-2bU=1% zG^E3#@4;+W$L&DjK{Oar~k*altu?G<-1A zblW*LSYaW}wdTzKQVK*&me`+REck9s_jyfi)@ed`kc$m2>NfSX8CM3!M}y}d9@0hfsaEgE{-=qK_fkr|sbQ`YGt_bZ$CGunqRXRTm-9Qlb_t`w~)c_QxuVC216Jw*9u zobE}m%|Ofg3q4;cwhU_K=h-&BQKAZ=pGQb$b(6mvvx0TewJcAR+c><&MoZ$t^N8EN z8o3YMUHSHN6@A~5r7J?dsobwd7_KMU+z#bHlbDS+O zNKFGM-UW;QM$@C!!%Vfy)WNd216qlTY3X}zXmZsH6s*uMobe&{jH*&Mp4e(Tw>A;f zYFtc^+gqq7ANZ3?M><}FFmqhquBVr$ouBgSJM8G|CUm+tF@QzI+c}bPGS2crCZcM= z#(|5+C;1T2w{PduXX^~M$7KFWAg!-r$In2A{klDw7K8}GhBvMF!}t9^!?U(N+@35H zvI~a`Qo&ndzHx%Ev}*0+!SW~|OKtVTNR9*oqUf5|)nyLPdml&3p?`m@+Rpr2{c`ty zIR5D3F=7;%r+VU&@KRWNrN=h90qqkk(FM0&_DDQEc*?B&yx{1~`t-Tmvy|I6j<#oQ zC^|#Ovgp%bN<$gYG?xTaXf?^;uO5>ra#}UavUUE-6~jGuc7u`qGwAanitP6c)xRp9 zD8kHnV`Vp4_M(;i;kicSN}CgI!xSaV6?n8_uBsGxwfhFPATR+*^nvNlhArXkWEt{oE|kQh8aY5nV-PFj(O{T4yIXu;GzzYs``a5Wsd-e{_}MHR4$W{;)6W%3hrL_S;2UyS;dRRB~U2Sx(SFl=>}*oT=I zm3vb!GrPvM3*sW7wCO4>j3SkEd3w|%q&YiCHn>uEFWs7Z%7U%5$T#;R-j`2U2p^Jy z<6-}wtOur`gs9K;)AmQtCTMN36mh1Hx6{pET`|7XOvq{RSN}xeU9`ep+;+op>!&*C z1M+OQ?2(0~m>JswZHj;iCGDP5k%sFM#_st-BmpqiQ`SNH{~p_8+8-}tS&n*^qYXMp zDV!BOSqi&sPlTwK?tj%@_H65>|9ktc^NjGs;`|KaRVO0M;aLivM)r+|V6K|AG}N1F zd(kdbDNFbp2@!@=eGAd>_BHvGnO=_1HMG{yb0dSkm({ACY}|%XOmhtL$In$CNwbth zTm^&6FN*2OG-SqSI%J;;SB3|;XQ9NE!73L}roc=&f8Ber2UAs#Ng9Dl##b-;+fQV) zBg2p!1FW@&LXkV?R%FP*5}m3a{19oU9-q9f8sm0ZbHY^Px96bdB8`ovLo*L?qmL-g zg@e55pm$cTu4-3t%=cg&saECdsT6y^T0((a>VuNg$e*`$Uu5j54Bf8{2PrM3jkrcM zX1t&6?Q1{ndFrTWJlewu8L4GMp~pO*Yx+_nrI%s3=cCAnG4?Hoi2w!s4W5Zj7+9j` z)jjk^{!=jW{3)0yRo~;|oMP{vu%JT9w&&Z~js7eusulyAi4 zlZ&w>GOBl+g-B^T9?-z4B_CPRYbRRoKZXC?!(l}~BO>920k%&6CQu6&{I<$tN0&60 zA%9RRG^iD7eQjzTIl4t{Vh7v-kPnwMLNhJ8Z7!Y?j5Yk&vBIroLk16qtC#iNZaYc| z7G!R_p0JdP<3#|Tm0SU;r+uZRz#(Dn#QZ}eJ~ixlLTH|V4^`e~BRA7pM5xBQsz5ZN zgw*PO325_YBE%nUFnk|i<8dSxWD#Pk7uhh;@ezm|5+uS}Avga3M`+nj zvFApTdm`lj)nWT*YZ5RQLfYiMTxU>fi6KFiGI({bn(H{>8jj3o@U-xW7ZW@d{`;gH zpg((vuR%T|2BR|E@^J?_8|7hRdUCIkgW_i!A)397FyFJ3pMY+9zb3u3YJXhWhsfS- z*3YI8)uh&@8U{W|PtkYjlcF9?qjxH;R~5M=xK|?GA10EF+4KXXos< z?cVL@GQ*)ArqhBkpz5TGG>NB68e_=o9yAov+(aao*p`G=_5BL?N{%Tn z3&&ok65@lu`8FAsElLZ;$b)Jy$VccUjkw-QkR{Bp#fRANKSXG%jPSB*fe z)@S9c7+dw15#9I#F5%D`YfAgacuI>PT~3eT8`#-JeD3GF&Ivg?M|8X7VhLqt;s7lg zH2s_@kJIs_NjQ(_s++H-jwpdUjo0vqqUAkGbmS6m=kp@}WGLX3idzy3_)biG8xGU) ztbwa>{}ZD$*(>IifjOmTA2-7$+4uOkhH7*YE$TIvBE6+vK~7ynjS;oIe>jxYJL*Tw_UAcoW=gwS@$TRC{lXDCRP=Lj52<)p;&Y~k~Pu-6x14x zuNQJyxjsrk{OCovrWcD%5rW1Yv?GybOlUgRqe60zK+otZlRc9WRjS>N^g*)!HyRp( zkQ-YOM>4a*~z{{tg-t0PC`0N*c%5i_7aiRyiNr6iF*!E79%ldue}zK zMRV+pag2Tio2Lr7cu04Wr{1j2`BKgf^Cdh-Rxcr#_Ab1o2ZH#^&gpi^by0gV40{4L zw(cdm@5+HK$`8NRft<1VckbDu4p`gWgl)iNXDWzWxY{GV^c>^QQQSBwaEJ)tOrVM- z6F|lZj51ye8t>;sb$VAH3#YhOvfsoeoP2!gHdu3*G{K}l=wb6I1i!~D-tHV0h8 z6avf{?`xDPgeDgsvstS<{Sq@qZkN|UQ$E#^LS-Jp4b3_BUi;QeSEuokW}ESKc#g(K z2hXtQ3dDI?S8CCRUvONsRI5#QAo^W zwF|II_mF7E3#{EEX{?7X+ln)`a1&|!NtHD;BOJ*@skn(qvfS#YnpLsc4L*z9u(@lQ zY{L0BVX>d(sADV2*po!O;On)NwDU4v%NJ^jG0OH^bs15pW<}-W;wbC@v)!fj5)#|& z?sl^+0^5_WW)xOr@;`93Hj+G2o}ik*_q;rkd8kHXT{iQz$3U%>=nnOUx{R}m?aZC& z*aT}K27Zw#U;ZV^CFo6jkyb)UDRg^nLKj`Z2$L4w{au@r+wJbTE_`AuFUJsDBkw6; z!g@^otYL`chL2`#l zLcj5P!vFO;`}ykrbyyU9q{vX9ip&9@CUtSmTNN=jpj``DJ<*oWUT@YjsjR{*BL1_0 z2s-!tR|&HopMQI)6|8i6PsGt5`Z>Iuh}ifxGLMOSVT@>6OJxT%(X>P&eYQZSh2vy$ zf-`F*@(gmDjyt!@7X7jKwCsbwrD1P{d7)e1x!mUu0b_9!-XbE;s!)kbI4#alY_Ej@ zatH-6(cU1SUo^G73;tiZ$L#H!YPtqc3`=JUv)MJyxb@aY-6-<3d?LSJSR0!Gb?kv2 z&4P_9un8}Y9m79y8CWn;{*n_HhSdQ>wLK+#(D=hIx2v!2aaUHabshPM?t%^>>=CNR znv$sH8@wW|S1W~vWiVn zEnFms31@~8X(&3@}`5q_Jh*(>$nRCxDV@hFFf>2&8GH{?JO7kU>QJVZ}p4 z_@-bYw(7>LdDm8HXwa}fkjWGAjfR>vEMOX3%=$_U%nyuv(Rp;RbAa-a*Hk|Wyakq{7?vC3&J3|n%&}LlXl&=$ z*CCk|qz1N%A*E7bf0(>g-m|IZy_$AI4dK=kUV!bDByf#a&TPbouud9g-EkWyVxd{% zaPhe67}Z6Fcgh_fE4rw0(}#Uk(wC_9^SrcjBjBZj`NJ8Ox=<2n_z2nZcr`+BGvKUM zHiYL^KmSjPHvlsLyyg2jA6PdhO3({_v@LnFe}DNg?~KF6JH6W#4Ha)Xv;B;%E8-MU z7@7zoa*tsi|9$KxM?M^JahI=Ne4h*FUaJR=M{oip(S z=(vx!Wfz~(44xG@<5c}f{?l5wmtYVX>6i@n&+?M4I!dfB<2&Rl(o**@&`B{G*Iv(y zdw#ip4IHSMtT!p4f`q*+2!{Q}XmKrahQn-3I>b#>EnrNRv>I$ZoS$Nug zcahWYV3FB^nhYTgx}07WVRFU%(B)?{dUG^oVst6Ys!E&${Pw0&Ka2-jBo9BE;U-2L<6q3mYlr%*K}*^>e)v&Y!E;)04R*bux_2Z?eaTn zrk*9AZ~S+NBk9B67di`ZbLmbCO>`=VtSIXJPTErQOMg^mkfzDf2lxFyIYPf$XzY|? zYubwCV3UOS!zlcOqy7frA|`>5B;V;=Z*$o0G#R1MU4zu<+YCQzZ!_s=Zh>d2c!icj zX}7>z7I2@(!KMQogC~a3q#zEU6*?6e3E~gTK~?)@{5_C~DhrecHQSKG-e_VZU?X2) zSmLSp!2XHykH~e=3kkC!aCs&hUa)DY1Z_|LZR(BDm58y9c~1>A)6$5={2;xytVu-Ok7pu8J0F2e!GUP5x=a!9c*8hiAM_uc z1MDChlpa*%H$%`bHB4E&ODXq>@;9F`g1A)+!iY;vc>Hjfhy6uNw<%PKuSnc+Sc?>l z)C`jw7NUoQOQATa5+g!ke&~;fa_6t#`f-#58CQ9Cps*6NzWkFIxvi>hNhw$^6F}p=je+8lo?@UE$jacyqX@(Lcq^>o#f#bW5 zGby4@e0m-p)IW{||ENc#_hF;2=zy@7D6T8_)v68FIy+ApRE84o^TxDVFIszmBkIW`CTB_buG1^ehNaOn7Zlo1+b?a)9ug_?b?p1KB3z z%p}@giHv#z>KLs3r7g3aVTe-msFT=xtjy|2)Ohj1YEmZ9C z3Vj@~gx_!0Du|J`MawBsXb^L59z`ax))tQ1j9f_ZMuhq@o&j^0q?&iT$=%+0k&CRy<6ONk= zIe(1-bsFoHS}Ja4;%H)XmSk*v|DN8-^S{5ibuMojILnCWDWrj%lVCSuxKCEdL^=?lS+FvmeK=lf7? z6R?OB^%G!GnH=D&uWGv%hjxj8-d@CGR(P)!hU~F3_S+7aMP<(_5aK{M`e?x` zGi^qM6-)@5TO2W!-iX12$g_Bpan0i|Z!<7I+1ZDhGaCc*y+W8fJ3;zKZ?A~9_1AIP zKI&6K;*s!$98pqu&i2bKS_oILZ-+Z#{;@{h4LlpE$%Uv4)q92TjaGWMKJus9_sFUw zr;0ea-B(jU4trt09tKJOY~_WyAg0I3&RhS-LLiGny$Gz*2tXt?YSW+Vpxs1bk77s9*i}V(v(uL!?4s9?ygy^SxKBbGl6VoDm`Wda~ z#;QXWFO2V@F0s)vkM8>t6FelI73aFYJZxZ?U^3 z!@7OE=YJz?)dYdL&Er8@2_2t0sxn zS@&I*ASYQ(2PyvuANE5tsmva#h0>MA5PZI?G z;D*cheGc4Zk9t4-CCB5w30p3r{}Ryz!jCwr>?3;94CCYKHdtzUD(SkW0w7%#K2?b> zYA2O}wc{$Qih%GBu;(_J3~*Ipxdydm2fbQI##LBF_Rk=GWDm zp9l<1Xd7N7u#BRtmh?@#L%6&MgmQq{Ums(G`*jdtrKOSq?%SlGY;yM7kJ!E;XK$@3 zPcGV|pGYq2iNUSHh!DF8H`8l#?vp)pZ`={uibo{Q80_ob>y44wiXeE(FD8x?b_m05 ziN#Hsc0yGrsYDY2hv}2FQ`Sn|4*$)K*x^~D*n(LaOM}}qQ*URT*8WT+Qxn&W9&nmiUSfhA69w}^ zRaQ~rL}qcI_y}cTd5=0wm$(eB+8c5t;`)3tvNiQsblKEq7rWU$Tsso82&B^YIA-Z- z&_ZLNo!|}{t)s0J-7G!=#qJ)ZT>ZY2eL~@YoO`>h@CEE4(e43%a*BAiDe+=#`!%7> zxuglr;j5t1%JA&mx^9~^R+!9j8yB5EKS-8ME+<}Mq zz=7KHEJc3os#RQXD^dia2-eW)ZPZ%AYIBc)M^6{1NVlPehtgyOm9%5(NGwfsIHCtU zSd91pz$*DB(+1H~P*D5{7LT|pe_3Vcobi!)7_;J>XMx8U-Dmv5&+_RBavQ3_DQfJ9 z?S6Z!6RNv-JWm<(8ucSUtTdqQboLoG$>r!}&`WXU#L2b_3P0*;&qwt0l?ZBkIAZSg zj+Z^)cF&!Bw9R;Ic|N17XG@3==jyrjW2?tzZR6yJA2JQQ?ltgcT(tVhV+9%K(0M3a z^&eF2H|E0<5+ASAlAi2u#R7_^Hwm_|=C$|nVU+WUtJ_Qxc|}{yI=h3~r$r6T=HbA= z9)a4!Y3Q$ehzkw0!8%nU#Xv9$_3sndyI7;L+)FOmmPd`#8jHeEfqmF zbOm)uk=$dO5$0z{dKg72vO+-mW?aB@@T}kfk48KpPY7wc1PxNjn1uma!<} z+hkH-)BDP+Not4&JhsFMq3?Tl^Fr~$Z`Pzhu#NnD6uH6zjA&Rf&A+CzD=qaqAdQU; zlIanc3Z)9EYx0@)|AN0lv0A|_DjK4wsfK6Fr7H&Ll|vWv2NCWJutW!v13AuDfTJdq zTOZ&KM7YV3y~PY*G(G7g*8y|_J1Qsd9|*&8Is%gXd3gRFZ&b>JqnA#hA)5`R*&bXW z_vO|5yg?a!goW|p;P869|2sb{llu@uH~YHWOMU%vx;kWNTl$-FrVX+i{@a!9Ar{Jg z3k@FsB@SdB!4eo@=dqM0+fIy^RC}@<)76WOz37@$B_^OPK zg?ldlhMa_G!z%9G-0b6}Xo^iA!_(Wt)yLKQpQl$EQxVQVOfDfeoa^_=&4cM6#a={~ zlZhu3S`Q#Y2|1WMu$v#0?io9y zQf5o6tOXnG=2>!&tIMKN$O=3gBVl| zWf4{>N)^{iHYs2N!T7L?ofsYWytNQa& z1d&r07-Xboi8@A9C^$y;5K&0IGwKYHRy#|Tgiq}KnU^`Ry8`0Sb+$b=fWikHfYHQ2 z!O z%krtFd z{wL4R%_G2~t!?BmtQ5j-`=X+Z#e;p0ol$-h1X%=%f%Wh48@Q0i?*I^fV8l~!=&+wX zJ$XzI$f6jYE;7>r)% z!HPVG^0(71QY>Fu1gytXBZR#YQr7F%-J42zME!FT!SpFK(?W-^` zyZP(9)cB!{A>xuT7z81z-?rzrUs=;^q8Q19!ZStHzGkQ|&KuZ`gKgokTQ9n$)t%xr zce{eI7nk*7gXI^r#;$%AxG$9U$VTL40|sig4z$X)Q^XVArOIk@DQed}aP;=`Y8+7q zXiE`R@@L2o;iC#2+`BmG#29R)(skYCcLywKQ8gN;ucB7QgVZ|uPgU6hS!Kzxs;!B} zDsyDC)P8x6<-ZfvuE+*Wb?oQX>;4ulN&wiZ7CYd!x5ttT^h0#!oheW?Q?Y^RgpXO3 z8iY5RU=tWjg<=Hkk5s6V#%K-O7#unBfk1YK;ZRi|jhCj@vHv_6*rg^i*+|^$9nX6twFMu-iPg!`)zwvo^Gi3YwfJVfaH8RO1-T<}+2Qw6w_kd_I33JY2tRtej8Gtnk&<%FSif zb_gg`%?&>iJOi%3=rD(^MY(YX@{TL*xW=U0Zyz%7r~&BrOaMWX7mRdw9p!~QD2kOqSUrq|8DBpfijZLUiv zcXg-f36*M*7jr{!8TNhZ=Ar>w?8Qv$sxhl5EuTlreRp9Ov@jMGD;}Ena9+!(gdmsF zN=r@h9-qCLLl5rq{YLz>vqEe*9aHrgn&~iUK-KAUd)QpDK%+Yz54Ei*IhY@J+_6zRxmKrWgd7hcQct};h!ZMJq{-YJVws@d|kA6;#3BJPY@ zp}7UbV#SRI0^>E{9lEMGti@w3(rqc(y+{$C(!WOG)p{x(c3lgw>>wJ;~n1{ zZ!)!DyOwb<8ZpYD|1^62rq#~|XduLS)I)^TMTYPUPgOA@`Pn2{>MVdZjjN-G*q-A= zN%bUhHYEoR0G8)W=nXb-N8W?rs-AUSkbu{N0zfNk$zO%UZ|Z% z6A^^ftn4!K@_+sElv^M5I=6PCZwowG#2WNqEZdG1epJK6%)9|YT8K#mWpTpjSJi~t zGExz_dvx-Sph+(CrX%L@cFGlz7HY zOmHJ;*zEXwNlr~!hW}2+W$GG5R@AvJ!z{h=!X~6Sa@?Qpg401-HP*@;=KXPI79~^hllgk+ zuIMbsfZ*1rpmfcdz=0EJ!Axcc;Q-ZsjtTp@tgO5#N?FD1{#E+dGi64b438sA78x&9 z(Z1EtO5p%exP@^<^rulyo*ravVzOewy6d7^IfGJtlPR>EPX!m{I^T{~w#1=wv0!!Uwe)^i8bwifGQB%4TL!asR>b=<}6 znjpHk`tH>ZW^kJNU9ms?ogtbHBirDSI?RA&)7?n5k5NV?^-jChkOkU+6*~no>W_8MPO} z6~Ll@7>8!Ex%nyDWV3l|ZQ>4Aw&wY|DXFNN`;uG5u8rU0P{54#pJAg5A^UKnE03!{VYOk%S5JI6=?YL~l9ay{ zw_q=3-y9(^F0V%tF8jy_``{{v4jLZe;`f1LSing5czAdO;%!z=Vlm=4JmK2cd_`ld zWNf4YNO^C8ysC`BkOQ_IT)PQ}@$qr6VFlzd!OwtS4eupix8ILVmsL$^b+sR3Vs(1I zDYuP2cOPe1N~`zV-yfXW-QEcX|K3PDwW^UeyWMO&y}q8SJ`PU4m93z?Ny>DpDUevQjhjK4& z3`Ro)Jm3$+RNZ>@>&QhHCz;wmISO}odwY3ZiXG)j3;1*;9jt46-5&F-ka8JM9aXqGhw6l7*Yy-|Ab8;SuJKz7`k%{oysy?4 zu|8ejo4d>#VYfIXCz6DYh&gEyab}#fA8d0#B2K?~@_W~T{0ph#;IPrF+VRncyy0G! z>JdNwZmC{*$p|Y7YuYW6wOJfS+3BX2-jJ@}5mmck&Uz5GI#JRd8dAF%l=}%hEaIpo zNF1IBo11P~L@(JVQeO@G(ofYLnyNYWSaopYh&(-MOUl2o?A%r69(LAxnVe3Z$86bJ z%RUh$szpJ>^AJ59V93X8cj7`N*EqO-476XZ6@)12cu%m%C!1NrQsak74$0QQMJVdn zLZOuq0kRAfLXoyD#Vc>&N~ch*4Jc!l{H2v%F;K=8E!n)JuY@bgL@sJHBcD{crmqC0 zuXK*>!-@XWLttg75;+W4AZc-pP$`1&$HW>$Bgx&iVKE_Tju35-N!3nP4X#4vM?!lwAvlTgk?4Zv!1L_c)*~a_~$Jpp&NMd;h2+vrl=Wsv6_^NpaytRIRH*P%ccW(k@LUN|AKUlZx?^& zKIo!=C2sNR{|PLFEt?tFtZ3Ry@^>r))*ag(xc#YgYk=06CAj^jG#h}{xc#M2&H!81 zQ@H)B|Be0^Of8?bK-V4Z;@~td^IQH;sDiBN>Ei6^_V9hbIQ!bznxcbIo{HH4DBEC! zv*@u4A*z_R8_AyxWlYs3vsgEknxxbCkQoY}`;*FA+$xQOs;Cti#L!F1)tbJ<^KWRt z)~>5>XDe3QEbE6VZf!!f8uqU9#C@xCVM(PsXx_Tgd6z=H(PTyrnc z?t=KQ5hcx~`6SBt3UT##NcotK644c7p5rRKcIJYFbN__k0XO|`g!?>=;wQdn@4b;K zcHaoZ6zD^i7ZoxKa7y0)2!FBjpBoc`-sig`fljy&PDoVgtsLG1!*0;%qjVHMu`dpmkJ0YJdHH{&4uu?!r8Y6QimYD!ip8WX9QHDxZ=wWf2&=X zcg9S`}qv%7?(uwsDn0$;`$?+egMTjY9-OLVJPC@NC7|Y~bU+UQNPEuH~T+)!p zn$ldt(wg~4?I4>>7R$ui`U<12X~hYt$wZYI%Jf%;pGhp09&)r5OB%4R zO_`XA3mj@xSZ(6J6gFsGgrSp6n}20pWt+simrP=SN>g5Jp6ZgGA!@=86QMHud{o7Gp;^?(8OrP9`(}%MLY0DQs$x= zE9s%HAWHE_h?Q1+v zS)$*@P?6V#`@n(U?n(k6&tOAg-csotHnK(&w&gTTUkYNnnk&8Xra+D+c=J3lT_;}(n6jV6(kvfhPY!gu9tkp(7C(mL`qpD%0VA8UbKPQIvP%@2uDw4Dy z(}w=fw8uLNUw0Lnw_-^|YW{|2YRp5Bt}Ue$k3s3uL$3j88#VYy+$YLd6Q1x z$Fd6daC-W#SPzk~dFc;pyFg3In|ES;p0k#+8}Fvp6OaE~reoiF+WS8-us;RO#=o<( z?EeI_22?%y@_ODl)-T4pqWDDg&%l;P?wx~hCHgGT0&V$89iUZv|AecGYYv1E0|~HTiwU<N)`Z7NA@K9AwsP895CrN@T>K2FU3 z5R!-hA0%8R)HH2wiSShcxK_X$RTONO*YRbe81lByPdR9@R}{UPNL627Tqr95n@t%9 zYD+|InWDO7U9V46KiJ;&>0f4wCJC$OOY}%aZ6df{dyBU4n5XYQ@wuE9f9aFJ^`WJ8OU6~hdiC<+Gb<*I zrvG>G{to2eru(bF9HXD%%*t203jj3;(F=Kb4H4u5C?E$Wo6(g?bzE%5X;7Y0KLS^D zl|4L6PlczN!)M;s{>m@=tn!U-RxoO;nit7;o9$g_^Eh+k@YU}A#HOu<`vrx(k2IF8ae+;UV} zIdJl+XgvwiT}D*)pZRh@0Ey3h1#=>F{sk>K-R~gkifxb6=F0oP!_4yqfpDlxaAc&D zY}mZX=w-=G2==h5o{~Tfs#ME*Zay8CZ&f_U8^u_G85CX9d{@a}+#aOb)7P-#nOTFR z2UMiI$1HCVLL;b;u{J063KD0D>B^WG;1XS~%hiS~bGT@gFwYs`cAy>5QFi&v(d~y= zu(GxY6q~C0LMK^TTLy{O*nBETnlz-q63Me^>A17d#IO*w*)CM7rLwY5&I$w~1#0z} z1*>k6{!)1N38xWY;aZ4SBlDqx&L*eWbiFlV?Y_)=>uH`0kbX5Wc~tVqut9TFNzP83 zLBIM)Cq?)LA2fUkm-0dU>=`IlbERnzQ{c&i8*i;b5ZFzxysc>>oduqk@V?CM&#pk!+%8u*RvU*{t(%x!3^AFHn;Ov8%RbMX6VW5 z0^3DicDIqkgM=rToQ^mUyy3Zocpf)IKtI;~WUpc>4t8?q2~N3t>r^a=e_*a-8KDTl zGI`a?Zx!;CvlhLV1}BrU3&QMi-p}wIpaFwT`bmaE5b25R1r9KHPy#$#CJ)1*fEg~( zXMnr)tEE9W6-wM`rVG5-^gxX1@ruoA^7i3;Ao5!{_lxtdZ)pSQE|L86NjCRS%JLdP zX@WfeQ#b;C{tCt05A{HB37Z3lt#_cdde6&=<8T(n)nQ(qj&`OV}U8a2er{t*zLWz0tisne(~+Z@P+(}I3xCS?d^m_v4^99BSMwz(eI zw>GFk(;zUiUuG>FnE@GY9Cg+rm@lkAZQy^VZ*ly(2#aLS>B#~!$w?R+Ho{}U$C%o_zla4n7`Ejz8XVqJ-y}=x>6(!hy9q?3HG%VnoEaSo4y^ZK zjzPi?P}=~=B;@TTBnq^eRlQ2T4UR8Yv9zgM0ZqM}n>NBz2Sv_l=hv19+=D4*#I8&-oWWW>>81&baHF!{#0CpDawaaisrE7cgK#y&K6nE*jpB|XAGTdg=ywrq zjsb!<;H&k(WNI?W zRhwm?@co@ z+csfiSuCOjxwQe~S~TAQi#bEq0YeW#4tT!3%9}{HFPx#s=(^_S=Hs^3=EJ=6q*GQ+ zDhUu(p|}5V1$sz~?*-2d^o)}Lr091~Ei18Lv?X7>UB{PWdV90L!==5P@Ryy9eUz?y zZ&$J@hPVm`hZLtH6uZNug+@tHTf%GZn902N|@Ih5rv;b$~d*H!^--mzYgFbrUr0BuDb{IIV(rdM(RD=J^wbQ^jC(@ zgeOXqL5anXtSfPVvU%aG+V}(c9UiJ^uaB@u*0=T{_(-e|AH{hdx;lRh=0?T zhC2WCIy@papE=buMvIL|sq(m^zM@I`vI zdz^W8BiM-WvaZ0a9*hU?Lo8Nfg3}G9!z?c8gHMJxg>i`yTBRZ!G^!2x zWC8!oO@lMJcm%Zr$NcO-Mz=`{IKYo{vGv_wNM!GI`9gyzm)_Y2UGc})?duxrlMz>R z)yqQe6jC$k4HsLAtl0*k4d>04`a51Q;M-=aoeQnTIBMiBef;ykQBfcd&uK&gu3SfU zL7%Ad#;;g*a|}*7E>_i@{aKIR?y2V&(=2mRkI_rBq*2=QgLjO%rhA5_wk9XythGwU zR82U>p(^Pffvz`CPP|UlG^c7g^N~UoxNKYZnLPZVNsLZJrZ2v}Np^|t97bI~B2YO@ z%G6r_v_B(?j{}toRTmWdy^9oRW+Rh7vN^zG$ecr*6E_Nqah^ zE`podZ}7(!tPU2Dpl=Xem!*?L`e2a5-kWEGg{b1h%)sZOZc_#O9I+Pbd5Ry zL-{%B>+4r`1|2@T{2O4K)VBb>P+sV&snjUb$V4G|lWlHC}*hhOUy*`#C> zSMpzoF3Bw4>$nZ+NT*24h>MuhA5I~}%9L5Fq-C=q9A2J+oHNy!t;(K0fH6%n$<5hD zIfB@Qh}Ca_{%CX$Oo^t8r7}-87teDgLgMS)gIc|cT5gwQ4yNLfE1rD>;iI4)&WF+2 zC(J6Kl8f@#yW}M*DMim7Pj@lh!wmRm-5Vy?XY?5!43l$mRco2t&0 z<@H{I?}Rj<$=Oa}u1?Z~ydOL8(y%r3aTl>?zwTH)$^N=uVtgc;ImPoqirs5qkoQ2mblO!yV%W)U$nwYyvN_h3;M5S_CXC&6 zufXk4e>_vD)y*b?_Owj(u!08R>raMZA3oyML(xEr_rSQI8}#rB17}_q`^1Yf;bs|clt9LKlI*UcAGiAQL6aoN!q4)>#mPx?#uvN1=1gvH6D25P6NPyNtCS*346zA>BZ# zna*mGgDH>=Y%p{bWATttJgHtA?vR+Ws~Yiu;7C4MPn zSX!4G%}$Rx8f-R+U;e$3q3lvzL>vAWa;fl#by7;ou`fbT(O3Xq;b9?4w}_6@EUVP> zcuo4KF5z{)HcPUKC>H?}9=JZ?i28HAAf3N4fot2mb^3362r{CbeA2$cS(_!4W5vbq z{Ln{>vCL3=HSziLY=REg=)ZDsa7$B^@t8pgj8}rxB{g9r@4zc!%f!`T!8f=agT@76 z+9fvv$hAe@XN3O2@&3V%F#+{CeOOEkKZN3i-kqKXltTYWb0h^+?Z(~*1^-j$68-SB zf5o||vH{X=5@Aato54M7M_}>{B>Yj-*9{ceUqZDVxz*@GtPpKG3mOqLemh@ zD7i#hKi_Q$H+|ommXRdM3M8=DN9iZU6o1804NOdVqzY(ODhsDk_)i6A!mG_|Xj@87 zAf?E>Ae(9V_Yx--n`x|lC#h?eNoUKGwV*sCGX&5GX4gew7ppguOXN%ENs9N1-_}hV zGCHMH0h&?;6#?t5#3c$`cR>G$LAFiexx8h??^~QDfT6gMzCOy+gESKhfZQRE0wg!&3IlG>_RL^AM)jj=}IyQggrT~<&; zUEf*(zfw*uAItLH)n){IhMGDEgVUrwoTP;;g7CjCI4U?uujj@SPxhw@cRzj8gM5vI zuz7)>%|x3Z>sud5=k*9j<`|Gw*1jfBi-jZQM>*W~vd|aOg;CZJDNt_UczrozXR-d# z=$LUta#~$ChzzhK41Edy=&480WL(^vIhXs5+xcs27HrTGVcv^$h-bnON|#bwppAfK zf+wje;^!*Q>m|)GFndYVPYs;>HBjOAl;y#2_^)e`xVf-)k%<^5ug>`o)8@Ml?5KJK zhk$y~uUYhCMRVrG_R#vwR9b83&LU8LV!1i66YS0EocVvG)1_8asyE{Yc2yU4q#Kmj z8AqXQcK;yLA;iq85DEbd!(2W~^zN)QyUY2d zP^>ZmqR#+1hGvCdff)DU$V@1&AV6gIxQ%UPGgw<&OUZ8i*YrltFx+t0*A`V^IM#OX z0l_lb!altnKPhe0U+73D)_0oVQK{e?v<{^G8~}y61wB1QSL_S@f44q3h-nOh3)I%u z(9bwbmj&JmA9_P(4dTWws>!y)<9;U^AjtWbLk8dz+o}LLhom=nVF>APsU$5(zu`^% z9ik)F`Zws=WfD1rU~O>%b4`&dsKXtSLLDPcZrMAgJ6L5}`2gs;)Ap@^Bj%hw91II( zaFdEHMJLyf7%ragjd*f7h1tg#YUi?tZg#eFe90k3U6%<6cV2NDDqx{J7HaySbU<## zP+?xE_<~X9<*Gn`u|i&41@L7sBv#I$fd&tDC+DeUkx?WOk6?xPR`Uj7-?QOE*_i zrqrC_fF`Yj|BUICclYkAQ6OI+D45zcAt_=R9+oh(G*oIpI%t+>cvvv9Hh?KIRwZ^w zF#LD)C#9l98O5qD0AR=4;%23uSurTPl8E(O3me4b)cz1!ph%m0#ZrR2m3R&rHKOXS z?V=NEG|j6dz}%N(ib=_4ZE-O6tb*-jO!ty~G0n@s2r z{4`#31l*&|6SE5BT?023^2gZgJZ9e%?Bvn=3>wdHlfzo!N%0KU4U5}Gmj9F10A7Ek zHFs*brF_EaY}9D{Qqpdd zvImthxc&acwVT2joF`J@lnQu|dza!z_7`fFI0%Oj0zXAra?oK=t!%IPJ+aOQWMGoB z|1IGjak?hOaa1deo~}& zUhLQIO#Vd~!4TaL`{*4$pe7coy~nVi@2sKPhHG;3|D}e|boCQJ=|`jJhttg$&3k1~ z+X>n%(4u(?*3h8okyrXtv*z$Fg9!#Sy{7)XH|CcpZOrLelYhNPo59c0ncb-{$vOT zGx6NVT=Q|Ve@fsa_@o8@I?){~lL!5n2K?v*P#I4tYWgfo!a-vhRY_~Z#^O!3z!sK*X8h8|5raXMJ)mv6NAK;Ug9=f8! z>%TmkbBd)}5`jt{vIi3V5uP5NHk9BF#JWqAF+UCtpo-ZY%Hd=2cwy~h>yPW85w+pS zcPV^0=?^aD;c9(Ke_?OtKAoVnuI?t1E(Xbmhu|wm<5C|GBM7^k2FvamVxnXu;)l(8 zF{rG&$5KzoK)Q}+J;h>$1bcPaVR$TX+Tj7>R@AQjUh?vE^m2N7+!zwmGa{7gZj2wg`#!eHQw($C;quObM)^Y#C zfsl@3Ul~5Qpg*B;F$ z)Iyf$2o)gME7xlFeY9)w_DDe`xB%ijZ*ZA)}o7m(5DxsZ}yal&Pxs~#*eO?Lb6nb#qc*@>r zgRr7a32FJz&yR6h+3@1nZNy}|XI??k@);Cj#YqTqVduginzIA05K zUj-wiiKf=Ug3z&nL{LsHt3Zi3w+n`FQ$x7Clk$aJhU-Nb!o1;ekK~~pUp4VRL(-m1 zdtRIb4m;KSUM}W-)_UH%{yWOMF86wJtNV7<{R)Jf6rEx z?}r3?6JlEbNDT;@RNs*bgm?UMCJ;1htB0f)#iL(Gpf6(9^bWIhE*Je><;t0S4BX1^ zDuq}$m5Xqdhg8u2&5-mIa9JC@t%o|~_Gtzi@sYam5x3=;FkB+U!vSjG0V(<__*}1x z9UkdM1rn6tx|)lJg;t}&Qi|cQ!lIq`$HT$=KS7~|liv7CU;J75x<8(E0Kq1=50t)G zh@TUr7#1YBaVv|9FwCzAjUW_VrD|O)%>53~IehFL5nk!}T?UY|8RYCy5I3Z8%kH-c z`VgPvG3O_7QS%VrB$V5$SeRcq5big_)mC%@$yB(XG$9SM+Pv{(lAHsue)|OCa9z z?lcK-uV!ekbn^F0P##84uJNKEZq9L|jrg!9l@{aSp-nk(cW3`GO+fe-$_cPR+*{;1 zazs4ExIyfmso_mP{2E~VKM4%|{>y|GjECv$N#24+IEwLy+KhvD!&`k*x2wO8k_o60 zs(zq^`d@v!m?y1)tgsMdX2>*uth=I@p8unZD6)4zbqB`{$crY8@^0^k4@NfRTw{}6j^BoGD7P$~v#GF5^Gu6L z|DQUtu9@)*op!s^plgYpq*V;zpggij#<_pHC?Qf8g=YF7rF?54-5b$$~J_V za~7w>!v>6h8B~6NI>$yEM2nWkRJeM@PHkOQxx5m6HshleU5>xvR*MPn^x^+X$4XcC zO}wOUXj?KCm)gP+YE!l2t0OE%$NG^Ejr45=cK*0uCjE22E2j@?Ga)bg78JKAao0O; z6J-2HkrjV7tc{^VN=Whk0Be>wSLHq_aHThB)>qFC^?BdKCLrzmZKC%bLdzY9DS(KX z05Jj>Ne&VNGzWcC!6z!j2t^cFK4*C4aR=?Kwsm)^_dH~V|MmO+pO>G{pR+_dsak+{ z&>{(8(LP^k(l>?}@`?DV8?j&B81W~o(EGzdc>EisDP8!(GH|1}(CsJj?j8uyn%;%a zmM5u?;CqSg<5j~}ehnE3k$D8(TpXropv|4$ie75=lX8rz5Pjg1_)n>b8Prj41?j# zRjj@&WCkR1|HfZHo{!APeWV}Z)kC<5BAsaEh*jv~I!^dXAyg24jKD+i7@#B!yP`$V z4dwBe7f$;Caa4Yie;%4W*#2{V_WnL<2ap;>vV=wWi^1UDI**6sFt0F*0^>iz3n&hQ zMB8wlp6GQI_Qq#bsNw}}GB7A#dh?Qyl$(%{N5Nbgh#H=PgapYmExZw6bEr4!ANI2V zHQ_B_J24h$BiI=v!qdWU3EeqNq4It%O%12ht#_L6F7Q>FHC9~&(>*X9hL9B`v90T$ zmL36()a*+3jtt%)F z2rox7fEIz|YvU_Ia(xCR9P&E^ZO%U5?LqvuJ@7c*EZief_&t7CioTOf2 zH+#OFLj1N|6+5c|TW%=gb@=Yj!XShM6%(vEpKYN^gflFOo5OMLg&OKM&sCQ7Jl_5sO19KFcx~wlGF993v!6p zaR+u~`)&`pslb-={c3+|!ylZ(Z<`P9Z~J#^R;pn^!W+tNsVNdZIijXsVP6cmL}o#5 z)9i?ong-inEWpe}vSQX*1f7#uA#R*;oA9H#m|+~ax;rV%-1EQ9eVR{!wKSxBi%US! zIvvrt7T%McOSQA8qd0?NDmxrK2a7Yb$vY~8P_F)jcWPVgZZ^v3fiN=};z-l_T6L`8 zHOj~lOn?d1^UX_WJhn!L}PiA>JI)O7K!|)+Mq#GCqLWgT)7(h-yTN}G7yp~+ zz)wTvjby3(b53ZY_f4=uK6MMsAQ^|ZiiqKr&U-JJ1`M0O5KZ) zd4-IFywm=opi6#Zpfo`qnpgoTfM_Wl)7D(zJGp= 0.0, \\\"Minor\\\", \\r\\n toreal(Severity) <= 6.9 and toreal(Severity) >= 4.0, \\\"Moderate\\\",\\r\\n toreal(Severity) <= 8.9 and toreal(Severity) >= 7.0, \\\"Material\\\",\\r\\n toreal(Severity) <= 10.0 and toreal(Severity) >= 9.0, \\\"Severe\\\",\\r\\n \\\"\\\")\\r\\n| distinct Filter\",\"typeSettings\":{\"additionalResourceOptions\":[\"value::all\"],\"selectAllValue\":\"*\",\"showDefault\":false},\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"value\":[\"value::all\"]}],\"style\":\"pills\",\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\"},\"name\":\"parameters - 10\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"BitSightFindingsSummary\\r\\n| where todatetime(StartDate) {Timer} and Company == '{company}'\\r\\n| distinct Name, Severity, StartDate, EndDate, Description\\r\\n| extend [\\\"Severity Details\\\"] = case(toreal(Severity) <= 3.9 and toreal(Severity) >= 0.0, \\\"Minor\\\", \\r\\n toreal(Severity) <= 6.9 and toreal(Severity) >= 4.0, \\\"Moderate\\\",\\r\\n toreal(Severity) <= 8.9 and toreal(Severity) >= 7.0, \\\"Material\\\",\\r\\n toreal(Severity) <= 10.0 and toreal(Severity) >= 9.0, \\\"Severe\\\",\\r\\n \\\"\\\")\\r\\n| where ('*' in ({Severity}) or [\\\"Severity Details\\\"] in ({Severity}))\\r\\n| project-rename Name = Name, [\\\"Start Date\\\"] = StartDate, [\\\"End Date\\\"] = EndDate\\r\\n| project Name, [\\\"Severity Details\\\"], [\\\"Start Date\\\"], [\\\"End Date\\\"], Description\\r\\n\",\"size\":0,\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"gridSettings\":{\"rowLimit\":10000,\"filter\":true}},\"name\":\"query - 9\",\"styleSettings\":{\"showBorder\":true}}]},\"name\":\"My Company\"}]},\"name\":\"Main\",\"styleSettings\":{\"showBorder\":true}}],\"fromTemplateId\":\"sentinel-BitSightWorkbook\",\"$schema\":\"https://github.com/Microsoft/Application-Insights-Workbooks/blob/master/schema/workbook.json\"}\r\n", - "version": "1.0", - "sourceId": "[variables('workspaceResourceId')]", - "category": "sentinel" - } - }, - { - "type": "Microsoft.OperationalInsights/workspaces/providers/metadata", - "apiVersion": "2022-01-01-preview", - "name": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat('Workbook-', last(split(variables('workbookId1'),'/'))))]", - "properties": { - "description": "@{workbookKey=BitSightWorkbook; logoFileName=BitSight.svg; description=Gain insights into BitSight data.; dataTypesDependencies=System.Object[]; dataConnectorsDependencies=System.Object[]; previewImagesFileNames=System.Object[]; version=1.0.0; title=BitSight; templateRelativePath=BitSightWorkbook.json; subtitle=; provider=BitSight}.description", - "parentId": "[variables('workbookId1')]", - "contentId": "[variables('_workbookContentId1')]", - "kind": "Workbook", - "version": "[variables('workbookVersion1')]", - "source": { - "kind": "Solution", - "name": "BitSight", - "sourceId": "[variables('_solutionId')]" - }, - "author": { - "name": "Microsoft", - "email": "[variables('_email')]" - }, - "support": { - "name": "BitSight Support", - "email": "support@bitsight.com", - "tier": "Partner", - "link": "https://www.bitsight.com/customer-success-support" - }, - "dependencies": { - "operator": "AND", - "criteria": [ - { - "contentId": "Alerts_data_CL", - "kind": "DataType" - }, - { - "contentId": "BitsightBreaches_data_CL", - "kind": "DataType" - }, - { - "contentId": "BitsightCompany_details_CL", - "kind": "DataType" - }, - { - "contentId": "BitsightCompany_rating_details_CL", - "kind": "DataType" - }, - { - "contentId": "BitsightDiligence_historical_statistics_CL", - "kind": "DataType" - }, - { - "contentId": "BitsightDiligence_statistics_CL", - "kind": "DataType" - }, - { - "contentId": "BitsightFindings_summary_CL", - "kind": "DataType" - }, - { - "contentId": "BitsightFindings_data_CL", - "kind": "DataType" - }, - { - "contentId": "BitsightGraph_data_CL", - "kind": "DataType" - }, - { - "contentId": "BitsightIndustrial_statistics_CL", - "kind": "DataType" - }, - { - "contentId": "BitsightObservation_statistics_CL", - "kind": "DataType" - }, - { - "contentId": "BitSightDatConnector", - "kind": "DataConnector" - } - ] - } - } - } - ] - }, - "packageKind": "Solution", - "packageVersion": "[variables('_solutionVersion')]", - "packageName": "[variables('_solutionName')]", - "packageId": "[variables('_solutionId')]", - "contentSchemaVersion": "3.0.0", - "contentId": "[variables('_workbookContentId1')]", - "contentKind": "Workbook", - "displayName": "[parameters('workbook1-name')]", - "contentProductId": "[variables('_workbookcontentProductId1')]", - "id": "[variables('_workbookcontentProductId1')]", - "version": "[variables('workbookVersion1')]" - } - }, - { - "type": "Microsoft.OperationalInsights/workspaces/providers/contentTemplates", - "apiVersion": "2023-04-01-preview", - "name": "[variables('analyticRuleObject1').analyticRuleTemplateSpecName1]", - "location": "[parameters('workspace-location')]", - "dependsOn": [ - "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]" - ], - "properties": { - "description": "BitSightDropInCompanyRatings_AnalyticalRules Analytics Rule with template version 3.2.0", - "mainTemplate": { - "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", - "contentVersion": "[variables('analyticRuleObject1').analyticRuleVersion1]", - "parameters": {}, - "variables": {}, - "resources": [ - { - "type": "Microsoft.SecurityInsights/AlertRuleTemplates", - "name": "[variables('analyticRuleObject1')._analyticRulecontentId1]", - "apiVersion": "2023-02-01-preview", - "kind": "Scheduled", - "location": "[parameters('workspace-location')]", - "properties": { - "description": "Rule helps to detect when there is a drop of 10% or more in BitSight company ratings.", - "displayName": "BitSight - drop in company ratings", - "enabled": false, - "query": "let timeframe = 24h;\nBitSightGraphData\n| where ingestion_time() > ago(timeframe)and toint(RatingDifferance) < 0\n| extend percentage = -(toreal(RatingDifferance)/toreal(Rating))*100\n| where percentage >= 10\n| project RatingDate, Rating, CompanyName, percentage\n", - "queryFrequency": "P1D", - "queryPeriod": "PT24H", - "severity": "High", - "suppressionDuration": "PT1H", - "suppressionEnabled": false, - "triggerOperator": "GreaterThan", - "triggerThreshold": 0, - "status": "Available", - "requiredDataConnectors": [ - { - "dataTypes": [ - "BitSightGraphData" - ], - "connectorId": "BitSight" - } - ], - "tactics": [ - "Reconnaissance", - "CommandAndControl" - ], - "techniques": [ - "T1591", - "T1090" - ], - "eventGroupingSettings": { - "aggregationKind": "AlertPerResult" - }, - "customDetails": { - "CompanyName": "CompanyName", - "CompanyRating": "Rating" - }, - "alertDetailsOverride": { - "alertDisplayNameFormat": "BitSight : Alert for >10% drop in ratings of {{CompanyName}}.", - "alertDescriptionFormat": "Alert is generated for {{CompanyName}}.\\n\\nRating Date: {{RatingDate}}\\nPercentage Drop: {{percentage}}%" - }, - "incidentConfiguration": { - "createIncident": false - } - } - }, - { - "type": "Microsoft.OperationalInsights/workspaces/providers/metadata", - "apiVersion": "2022-01-01-preview", - "name": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat('AnalyticsRule-', last(split(variables('analyticRuleObject1').analyticRuleId1,'/'))))]", - "properties": { - "description": "BitSight Analytics Rule 1", - "parentId": "[variables('analyticRuleObject1').analyticRuleId1]", - "contentId": "[variables('analyticRuleObject1')._analyticRulecontentId1]", - "kind": "AnalyticsRule", - "version": "[variables('analyticRuleObject1').analyticRuleVersion1]", - "source": { - "kind": "Solution", - "name": "BitSight", - "sourceId": "[variables('_solutionId')]" - }, - "author": { - "name": "Microsoft", - "email": "[variables('_email')]" - }, - "support": { - "name": "BitSight Support", - "email": "support@bitsight.com", - "tier": "Partner", - "link": "https://www.bitsight.com/customer-success-support" - } - } - } - ] - }, - "packageKind": "Solution", - "packageVersion": "[variables('_solutionVersion')]", - "packageName": "[variables('_solutionName')]", - "packageId": "[variables('_solutionId')]", - "contentSchemaVersion": "3.0.0", - "contentId": "[variables('analyticRuleObject1')._analyticRulecontentId1]", - "contentKind": "AnalyticsRule", - "displayName": "BitSight - drop in company ratings", - "contentProductId": "[variables('analyticRuleObject1')._analyticRulecontentProductId1]", - "id": "[variables('analyticRuleObject1')._analyticRulecontentProductId1]", - "version": "[variables('analyticRuleObject1').analyticRuleVersion1]" - } - }, - { - "type": "Microsoft.OperationalInsights/workspaces/providers/contentTemplates", - "apiVersion": "2023-04-01-preview", - "name": "[variables('analyticRuleObject2').analyticRuleTemplateSpecName2]", - "location": "[parameters('workspace-location')]", - "dependsOn": [ - "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]" - ], - "properties": { - "description": "BitSightNewAlertFound_AnalyticalRules Analytics Rule with template version 3.2.0", - "mainTemplate": { - "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", - "contentVersion": "[variables('analyticRuleObject2').analyticRuleVersion2]", - "parameters": {}, - "variables": {}, - "resources": [ - { - "type": "Microsoft.SecurityInsights/AlertRuleTemplates", - "name": "[variables('analyticRuleObject2')._analyticRulecontentId2]", - "apiVersion": "2023-02-01-preview", - "kind": "Scheduled", - "location": "[parameters('workspace-location')]", - "properties": { - "description": "Rule helps to detect a new alerts generated in BitSight.", - "displayName": "BitSight - new alert found", - "enabled": false, - "query": "let timeframe = 24h;\nBitSightAlerts\n| where ingestion_time() > ago(timeframe)\n| extend Severity = case( Severity contains \"INCREASE\", \"Low\",\n Severity contains \"WARN\" or Severity contains \"DECREASE\", \"Medium\",\n Severity contains \"CRITICAL\", \"High\",\n \"Informational\")\n| extend CompanyURL = strcat(\"https://service.bitsighttech.com/app/spm\",CompanyURL)\n| project CompanyName, Severity, Trigger, CompanyURL, AlertDate, GUID\n", - "queryFrequency": "P1D", - "queryPeriod": "PT24H", - "severity": "High", - "suppressionDuration": "PT1H", - "suppressionEnabled": false, - "triggerOperator": "GreaterThan", - "triggerThreshold": 0, - "status": "Available", - "requiredDataConnectors": [ - { - "dataTypes": [ - "BitSightAlerts" - ], - "connectorId": "BitSight" - } - ], - "tactics": [ - "Impact", - "InitialAccess" - ], - "techniques": [ - "T1491", - "T1190" - ], - "entityMappings": [ - { - "fieldMappings": [ - { - "columnName": "CompanyURL", - "identifier": "Url" - } - ], - "entityType": "URL" - } - ], - "eventGroupingSettings": { - "aggregationKind": "AlertPerResult" - }, - "alertDetailsOverride": { - "alertSeverityColumnName": "Severity", - "alertDisplayNameFormat": "BitSight: Alert for {{Trigger}} in {{CompanyName}} from bitsight.", - "alertDescriptionFormat": "Alert generated on {{AlertDate}} in BitSight.\\n\\nCompany URL: {{CompanyURL}}\\nAlert GUID: {{GUID}}" - }, - "incidentConfiguration": { - "createIncident": false - } - } - }, - { - "type": "Microsoft.OperationalInsights/workspaces/providers/metadata", - "apiVersion": "2022-01-01-preview", - "name": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat('AnalyticsRule-', last(split(variables('analyticRuleObject2').analyticRuleId2,'/'))))]", - "properties": { - "description": "BitSight Analytics Rule 2", - "parentId": "[variables('analyticRuleObject2').analyticRuleId2]", - "contentId": "[variables('analyticRuleObject2')._analyticRulecontentId2]", - "kind": "AnalyticsRule", - "version": "[variables('analyticRuleObject2').analyticRuleVersion2]", - "source": { - "kind": "Solution", - "name": "BitSight", - "sourceId": "[variables('_solutionId')]" - }, - "author": { - "name": "Microsoft", - "email": "[variables('_email')]" - }, - "support": { - "name": "BitSight Support", - "email": "support@bitsight.com", - "tier": "Partner", - "link": "https://www.bitsight.com/customer-success-support" - } - } - } - ] - }, - "packageKind": "Solution", - "packageVersion": "[variables('_solutionVersion')]", - "packageName": "[variables('_solutionName')]", - "packageId": "[variables('_solutionId')]", - "contentSchemaVersion": "3.0.0", - "contentId": "[variables('analyticRuleObject2')._analyticRulecontentId2]", - "contentKind": "AnalyticsRule", - "displayName": "BitSight - new alert found", - "contentProductId": "[variables('analyticRuleObject2')._analyticRulecontentProductId2]", - "id": "[variables('analyticRuleObject2')._analyticRulecontentProductId2]", - "version": "[variables('analyticRuleObject2').analyticRuleVersion2]" - } - }, - { - "type": "Microsoft.OperationalInsights/workspaces/providers/contentTemplates", - "apiVersion": "2023-04-01-preview", - "name": "[variables('analyticRuleObject3').analyticRuleTemplateSpecName3]", - "location": "[parameters('workspace-location')]", - "dependsOn": [ - "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]" - ], - "properties": { - "description": "BitSightCompromisedSystemsDetected_AnalyticalRules Analytics Rule with template version 3.2.0", - "mainTemplate": { - "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", - "contentVersion": "[variables('analyticRuleObject3').analyticRuleVersion3]", - "parameters": {}, - "variables": {}, - "resources": [ - { - "type": "Microsoft.SecurityInsights/AlertRuleTemplates", - "name": "[variables('analyticRuleObject3')._analyticRulecontentId3]", - "apiVersion": "2023-02-01-preview", - "kind": "Scheduled", - "location": "[parameters('workspace-location')]", - "properties": { - "description": "Rule helps to detect whenever there is a compromised systems found in BitSight.", - "displayName": "BitSight - compromised systems detected", - "enabled": false, - "query": "let timeframe = 24h;\nBitSightFindingsData\n| where ingestion_time() > ago(timeframe)\n| where RiskCategory == \"Compromised Systems\"\n| extend Severity = toreal(Severity)\n| extend Severity = case( Severity <= 6.9 and Severity >= 4.0, \"Low\",\n Severity <= 8.9 and Severity >= 7.0, \"Medium\",\n Severity <= 10.0 and Severity >= 9.0, \"High\",\n \"Informational\")\n| project FirstSeen, CompanyName, Severity, RiskCategory, RiskVector, TemporaryId\n", - "queryFrequency": "P1D", - "queryPeriod": "PT24H", - "severity": "Medium", - "suppressionDuration": "PT1H", - "suppressionEnabled": false, - "triggerOperator": "GreaterThan", - "triggerThreshold": 0, - "status": "Available", - "requiredDataConnectors": [ - { - "dataTypes": [ - "BitSightFindingsData" - ], - "connectorId": "BitSight" - } - ], - "tactics": [ - "Execution" - ], - "techniques": [ - "T1203" - ], - "entityMappings": [ - { - "fieldMappings": [ - { - "columnName": "RiskVector", - "identifier": "Name" - }, - { - "columnName": "RiskCategory", - "identifier": "Category" - } - ], - "entityType": "Malware" - } - ], - "eventGroupingSettings": { - "aggregationKind": "AlertPerResult" - }, - "alertDetailsOverride": { - "alertSeverityColumnName": "Severity", - "alertDisplayNameFormat": "BitSight: Alert for {{RiskVector}} in {{CompanyName}} from BitSight", - "alertDescriptionFormat": "Alert is generated for {{CompanyName}}.\\n\\nRisk Vector: {{RiskVector}}\\nTemporaryId: {{TemporaryId}}\\nRisk Category: Compromised Systems" - }, - "incidentConfiguration": { - "createIncident": true - } - } - }, - { - "type": "Microsoft.OperationalInsights/workspaces/providers/metadata", - "apiVersion": "2022-01-01-preview", - "name": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat('AnalyticsRule-', last(split(variables('analyticRuleObject3').analyticRuleId3,'/'))))]", - "properties": { - "description": "BitSight Analytics Rule 3", - "parentId": "[variables('analyticRuleObject3').analyticRuleId3]", - "contentId": "[variables('analyticRuleObject3')._analyticRulecontentId3]", - "kind": "AnalyticsRule", - "version": "[variables('analyticRuleObject3').analyticRuleVersion3]", - "source": { - "kind": "Solution", - "name": "BitSight", - "sourceId": "[variables('_solutionId')]" - }, - "author": { - "name": "Microsoft", - "email": "[variables('_email')]" - }, - "support": { - "name": "BitSight Support", - "email": "support@bitsight.com", - "tier": "Partner", - "link": "https://www.bitsight.com/customer-success-support" - } - } - } - ] - }, - "packageKind": "Solution", - "packageVersion": "[variables('_solutionVersion')]", - "packageName": "[variables('_solutionName')]", - "packageId": "[variables('_solutionId')]", - "contentSchemaVersion": "3.0.0", - "contentId": "[variables('analyticRuleObject3')._analyticRulecontentId3]", - "contentKind": "AnalyticsRule", - "displayName": "BitSight - compromised systems detected", - "contentProductId": "[variables('analyticRuleObject3')._analyticRulecontentProductId3]", - "id": "[variables('analyticRuleObject3')._analyticRulecontentProductId3]", - "version": "[variables('analyticRuleObject3').analyticRuleVersion3]" - } - }, - { - "type": "Microsoft.OperationalInsights/workspaces/providers/contentTemplates", - "apiVersion": "2023-04-01-preview", - "name": "[variables('analyticRuleObject4').analyticRuleTemplateSpecName4]", - "location": "[parameters('workspace-location')]", - "dependsOn": [ - "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]" - ], - "properties": { - "description": "BitSightDiligenceRiskCategoryDetected_AnalyticalRules Analytics Rule with template version 3.2.0", - "mainTemplate": { - "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", - "contentVersion": "[variables('analyticRuleObject4').analyticRuleVersion4]", - "parameters": {}, - "variables": {}, - "resources": [ - { - "type": "Microsoft.SecurityInsights/AlertRuleTemplates", - "name": "[variables('analyticRuleObject4')._analyticRulecontentId4]", - "apiVersion": "2023-02-01-preview", - "kind": "Scheduled", - "location": "[parameters('workspace-location')]", - "properties": { - "description": "Rule helps to detect whenever there is a diligence risk category found in BitSight.", - "displayName": "BitSight - diligence risk category detected", - "enabled": false, - "query": "let timeframe = 24h;\nBitSightFindingsData\n| where ingestion_time() > ago(timeframe)\n| where RiskCategory == \"Diligence\"\n| extend Severity = toreal(Severity)\n| extend Severity = case( Severity <= 6.9 and Severity >= 4.0, \"Low\",\n Severity <= 8.9 and Severity >= 7.0, \"Medium\",\n Severity <= 10.0 and Severity >= 9.0, \"High\",\n \"Informational\")\n| project FirstSeen, CompanyName, Severity, RiskCategory, TemporaryId, RiskVector\n", - "queryFrequency": "P1D", - "queryPeriod": "PT24H", - "severity": "Medium", - "suppressionDuration": "PT1H", - "suppressionEnabled": false, - "triggerOperator": "GreaterThan", - "triggerThreshold": 0, - "status": "Available", - "requiredDataConnectors": [ - { - "dataTypes": [ - "BitSightFindingsData" - ], - "connectorId": "BitSight" - } - ], - "tactics": [ - "Execution", - "Reconnaissance" - ], - "subTechniques": [ - "T1595.002" - ], - "techniques": [ - "T1203", - "T1595" - ], - "entityMappings": [ - { - "fieldMappings": [ - { - "columnName": "RiskVector", - "identifier": "Name" - }, - { - "columnName": "RiskCategory", - "identifier": "Category" - } - ], - "entityType": "Malware" - } - ], - "eventGroupingSettings": { - "aggregationKind": "AlertPerResult" - }, - "alertDetailsOverride": { - "alertSeverityColumnName": "Severity", - "alertDisplayNameFormat": "BitSight: Alert for {{RiskVector}} in {{CompanyName}} from BitSight", - "alertDescriptionFormat": "Alert is generated for {{CompanyName}}.\\n\\nRisk Vector: {{RiskVector}}\\nTemporaryId: {{TemporaryId}}\\nRisk Category: Diligence" - }, - "incidentConfiguration": { - "createIncident": false - } - } - }, - { - "type": "Microsoft.OperationalInsights/workspaces/providers/metadata", - "apiVersion": "2022-01-01-preview", - "name": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat('AnalyticsRule-', last(split(variables('analyticRuleObject4').analyticRuleId4,'/'))))]", - "properties": { - "description": "BitSight Analytics Rule 4", - "parentId": "[variables('analyticRuleObject4').analyticRuleId4]", - "contentId": "[variables('analyticRuleObject4')._analyticRulecontentId4]", - "kind": "AnalyticsRule", - "version": "[variables('analyticRuleObject4').analyticRuleVersion4]", - "source": { - "kind": "Solution", - "name": "BitSight", - "sourceId": "[variables('_solutionId')]" - }, - "author": { - "name": "Microsoft", - "email": "[variables('_email')]" - }, - "support": { - "name": "BitSight Support", - "email": "support@bitsight.com", - "tier": "Partner", - "link": "https://www.bitsight.com/customer-success-support" - } - } - } - ] - }, - "packageKind": "Solution", - "packageVersion": "[variables('_solutionVersion')]", - "packageName": "[variables('_solutionName')]", - "packageId": "[variables('_solutionId')]", - "contentSchemaVersion": "3.0.0", - "contentId": "[variables('analyticRuleObject4')._analyticRulecontentId4]", - "contentKind": "AnalyticsRule", - "displayName": "BitSight - diligence risk category detected", - "contentProductId": "[variables('analyticRuleObject4')._analyticRulecontentProductId4]", - "id": "[variables('analyticRuleObject4')._analyticRulecontentProductId4]", - "version": "[variables('analyticRuleObject4').analyticRuleVersion4]" - } - }, - { - "type": "Microsoft.OperationalInsights/workspaces/providers/contentTemplates", - "apiVersion": "2023-04-01-preview", - "name": "[variables('analyticRuleObject5').analyticRuleTemplateSpecName5]", - "location": "[parameters('workspace-location')]", - "dependsOn": [ - "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]" - ], - "properties": { - "description": "BitSightDropInHeadlineRating_AnalyticalRules Analytics Rule with template version 3.2.0", - "mainTemplate": { - "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", - "contentVersion": "[variables('analyticRuleObject5').analyticRuleVersion5]", - "parameters": {}, - "variables": {}, - "resources": [ - { - "type": "Microsoft.SecurityInsights/AlertRuleTemplates", - "name": "[variables('analyticRuleObject5')._analyticRulecontentId5]", - "apiVersion": "2023-02-01-preview", - "kind": "Scheduled", - "location": "[parameters('workspace-location')]", - "properties": { - "description": "Rule helps to detect if headline ratings is drop in BitSight.", - "displayName": "BitSight - drop in the headline rating", - "enabled": false, - "query": "let timeframe = 24h;\nBitSightGraphData\n| where ingestion_time() > ago(timeframe)\n| where toint(RatingDifferance) < 0\n| project RatingDate, Rating, CompanyName, RatingDifferance\n", - "queryFrequency": "P1D", - "queryPeriod": "PT24H", - "severity": "High", - "suppressionDuration": "PT1H", - "suppressionEnabled": false, - "triggerOperator": "GreaterThan", - "triggerThreshold": 0, - "status": "Available", - "requiredDataConnectors": [ - { - "dataTypes": [ - "BitSightGraphData" - ], - "connectorId": "BitSight" - } - ], - "tactics": [ - "Reconnaissance", - "CommandAndControl" - ], - "techniques": [ - "T1591", - "T1090" - ], - "eventGroupingSettings": { - "aggregationKind": "AlertPerResult" - }, - "customDetails": { - "CompanyName": "CompanyName", - "CompanyRating": "Rating" - }, - "alertDetailsOverride": { - "alertDisplayNameFormat": "BitSight : Alert for drop in the headline rating of {{CompanyName}}.", - "alertDescriptionFormat": "Alert is generated for {{CompanyName}}.\\n\\nRating Date: {{RatingDate}}\\nRating Drop: {{RatingDifferance}}" - }, - "incidentConfiguration": { - "createIncident": false - } - } - }, - { - "type": "Microsoft.OperationalInsights/workspaces/providers/metadata", - "apiVersion": "2022-01-01-preview", - "name": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat('AnalyticsRule-', last(split(variables('analyticRuleObject5').analyticRuleId5,'/'))))]", - "properties": { - "description": "BitSight Analytics Rule 5", - "parentId": "[variables('analyticRuleObject5').analyticRuleId5]", - "contentId": "[variables('analyticRuleObject5')._analyticRulecontentId5]", - "kind": "AnalyticsRule", - "version": "[variables('analyticRuleObject5').analyticRuleVersion5]", - "source": { - "kind": "Solution", - "name": "BitSight", - "sourceId": "[variables('_solutionId')]" - }, - "author": { - "name": "Microsoft", - "email": "[variables('_email')]" - }, - "support": { - "name": "BitSight Support", - "email": "support@bitsight.com", - "tier": "Partner", - "link": "https://www.bitsight.com/customer-success-support" - } - } - } - ] - }, - "packageKind": "Solution", - "packageVersion": "[variables('_solutionVersion')]", - "packageName": "[variables('_solutionName')]", - "packageId": "[variables('_solutionId')]", - "contentSchemaVersion": "3.0.0", - "contentId": "[variables('analyticRuleObject5')._analyticRulecontentId5]", - "contentKind": "AnalyticsRule", - "displayName": "BitSight - drop in the headline rating", - "contentProductId": "[variables('analyticRuleObject5')._analyticRulecontentProductId5]", - "id": "[variables('analyticRuleObject5')._analyticRulecontentProductId5]", - "version": "[variables('analyticRuleObject5').analyticRuleVersion5]" - } - }, - { - "type": "Microsoft.OperationalInsights/workspaces/providers/contentTemplates", - "apiVersion": "2023-04-01-preview", - "name": "[variables('analyticRuleObject6').analyticRuleTemplateSpecName6]", - "location": "[parameters('workspace-location')]", - "dependsOn": [ - "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]" - ], - "properties": { - "description": "BitSightNewBreachFound_AnalyticalRules Analytics Rule with template version 3.2.0", - "mainTemplate": { - "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", - "contentVersion": "[variables('analyticRuleObject6').analyticRuleVersion6]", - "parameters": {}, - "variables": {}, - "resources": [ - { - "type": "Microsoft.SecurityInsights/AlertRuleTemplates", - "name": "[variables('analyticRuleObject6')._analyticRulecontentId6]", - "apiVersion": "2023-02-01-preview", - "kind": "Scheduled", - "location": "[parameters('workspace-location')]", - "properties": { - "description": "Rule helps to detect a new breach generated in BitSight.", - "displayName": "BitSight - new breach found", - "enabled": false, - "query": "let timeframe = 24h;\nBitSightBreaches\n| where ingestion_time() > ago(timeframe)\n| extend Severity = toreal(Severity)\n| extend Severity = case( Severity == 1, \"Low\",\n Severity == 2, \"Medium\",\n Severity == 3, \"High\",\n \"Informational\")\n| project DateCreated, Companyname, Severity, PreviwURL, GUID\n", - "queryFrequency": "P1D", - "queryPeriod": "PT24H", - "severity": "Medium", - "suppressionDuration": "PT1H", - "suppressionEnabled": false, - "triggerOperator": "GreaterThan", - "triggerThreshold": 0, - "status": "Available", - "requiredDataConnectors": [ - { - "dataTypes": [ - "BitSightBreaches" - ], - "connectorId": "BitSight" - } - ], - "tactics": [ - "Impact", - "InitialAccess" - ], - "techniques": [ - "T1491", - "T1190" - ], - "entityMappings": [ - { - "fieldMappings": [ - { - "columnName": "PreviwURL", - "identifier": "Url" - } - ], - "entityType": "URL" - } - ], - "eventGroupingSettings": { - "aggregationKind": "AlertPerResult" - }, - "alertDetailsOverride": { - "alertSeverityColumnName": "Severity", - "alertDisplayNameFormat": "BitSight: Alert for new breach in {{Companyname}}.", - "alertDescriptionFormat": "Alert is generated on {{DateCreated}} at BitSight.\\n\\nGUID: {{GUID}}\\nPreview URL: {{PreviwURL}}" - }, - "incidentConfiguration": { - "createIncident": false - } - } - }, - { - "type": "Microsoft.OperationalInsights/workspaces/providers/metadata", - "apiVersion": "2022-01-01-preview", - "name": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat('AnalyticsRule-', last(split(variables('analyticRuleObject6').analyticRuleId6,'/'))))]", - "properties": { - "description": "BitSight Analytics Rule 6", - "parentId": "[variables('analyticRuleObject6').analyticRuleId6]", - "contentId": "[variables('analyticRuleObject6')._analyticRulecontentId6]", - "kind": "AnalyticsRule", - "version": "[variables('analyticRuleObject6').analyticRuleVersion6]", - "source": { - "kind": "Solution", - "name": "BitSight", - "sourceId": "[variables('_solutionId')]" - }, - "author": { - "name": "Microsoft", - "email": "[variables('_email')]" - }, - "support": { - "name": "BitSight Support", - "email": "support@bitsight.com", - "tier": "Partner", - "link": "https://www.bitsight.com/customer-success-support" - } - } - } - ] - }, - "packageKind": "Solution", - "packageVersion": "[variables('_solutionVersion')]", - "packageName": "[variables('_solutionName')]", - "packageId": "[variables('_solutionId')]", - "contentSchemaVersion": "3.0.0", - "contentId": "[variables('analyticRuleObject6')._analyticRulecontentId6]", - "contentKind": "AnalyticsRule", - "displayName": "BitSight - new breach found", - "contentProductId": "[variables('analyticRuleObject6')._analyticRulecontentProductId6]", - "id": "[variables('analyticRuleObject6')._analyticRulecontentProductId6]", - "version": "[variables('analyticRuleObject6').analyticRuleVersion6]" - } - }, - { - "type": "Microsoft.OperationalInsights/workspaces/providers/contentTemplates", - "apiVersion": "2023-04-01-preview", - "name": "[variables('parserObject1').parserTemplateSpecName1]", - "location": "[parameters('workspace-location')]", - "dependsOn": [ - "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]" - ], - "properties": { - "description": "BitSightAlerts Data Parser with template version 3.2.0", - "mainTemplate": { - "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", - "contentVersion": "[variables('parserObject1').parserVersion1]", - "parameters": {}, - "variables": {}, - "resources": [ - { - "name": "[variables('parserObject1')._parserName1]", - "apiVersion": "2025-07-01", - "type": "Microsoft.OperationalInsights/workspaces/savedSearches", - "location": "[parameters('workspace-location')]", - "properties": { - "eTag": "*", - "displayName": "Parser for BitSightAlerts", - "category": "Microsoft Sentinel Parser", - "functionAlias": "BitSightAlerts", - "query": "union isfuzzy=true\n (\n BitsightAlerts_data_CL\n | extend\n EventVendor = \"BitSight\",\n EventProduct = \"Alert\",\n GUID = column_ifexists('guid', ''),\n AlertType = column_ifexists('alert_type', ''),\n AlertDate = column_ifexists('alert_date', ''),\n StartDate = column_ifexists('start_date', ''),\n CompanyName = column_ifexists('company_name', ''),\n CompanyGUID = column_ifexists('company_guid', ''),\n CompanyURL = column_ifexists('company_url', ''),\n FolderGUID = column_ifexists('folder_guid', ''),\n FolderName = column_ifexists('folder_name', ''),\n Severity = column_ifexists('severity', ''),\n Trigger = column_ifexists('trigger', '')\n | project\n TimeGenerated,\n EventVendor,\n EventProduct,\n GUID,\n AlertType,\n AlertDate,\n StartDate,\n CompanyName,\n CompanyGUID,\n CompanyURL,\n FolderGUID,\n FolderName,\n Severity,\n Trigger\n ),\n (\n BitSightAlerts_CL\n | extend\n EventVendor = \"BitSight\",\n EventProduct = \"Alert\"\n | project\n TimeGenerated,\n EventVendor,\n EventProduct,\n Guid,\n AlertType,\n AlertDate,\n StartDate,\n CompanyName,\n CompanyGuid,\n CompanyUrl,\n FolderGuid,\n FolderName,\n Severity,\n Trigger,\n AlertSetName,\n AlertSetGuid,\n ConnectorName\n )\n", - "functionParameters": "", - "version": 2, - "tags": [ - { - "name": "description", - "value": "" - } - ] - } - }, - { - "type": "Microsoft.OperationalInsights/workspaces/providers/metadata", - "apiVersion": "2022-01-01-preview", - "name": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat('Parser-', last(split(variables('parserObject1')._parserId1,'/'))))]", - "dependsOn": [ - "[variables('parserObject1')._parserId1]" - ], - "properties": { - "parentId": "[resourceId('Microsoft.OperationalInsights/workspaces/savedSearches', parameters('workspace'), 'BitSightAlerts')]", - "contentId": "[variables('parserObject1').parserContentId1]", - "kind": "Parser", - "version": "[variables('parserObject1').parserVersion1]", - "source": { - "name": "BitSight", - "kind": "Solution", - "sourceId": "[variables('_solutionId')]" - }, - "author": { - "name": "Microsoft", - "email": "[variables('_email')]" - }, - "support": { - "name": "BitSight Support", - "email": "support@bitsight.com", - "tier": "Partner", - "link": "https://www.bitsight.com/customer-success-support" - } - } - } - ] - }, - "packageKind": "Solution", - "packageVersion": "[variables('_solutionVersion')]", - "packageName": "[variables('_solutionName')]", - "packageId": "[variables('_solutionId')]", - "contentSchemaVersion": "3.0.0", - "contentId": "[variables('parserObject1').parserContentId1]", - "contentKind": "Parser", - "displayName": "Parser for BitSightAlerts", - "contentProductId": "[concat(take(variables('_solutionId'),50),'-','pr','-', uniqueString(concat(variables('_solutionId'),'-','Parser','-',variables('parserObject1').parserContentId1,'-', '1.1.0')))]", - "id": "[concat(take(variables('_solutionId'),50),'-','pr','-', uniqueString(concat(variables('_solutionId'),'-','Parser','-',variables('parserObject1').parserContentId1,'-', '1.1.0')))]", - "version": "[variables('parserObject1').parserVersion1]" - } - }, - { - "type": "Microsoft.OperationalInsights/workspaces/savedSearches", - "apiVersion": "2025-07-01", - "name": "[variables('parserObject1')._parserName1]", - "location": "[parameters('workspace-location')]", - "properties": { - "eTag": "*", - "displayName": "Parser for BitSightAlerts", - "category": "Microsoft Sentinel Parser", - "functionAlias": "BitSightAlerts", - "query": "union isfuzzy=true\n (\n BitsightAlerts_data_CL\n | extend\n EventVendor = \"BitSight\",\n EventProduct = \"Alert\",\n GUID = column_ifexists('guid', ''),\n AlertType = column_ifexists('alert_type', ''),\n AlertDate = column_ifexists('alert_date', ''),\n StartDate = column_ifexists('start_date', ''),\n CompanyName = column_ifexists('company_name', ''),\n CompanyGUID = column_ifexists('company_guid', ''),\n CompanyURL = column_ifexists('company_url', ''),\n FolderGUID = column_ifexists('folder_guid', ''),\n FolderName = column_ifexists('folder_name', ''),\n Severity = column_ifexists('severity', ''),\n Trigger = column_ifexists('trigger', '')\n | project\n TimeGenerated,\n EventVendor,\n EventProduct,\n GUID,\n AlertType,\n AlertDate,\n StartDate,\n CompanyName,\n CompanyGUID,\n CompanyURL,\n FolderGUID,\n FolderName,\n Severity,\n Trigger\n ),\n (\n BitSightAlerts_CL\n | extend\n EventVendor = \"BitSight\",\n EventProduct = \"Alert\"\n | project\n TimeGenerated,\n EventVendor,\n EventProduct,\n Guid,\n AlertType,\n AlertDate,\n StartDate,\n CompanyName,\n CompanyGuid,\n CompanyUrl,\n FolderGuid,\n FolderName,\n Severity,\n Trigger,\n AlertSetName,\n AlertSetGuid,\n ConnectorName\n )\n", - "functionParameters": "", - "version": 2, - "tags": [ - { - "name": "description", - "value": "" - } - ] - } - }, - { - "type": "Microsoft.OperationalInsights/workspaces/providers/metadata", - "apiVersion": "2022-01-01-preview", - "location": "[parameters('workspace-location')]", - "name": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat('Parser-', last(split(variables('parserObject1')._parserId1,'/'))))]", - "dependsOn": [ - "[variables('parserObject1')._parserId1]" - ], - "properties": { - "parentId": "[resourceId('Microsoft.OperationalInsights/workspaces/savedSearches', parameters('workspace'), 'BitSightAlerts')]", - "contentId": "[variables('parserObject1').parserContentId1]", - "kind": "Parser", - "version": "[variables('parserObject1').parserVersion1]", - "source": { - "kind": "Solution", - "name": "BitSight", - "sourceId": "[variables('_solutionId')]" - }, - "author": { - "name": "Microsoft", - "email": "[variables('_email')]" - }, - "support": { - "name": "BitSight Support", - "email": "support@bitsight.com", - "tier": "Partner", - "link": "https://www.bitsight.com/customer-success-support" - } - } - }, - { - "type": "Microsoft.OperationalInsights/workspaces/providers/contentTemplates", - "apiVersion": "2023-04-01-preview", - "name": "[variables('parserObject2').parserTemplateSpecName2]", - "location": "[parameters('workspace-location')]", - "dependsOn": [ - "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]" - ], - "properties": { - "description": "BitSightBreaches Data Parser with template version 3.2.0", - "mainTemplate": { - "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", - "contentVersion": "[variables('parserObject2').parserVersion2]", - "parameters": {}, - "variables": {}, - "resources": [ - { - "name": "[variables('parserObject2')._parserName2]", - "apiVersion": "2025-07-01", - "type": "Microsoft.OperationalInsights/workspaces/savedSearches", - "location": "[parameters('workspace-location')]", - "properties": { - "eTag": "*", - "displayName": "Parser for BitSightBreaches", - "category": "Microsoft Sentinel Parser", - "functionAlias": "BitSightBreaches", - "query": "union isfuzzy=true\n (\n BitsightBreaches_data_CL\n | extend\n EventVendor = \"BitSight\",\n EventProduct = \"Breaches\",\n GUID = column_ifexists('guid', ''),\n Date = column_ifexists('date', ''),\n Severity = column_ifexists('severity', ''),\n Text = column_ifexists('text', ''),\n DateCreated = column_ifexists('date_created', ''),\n PreviwURL = column_ifexists('preview_url', ''),\n EventType = column_ifexists('event_type', ''),\n EventTypeDescription = column_ifexists('event_type_description', ''),\n BreachedCompanies = column_ifexists('breached_companies', ''),\n DependentCompanies = column_ifexists('dependent_companies', ''),\n Companyname = column_ifexists('company_name', ''),\n CompanyGUID = column_ifexists('company_guid', '')\n | project\n TimeGenerated,\n EventVendor,\n EventProduct,\n GUID,\n Date,\n Severity,\n Text,\n DateCreated,\n PreviwURL,\n EventType,\n EventTypeDescription,\n BreachedCompanies,\n DependentCompanies,\n Companyname,\n CompanyGUID\n ),\n (\n BitSightBreaches_CL\n | summarize arg_max(TimeGenerated, *) by Guid, CompanyGuid\n | extend\n EventVendor = \"BitSight\",\n EventProduct = \"Breaches\"\n | project\n TimeGenerated,\n EventVendor,\n EventProduct,\n Guid,\n CompanyName,\n CompanyGuid,\n BreachDate,\n DateCreated,\n Text,\n PreviewUrl,\n EventType,\n EventTypeDescription,\n Severity,\n BreachedCompanies,\n DependentCompanies,\n ConnectorName\n )\n", - "functionParameters": "", - "version": 2, - "tags": [ - { - "name": "description", - "value": "" - } - ] - } - }, - { - "type": "Microsoft.OperationalInsights/workspaces/providers/metadata", - "apiVersion": "2022-01-01-preview", - "name": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat('Parser-', last(split(variables('parserObject2')._parserId2,'/'))))]", - "dependsOn": [ - "[variables('parserObject2')._parserId2]" - ], - "properties": { - "parentId": "[resourceId('Microsoft.OperationalInsights/workspaces/savedSearches', parameters('workspace'), 'BitSightBreaches')]", - "contentId": "[variables('parserObject2').parserContentId2]", - "kind": "Parser", - "version": "[variables('parserObject2').parserVersion2]", - "source": { - "name": "BitSight", - "kind": "Solution", - "sourceId": "[variables('_solutionId')]" - }, - "author": { - "name": "Microsoft", - "email": "[variables('_email')]" - }, - "support": { - "name": "BitSight Support", - "email": "support@bitsight.com", - "tier": "Partner", - "link": "https://www.bitsight.com/customer-success-support" - } - } - } - ] - }, - "packageKind": "Solution", - "packageVersion": "[variables('_solutionVersion')]", - "packageName": "[variables('_solutionName')]", - "packageId": "[variables('_solutionId')]", - "contentSchemaVersion": "3.0.0", - "contentId": "[variables('parserObject2').parserContentId2]", - "contentKind": "Parser", - "displayName": "Parser for BitSightBreaches", - "contentProductId": "[concat(take(variables('_solutionId'),50),'-','pr','-', uniqueString(concat(variables('_solutionId'),'-','Parser','-',variables('parserObject2').parserContentId2,'-', '1.1.0')))]", - "id": "[concat(take(variables('_solutionId'),50),'-','pr','-', uniqueString(concat(variables('_solutionId'),'-','Parser','-',variables('parserObject2').parserContentId2,'-', '1.1.0')))]", - "version": "[variables('parserObject2').parserVersion2]" - } - }, - { - "type": "Microsoft.OperationalInsights/workspaces/savedSearches", - "apiVersion": "2025-07-01", - "name": "[variables('parserObject2')._parserName2]", - "location": "[parameters('workspace-location')]", - "properties": { - "eTag": "*", - "displayName": "Parser for BitSightBreaches", - "category": "Microsoft Sentinel Parser", - "functionAlias": "BitSightBreaches", - "query": "union isfuzzy=true\n (\n BitsightBreaches_data_CL\n | extend\n EventVendor = \"BitSight\",\n EventProduct = \"Breaches\",\n GUID = column_ifexists('guid', ''),\n Date = column_ifexists('date', ''),\n Severity = column_ifexists('severity', ''),\n Text = column_ifexists('text', ''),\n DateCreated = column_ifexists('date_created', ''),\n PreviwURL = column_ifexists('preview_url', ''),\n EventType = column_ifexists('event_type', ''),\n EventTypeDescription = column_ifexists('event_type_description', ''),\n BreachedCompanies = column_ifexists('breached_companies', ''),\n DependentCompanies = column_ifexists('dependent_companies', ''),\n Companyname = column_ifexists('company_name', ''),\n CompanyGUID = column_ifexists('company_guid', '')\n | project\n TimeGenerated,\n EventVendor,\n EventProduct,\n GUID,\n Date,\n Severity,\n Text,\n DateCreated,\n PreviwURL,\n EventType,\n EventTypeDescription,\n BreachedCompanies,\n DependentCompanies,\n Companyname,\n CompanyGUID\n ),\n (\n BitSightBreaches_CL\n | summarize arg_max(TimeGenerated, *) by Guid, CompanyGuid\n | extend\n EventVendor = \"BitSight\",\n EventProduct = \"Breaches\"\n | project\n TimeGenerated,\n EventVendor,\n EventProduct,\n Guid,\n CompanyName,\n CompanyGuid,\n BreachDate,\n DateCreated,\n Text,\n PreviewUrl,\n EventType,\n EventTypeDescription,\n Severity,\n BreachedCompanies,\n DependentCompanies,\n ConnectorName\n )\n", - "functionParameters": "", - "version": 2, - "tags": [ - { - "name": "description", - "value": "" - } - ] - } - }, - { - "type": "Microsoft.OperationalInsights/workspaces/providers/metadata", - "apiVersion": "2022-01-01-preview", - "location": "[parameters('workspace-location')]", - "name": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat('Parser-', last(split(variables('parserObject2')._parserId2,'/'))))]", - "dependsOn": [ - "[variables('parserObject2')._parserId2]" - ], - "properties": { - "parentId": "[resourceId('Microsoft.OperationalInsights/workspaces/savedSearches', parameters('workspace'), 'BitSightBreaches')]", - "contentId": "[variables('parserObject2').parserContentId2]", - "kind": "Parser", - "version": "[variables('parserObject2').parserVersion2]", - "source": { - "kind": "Solution", - "name": "BitSight", - "sourceId": "[variables('_solutionId')]" - }, - "author": { - "name": "Microsoft", - "email": "[variables('_email')]" - }, - "support": { - "name": "BitSight Support", - "email": "support@bitsight.com", - "tier": "Partner", - "link": "https://www.bitsight.com/customer-success-support" - } - } - }, - { - "type": "Microsoft.OperationalInsights/workspaces/providers/contentTemplates", - "apiVersion": "2023-04-01-preview", - "name": "[variables('parserObject3').parserTemplateSpecName3]", - "location": "[parameters('workspace-location')]", - "dependsOn": [ - "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]" - ], - "properties": { - "description": "BitSightCompanyDetails Data Parser with template version 3.2.0", - "mainTemplate": { - "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", - "contentVersion": "[variables('parserObject3').parserVersion3]", - "parameters": {}, - "variables": {}, - "resources": [ - { - "name": "[variables('parserObject3')._parserName3]", - "apiVersion": "2025-07-01", - "type": "Microsoft.OperationalInsights/workspaces/savedSearches", - "location": "[parameters('workspace-location')]", - "properties": { - "eTag": "*", - "displayName": "Parser for BitSightCompanyDetails", - "category": "Microsoft Sentinel Parser", - "functionAlias": "BitSightCompanyDetails", - "query": "union isfuzzy=true\n (\n BitsightCompany_details_CL\n | extend\n EventVendor = \"BitSight\",\n EventProduct = \"CompanyDetails\",\n PrimaryCompanyGUID = column_ifexists('primary_company_guid', ''),\n PrimaryCompanyName = column_ifexists('primary_company_name', ''),\n AvailableUpgradeTypes = column_ifexists('available_upgrade_types', ''),\n BulkEmailSenderStatus = column_ifexists('bulk_email_sender_status', ''),\n CompanyFeatures = column_ifexists('company_features', ''),\n CustomerMonitoringCount = column_ifexists('customer_monitoring_count', ''),\n Description = column_ifexists('description', ''),\n DisplayURL = column_ifexists('display_url', ''),\n GUID = column_ifexists('guid', ''),\n HasCompanyTree = column_ifexists('has_company_tree', ''),\n HasPreferredContact = column_ifexists('has_preferred_contact', ''),\n Hompage = column_ifexists('homepage', ''),\n InSpmPortfolio = column_ifexists('in_spm_portfolio', ''),\n Industry = column_ifexists('industry', ''),\n IndustrySlug = column_ifexists('industry_slug', ''),\n Ipv4Count = column_ifexists('ipv4_count', ''),\n IsBundle = column_ifexists('is_bundle', ''),\n IsCsp = column_ifexists('is_csp', ''),\n IsMycompMysubsBundle = column_ifexists('is_mycomp_mysubs_bundle', ''),\n IsPrimary = column_ifexists('is_primary', ''),\n IsUnsampledAllowed = column_ifexists('is_unsampled_allowed', ''),\n Name = column_ifexists('name', ''),\n PeopleCount = column_ifexists('people_count', ''),\n PermissionCanAnnotate = column_ifexists('permissions_can_annotate', ''),\n PermissionCanDownloadCompanyReport = column_ifexists('permissions_can_download_company_report', ''),\n PermissionCanEnableVendorAccess = column_ifexists('permissions_can_enable_vendor_access', ''),\n PermissionCanViewCompanyReports = column_ifexists('permissions_can_view_company_reports', ''),\n PermissionCanViewForensics = column_ifexists('permissions_can_view_forensics', ''),\n PermissionCanViewInfrastructure = column_ifexists('permissions_can_view_infrastructure', ''),\n PermissionCanViewIpAttributions = column_ifexists('permissions_can_view_ip_attributions', ''),\n PermissionCanViewServiceProviders = column_ifexists('permissions_can_view_service_providers', ''),\n PermissionsHasControl = column_ifexists('permissions_has_control', ''),\n PrimaryDomain = column_ifexists('primary_domain', ''),\n RatingIndustryMedian = column_ifexists('rating_industry_median', ''),\n Ratings = column_ifexists('ratings', ''),\n RelatedCompanies = column_ifexists('related_companies', ''),\n SearchCount = column_ifexists('search_count', ''),\n ServiceProvider = column_ifexists('service_provider', ''),\n Shortname = column_ifexists('shortname', ''),\n Sparkline = column_ifexists('sparkline', ''),\n SubIndustry = column_ifexists('sub_industry', ''),\n SubIndustrySlug = column_ifexists('sub_industry_slug', ''),\n SubscriptionType = column_ifexists('subscription_type', ''),\n SubscriptionTypeKey = column_ifexists('subscription_type_key', ''),\n ComplianceClaimCertifications = column_ifexists('compliance_claim_certifications', ''),\n ComplianceClaimTrustPage = column_ifexists('compliance_claim_trust_page', ''),\n type = column_ifexists('type', '')\n | project\n TimeGenerated,\n EventVendor,\n EventProduct,\n PrimaryCompanyGUID,\n PrimaryCompanyName,\n AvailableUpgradeTypes,\n BulkEmailSenderStatus,\n CompanyFeatures,\n CustomerMonitoringCount,\n Description,\n DisplayURL,\n GUID,\n HasCompanyTree,\n HasPreferredContact,\n Hompage,\n InSpmPortfolio,\n Industry,\n IndustrySlug,\n Ipv4Count,\n IsBundle,\n IsCsp,\n IsMycompMysubsBundle,\n IsPrimary,\n IsUnsampledAllowed,\n Name,\n PeopleCount,\n PermissionCanAnnotate,\n PermissionCanDownloadCompanyReport,\n PermissionCanEnableVendorAccess,\n PermissionCanViewCompanyReports,\n PermissionCanViewForensics,\n PermissionCanViewInfrastructure,\n PermissionCanViewIpAttributions,\n PermissionCanViewServiceProviders,\n PermissionsHasControl,\n PrimaryDomain,\n RatingIndustryMedian,\n Ratings,\n RelatedCompanies,\n SearchCount,\n ServiceProvider,\n Shortname,\n Sparkline,\n SubIndustry,\n SubIndustrySlug,\n SubscriptionType,\n SubscriptionTypeKey,\n ComplianceClaimCertifications,\n ComplianceClaimTrustPage,\n type\n ),\n (\n BitSightCompanyDetails_CL\n | summarize arg_max(TimeGenerated, *) by Guid\n | extend\n EventVendor = \"BitSight\",\n EventProduct = \"CompanyDetails\"\n | project\n TimeGenerated,\n EventVendor,\n EventProduct,\n Guid,\n Name,\n CompanyType,\n Shortname,\n Description,\n PrimaryDomain,\n Homepage,\n DisplayUrl,\n Sparkline,\n Industry,\n IndustrySlug,\n SubIndustry,\n SubIndustrySlug,\n Ipv4Count,\n PeopleCount,\n SearchCount,\n CustomerMonitoringCount,\n CurrentRating,\n RatingIndustryMedian,\n Ratings,\n SubscriptionType,\n SubscriptionTypeKey,\n SubscriptionEndDate,\n BulkEmailSenderStatus,\n SecurityGrade,\n ServiceProvider,\n HasCompanyTree,\n HasPreferredContact,\n IsBundle,\n IsPrimary,\n InSpmPortfolio,\n IsMycompMysubsBundle,\n IsCsp,\n HasDelegatedSecurityControls,\n CustomId,\n AvailableUpgradeTypes,\n CompanyFeatures,\n RelatedCompanies,\n PrimaryCompany,\n ComplianceClaim,\n Permissions,\n ConnectorName\n )\n", - "functionParameters": "", - "version": 2, - "tags": [ - { - "name": "description", - "value": "" - } - ] - } - }, - { - "type": "Microsoft.OperationalInsights/workspaces/providers/metadata", - "apiVersion": "2022-01-01-preview", - "name": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat('Parser-', last(split(variables('parserObject3')._parserId3,'/'))))]", - "dependsOn": [ - "[variables('parserObject3')._parserId3]" - ], - "properties": { - "parentId": "[resourceId('Microsoft.OperationalInsights/workspaces/savedSearches', parameters('workspace'), 'BitSightCompanyDetails')]", - "contentId": "[variables('parserObject3').parserContentId3]", - "kind": "Parser", - "version": "[variables('parserObject3').parserVersion3]", - "source": { - "name": "BitSight", - "kind": "Solution", - "sourceId": "[variables('_solutionId')]" - }, - "author": { - "name": "Microsoft", - "email": "[variables('_email')]" - }, - "support": { - "name": "BitSight Support", - "email": "support@bitsight.com", - "tier": "Partner", - "link": "https://www.bitsight.com/customer-success-support" - } - } - } - ] - }, - "packageKind": "Solution", - "packageVersion": "[variables('_solutionVersion')]", - "packageName": "[variables('_solutionName')]", - "packageId": "[variables('_solutionId')]", - "contentSchemaVersion": "3.0.0", - "contentId": "[variables('parserObject3').parserContentId3]", - "contentKind": "Parser", - "displayName": "Parser for BitSightCompanyDetails", - "contentProductId": "[concat(take(variables('_solutionId'),50),'-','pr','-', uniqueString(concat(variables('_solutionId'),'-','Parser','-',variables('parserObject3').parserContentId3,'-', '1.1.0')))]", - "id": "[concat(take(variables('_solutionId'),50),'-','pr','-', uniqueString(concat(variables('_solutionId'),'-','Parser','-',variables('parserObject3').parserContentId3,'-', '1.1.0')))]", - "version": "[variables('parserObject3').parserVersion3]" - } - }, - { - "type": "Microsoft.OperationalInsights/workspaces/savedSearches", - "apiVersion": "2025-07-01", - "name": "[variables('parserObject3')._parserName3]", - "location": "[parameters('workspace-location')]", - "properties": { - "eTag": "*", - "displayName": "Parser for BitSightCompanyDetails", - "category": "Microsoft Sentinel Parser", - "functionAlias": "BitSightCompanyDetails", - "query": "union isfuzzy=true\n (\n BitsightCompany_details_CL\n | extend\n EventVendor = \"BitSight\",\n EventProduct = \"CompanyDetails\",\n PrimaryCompanyGUID = column_ifexists('primary_company_guid', ''),\n PrimaryCompanyName = column_ifexists('primary_company_name', ''),\n AvailableUpgradeTypes = column_ifexists('available_upgrade_types', ''),\n BulkEmailSenderStatus = column_ifexists('bulk_email_sender_status', ''),\n CompanyFeatures = column_ifexists('company_features', ''),\n CustomerMonitoringCount = column_ifexists('customer_monitoring_count', ''),\n Description = column_ifexists('description', ''),\n DisplayURL = column_ifexists('display_url', ''),\n GUID = column_ifexists('guid', ''),\n HasCompanyTree = column_ifexists('has_company_tree', ''),\n HasPreferredContact = column_ifexists('has_preferred_contact', ''),\n Hompage = column_ifexists('homepage', ''),\n InSpmPortfolio = column_ifexists('in_spm_portfolio', ''),\n Industry = column_ifexists('industry', ''),\n IndustrySlug = column_ifexists('industry_slug', ''),\n Ipv4Count = column_ifexists('ipv4_count', ''),\n IsBundle = column_ifexists('is_bundle', ''),\n IsCsp = column_ifexists('is_csp', ''),\n IsMycompMysubsBundle = column_ifexists('is_mycomp_mysubs_bundle', ''),\n IsPrimary = column_ifexists('is_primary', ''),\n IsUnsampledAllowed = column_ifexists('is_unsampled_allowed', ''),\n Name = column_ifexists('name', ''),\n PeopleCount = column_ifexists('people_count', ''),\n PermissionCanAnnotate = column_ifexists('permissions_can_annotate', ''),\n PermissionCanDownloadCompanyReport = column_ifexists('permissions_can_download_company_report', ''),\n PermissionCanEnableVendorAccess = column_ifexists('permissions_can_enable_vendor_access', ''),\n PermissionCanViewCompanyReports = column_ifexists('permissions_can_view_company_reports', ''),\n PermissionCanViewForensics = column_ifexists('permissions_can_view_forensics', ''),\n PermissionCanViewInfrastructure = column_ifexists('permissions_can_view_infrastructure', ''),\n PermissionCanViewIpAttributions = column_ifexists('permissions_can_view_ip_attributions', ''),\n PermissionCanViewServiceProviders = column_ifexists('permissions_can_view_service_providers', ''),\n PermissionsHasControl = column_ifexists('permissions_has_control', ''),\n PrimaryDomain = column_ifexists('primary_domain', ''),\n RatingIndustryMedian = column_ifexists('rating_industry_median', ''),\n Ratings = column_ifexists('ratings', ''),\n RelatedCompanies = column_ifexists('related_companies', ''),\n SearchCount = column_ifexists('search_count', ''),\n ServiceProvider = column_ifexists('service_provider', ''),\n Shortname = column_ifexists('shortname', ''),\n Sparkline = column_ifexists('sparkline', ''),\n SubIndustry = column_ifexists('sub_industry', ''),\n SubIndustrySlug = column_ifexists('sub_industry_slug', ''),\n SubscriptionType = column_ifexists('subscription_type', ''),\n SubscriptionTypeKey = column_ifexists('subscription_type_key', ''),\n ComplianceClaimCertifications = column_ifexists('compliance_claim_certifications', ''),\n ComplianceClaimTrustPage = column_ifexists('compliance_claim_trust_page', ''),\n type = column_ifexists('type', '')\n | project\n TimeGenerated,\n EventVendor,\n EventProduct,\n PrimaryCompanyGUID,\n PrimaryCompanyName,\n AvailableUpgradeTypes,\n BulkEmailSenderStatus,\n CompanyFeatures,\n CustomerMonitoringCount,\n Description,\n DisplayURL,\n GUID,\n HasCompanyTree,\n HasPreferredContact,\n Hompage,\n InSpmPortfolio,\n Industry,\n IndustrySlug,\n Ipv4Count,\n IsBundle,\n IsCsp,\n IsMycompMysubsBundle,\n IsPrimary,\n IsUnsampledAllowed,\n Name,\n PeopleCount,\n PermissionCanAnnotate,\n PermissionCanDownloadCompanyReport,\n PermissionCanEnableVendorAccess,\n PermissionCanViewCompanyReports,\n PermissionCanViewForensics,\n PermissionCanViewInfrastructure,\n PermissionCanViewIpAttributions,\n PermissionCanViewServiceProviders,\n PermissionsHasControl,\n PrimaryDomain,\n RatingIndustryMedian,\n Ratings,\n RelatedCompanies,\n SearchCount,\n ServiceProvider,\n Shortname,\n Sparkline,\n SubIndustry,\n SubIndustrySlug,\n SubscriptionType,\n SubscriptionTypeKey,\n ComplianceClaimCertifications,\n ComplianceClaimTrustPage,\n type\n ),\n (\n BitSightCompanyDetails_CL\n | summarize arg_max(TimeGenerated, *) by Guid\n | extend\n EventVendor = \"BitSight\",\n EventProduct = \"CompanyDetails\"\n | project\n TimeGenerated,\n EventVendor,\n EventProduct,\n Guid,\n Name,\n CompanyType,\n Shortname,\n Description,\n PrimaryDomain,\n Homepage,\n DisplayUrl,\n Sparkline,\n Industry,\n IndustrySlug,\n SubIndustry,\n SubIndustrySlug,\n Ipv4Count,\n PeopleCount,\n SearchCount,\n CustomerMonitoringCount,\n CurrentRating,\n RatingIndustryMedian,\n Ratings,\n SubscriptionType,\n SubscriptionTypeKey,\n SubscriptionEndDate,\n BulkEmailSenderStatus,\n SecurityGrade,\n ServiceProvider,\n HasCompanyTree,\n HasPreferredContact,\n IsBundle,\n IsPrimary,\n InSpmPortfolio,\n IsMycompMysubsBundle,\n IsCsp,\n HasDelegatedSecurityControls,\n CustomId,\n AvailableUpgradeTypes,\n CompanyFeatures,\n RelatedCompanies,\n PrimaryCompany,\n ComplianceClaim,\n Permissions,\n ConnectorName\n )\n", - "functionParameters": "", - "version": 2, - "tags": [ - { - "name": "description", - "value": "" - } - ] - } - }, - { - "type": "Microsoft.OperationalInsights/workspaces/providers/metadata", - "apiVersion": "2022-01-01-preview", - "location": "[parameters('workspace-location')]", - "name": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat('Parser-', last(split(variables('parserObject3')._parserId3,'/'))))]", - "dependsOn": [ - "[variables('parserObject3')._parserId3]" - ], - "properties": { - "parentId": "[resourceId('Microsoft.OperationalInsights/workspaces/savedSearches', parameters('workspace'), 'BitSightCompanyDetails')]", - "contentId": "[variables('parserObject3').parserContentId3]", - "kind": "Parser", - "version": "[variables('parserObject3').parserVersion3]", - "source": { - "kind": "Solution", - "name": "BitSight", - "sourceId": "[variables('_solutionId')]" - }, - "author": { - "name": "Microsoft", - "email": "[variables('_email')]" - }, - "support": { - "name": "BitSight Support", - "email": "support@bitsight.com", - "tier": "Partner", - "link": "https://www.bitsight.com/customer-success-support" - } - } - }, - { - "type": "Microsoft.OperationalInsights/workspaces/providers/contentTemplates", - "apiVersion": "2023-04-01-preview", - "name": "[variables('parserObject4').parserTemplateSpecName4]", - "location": "[parameters('workspace-location')]", - "dependsOn": [ - "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]" - ], - "properties": { - "description": "BitSightCompanyRatingDetails Data Parser with template version 3.2.0", - "mainTemplate": { - "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", - "contentVersion": "[variables('parserObject4').parserVersion4]", - "parameters": {}, - "variables": {}, - "resources": [ - { - "name": "[variables('parserObject4')._parserName4]", - "apiVersion": "2025-07-01", - "type": "Microsoft.OperationalInsights/workspaces/savedSearches", - "location": "[parameters('workspace-location')]", - "properties": { - "eTag": "*", - "displayName": "Parser for BitSightCompanyRatingDetails", - "category": "Microsoft Sentinel Parser", - "functionAlias": "BitSightCompanyRatingDetails", - "query": "BitSightCompanyRatingDetails_CL\n| summarize arg_max(TimeGenerated, *) by CompanyGuid, RiskVectorLabel\n| extend\n EventVendor = \"BitSight\",\n EventProduct = \"CompanyRatingDetails\"\n| project\n TimeGenerated,\n EventVendor,\n EventProduct,\n CompanyName,\n CompanyGuid,\n RiskVectorSlug,\n RiskVectorLabel,\n RiskCategory,\n CategoryOrder,\n Rating,\n Grade,\n Percentile,\n GradeColor,\n RiskVectorOrder,\n DisplayUrl,\n Beta,\n ConnectorName\n", - "functionParameters": "", - "version": 2, - "tags": [ - { - "name": "description", - "value": "" - } - ] - } - }, - { - "type": "Microsoft.OperationalInsights/workspaces/providers/metadata", - "apiVersion": "2022-01-01-preview", - "name": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat('Parser-', last(split(variables('parserObject4')._parserId4,'/'))))]", - "dependsOn": [ - "[variables('parserObject4')._parserId4]" - ], - "properties": { - "parentId": "[resourceId('Microsoft.OperationalInsights/workspaces/savedSearches', parameters('workspace'), 'BitSightCompanyRatingDetails')]", - "contentId": "[variables('parserObject4').parserContentId4]", - "kind": "Parser", - "version": "[variables('parserObject4').parserVersion4]", - "source": { - "name": "BitSight", - "kind": "Solution", - "sourceId": "[variables('_solutionId')]" - }, - "author": { - "name": "Microsoft", - "email": "[variables('_email')]" - }, - "support": { - "name": "BitSight Support", - "email": "support@bitsight.com", - "tier": "Partner", - "link": "https://www.bitsight.com/customer-success-support" - } - } - } - ] - }, - "packageKind": "Solution", - "packageVersion": "[variables('_solutionVersion')]", - "packageName": "[variables('_solutionName')]", - "packageId": "[variables('_solutionId')]", - "contentSchemaVersion": "3.0.0", - "contentId": "[variables('parserObject4').parserContentId4]", - "contentKind": "Parser", - "displayName": "Parser for BitSightCompanyRatingDetails", - "contentProductId": "[concat(take(variables('_solutionId'),50),'-','pr','-', uniqueString(concat(variables('_solutionId'),'-','Parser','-',variables('parserObject4').parserContentId4,'-', '1.0.0')))]", - "id": "[concat(take(variables('_solutionId'),50),'-','pr','-', uniqueString(concat(variables('_solutionId'),'-','Parser','-',variables('parserObject4').parserContentId4,'-', '1.0.0')))]", - "version": "[variables('parserObject4').parserVersion4]" - } - }, - { - "type": "Microsoft.OperationalInsights/workspaces/savedSearches", - "apiVersion": "2025-07-01", - "name": "[variables('parserObject4')._parserName4]", - "location": "[parameters('workspace-location')]", - "properties": { - "eTag": "*", - "displayName": "Parser for BitSightCompanyRatingDetails", - "category": "Microsoft Sentinel Parser", - "functionAlias": "BitSightCompanyRatingDetails", - "query": "BitSightCompanyRatingDetails_CL\n| summarize arg_max(TimeGenerated, *) by CompanyGuid, RiskVectorLabel\n| extend\n EventVendor = \"BitSight\",\n EventProduct = \"CompanyRatingDetails\"\n| project\n TimeGenerated,\n EventVendor,\n EventProduct,\n CompanyName,\n CompanyGuid,\n RiskVectorSlug,\n RiskVectorLabel,\n RiskCategory,\n CategoryOrder,\n Rating,\n Grade,\n Percentile,\n GradeColor,\n RiskVectorOrder,\n DisplayUrl,\n Beta,\n ConnectorName\n", - "functionParameters": "", - "version": 2, - "tags": [ - { - "name": "description", - "value": "" - } - ] - } - }, - { - "type": "Microsoft.OperationalInsights/workspaces/providers/metadata", - "apiVersion": "2022-01-01-preview", - "location": "[parameters('workspace-location')]", - "name": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat('Parser-', last(split(variables('parserObject4')._parserId4,'/'))))]", - "dependsOn": [ - "[variables('parserObject4')._parserId4]" - ], - "properties": { - "parentId": "[resourceId('Microsoft.OperationalInsights/workspaces/savedSearches', parameters('workspace'), 'BitSightCompanyRatingDetails')]", - "contentId": "[variables('parserObject4').parserContentId4]", - "kind": "Parser", - "version": "[variables('parserObject4').parserVersion4]", - "source": { - "kind": "Solution", - "name": "BitSight", - "sourceId": "[variables('_solutionId')]" - }, - "author": { - "name": "Microsoft", - "email": "[variables('_email')]" - }, - "support": { - "name": "BitSight Support", - "email": "support@bitsight.com", - "tier": "Partner", - "link": "https://www.bitsight.com/customer-success-support" - } - } - }, - { - "type": "Microsoft.OperationalInsights/workspaces/providers/contentTemplates", - "apiVersion": "2023-04-01-preview", - "name": "[variables('parserObject5').parserTemplateSpecName5]", - "location": "[parameters('workspace-location')]", - "dependsOn": [ - "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]" - ], - "properties": { - "description": "BitSightCompanyRatings Data Parser with template version 3.2.0", - "mainTemplate": { - "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", - "contentVersion": "[variables('parserObject5').parserVersion5]", - "parameters": {}, - "variables": {}, - "resources": [ - { - "name": "[variables('parserObject5')._parserName5]", - "apiVersion": "2025-07-01", - "type": "Microsoft.OperationalInsights/workspaces/savedSearches", - "location": "[parameters('workspace-location')]", - "properties": { - "eTag": "*", - "displayName": "Parser for BitSightCompanyRatings", - "category": "Microsoft Sentinel Parser", - "functionAlias": "BitSightCompanyRatings", - "query": "union isfuzzy=true\n (\n BitsightCompany_rating_details_CL\n | extend\n EventVendor = \"BitSight\",\n EventProduct = \"CompanyRating\",\n CompanyName = column_ifexists('Company_name', ''),\n Beta = column_ifexists('beta', ''),\n Category = column_ifexists('category', ''),\n CategoryOrder = column_ifexists('category_order', ''),\n DisplayURL = column_ifexists('display_url', ''),\n Grade = column_ifexists('grade', ''),\n GradeColor = column_ifexists('grade_color', ''),\n Name = column_ifexists('name', ''),\n Order = column_ifexists('order', ''),\n Percentile = column_ifexists('percentile', ''),\n Rating = column_ifexists('rating', '')\n | project\n TimeGenerated,\n EventVendor,\n EventProduct,\n CompanyName,\n Beta,\n Category,\n CategoryOrder,\n DisplayURL,\n Grade,\n GradeColor,\n Name,\n Order,\n Percentile,\n Rating\n ),\n (\n BitSightCompanyRatingDetails_CL\n | summarize arg_max(TimeGenerated, *) by CompanyGuid, RiskVectorLabel\n | extend\n EventVendor = \"BitSight\",\n EventProduct = \"CompanyRating\"\n | project\n TimeGenerated,\n EventVendor,\n EventProduct,\n CompanyName,\n CompanyGuid,\n RiskVectorSlug,\n RiskVectorLabel,\n RiskCategory,\n CategoryOrder,\n Rating,\n Grade,\n Percentile,\n GradeColor,\n RiskVectorOrder,\n DisplayUrl,\n Beta,\n ConnectorName\n )\n", - "functionParameters": "", - "version": 2, - "tags": [ - { - "name": "description", - "value": "" - } - ] - } - }, - { - "type": "Microsoft.OperationalInsights/workspaces/providers/metadata", - "apiVersion": "2022-01-01-preview", - "name": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat('Parser-', last(split(variables('parserObject5')._parserId5,'/'))))]", - "dependsOn": [ - "[variables('parserObject5')._parserId5]" - ], - "properties": { - "parentId": "[resourceId('Microsoft.OperationalInsights/workspaces/savedSearches', parameters('workspace'), 'BitSightCompanyRatings')]", - "contentId": "[variables('parserObject5').parserContentId5]", - "kind": "Parser", - "version": "[variables('parserObject5').parserVersion5]", - "source": { - "name": "BitSight", - "kind": "Solution", - "sourceId": "[variables('_solutionId')]" - }, - "author": { - "name": "Microsoft", - "email": "[variables('_email')]" - }, - "support": { - "name": "BitSight Support", - "email": "support@bitsight.com", - "tier": "Partner", - "link": "https://www.bitsight.com/customer-success-support" - } - } - } - ] - }, - "packageKind": "Solution", - "packageVersion": "[variables('_solutionVersion')]", - "packageName": "[variables('_solutionName')]", - "packageId": "[variables('_solutionId')]", - "contentSchemaVersion": "3.0.0", - "contentId": "[variables('parserObject5').parserContentId5]", - "contentKind": "Parser", - "displayName": "Parser for BitSightCompanyRatings", - "contentProductId": "[concat(take(variables('_solutionId'),50),'-','pr','-', uniqueString(concat(variables('_solutionId'),'-','Parser','-',variables('parserObject5').parserContentId5,'-', '1.1.0')))]", - "id": "[concat(take(variables('_solutionId'),50),'-','pr','-', uniqueString(concat(variables('_solutionId'),'-','Parser','-',variables('parserObject5').parserContentId5,'-', '1.1.0')))]", - "version": "[variables('parserObject5').parserVersion5]" - } - }, - { - "type": "Microsoft.OperationalInsights/workspaces/savedSearches", - "apiVersion": "2025-07-01", - "name": "[variables('parserObject5')._parserName5]", - "location": "[parameters('workspace-location')]", - "properties": { - "eTag": "*", - "displayName": "Parser for BitSightCompanyRatings", - "category": "Microsoft Sentinel Parser", - "functionAlias": "BitSightCompanyRatings", - "query": "union isfuzzy=true\n (\n BitsightCompany_rating_details_CL\n | extend\n EventVendor = \"BitSight\",\n EventProduct = \"CompanyRating\",\n CompanyName = column_ifexists('Company_name', ''),\n Beta = column_ifexists('beta', ''),\n Category = column_ifexists('category', ''),\n CategoryOrder = column_ifexists('category_order', ''),\n DisplayURL = column_ifexists('display_url', ''),\n Grade = column_ifexists('grade', ''),\n GradeColor = column_ifexists('grade_color', ''),\n Name = column_ifexists('name', ''),\n Order = column_ifexists('order', ''),\n Percentile = column_ifexists('percentile', ''),\n Rating = column_ifexists('rating', '')\n | project\n TimeGenerated,\n EventVendor,\n EventProduct,\n CompanyName,\n Beta,\n Category,\n CategoryOrder,\n DisplayURL,\n Grade,\n GradeColor,\n Name,\n Order,\n Percentile,\n Rating\n ),\n (\n BitSightCompanyRatingDetails_CL\n | summarize arg_max(TimeGenerated, *) by CompanyGuid, RiskVectorLabel\n | extend\n EventVendor = \"BitSight\",\n EventProduct = \"CompanyRating\"\n | project\n TimeGenerated,\n EventVendor,\n EventProduct,\n CompanyName,\n CompanyGuid,\n RiskVectorSlug,\n RiskVectorLabel,\n RiskCategory,\n CategoryOrder,\n Rating,\n Grade,\n Percentile,\n GradeColor,\n RiskVectorOrder,\n DisplayUrl,\n Beta,\n ConnectorName\n )\n", - "functionParameters": "", - "version": 2, - "tags": [ - { - "name": "description", - "value": "" - } - ] - } - }, - { - "type": "Microsoft.OperationalInsights/workspaces/providers/metadata", - "apiVersion": "2022-01-01-preview", - "location": "[parameters('workspace-location')]", - "name": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat('Parser-', last(split(variables('parserObject5')._parserId5,'/'))))]", - "dependsOn": [ - "[variables('parserObject5')._parserId5]" - ], - "properties": { - "parentId": "[resourceId('Microsoft.OperationalInsights/workspaces/savedSearches', parameters('workspace'), 'BitSightCompanyRatings')]", - "contentId": "[variables('parserObject5').parserContentId5]", - "kind": "Parser", - "version": "[variables('parserObject5').parserVersion5]", - "source": { - "kind": "Solution", - "name": "BitSight", - "sourceId": "[variables('_solutionId')]" - }, - "author": { - "name": "Microsoft", - "email": "[variables('_email')]" - }, - "support": { - "name": "BitSight Support", - "email": "support@bitsight.com", - "tier": "Partner", - "link": "https://www.bitsight.com/customer-success-support" - } - } - }, - { - "type": "Microsoft.OperationalInsights/workspaces/providers/contentTemplates", - "apiVersion": "2023-04-01-preview", - "name": "[variables('parserObject6').parserTemplateSpecName6]", - "location": "[parameters('workspace-location')]", - "dependsOn": [ - "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]" - ], - "properties": { - "description": "BitSightDiligenceHistoricalStatistics Data Parser with template version 3.2.0", - "mainTemplate": { - "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", - "contentVersion": "[variables('parserObject6').parserVersion6]", - "parameters": {}, - "variables": {}, - "resources": [ - { - "name": "[variables('parserObject6')._parserName6]", - "apiVersion": "2025-07-01", - "type": "Microsoft.OperationalInsights/workspaces/savedSearches", - "location": "[parameters('workspace-location')]", - "properties": { - "eTag": "*", - "displayName": "Parser for BitSightDiligenceHistoricalStatistics", - "category": "Microsoft Sentinel Parser", - "functionAlias": "BitSightDiligenceHistoricalStatistics", - "query": "union isfuzzy=true\n (\n BitsightDiligence_historical_statistics_CL\n | extend\n EventVendor = \"BitSight\",\n EventProduct = \"DiligenceHistoricalStatistics\",\n Count = column_ifexists('count', ''),\n Category = column_ifexists('category', ''),\n Date = column_ifexists('date', ''),\n CompanyName = column_ifexists('company_name', '')\n | project\n TimeGenerated,\n EventVendor,\n EventProduct,\n Count,\n Category,\n Date,\n CompanyName\n ),\n (\n BitSightDiligenceHistoricalStatistics_CL\n | summarize arg_max(TimeGenerated, *) by CompanyGuid, RecordDate\n | mv-expand CountEntry = Counts\n | extend\n EventVendor = \"BitSight\",\n EventProduct = \"DiligenceHistoricalStatistics\",\n Count = toint(CountEntry[\"count\"]),\n Category = tostring(CountEntry[\"category\"])\n | project\n TimeGenerated,\n EventVendor,\n EventProduct,\n CompanyName,\n CompanyGuid,\n RecordDate,\n Grade,\n Count,\n Category,\n ConnectorName\n )\n", - "functionParameters": "", - "version": 2, - "tags": [ - { - "name": "description", - "value": "" - } - ] - } - }, - { - "type": "Microsoft.OperationalInsights/workspaces/providers/metadata", - "apiVersion": "2022-01-01-preview", - "name": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat('Parser-', last(split(variables('parserObject6')._parserId6,'/'))))]", - "dependsOn": [ - "[variables('parserObject6')._parserId6]" - ], - "properties": { - "parentId": "[resourceId('Microsoft.OperationalInsights/workspaces/savedSearches', parameters('workspace'), 'BitSightDiligenceHistoricalStatistics')]", - "contentId": "[variables('parserObject6').parserContentId6]", - "kind": "Parser", - "version": "[variables('parserObject6').parserVersion6]", - "source": { - "name": "BitSight", - "kind": "Solution", - "sourceId": "[variables('_solutionId')]" - }, - "author": { - "name": "Microsoft", - "email": "[variables('_email')]" - }, - "support": { - "name": "BitSight Support", - "email": "support@bitsight.com", - "tier": "Partner", - "link": "https://www.bitsight.com/customer-success-support" - } - } - } - ] - }, - "packageKind": "Solution", - "packageVersion": "[variables('_solutionVersion')]", - "packageName": "[variables('_solutionName')]", - "packageId": "[variables('_solutionId')]", - "contentSchemaVersion": "3.0.0", - "contentId": "[variables('parserObject6').parserContentId6]", - "contentKind": "Parser", - "displayName": "Parser for BitSightDiligenceHistoricalStatistics", - "contentProductId": "[concat(take(variables('_solutionId'),50),'-','pr','-', uniqueString(concat(variables('_solutionId'),'-','Parser','-',variables('parserObject6').parserContentId6,'-', '1.1.0')))]", - "id": "[concat(take(variables('_solutionId'),50),'-','pr','-', uniqueString(concat(variables('_solutionId'),'-','Parser','-',variables('parserObject6').parserContentId6,'-', '1.1.0')))]", - "version": "[variables('parserObject6').parserVersion6]" - } - }, - { - "type": "Microsoft.OperationalInsights/workspaces/savedSearches", - "apiVersion": "2025-07-01", - "name": "[variables('parserObject6')._parserName6]", - "location": "[parameters('workspace-location')]", - "properties": { - "eTag": "*", - "displayName": "Parser for BitSightDiligenceHistoricalStatistics", - "category": "Microsoft Sentinel Parser", - "functionAlias": "BitSightDiligenceHistoricalStatistics", - "query": "union isfuzzy=true\n (\n BitsightDiligence_historical_statistics_CL\n | extend\n EventVendor = \"BitSight\",\n EventProduct = \"DiligenceHistoricalStatistics\",\n Count = column_ifexists('count', ''),\n Category = column_ifexists('category', ''),\n Date = column_ifexists('date', ''),\n CompanyName = column_ifexists('company_name', '')\n | project\n TimeGenerated,\n EventVendor,\n EventProduct,\n Count,\n Category,\n Date,\n CompanyName\n ),\n (\n BitSightDiligenceHistoricalStatistics_CL\n | summarize arg_max(TimeGenerated, *) by CompanyGuid, RecordDate\n | mv-expand CountEntry = Counts\n | extend\n EventVendor = \"BitSight\",\n EventProduct = \"DiligenceHistoricalStatistics\",\n Count = toint(CountEntry[\"count\"]),\n Category = tostring(CountEntry[\"category\"])\n | project\n TimeGenerated,\n EventVendor,\n EventProduct,\n CompanyName,\n CompanyGuid,\n RecordDate,\n Grade,\n Count,\n Category,\n ConnectorName\n )\n", - "functionParameters": "", - "version": 2, - "tags": [ - { - "name": "description", - "value": "" - } - ] - } - }, - { - "type": "Microsoft.OperationalInsights/workspaces/providers/metadata", - "apiVersion": "2022-01-01-preview", - "location": "[parameters('workspace-location')]", - "name": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat('Parser-', last(split(variables('parserObject6')._parserId6,'/'))))]", - "dependsOn": [ - "[variables('parserObject6')._parserId6]" - ], - "properties": { - "parentId": "[resourceId('Microsoft.OperationalInsights/workspaces/savedSearches', parameters('workspace'), 'BitSightDiligenceHistoricalStatistics')]", - "contentId": "[variables('parserObject6').parserContentId6]", - "kind": "Parser", - "version": "[variables('parserObject6').parserVersion6]", - "source": { - "kind": "Solution", - "name": "BitSight", - "sourceId": "[variables('_solutionId')]" - }, - "author": { - "name": "Microsoft", - "email": "[variables('_email')]" - }, - "support": { - "name": "BitSight Support", - "email": "support@bitsight.com", - "tier": "Partner", - "link": "https://www.bitsight.com/customer-success-support" - } - } - }, - { - "type": "Microsoft.OperationalInsights/workspaces/providers/contentTemplates", - "apiVersion": "2023-04-01-preview", - "name": "[variables('parserObject7').parserTemplateSpecName7]", - "location": "[parameters('workspace-location')]", - "dependsOn": [ - "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]" - ], - "properties": { - "description": "BitSightDiligenceStatistics Data Parser with template version 3.2.0", - "mainTemplate": { - "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", - "contentVersion": "[variables('parserObject7').parserVersion7]", - "parameters": {}, - "variables": {}, - "resources": [ - { - "name": "[variables('parserObject7')._parserName7]", - "apiVersion": "2025-07-01", - "type": "Microsoft.OperationalInsights/workspaces/savedSearches", - "location": "[parameters('workspace-location')]", - "properties": { - "eTag": "*", - "displayName": "Parser for BitSightDiligenceStatistics", - "category": "Microsoft Sentinel Parser", - "functionAlias": "BitSightDiligenceStatistics", - "query": "union isfuzzy=true\n (\n BitsightDiligence_statistics_CL\n | extend\n EventVendor = \"BitSight\",\n EventProduct = \"DiligenceStatistics\",\n Unknown = column_ifexists('unknown', ''),\n Bad = column_ifexists('bad', ''),\n Warn = column_ifexists('warn', ''),\n Neutral = column_ifexists('neutral', ''),\n Fair = column_ifexists('fair', ''),\n Good = column_ifexists('good', ''),\n RiskVector = column_ifexists('risk_vector', ''),\n CompanyName = column_ifexists('Company_name', ''),\n SpearPhishing = column_ifexists('spear_phishing', ''),\n BitFlip = column_ifexists('bit_flip', ''),\n TypographicalErrors = column_ifexists('typographical_errors', ''),\n TLDVariant = column_ifexists('tld_variant', ''),\n TotalCount = column_ifexists('total_count', '')\n | project\n TimeGenerated,\n EventVendor,\n EventProduct,\n Unknown,\n Bad,\n Warn,\n Neutral,\n Fair,\n Good,\n RiskVector,\n CompanyName,\n SpearPhishing,\n BitFlip,\n TypographicalErrors,\n TLDVariant,\n TotalCount\n ),\n (\n BitSightDiligenceStatistics_CL\n | extend\n EventVendor = \"BitSight\",\n EventProduct = \"DiligenceStatistics\"\n | project\n TimeGenerated,\n EventVendor,\n EventProduct,\n CompanyName,\n CompanyGuid,\n RiskVector,\n Unknown,\n Bad,\n Warn,\n Neutral,\n Fair,\n Good,\n SpearPhishing,\n BitFlip,\n TypographicalErrors,\n TldVariant,\n TotalCount,\n ConnectorName\n )\n", - "functionParameters": "", - "version": 2, - "tags": [ - { - "name": "description", - "value": "" - } - ] - } - }, - { - "type": "Microsoft.OperationalInsights/workspaces/providers/metadata", - "apiVersion": "2022-01-01-preview", - "name": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat('Parser-', last(split(variables('parserObject7')._parserId7,'/'))))]", - "dependsOn": [ - "[variables('parserObject7')._parserId7]" - ], - "properties": { - "parentId": "[resourceId('Microsoft.OperationalInsights/workspaces/savedSearches', parameters('workspace'), 'BitSightDiligenceStatistics')]", - "contentId": "[variables('parserObject7').parserContentId7]", - "kind": "Parser", - "version": "[variables('parserObject7').parserVersion7]", - "source": { - "name": "BitSight", - "kind": "Solution", - "sourceId": "[variables('_solutionId')]" - }, - "author": { - "name": "Microsoft", - "email": "[variables('_email')]" - }, - "support": { - "name": "BitSight Support", - "email": "support@bitsight.com", - "tier": "Partner", - "link": "https://www.bitsight.com/customer-success-support" - } - } - } - ] - }, - "packageKind": "Solution", - "packageVersion": "[variables('_solutionVersion')]", - "packageName": "[variables('_solutionName')]", - "packageId": "[variables('_solutionId')]", - "contentSchemaVersion": "3.0.0", - "contentId": "[variables('parserObject7').parserContentId7]", - "contentKind": "Parser", - "displayName": "Parser for BitSightDiligenceStatistics", - "contentProductId": "[concat(take(variables('_solutionId'),50),'-','pr','-', uniqueString(concat(variables('_solutionId'),'-','Parser','-',variables('parserObject7').parserContentId7,'-', '1.1.0')))]", - "id": "[concat(take(variables('_solutionId'),50),'-','pr','-', uniqueString(concat(variables('_solutionId'),'-','Parser','-',variables('parserObject7').parserContentId7,'-', '1.1.0')))]", - "version": "[variables('parserObject7').parserVersion7]" - } - }, - { - "type": "Microsoft.OperationalInsights/workspaces/savedSearches", - "apiVersion": "2025-07-01", - "name": "[variables('parserObject7')._parserName7]", - "location": "[parameters('workspace-location')]", - "properties": { - "eTag": "*", - "displayName": "Parser for BitSightDiligenceStatistics", - "category": "Microsoft Sentinel Parser", - "functionAlias": "BitSightDiligenceStatistics", - "query": "union isfuzzy=true\n (\n BitsightDiligence_statistics_CL\n | extend\n EventVendor = \"BitSight\",\n EventProduct = \"DiligenceStatistics\",\n Unknown = column_ifexists('unknown', ''),\n Bad = column_ifexists('bad', ''),\n Warn = column_ifexists('warn', ''),\n Neutral = column_ifexists('neutral', ''),\n Fair = column_ifexists('fair', ''),\n Good = column_ifexists('good', ''),\n RiskVector = column_ifexists('risk_vector', ''),\n CompanyName = column_ifexists('Company_name', ''),\n SpearPhishing = column_ifexists('spear_phishing', ''),\n BitFlip = column_ifexists('bit_flip', ''),\n TypographicalErrors = column_ifexists('typographical_errors', ''),\n TLDVariant = column_ifexists('tld_variant', ''),\n TotalCount = column_ifexists('total_count', '')\n | project\n TimeGenerated,\n EventVendor,\n EventProduct,\n Unknown,\n Bad,\n Warn,\n Neutral,\n Fair,\n Good,\n RiskVector,\n CompanyName,\n SpearPhishing,\n BitFlip,\n TypographicalErrors,\n TLDVariant,\n TotalCount\n ),\n (\n BitSightDiligenceStatistics_CL\n | extend\n EventVendor = \"BitSight\",\n EventProduct = \"DiligenceStatistics\"\n | project\n TimeGenerated,\n EventVendor,\n EventProduct,\n CompanyName,\n CompanyGuid,\n RiskVector,\n Unknown,\n Bad,\n Warn,\n Neutral,\n Fair,\n Good,\n SpearPhishing,\n BitFlip,\n TypographicalErrors,\n TldVariant,\n TotalCount,\n ConnectorName\n )\n", - "functionParameters": "", - "version": 2, - "tags": [ - { - "name": "description", - "value": "" - } - ] - } - }, - { - "type": "Microsoft.OperationalInsights/workspaces/providers/metadata", - "apiVersion": "2022-01-01-preview", - "location": "[parameters('workspace-location')]", - "name": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat('Parser-', last(split(variables('parserObject7')._parserId7,'/'))))]", - "dependsOn": [ - "[variables('parserObject7')._parserId7]" - ], - "properties": { - "parentId": "[resourceId('Microsoft.OperationalInsights/workspaces/savedSearches', parameters('workspace'), 'BitSightDiligenceStatistics')]", - "contentId": "[variables('parserObject7').parserContentId7]", - "kind": "Parser", - "version": "[variables('parserObject7').parserVersion7]", - "source": { - "kind": "Solution", - "name": "BitSight", - "sourceId": "[variables('_solutionId')]" - }, - "author": { - "name": "Microsoft", - "email": "[variables('_email')]" - }, - "support": { - "name": "BitSight Support", - "email": "support@bitsight.com", - "tier": "Partner", - "link": "https://www.bitsight.com/customer-success-support" - } - } - }, - { - "type": "Microsoft.OperationalInsights/workspaces/providers/contentTemplates", - "apiVersion": "2023-04-01-preview", - "name": "[variables('parserObject8').parserTemplateSpecName8]", - "location": "[parameters('workspace-location')]", - "dependsOn": [ - "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]" - ], - "properties": { - "description": "BitSightFindingsData Data Parser with template version 3.2.0", - "mainTemplate": { - "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", - "contentVersion": "[variables('parserObject8').parserVersion8]", - "parameters": {}, - "variables": {}, - "resources": [ - { - "name": "[variables('parserObject8')._parserName8]", - "apiVersion": "2025-07-01", - "type": "Microsoft.OperationalInsights/workspaces/savedSearches", - "location": "[parameters('workspace-location')]", - "properties": { - "eTag": "*", - "displayName": "Parser for BitSightFindingsData", - "category": "Microsoft Sentinel Parser", - "functionAlias": "BitSightFindingsData", - "query": "union isfuzzy=true\n (\n BitsightFindings_data_CL\n | extend\n EventVendor = \"BitSight\",\n EventProduct = \"FindingsData\",\n RemediationHistoryLastRequestedRefreshDate = column_ifexists('remediation_history_last_requested_refresh_date', ''),\n RemediationHistoryLastRefreshStatusDate = column_ifexists('remediation_history_last_refresh_status_date', ''),\n RemediationHistoryLastRefreshStatusLabel = column_ifexists('remediation_history_last_refresh_status_label', ''),\n RemediationHistoryLastRefreshReasonCode = column_ifexists('remediation_history_last_refresh_reason_code', ''),\n Comments = column_ifexists('comments', ''),\n TemporaryId = column_ifexists('temporary_id', ''),\n PcapID = column_ifexists('pcap_id', ''),\n AffectsRating = column_ifexists('affects_rating', ''),\n Assets = column_ifexists('assets', ''),\n Details = column_ifexists('details', ''),\n EvidenceKey = column_ifexists('evidence_key', ''),\n FirstSeen = column_ifexists('first_seen', ''),\n LastSeen = column_ifexists('last_seen', ''),\n RelatedFindings = column_ifexists('related_findings', ''),\n RiskCategory = column_ifexists('risk_category', ''),\n RiskVector = column_ifexists('risk_vector', ''),\n RiskVectorLabel = column_ifexists('risk_vector_label', ''),\n RolledupObservationId = column_ifexists('rolledup_observation_id', ''),\n Severity = column_ifexists('severity', ''),\n SeverityCategory = column_ifexists('severity_category', ''),\n Tags = column_ifexists('tags', ''),\n AssetOverrides = column_ifexists('asset_overrides', ''),\n Duration = column_ifexists('duration', ''),\n AttributedCompanies = column_ifexists('attributed_companies', ''),\n CompanyName = column_ifexists('company_name', ''),\n RemainingDecay = column_ifexists('remaining_decay', '')\n | project\n TimeGenerated,\n EventVendor,\n EventProduct,\n RemediationHistoryLastRequestedRefreshDate,\n RemediationHistoryLastRefreshStatusDate,\n RemediationHistoryLastRefreshStatusLabel,\n RemediationHistoryLastRefreshReasonCode,\n Comments,\n TemporaryId,\n PcapID,\n AffectsRating,\n Assets,\n Details,\n EvidenceKey,\n FirstSeen,\n LastSeen,\n RelatedFindings,\n RiskCategory,\n RiskVector,\n RiskVectorLabel,\n RolledupObservationId,\n Severity,\n SeverityCategory,\n Tags,\n AssetOverrides,\n Duration,\n AttributedCompanies,\n CompanyName,\n RemainingDecay\n ),\n (\n BitSightFindings_CL\n | extend\n EventVendor = \"BitSight\",\n EventProduct = \"FindingsData\"\n | project\n TimeGenerated,\n EventVendor,\n EventProduct,\n TemporaryId,\n CompanyName,\n CompanyGuid,\n RiskCategory,\n RiskVector,\n RiskVectorLabel,\n SeverityCategory,\n Severity,\n FirstSeen,\n LastSeen,\n CurrentlyActive,\n AssetCategory,\n Assets,\n Details,\n EvidenceKey,\n AttributedCompanies,\n RemediationHistory,\n AffectsRating,\n Comments,\n Duration,\n GracePeriodEndDate,\n GuestNetworkEndDate,\n ImpactsRiskVectorDetails,\n NoRvGradeImpactEndDate,\n RelatedFindings,\n RemainingDecay,\n Remediated,\n RolledupObservationId,\n Tags,\n ConnectorName\n )\n", - "functionParameters": "", - "version": 2, - "tags": [ - { - "name": "description", - "value": "" - } - ] - } - }, - { - "type": "Microsoft.OperationalInsights/workspaces/providers/metadata", - "apiVersion": "2022-01-01-preview", - "name": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat('Parser-', last(split(variables('parserObject8')._parserId8,'/'))))]", - "dependsOn": [ - "[variables('parserObject8')._parserId8]" - ], - "properties": { - "parentId": "[resourceId('Microsoft.OperationalInsights/workspaces/savedSearches', parameters('workspace'), 'BitSightFindingsData')]", - "contentId": "[variables('parserObject8').parserContentId8]", - "kind": "Parser", - "version": "[variables('parserObject8').parserVersion8]", - "source": { - "name": "BitSight", - "kind": "Solution", - "sourceId": "[variables('_solutionId')]" - }, - "author": { - "name": "Microsoft", - "email": "[variables('_email')]" - }, - "support": { - "name": "BitSight Support", - "email": "support@bitsight.com", - "tier": "Partner", - "link": "https://www.bitsight.com/customer-success-support" - } - } - } - ] - }, - "packageKind": "Solution", - "packageVersion": "[variables('_solutionVersion')]", - "packageName": "[variables('_solutionName')]", - "packageId": "[variables('_solutionId')]", - "contentSchemaVersion": "3.0.0", - "contentId": "[variables('parserObject8').parserContentId8]", - "contentKind": "Parser", - "displayName": "Parser for BitSightFindingsData", - "contentProductId": "[concat(take(variables('_solutionId'),50),'-','pr','-', uniqueString(concat(variables('_solutionId'),'-','Parser','-',variables('parserObject8').parserContentId8,'-', '1.1.0')))]", - "id": "[concat(take(variables('_solutionId'),50),'-','pr','-', uniqueString(concat(variables('_solutionId'),'-','Parser','-',variables('parserObject8').parserContentId8,'-', '1.1.0')))]", - "version": "[variables('parserObject8').parserVersion8]" - } - }, - { - "type": "Microsoft.OperationalInsights/workspaces/savedSearches", - "apiVersion": "2025-07-01", - "name": "[variables('parserObject8')._parserName8]", - "location": "[parameters('workspace-location')]", - "properties": { - "eTag": "*", - "displayName": "Parser for BitSightFindingsData", - "category": "Microsoft Sentinel Parser", - "functionAlias": "BitSightFindingsData", - "query": "union isfuzzy=true\n (\n BitsightFindings_data_CL\n | extend\n EventVendor = \"BitSight\",\n EventProduct = \"FindingsData\",\n RemediationHistoryLastRequestedRefreshDate = column_ifexists('remediation_history_last_requested_refresh_date', ''),\n RemediationHistoryLastRefreshStatusDate = column_ifexists('remediation_history_last_refresh_status_date', ''),\n RemediationHistoryLastRefreshStatusLabel = column_ifexists('remediation_history_last_refresh_status_label', ''),\n RemediationHistoryLastRefreshReasonCode = column_ifexists('remediation_history_last_refresh_reason_code', ''),\n Comments = column_ifexists('comments', ''),\n TemporaryId = column_ifexists('temporary_id', ''),\n PcapID = column_ifexists('pcap_id', ''),\n AffectsRating = column_ifexists('affects_rating', ''),\n Assets = column_ifexists('assets', ''),\n Details = column_ifexists('details', ''),\n EvidenceKey = column_ifexists('evidence_key', ''),\n FirstSeen = column_ifexists('first_seen', ''),\n LastSeen = column_ifexists('last_seen', ''),\n RelatedFindings = column_ifexists('related_findings', ''),\n RiskCategory = column_ifexists('risk_category', ''),\n RiskVector = column_ifexists('risk_vector', ''),\n RiskVectorLabel = column_ifexists('risk_vector_label', ''),\n RolledupObservationId = column_ifexists('rolledup_observation_id', ''),\n Severity = column_ifexists('severity', ''),\n SeverityCategory = column_ifexists('severity_category', ''),\n Tags = column_ifexists('tags', ''),\n AssetOverrides = column_ifexists('asset_overrides', ''),\n Duration = column_ifexists('duration', ''),\n AttributedCompanies = column_ifexists('attributed_companies', ''),\n CompanyName = column_ifexists('company_name', ''),\n RemainingDecay = column_ifexists('remaining_decay', '')\n | project\n TimeGenerated,\n EventVendor,\n EventProduct,\n RemediationHistoryLastRequestedRefreshDate,\n RemediationHistoryLastRefreshStatusDate,\n RemediationHistoryLastRefreshStatusLabel,\n RemediationHistoryLastRefreshReasonCode,\n Comments,\n TemporaryId,\n PcapID,\n AffectsRating,\n Assets,\n Details,\n EvidenceKey,\n FirstSeen,\n LastSeen,\n RelatedFindings,\n RiskCategory,\n RiskVector,\n RiskVectorLabel,\n RolledupObservationId,\n Severity,\n SeverityCategory,\n Tags,\n AssetOverrides,\n Duration,\n AttributedCompanies,\n CompanyName,\n RemainingDecay\n ),\n (\n BitSightFindings_CL\n | extend\n EventVendor = \"BitSight\",\n EventProduct = \"FindingsData\"\n | project\n TimeGenerated,\n EventVendor,\n EventProduct,\n TemporaryId,\n CompanyName,\n CompanyGuid,\n RiskCategory,\n RiskVector,\n RiskVectorLabel,\n SeverityCategory,\n Severity,\n FirstSeen,\n LastSeen,\n CurrentlyActive,\n AssetCategory,\n Assets,\n Details,\n EvidenceKey,\n AttributedCompanies,\n RemediationHistory,\n AffectsRating,\n Comments,\n Duration,\n GracePeriodEndDate,\n GuestNetworkEndDate,\n ImpactsRiskVectorDetails,\n NoRvGradeImpactEndDate,\n RelatedFindings,\n RemainingDecay,\n Remediated,\n RolledupObservationId,\n Tags,\n ConnectorName\n )\n", - "functionParameters": "", - "version": 2, - "tags": [ - { - "name": "description", - "value": "" - } - ] - } - }, - { - "type": "Microsoft.OperationalInsights/workspaces/providers/metadata", - "apiVersion": "2022-01-01-preview", - "location": "[parameters('workspace-location')]", - "name": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat('Parser-', last(split(variables('parserObject8')._parserId8,'/'))))]", - "dependsOn": [ - "[variables('parserObject8')._parserId8]" - ], - "properties": { - "parentId": "[resourceId('Microsoft.OperationalInsights/workspaces/savedSearches', parameters('workspace'), 'BitSightFindingsData')]", - "contentId": "[variables('parserObject8').parserContentId8]", - "kind": "Parser", - "version": "[variables('parserObject8').parserVersion8]", - "source": { - "kind": "Solution", - "name": "BitSight", - "sourceId": "[variables('_solutionId')]" - }, - "author": { - "name": "Microsoft", - "email": "[variables('_email')]" - }, - "support": { - "name": "BitSight Support", - "email": "support@bitsight.com", - "tier": "Partner", - "link": "https://www.bitsight.com/customer-success-support" - } - } - }, - { - "type": "Microsoft.OperationalInsights/workspaces/providers/contentTemplates", - "apiVersion": "2023-04-01-preview", - "name": "[variables('parserObject9').parserTemplateSpecName9]", - "location": "[parameters('workspace-location')]", - "dependsOn": [ - "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]" - ], - "properties": { - "description": "BitSightFindingsSummary Data Parser with template version 3.2.0", - "mainTemplate": { - "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", - "contentVersion": "[variables('parserObject9').parserVersion9]", - "parameters": {}, - "variables": {}, - "resources": [ - { - "name": "[variables('parserObject9')._parserName9]", - "apiVersion": "2025-07-01", - "type": "Microsoft.OperationalInsights/workspaces/savedSearches", - "location": "[parameters('workspace-location')]", - "properties": { - "eTag": "*", - "displayName": "Parser for BitSightFindingsSummary", - "category": "Microsoft Sentinel Parser", - "functionAlias": "BitSightFindingsSummary", - "query": "union isfuzzy=true\n (\n BitsightFindings_summary_CL\n | extend\n EventVendor = \"BitSight\",\n EventProduct = \"FindingsSummary\",\n Company = column_ifexists('Company', ''),\n Confidence = column_ifexists('confidence', ''),\n EndDate = column_ifexists('end_date', ''),\n EventCount = column_ifexists('event_count', ''),\n FirstSeen = column_ifexists('first_seen', ''),\n HostCount = column_ifexists('host_count', ''),\n Id = column_ifexists('id', ''),\n Name = column_ifexists('name', ''),\n Severity = column_ifexists('severity', ''),\n StartDate = column_ifexists('start_date', ''),\n Description = column_ifexists('description', '')\n | project\n TimeGenerated,\n EventVendor,\n EventProduct,\n Company,\n Confidence,\n EndDate,\n EventCount,\n FirstSeen,\n HostCount,\n Id,\n Name,\n Severity,\n StartDate,\n Description\n ),\n (\n BitSightFindingsSummary_CL\n | summarize arg_max(TimeGenerated, *) by CompanyGuid, StartDate, EndDate\n | mv-expand StatEntry = Stats\n | extend\n EventVendor = \"BitSight\",\n EventProduct = \"FindingsSummary\",\n StatName = tostring(StatEntry[\"name\"]),\n StatId = tostring(StatEntry[\"id\"]),\n Confidence = tostring(StatEntry[\"confidence\"]),\n EventCount = toint(StatEntry[\"event_count\"]),\n HostCount = toint(StatEntry[\"host_count\"]),\n FirstSeen = tostring(StatEntry[\"first_seen\"])\n | join kind=leftouter (\n BitsightVulnerabilitiesFindingsSummary_CL\n | summarize arg_max(TimeGenerated, *) by DisplayName\n | project DisplayName, VulnSeverity = Severity, VulnDescription = Description\n ) on $left.StatName == $right.DisplayName\n | project\n TimeGenerated,\n EventVendor,\n EventProduct,\n CompanyName,\n CompanyGuid,\n StartDate,\n EndDate,\n StatName,\n StatId,\n Confidence,\n EventCount,\n HostCount,\n FirstSeen,\n VulnSeverity,\n VulnDescription,\n ConnectorName\n )\n", - "functionParameters": "", - "version": 2, - "tags": [ - { - "name": "description", - "value": "" - } - ] - } - }, - { - "type": "Microsoft.OperationalInsights/workspaces/providers/metadata", - "apiVersion": "2022-01-01-preview", - "name": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat('Parser-', last(split(variables('parserObject9')._parserId9,'/'))))]", - "dependsOn": [ - "[variables('parserObject9')._parserId9]" - ], - "properties": { - "parentId": "[resourceId('Microsoft.OperationalInsights/workspaces/savedSearches', parameters('workspace'), 'BitSightFindingsSummary')]", - "contentId": "[variables('parserObject9').parserContentId9]", - "kind": "Parser", - "version": "[variables('parserObject9').parserVersion9]", - "source": { - "name": "BitSight", - "kind": "Solution", - "sourceId": "[variables('_solutionId')]" - }, - "author": { - "name": "Microsoft", - "email": "[variables('_email')]" - }, - "support": { - "name": "BitSight Support", - "email": "support@bitsight.com", - "tier": "Partner", - "link": "https://www.bitsight.com/customer-success-support" - } - } - } - ] - }, - "packageKind": "Solution", - "packageVersion": "[variables('_solutionVersion')]", - "packageName": "[variables('_solutionName')]", - "packageId": "[variables('_solutionId')]", - "contentSchemaVersion": "3.0.0", - "contentId": "[variables('parserObject9').parserContentId9]", - "contentKind": "Parser", - "displayName": "Parser for BitSightFindingsSummary", - "contentProductId": "[concat(take(variables('_solutionId'),50),'-','pr','-', uniqueString(concat(variables('_solutionId'),'-','Parser','-',variables('parserObject9').parserContentId9,'-', '1.1.0')))]", - "id": "[concat(take(variables('_solutionId'),50),'-','pr','-', uniqueString(concat(variables('_solutionId'),'-','Parser','-',variables('parserObject9').parserContentId9,'-', '1.1.0')))]", - "version": "[variables('parserObject9').parserVersion9]" - } - }, - { - "type": "Microsoft.OperationalInsights/workspaces/savedSearches", - "apiVersion": "2025-07-01", - "name": "[variables('parserObject9')._parserName9]", - "location": "[parameters('workspace-location')]", - "properties": { - "eTag": "*", - "displayName": "Parser for BitSightFindingsSummary", - "category": "Microsoft Sentinel Parser", - "functionAlias": "BitSightFindingsSummary", - "query": "union isfuzzy=true\n (\n BitsightFindings_summary_CL\n | extend\n EventVendor = \"BitSight\",\n EventProduct = \"FindingsSummary\",\n Company = column_ifexists('Company', ''),\n Confidence = column_ifexists('confidence', ''),\n EndDate = column_ifexists('end_date', ''),\n EventCount = column_ifexists('event_count', ''),\n FirstSeen = column_ifexists('first_seen', ''),\n HostCount = column_ifexists('host_count', ''),\n Id = column_ifexists('id', ''),\n Name = column_ifexists('name', ''),\n Severity = column_ifexists('severity', ''),\n StartDate = column_ifexists('start_date', ''),\n Description = column_ifexists('description', '')\n | project\n TimeGenerated,\n EventVendor,\n EventProduct,\n Company,\n Confidence,\n EndDate,\n EventCount,\n FirstSeen,\n HostCount,\n Id,\n Name,\n Severity,\n StartDate,\n Description\n ),\n (\n BitSightFindingsSummary_CL\n | summarize arg_max(TimeGenerated, *) by CompanyGuid, StartDate, EndDate\n | mv-expand StatEntry = Stats\n | extend\n EventVendor = \"BitSight\",\n EventProduct = \"FindingsSummary\",\n StatName = tostring(StatEntry[\"name\"]),\n StatId = tostring(StatEntry[\"id\"]),\n Confidence = tostring(StatEntry[\"confidence\"]),\n EventCount = toint(StatEntry[\"event_count\"]),\n HostCount = toint(StatEntry[\"host_count\"]),\n FirstSeen = tostring(StatEntry[\"first_seen\"])\n | join kind=leftouter (\n BitsightVulnerabilitiesFindingsSummary_CL\n | summarize arg_max(TimeGenerated, *) by DisplayName\n | project DisplayName, VulnSeverity = Severity, VulnDescription = Description\n ) on $left.StatName == $right.DisplayName\n | project\n TimeGenerated,\n EventVendor,\n EventProduct,\n CompanyName,\n CompanyGuid,\n StartDate,\n EndDate,\n StatName,\n StatId,\n Confidence,\n EventCount,\n HostCount,\n FirstSeen,\n VulnSeverity,\n VulnDescription,\n ConnectorName\n )\n", - "functionParameters": "", - "version": 2, - "tags": [ - { - "name": "description", - "value": "" - } - ] - } - }, - { - "type": "Microsoft.OperationalInsights/workspaces/providers/metadata", - "apiVersion": "2022-01-01-preview", - "location": "[parameters('workspace-location')]", - "name": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat('Parser-', last(split(variables('parserObject9')._parserId9,'/'))))]", - "dependsOn": [ - "[variables('parserObject9')._parserId9]" - ], - "properties": { - "parentId": "[resourceId('Microsoft.OperationalInsights/workspaces/savedSearches', parameters('workspace'), 'BitSightFindingsSummary')]", - "contentId": "[variables('parserObject9').parserContentId9]", - "kind": "Parser", - "version": "[variables('parserObject9').parserVersion9]", - "source": { - "kind": "Solution", - "name": "BitSight", - "sourceId": "[variables('_solutionId')]" - }, - "author": { - "name": "Microsoft", - "email": "[variables('_email')]" - }, - "support": { - "name": "BitSight Support", - "email": "support@bitsight.com", - "tier": "Partner", - "link": "https://www.bitsight.com/customer-success-support" - } - } - }, - { - "type": "Microsoft.OperationalInsights/workspaces/providers/contentTemplates", - "apiVersion": "2023-04-01-preview", - "name": "[variables('parserObject10').parserTemplateSpecName10]", - "location": "[parameters('workspace-location')]", - "dependsOn": [ - "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]" - ], - "properties": { - "description": "BitSightGraphData Data Parser with template version 3.2.0", - "mainTemplate": { - "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", - "contentVersion": "[variables('parserObject10').parserVersion10]", - "parameters": {}, - "variables": {}, - "resources": [ - { - "name": "[variables('parserObject10')._parserName10]", - "apiVersion": "2025-07-01", - "type": "Microsoft.OperationalInsights/workspaces/savedSearches", - "location": "[parameters('workspace-location')]", - "properties": { - "eTag": "*", - "displayName": "Parser for BitSightGraphData", - "category": "Microsoft Sentinel Parser", - "functionAlias": "BitSightGraphData", - "query": "union isfuzzy=true\n (\n BitsightGraph_data_CL\n | extend\n EventVendor = \"BitSight\",\n EventProduct = \"GraphData\",\n RatingDate = column_ifexists('Rating_Date', ''),\n Rating = column_ifexists('Rating', ''),\n CompanyName = column_ifexists('Company_name', ''),\n RatingDifferance = column_ifexists('Rating_differance', '')\n | project\n TimeGenerated,\n EventVendor,\n EventProduct,\n RatingDate,\n Rating,\n CompanyName,\n RatingDifferance\n ),\n (\n BitSightCompanyDetails_CL\n | summarize arg_max(TimeGenerated, *) by Guid\n | mv-expand RatingEntry = Ratings\n | extend\n EventVendor = \"BitSight\",\n EventProduct = \"GraphData\",\n CompanyName = Name,\n RatingDate = tostring(RatingEntry[\"rating_date\"]),\n Rating = toint(RatingEntry[\"rating\"]),\n RatingRange = tostring(RatingEntry[\"range\"]),\n RatingColor = tostring(RatingEntry[\"rating_color\"])\n | sort by Guid asc, RatingDate asc\n | serialize\n | extend\n PrevGuid = prev(Guid, 1),\n PrevRating = prev(Rating, 1)\n | extend\n RatingDifference = iff(Guid == PrevGuid, Rating - PrevRating, int(null)),\n RatingDifferance = iff(Guid == PrevGuid, Rating - PrevRating, int(null))\n | project-away PrevGuid, PrevRating\n | project\n TimeGenerated,\n EventVendor,\n EventProduct,\n CompanyName,\n Guid,\n RatingDate,\n Rating,\n RatingRange,\n RatingColor,\n RatingDifference,\n RatingDifferance,\n ConnectorName\n )\n", - "functionParameters": "", - "version": 2, - "tags": [ - { - "name": "description", - "value": "" - } - ] - } - }, - { - "type": "Microsoft.OperationalInsights/workspaces/providers/metadata", - "apiVersion": "2022-01-01-preview", - "name": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat('Parser-', last(split(variables('parserObject10')._parserId10,'/'))))]", - "dependsOn": [ - "[variables('parserObject10')._parserId10]" - ], - "properties": { - "parentId": "[resourceId('Microsoft.OperationalInsights/workspaces/savedSearches', parameters('workspace'), 'BitSightGraphData')]", - "contentId": "[variables('parserObject10').parserContentId10]", - "kind": "Parser", - "version": "[variables('parserObject10').parserVersion10]", - "source": { - "name": "BitSight", - "kind": "Solution", - "sourceId": "[variables('_solutionId')]" - }, - "author": { - "name": "Microsoft", - "email": "[variables('_email')]" - }, - "support": { - "name": "BitSight Support", - "email": "support@bitsight.com", - "tier": "Partner", - "link": "https://www.bitsight.com/customer-success-support" - } - } - } - ] - }, - "packageKind": "Solution", - "packageVersion": "[variables('_solutionVersion')]", - "packageName": "[variables('_solutionName')]", - "packageId": "[variables('_solutionId')]", - "contentSchemaVersion": "3.0.0", - "contentId": "[variables('parserObject10').parserContentId10]", - "contentKind": "Parser", - "displayName": "Parser for BitSightGraphData", - "contentProductId": "[concat(take(variables('_solutionId'),50),'-','pr','-', uniqueString(concat(variables('_solutionId'),'-','Parser','-',variables('parserObject10').parserContentId10,'-', '1.1.0')))]", - "id": "[concat(take(variables('_solutionId'),50),'-','pr','-', uniqueString(concat(variables('_solutionId'),'-','Parser','-',variables('parserObject10').parserContentId10,'-', '1.1.0')))]", - "version": "[variables('parserObject10').parserVersion10]" - } - }, - { - "type": "Microsoft.OperationalInsights/workspaces/savedSearches", - "apiVersion": "2025-07-01", - "name": "[variables('parserObject10')._parserName10]", - "location": "[parameters('workspace-location')]", - "properties": { - "eTag": "*", - "displayName": "Parser for BitSightGraphData", - "category": "Microsoft Sentinel Parser", - "functionAlias": "BitSightGraphData", - "query": "union isfuzzy=true\n (\n BitsightGraph_data_CL\n | extend\n EventVendor = \"BitSight\",\n EventProduct = \"GraphData\",\n RatingDate = column_ifexists('Rating_Date', ''),\n Rating = column_ifexists('Rating', ''),\n CompanyName = column_ifexists('Company_name', ''),\n RatingDifferance = column_ifexists('Rating_differance', '')\n | project\n TimeGenerated,\n EventVendor,\n EventProduct,\n RatingDate,\n Rating,\n CompanyName,\n RatingDifferance\n ),\n (\n BitSightCompanyDetails_CL\n | summarize arg_max(TimeGenerated, *) by Guid\n | mv-expand RatingEntry = Ratings\n | extend\n EventVendor = \"BitSight\",\n EventProduct = \"GraphData\",\n CompanyName = Name,\n RatingDate = tostring(RatingEntry[\"rating_date\"]),\n Rating = toint(RatingEntry[\"rating\"]),\n RatingRange = tostring(RatingEntry[\"range\"]),\n RatingColor = tostring(RatingEntry[\"rating_color\"])\n | sort by Guid asc, RatingDate asc\n | serialize\n | extend\n PrevGuid = prev(Guid, 1),\n PrevRating = prev(Rating, 1)\n | extend\n RatingDifference = iff(Guid == PrevGuid, Rating - PrevRating, int(null)),\n RatingDifferance = iff(Guid == PrevGuid, Rating - PrevRating, int(null))\n | project-away PrevGuid, PrevRating\n | project\n TimeGenerated,\n EventVendor,\n EventProduct,\n CompanyName,\n Guid,\n RatingDate,\n Rating,\n RatingRange,\n RatingColor,\n RatingDifference,\n RatingDifferance,\n ConnectorName\n )\n", - "functionParameters": "", - "version": 2, - "tags": [ - { - "name": "description", - "value": "" - } - ] - } - }, - { - "type": "Microsoft.OperationalInsights/workspaces/providers/metadata", - "apiVersion": "2022-01-01-preview", - "location": "[parameters('workspace-location')]", - "name": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat('Parser-', last(split(variables('parserObject10')._parserId10,'/'))))]", - "dependsOn": [ - "[variables('parserObject10')._parserId10]" - ], - "properties": { - "parentId": "[resourceId('Microsoft.OperationalInsights/workspaces/savedSearches', parameters('workspace'), 'BitSightGraphData')]", - "contentId": "[variables('parserObject10').parserContentId10]", - "kind": "Parser", - "version": "[variables('parserObject10').parserVersion10]", - "source": { - "kind": "Solution", - "name": "BitSight", - "sourceId": "[variables('_solutionId')]" - }, - "author": { - "name": "Microsoft", - "email": "[variables('_email')]" - }, - "support": { - "name": "BitSight Support", - "email": "support@bitsight.com", - "tier": "Partner", - "link": "https://www.bitsight.com/customer-success-support" - } - } - }, - { - "type": "Microsoft.OperationalInsights/workspaces/providers/contentTemplates", - "apiVersion": "2023-04-01-preview", - "name": "[variables('parserObject11').parserTemplateSpecName11]", - "location": "[parameters('workspace-location')]", - "dependsOn": [ - "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]" - ], - "properties": { - "description": "BitSightIndustrialStatistics Data Parser with template version 3.2.0", - "mainTemplate": { - "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", - "contentVersion": "[variables('parserObject11').parserVersion11]", - "parameters": {}, - "variables": {}, - "resources": [ - { - "name": "[variables('parserObject11')._parserName11]", - "apiVersion": "2025-07-01", - "type": "Microsoft.OperationalInsights/workspaces/savedSearches", - "location": "[parameters('workspace-location')]", - "properties": { - "eTag": "*", - "displayName": "Parser for BitSightIndustrialStatistics", - "category": "Microsoft Sentinel Parser", - "functionAlias": "BitSightIndustrialStatistics", - "query": "union isfuzzy=true\n (\n BitsightIndustrial_statistics_CL\n | extend\n EventVendor = \"BitSight\",\n EventProduct = \"IndustrialStatistics\",\n Count = column_ifexists('count', ''),\n CountPeriod = column_ifexists('count_period', ''),\n AverageDurationDays = column_ifexists('average_duration_days', ''),\n RiskVector = column_ifexists('risk_vector', ''),\n CompanyName = column_ifexists('Company_name', '')\n | project\n TimeGenerated,\n EventVendor,\n EventProduct,\n Count,\n CountPeriod,\n AverageDurationDays,\n RiskVector,\n CompanyName\n ),\n (\n BitsightIndustrialStatistics_CL\n | extend\n EventVendor = \"BitSight\",\n EventProduct = \"IndustrialStatistics\"\n | project\n TimeGenerated,\n EventVendor,\n EventProduct,\n CompanyName,\n CompanyGuid,\n RiskVector,\n IncidentCount,\n CountPeriod,\n AverageDurationDays,\n ConnectorName\n )\n", - "functionParameters": "", - "version": 2, - "tags": [ - { - "name": "description", - "value": "" - } - ] - } - }, - { - "type": "Microsoft.OperationalInsights/workspaces/providers/metadata", - "apiVersion": "2022-01-01-preview", - "name": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat('Parser-', last(split(variables('parserObject11')._parserId11,'/'))))]", - "dependsOn": [ - "[variables('parserObject11')._parserId11]" - ], - "properties": { - "parentId": "[resourceId('Microsoft.OperationalInsights/workspaces/savedSearches', parameters('workspace'), 'BitSightIndustrialStatistics')]", - "contentId": "[variables('parserObject11').parserContentId11]", - "kind": "Parser", - "version": "[variables('parserObject11').parserVersion11]", - "source": { - "name": "BitSight", - "kind": "Solution", - "sourceId": "[variables('_solutionId')]" - }, - "author": { - "name": "Microsoft", - "email": "[variables('_email')]" - }, - "support": { - "name": "BitSight Support", - "email": "support@bitsight.com", - "tier": "Partner", - "link": "https://www.bitsight.com/customer-success-support" - } - } - } - ] - }, - "packageKind": "Solution", - "packageVersion": "[variables('_solutionVersion')]", - "packageName": "[variables('_solutionName')]", - "packageId": "[variables('_solutionId')]", - "contentSchemaVersion": "3.0.0", - "contentId": "[variables('parserObject11').parserContentId11]", - "contentKind": "Parser", - "displayName": "Parser for BitSightIndustrialStatistics", - "contentProductId": "[concat(take(variables('_solutionId'),50),'-','pr','-', uniqueString(concat(variables('_solutionId'),'-','Parser','-',variables('parserObject11').parserContentId11,'-', '1.1.0')))]", - "id": "[concat(take(variables('_solutionId'),50),'-','pr','-', uniqueString(concat(variables('_solutionId'),'-','Parser','-',variables('parserObject11').parserContentId11,'-', '1.1.0')))]", - "version": "[variables('parserObject11').parserVersion11]" - } - }, - { - "type": "Microsoft.OperationalInsights/workspaces/savedSearches", - "apiVersion": "2025-07-01", - "name": "[variables('parserObject11')._parserName11]", - "location": "[parameters('workspace-location')]", - "properties": { - "eTag": "*", - "displayName": "Parser for BitSightIndustrialStatistics", - "category": "Microsoft Sentinel Parser", - "functionAlias": "BitSightIndustrialStatistics", - "query": "union isfuzzy=true\n (\n BitsightIndustrial_statistics_CL\n | extend\n EventVendor = \"BitSight\",\n EventProduct = \"IndustrialStatistics\",\n Count = column_ifexists('count', ''),\n CountPeriod = column_ifexists('count_period', ''),\n AverageDurationDays = column_ifexists('average_duration_days', ''),\n RiskVector = column_ifexists('risk_vector', ''),\n CompanyName = column_ifexists('Company_name', '')\n | project\n TimeGenerated,\n EventVendor,\n EventProduct,\n Count,\n CountPeriod,\n AverageDurationDays,\n RiskVector,\n CompanyName\n ),\n (\n BitsightIndustrialStatistics_CL\n | extend\n EventVendor = \"BitSight\",\n EventProduct = \"IndustrialStatistics\"\n | project\n TimeGenerated,\n EventVendor,\n EventProduct,\n CompanyName,\n CompanyGuid,\n RiskVector,\n IncidentCount,\n CountPeriod,\n AverageDurationDays,\n ConnectorName\n )\n", - "functionParameters": "", - "version": 2, - "tags": [ - { - "name": "description", - "value": "" - } - ] - } - }, - { - "type": "Microsoft.OperationalInsights/workspaces/providers/metadata", - "apiVersion": "2022-01-01-preview", - "location": "[parameters('workspace-location')]", - "name": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat('Parser-', last(split(variables('parserObject11')._parserId11,'/'))))]", - "dependsOn": [ - "[variables('parserObject11')._parserId11]" - ], - "properties": { - "parentId": "[resourceId('Microsoft.OperationalInsights/workspaces/savedSearches', parameters('workspace'), 'BitSightIndustrialStatistics')]", - "contentId": "[variables('parserObject11').parserContentId11]", - "kind": "Parser", - "version": "[variables('parserObject11').parserVersion11]", - "source": { - "kind": "Solution", - "name": "BitSight", - "sourceId": "[variables('_solutionId')]" - }, - "author": { - "name": "Microsoft", - "email": "[variables('_email')]" - }, - "support": { - "name": "BitSight Support", - "email": "support@bitsight.com", - "tier": "Partner", - "link": "https://www.bitsight.com/customer-success-support" - } - } - }, - { - "type": "Microsoft.OperationalInsights/workspaces/providers/contentTemplates", - "apiVersion": "2023-04-01-preview", - "name": "[variables('parserObject12').parserTemplateSpecName12]", - "location": "[parameters('workspace-location')]", - "dependsOn": [ - "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]" - ], - "properties": { - "description": "BitSightObservationStatistics Data Parser with template version 3.2.0", - "mainTemplate": { - "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", - "contentVersion": "[variables('parserObject12').parserVersion12]", - "parameters": {}, - "variables": {}, - "resources": [ - { - "name": "[variables('parserObject12')._parserName12]", - "apiVersion": "2025-07-01", - "type": "Microsoft.OperationalInsights/workspaces/savedSearches", - "location": "[parameters('workspace-location')]", - "properties": { - "eTag": "*", - "displayName": "Parser for BitSightObservationStatistics", - "category": "Microsoft Sentinel Parser", - "functionAlias": "BitSightObservationStatistics", - "query": "union isfuzzy=true\n (\n BitsightObservation_statistics_CL\n | extend\n EventVendor = \"BitSight\",\n EventProduct = \"ObservationStatistics\",\n Count = column_ifexists('count', ''),\n CountPeriod = column_ifexists('count_period', ''),\n AverageDurationDays = column_ifexists('average_duration_days', ''),\n RiskVector = column_ifexists('risk_vector', ''),\n CompanyName = column_ifexists('Company_name', '')\n | project\n TimeGenerated,\n EventVendor,\n EventProduct,\n Count,\n CountPeriod,\n AverageDurationDays,\n RiskVector,\n CompanyName\n ),\n (\n BitSightObservationStatistics_CL\n | extend\n EventVendor = \"BitSight\",\n EventProduct = \"ObservationStatistics\"\n | project\n TimeGenerated,\n EventVendor,\n EventProduct,\n CompanyName,\n CompanyGuid,\n RiskVector,\n ObservationCount,\n CountPeriod,\n AverageDurationDays,\n ConnectorName\n )\n", - "functionParameters": "", - "version": 2, - "tags": [ - { - "name": "description", - "value": "" - } - ] - } - }, - { - "type": "Microsoft.OperationalInsights/workspaces/providers/metadata", - "apiVersion": "2022-01-01-preview", - "name": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat('Parser-', last(split(variables('parserObject12')._parserId12,'/'))))]", - "dependsOn": [ - "[variables('parserObject12')._parserId12]" - ], - "properties": { - "parentId": "[resourceId('Microsoft.OperationalInsights/workspaces/savedSearches', parameters('workspace'), 'BitSightObservationStatistics')]", - "contentId": "[variables('parserObject12').parserContentId12]", - "kind": "Parser", - "version": "[variables('parserObject12').parserVersion12]", - "source": { - "name": "BitSight", - "kind": "Solution", - "sourceId": "[variables('_solutionId')]" - }, - "author": { - "name": "Microsoft", - "email": "[variables('_email')]" - }, - "support": { - "name": "BitSight Support", - "email": "support@bitsight.com", - "tier": "Partner", - "link": "https://www.bitsight.com/customer-success-support" - } - } - } - ] - }, - "packageKind": "Solution", - "packageVersion": "[variables('_solutionVersion')]", - "packageName": "[variables('_solutionName')]", - "packageId": "[variables('_solutionId')]", - "contentSchemaVersion": "3.0.0", - "contentId": "[variables('parserObject12').parserContentId12]", - "contentKind": "Parser", - "displayName": "Parser for BitSightObservationStatistics", - "contentProductId": "[concat(take(variables('_solutionId'),50),'-','pr','-', uniqueString(concat(variables('_solutionId'),'-','Parser','-',variables('parserObject12').parserContentId12,'-', '1.1.0')))]", - "id": "[concat(take(variables('_solutionId'),50),'-','pr','-', uniqueString(concat(variables('_solutionId'),'-','Parser','-',variables('parserObject12').parserContentId12,'-', '1.1.0')))]", - "version": "[variables('parserObject12').parserVersion12]" - } - }, - { - "type": "Microsoft.OperationalInsights/workspaces/savedSearches", - "apiVersion": "2025-07-01", - "name": "[variables('parserObject12')._parserName12]", - "location": "[parameters('workspace-location')]", - "properties": { - "eTag": "*", - "displayName": "Parser for BitSightObservationStatistics", - "category": "Microsoft Sentinel Parser", - "functionAlias": "BitSightObservationStatistics", - "query": "union isfuzzy=true\n (\n BitsightObservation_statistics_CL\n | extend\n EventVendor = \"BitSight\",\n EventProduct = \"ObservationStatistics\",\n Count = column_ifexists('count', ''),\n CountPeriod = column_ifexists('count_period', ''),\n AverageDurationDays = column_ifexists('average_duration_days', ''),\n RiskVector = column_ifexists('risk_vector', ''),\n CompanyName = column_ifexists('Company_name', '')\n | project\n TimeGenerated,\n EventVendor,\n EventProduct,\n Count,\n CountPeriod,\n AverageDurationDays,\n RiskVector,\n CompanyName\n ),\n (\n BitSightObservationStatistics_CL\n | extend\n EventVendor = \"BitSight\",\n EventProduct = \"ObservationStatistics\"\n | project\n TimeGenerated,\n EventVendor,\n EventProduct,\n CompanyName,\n CompanyGuid,\n RiskVector,\n ObservationCount,\n CountPeriod,\n AverageDurationDays,\n ConnectorName\n )\n", - "functionParameters": "", - "version": 2, - "tags": [ - { - "name": "description", - "value": "" - } - ] - } - }, - { - "type": "Microsoft.OperationalInsights/workspaces/providers/metadata", - "apiVersion": "2022-01-01-preview", - "location": "[parameters('workspace-location')]", - "name": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat('Parser-', last(split(variables('parserObject12')._parserId12,'/'))))]", - "dependsOn": [ - "[variables('parserObject12')._parserId12]" - ], - "properties": { - "parentId": "[resourceId('Microsoft.OperationalInsights/workspaces/savedSearches', parameters('workspace'), 'BitSightObservationStatistics')]", - "contentId": "[variables('parserObject12').parserContentId12]", - "kind": "Parser", - "version": "[variables('parserObject12').parserVersion12]", - "source": { - "kind": "Solution", - "name": "BitSight", - "sourceId": "[variables('_solutionId')]" - }, - "author": { - "name": "Microsoft", - "email": "[variables('_email')]" - }, - "support": { - "name": "BitSight Support", - "email": "support@bitsight.com", - "tier": "Partner", - "link": "https://www.bitsight.com/customer-success-support" - } - } - }, - { - "type": "Microsoft.OperationalInsights/workspaces/providers/contentTemplates", - "apiVersion": "2023-04-01-preview", - "name": "[variables('parserObject13').parserTemplateSpecName13]", - "location": "[parameters('workspace-location')]", - "dependsOn": [ - "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]" - ], - "properties": { - "description": "BitSightVulnerabilitiesFindingsSummary Data Parser with template version 3.2.0", - "mainTemplate": { - "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", - "contentVersion": "[variables('parserObject13').parserVersion13]", - "parameters": {}, - "variables": {}, - "resources": [ - { - "name": "[variables('parserObject13')._parserName13]", - "apiVersion": "2025-07-01", - "type": "Microsoft.OperationalInsights/workspaces/savedSearches", - "location": "[parameters('workspace-location')]", - "properties": { - "eTag": "*", - "displayName": "Parser for BitSightVulnerabilitiesFindingsSummary", - "category": "Microsoft Sentinel Parser", - "functionAlias": "BitSightVulnerabilitiesFindingsSummary", - "query": "BitsightVulnerabilitiesFindingsSummary_CL\n| summarize arg_max(TimeGenerated, *) by DisplayName\n| extend\n EventVendor = \"BitSight\",\n EventProduct = \"VulnerabilitiesFindingsSummary\"\n| project\n TimeGenerated,\n EventVendor,\n EventProduct,\n DisplayName,\n Severity,\n Description,\n ConnectorName\n", - "functionParameters": "", - "version": 2, - "tags": [ - { - "name": "description", - "value": "" - } - ] - } - }, - { - "type": "Microsoft.OperationalInsights/workspaces/providers/metadata", - "apiVersion": "2022-01-01-preview", - "name": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat('Parser-', last(split(variables('parserObject13')._parserId13,'/'))))]", - "dependsOn": [ - "[variables('parserObject13')._parserId13]" - ], - "properties": { - "parentId": "[resourceId('Microsoft.OperationalInsights/workspaces/savedSearches', parameters('workspace'), 'BitSightVulnerabilitiesFindingsSummary')]", - "contentId": "[variables('parserObject13').parserContentId13]", - "kind": "Parser", - "version": "[variables('parserObject13').parserVersion13]", - "source": { - "name": "BitSight", - "kind": "Solution", - "sourceId": "[variables('_solutionId')]" - }, - "author": { - "name": "Microsoft", - "email": "[variables('_email')]" - }, - "support": { - "name": "BitSight Support", - "email": "support@bitsight.com", - "tier": "Partner", - "link": "https://www.bitsight.com/customer-success-support" - } - } - } - ] - }, - "packageKind": "Solution", - "packageVersion": "[variables('_solutionVersion')]", - "packageName": "[variables('_solutionName')]", - "packageId": "[variables('_solutionId')]", - "contentSchemaVersion": "3.0.0", - "contentId": "[variables('parserObject13').parserContentId13]", - "contentKind": "Parser", - "displayName": "Parser for BitSightVulnerabilitiesFindingsSummary", - "contentProductId": "[concat(take(variables('_solutionId'),50),'-','pr','-', uniqueString(concat(variables('_solutionId'),'-','Parser','-',variables('parserObject13').parserContentId13,'-', '1.0.0')))]", - "id": "[concat(take(variables('_solutionId'),50),'-','pr','-', uniqueString(concat(variables('_solutionId'),'-','Parser','-',variables('parserObject13').parserContentId13,'-', '1.0.0')))]", - "version": "[variables('parserObject13').parserVersion13]" - } - }, - { - "type": "Microsoft.OperationalInsights/workspaces/savedSearches", - "apiVersion": "2025-07-01", - "name": "[variables('parserObject13')._parserName13]", - "location": "[parameters('workspace-location')]", - "properties": { - "eTag": "*", - "displayName": "Parser for BitSightVulnerabilitiesFindingsSummary", - "category": "Microsoft Sentinel Parser", - "functionAlias": "BitSightVulnerabilitiesFindingsSummary", - "query": "BitsightVulnerabilitiesFindingsSummary_CL\n| summarize arg_max(TimeGenerated, *) by DisplayName\n| extend\n EventVendor = \"BitSight\",\n EventProduct = \"VulnerabilitiesFindingsSummary\"\n| project\n TimeGenerated,\n EventVendor,\n EventProduct,\n DisplayName,\n Severity,\n Description,\n ConnectorName\n", - "functionParameters": "", - "version": 2, - "tags": [ - { - "name": "description", - "value": "" - } - ] - } - }, - { - "type": "Microsoft.OperationalInsights/workspaces/providers/metadata", - "apiVersion": "2022-01-01-preview", - "location": "[parameters('workspace-location')]", - "name": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat('Parser-', last(split(variables('parserObject13')._parserId13,'/'))))]", - "dependsOn": [ - "[variables('parserObject13')._parserId13]" - ], - "properties": { - "parentId": "[resourceId('Microsoft.OperationalInsights/workspaces/savedSearches', parameters('workspace'), 'BitSightVulnerabilitiesFindingsSummary')]", - "contentId": "[variables('parserObject13').parserContentId13]", - "kind": "Parser", - "version": "[variables('parserObject13').parserVersion13]", - "source": { - "kind": "Solution", - "name": "BitSight", - "sourceId": "[variables('_solutionId')]" - }, - "author": { - "name": "Microsoft", - "email": "[variables('_email')]" - }, - "support": { - "name": "BitSight Support", - "email": "support@bitsight.com", - "tier": "Partner", - "link": "https://www.bitsight.com/customer-success-support" - } - } - }, - { - "type": "Microsoft.OperationalInsights/workspaces/providers/contentTemplates", - "apiVersion": "2023-04-01-preview", - "name": "[variables('dataConnectorTemplateSpecName1')]", - "location": "[parameters('workspace-location')]", - "dependsOn": [ - "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]" - ], - "properties": { - "description": "BitSight data connector with template version 3.2.0", - "mainTemplate": { - "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", - "contentVersion": "[variables('dataConnectorVersion1')]", - "parameters": {}, - "variables": {}, - "resources": [ - { - "name": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',variables('_dataConnectorContentId1'))]", - "apiVersion": "2021-03-01-preview", - "type": "Microsoft.OperationalInsights/workspaces/providers/dataConnectors", - "location": "[parameters('workspace-location')]", - "kind": "GenericUI", - "properties": { - "connectorUiConfig": { - "id": "[variables('_uiConfigId1')]", - "title": "Bitsight data connector (using Azure Functions)", - "publisher": "BitSight Technologies, Inc.", - "descriptionMarkdown": "The [BitSight](https://www.BitSight.com/) Data Connector supports evidence-based cyber risk monitoring by bringing BitSight data in Microsoft Sentinel.", - "graphQueries": [ - { - "metricName": "Total Alerts data received", - "legend": "BitsightAlerts_data_CL", - "baseQuery": "BitsightAlerts_data_CL" - }, - { - "metricName": "Total Breaches data received", - "legend": "BitsightBreaches_data_CL", - "baseQuery": "BitsightBreaches_data_CL" - }, - { - "metricName": "Total Company Details received", - "legend": "BitsightCompany_details_CL", - "baseQuery": "BitsightCompany_details_CL" - }, - { - "metricName": "Total Company Ratings received", - "legend": "BitsightCompany_rating_details_CL", - "baseQuery": "BitsightCompany_rating_details_CL" - }, - { - "metricName": "Total Diligence Historical Statistics data received", - "legend": "BitsightDiligence_historical_statistics_CL", - "baseQuery": "BitsightDiligence_historical_statistics_CL" - }, - { - "metricName": "Total Diligence Statistics data received", - "legend": "BitsightDiligence_statistics_CL", - "baseQuery": "BitsightDiligence_statistics_CL" - }, - { - "metricName": "Total Findings data received", - "legend": "BitsightFindings_data_CL", - "baseQuery": "BitsightFindings_data_CL" - }, - { - "metricName": "Total Findings Summary data received", - "legend": "BitsightFindings_summary_CL", - "baseQuery": "BitsightFindings_summary_CL" - }, - { - "metricName": "Total Graph data received", - "legend": "BitsightGraph_data_CL", - "baseQuery": "BitsightGraph_data_CL" - }, - { - "metricName": "Total Industrial Statistics data received", - "legend": "BitsightIndustrial_statistics_CL", - "baseQuery": "BitsightIndustrial_statistics_CL" - }, - { - "metricName": "Total Observation Statistics data received", - "legend": "BitsightObservation_statistics_CL", - "baseQuery": "BitsightObservation_statistics_CL" - } - ], - "sampleQueries": [ - { - "description": "BitSight Alert Events - Alerts Event for all Companies in portfolio.", - "query": "BitsightAlerts_data_CL\n | sort by TimeGenerated desc" - }, - { - "description": "BitSight Breaches Events - Breaches Event for all Companies in portfolio.", - "query": "BitsightBreaches_data_CL\n | sort by TimeGenerated desc" - }, - { - "description": "BitSight Company Details Events - Company Details Event for all Companies in portfolio.", - "query": "BitsightCompany_details_CL\n | sort by TimeGenerated desc" - }, - { - "description": "BitSight Company Ratings Events - Company Ratings Event for all Companies.", - "query": "BitsightCompany_rating_details_CL\n | sort by TimeGenerated desc" - }, - { - "description": "BitSight Diligence Historical Statistics Events - Diligence Historical Statistics Event for all Companies.", - "query": "BitsightDiligence_historical_statistics_CL\n | sort by TimeGenerated desc" - }, - { - "description": "BitSight Diligence Statistics Events - Diligence Statistics Event for all Companies.", - "query": "BitsightDiligence_statistics_CL\n | sort by TimeGenerated desc" - }, - { - "description": "BitSight Findings Events - Findings Event for all Companies.", - "query": "BitsightFindings_data_CL\n | sort by TimeGenerated desc" - }, - { - "description": "BitSight Findings Summary Events - Findings Summary Event for all Companies.", - "query": "BitsightFindings_summary_CL\n | sort by TimeGenerated desc" - }, - { - "description": "BitSight Graph Events - Graph Event for all Companies.", - "query": "BitsightGraph_data_CL\n | sort by TimeGenerated desc" - }, - { - "description": "BitSight Industrial Statistics Events - Industrial Statistics Event for all Companies.", - "query": "BitsightIndustrial_statistics_CL\n | sort by TimeGenerated desc" - }, - { - "description": "BitSight Observation Statistics Events - Observation Statistics Event for all Companies.", - "query": "BitsightObservation_statistics_CL\n | sort by TimeGenerated desc" - } - ], - "dataTypes": [ - { - "name": "BitsightAlerts_data_CL", - "lastDataReceivedQuery": "BitsightAlerts_data_CL\n | summarize Time = max(TimeGenerated)\n | where isnotempty(Time)" - }, - { - "name": "BitsightBreaches_data_CL", - "lastDataReceivedQuery": "BitsightBreaches_data_CL\n | summarize Time = max(TimeGenerated)\n | where isnotempty(Time)" - }, - { - "name": "BitsightCompany_details_CL", - "lastDataReceivedQuery": "BitsightCompany_details_CL\n | summarize Time = max(TimeGenerated)\n | where isnotempty(Time)" - }, - { - "name": "BitsightCompany_rating_details_CL", - "lastDataReceivedQuery": "BitsightCompany_rating_details_CL\n | summarize Time = max(TimeGenerated)\n | where isnotempty(Time)" - }, - { - "name": "BitsightDiligence_historical_statistics_CL", - "lastDataReceivedQuery": "BitsightDiligence_historical_statistics_CL\n | summarize Time = max(TimeGenerated)\n | where isnotempty(Time)" - }, - { - "name": "BitsightDiligence_statistics_CL", - "lastDataReceivedQuery": "BitsightDiligence_statistics_CL\n | summarize Time = max(TimeGenerated)\n | where isnotempty(Time)" - }, - { - "name": "BitsightFindings_data_CL", - "lastDataReceivedQuery": "BitsightFindings_data_CL\n | summarize Time = max(TimeGenerated)\n | where isnotempty(Time)" - }, - { - "name": "BitsightFindings_summary_CL", - "lastDataReceivedQuery": "BitsightFindings_summary_CL\n | summarize Time = max(TimeGenerated)\n | where isnotempty(Time)" - }, - { - "name": "BitsightGraph_data_CL", - "lastDataReceivedQuery": "BitsightGraph_data_CL\n | summarize Time = max(TimeGenerated)\n | where isnotempty(Time)" - }, - { - "name": "BitsightIndustrial_statistics_CL", - "lastDataReceivedQuery": "BitsightIndustrial_statistics_CL\n | summarize Time = max(TimeGenerated)\n | where isnotempty(Time)" - }, - { - "name": "BitsightObservation_statistics_CL", - "lastDataReceivedQuery": "BitsightObservation_statistics_CL\n | summarize Time = max(TimeGenerated)\n | where isnotempty(Time)" - } - ], - "connectivityCriterias": [ - { - "type": "IsConnectedQuery", - "value": [ - "BitsightAlerts_data_CL\n | summarize LastLogReceived = max(TimeGenerated)\n | project IsConnected = LastLogReceived > ago(30d)" - ] - }, - { - "type": "IsConnectedQuery", - "value": [ - "BitsightBreaches_data_CL\n | summarize LastLogReceived = max(TimeGenerated)\n | project IsConnected = LastLogReceived > ago(30d)" - ] - }, - { - "type": "IsConnectedQuery", - "value": [ - "BitsightCompany_details_CL\n | summarize LastLogReceived = max(TimeGenerated)\n | project IsConnected = LastLogReceived > ago(30d)" - ] - }, - { - "type": "IsConnectedQuery", - "value": [ - "BitsightCompany_rating_details_CL\n | summarize LastLogReceived = max(TimeGenerated)\n | project IsConnected = LastLogReceived > ago(30d)" - ] - }, - { - "type": "IsConnectedQuery", - "value": [ - "BitsightDiligence_historical_statistics_CL\n | summarize LastLogReceived = max(TimeGenerated)\n | project IsConnected = LastLogReceived > ago(30d)" - ] - }, - { - "type": "IsConnectedQuery", - "value": [ - "BitsightDiligence_statistics_CL\n | summarize LastLogReceived = max(TimeGenerated)\n | project IsConnected = LastLogReceived > ago(30d)" - ] - }, - { - "type": "IsConnectedQuery", - "value": [ - "BitsightFindings_data_CL\n | summarize LastLogReceived = max(TimeGenerated)\n | project IsConnected = LastLogReceived > ago(30d)" - ] - }, - { - "type": "IsConnectedQuery", - "value": [ - "BitsightFindings_summary_CL\n | summarize LastLogReceived = max(TimeGenerated)\n | project IsConnected = LastLogReceived > ago(30d)" - ] - }, - { - "type": "IsConnectedQuery", - "value": [ - "BitsightGraph_data_CL\n | summarize LastLogReceived = max(TimeGenerated)\n | project IsConnected = LastLogReceived > ago(30d)" - ] - }, - { - "type": "IsConnectedQuery", - "value": [ - "BitsightIndustrial_statistics_CL\n | summarize LastLogReceived = max(TimeGenerated)\n | project IsConnected = LastLogReceived > ago(30d)" - ] - }, - { - "type": "IsConnectedQuery", - "value": [ - "BitsightObservation_statistics_CL\n | summarize LastLogReceived = max(TimeGenerated)\n | project IsConnected = LastLogReceived > ago(30d)" - ] - } - ], - "availability": { - "status": 1, - "isPreview": false - }, - "permissions": { - "resourceProvider": [ - { - "provider": "Microsoft.OperationalInsights/workspaces", - "permissionsDisplayText": "read and write permissions on the workspace are required.", - "providerDisplayName": "Workspace", - "scope": "Workspace", - "requiredPermissions": { - "write": true, - "read": true, - "delete": true - } - }, - { - "provider": "Microsoft.OperationalInsights/workspaces/sharedKeys", - "permissionsDisplayText": "read permissions to shared keys for the workspace are required. [See the documentation to learn more about workspace keys](https://docs.microsoft.com/azure/azure-monitor/platform/agent-windows#obtain-workspace-id-and-key).", - "providerDisplayName": "Keys", - "scope": "Workspace", - "requiredPermissions": { - "action": true - } - } - ], - "customs": [ - { - "name": "Microsoft.Web/sites permissions", - "description": "Read and write permissions to Azure Functions to create a Function App is required. [See the documentation to learn more about Azure Functions](https://docs.microsoft.com/azure/azure-functions/)." - }, - { - "name": "REST API Credentials/permissions", - "description": "BitSight API Token is required. See the documentation to [learn more](https://help.bitsighttech.com/hc/en-us/articles/115014888388-API-Token-Management) about API Token." - } - ] - }, - "instructionSteps": [ - { - "description": ">**NOTE:** This connector uses Azure Functions to connect to the BitSight API to pull its logs into Microsoft Sentinel. This might result in additional data ingestion costs. Check the [Azure Functions pricing page](https://azure.microsoft.com/pricing/details/functions/) for details." - }, - { - "description": ">**(Optional Step)** Securely store workspace and API authorization key(s) or token(s) in Azure Key Vault. Azure Key Vault provides a secure mechanism to store and retrieve key values. [Follow these instructions](https://docs.microsoft.com/azure/app-service/app-service-key-vault-references) to use Azure Key Vault with an Azure Function App." - }, - { - "description": "**STEP 1 - Steps to Create/Get Bitsight API Token**\n\n Follow these instructions to get a BitSight API Token.\n 1. For SPM App: Refer to the [User Preference](https://service.bitsight.com/app/spm/account) tab of your Account page, \n\t\tGo to Settings > Account > User Preferences > API Token.\n 2. For TPRM App: Refer to the [User Preference](https://service.bitsight.com/app/tprm/account) tab of your Account page, \n\t\tGo to Settings > Account > User Preferences > API Token.\n 3. For Classic BitSight: Go to your [Account](https://service.bitsight.com/settings) page, \n\t\tGo to Settings > Account > API Token." - }, - { - "description": "**STEP 2 - App Registration steps for the Application in Microsoft Entra ID**\n\n This integration requires an App registration in the Azure portal. Follow the steps in this section to create a new application in Microsoft Entra ID:\n 1. Sign in to the [Azure portal](https://portal.azure.com/).\n 2. Search for and select **Microsoft Entra ID**.\n 3. Under **Manage**, select **App registrations > New registration**.\n 4. Enter a display **Name** for your application.\n 5. Select **Register** to complete the initial app registration.\n 6. When registration finishes, the Azure portal displays the app registration's Overview pane. You see the **Application (client) ID** and **Tenant ID**. The client ID and Tenant ID is required as configuration parameters for the execution of BitSight Data Connector. \n\n> **Reference link:** [https://learn.microsoft.com/azure/active-directory/develop/quickstart-register-app](https://learn.microsoft.com/azure/active-directory/develop/quickstart-register-app)" - }, - { - "description": "**STEP 3 - Add a client secret for application in Microsoft Entra ID**\n\n Sometimes called an application password, a client secret is a string value required for the execution of BitSight Data Connector. Follow the steps in this section to create a new Client Secret:\n 1. In the Azure portal, in **App registrations**, select your application.\n 2. Select **Certificates & secrets > Client secrets > New client secret**.\n 3. Add a description for your client secret.\n 4. Select an expiration for the secret or specify a custom lifetime. Limit is 24 months.\n 5. Select **Add**. \n 6. *Record the secret's value for use in your client application code. This secret value is never displayed again after you leave this page.* The secret value is required as configuration parameter for the execution of BitSight Data Connector. \n\n> **Reference link:** [https://learn.microsoft.com/azure/active-directory/develop/quickstart-register-app#add-a-client-secret](https://learn.microsoft.com/azure/active-directory/develop/quickstart-register-app#add-a-client-secret)" - }, - { - "description": "**STEP 4 - Get Object ID of your application in Microsoft Entra ID**\n\n After creating your app registration, follow the steps in this section to get Object ID:\n 1. Go to **Microsoft Entra ID**.\n 2. Select **Enterprise applications** from the left menu.\n 3. Find your newly created application in the list (you can search by the name you provided).\n 4. Click on the application.\n 5. On the overview page, copy the **Object ID**. This is the **AzureEntraObjectId** needed for your ARM template role assignment.\n" - }, - { - "description": "**STEP 5 - Assign role of Contributor to application in Microsoft Entra ID**\n\n Follow the steps in this section to assign the role:\n 1. In the Azure portal, Go to **Resource Group** and select your resource group.\n 2. Go to **Access control (IAM)** from left panel.\n 3. Click on **Add**, and then select **Add role assignment**.\n 4. Select **Contributor** as role and click on next.\n 5. In **Assign access to**, select `User, group, or service principal`.\n 6. Click on **add members** and type **your app name** that you have created and select it.\n 7. Now click on **Review + assign** and then again click on **Review + assign**. \n\n> **Reference link:** [https://learn.microsoft.com/azure/role-based-access-control/role-assignments-portal](https://learn.microsoft.com/azure/role-based-access-control/role-assignments-portal)" - }, - { - "description": "**STEP 6 - Choose ONE from the following two deployment options to deploy the connector and the associated Azure Function**\n\n>**IMPORTANT:** Before deploying the BitSight data connector, have the Workspace ID and Workspace Primary Key (can be copied from the following) readily available.., as well as the BitSight API Token.", - "instructions": [ - { - "parameters": { - "fillWith": [ - "WorkspaceId" - ], - "label": "Workspace ID" - }, - "type": "CopyableLabel" - }, - { - "parameters": { - "fillWith": [ - "PrimaryKey" - ], - "label": "Primary Key" - }, - "type": "CopyableLabel" - } - ] - }, - { - "description": "Use this method for automated deployment of the BitSight connector.\n\n1. Click the **Deploy to Azure** button below. \n\n\t[![Deploy To Azure](https://aka.ms/deploytoazurebutton)](https://aka.ms/sentinel-BitSight-azuredeploy)\n2. Select the preferred **Subscription**, **Resource Group** and **Location**. \n3. Enter the below information : \n\n\t a. **FunctionName** - Name of the Azure Function App to be created. Default is BitSight. \n\n\t b. **API_token** - Enter API Token of your BitSight account. \n\n\t c. **Azure_Client_Id** - Enter Azure Client Id that you have created during app registration. \n\n\t d. **Azure_Client_Secret** - Enter Azure Client Secret that you have created during creating the client secret. \n\n\t e. **Azure_Tenant_Id** - Enter Azure Tenant Id of your Microsoft Entra ID. \n\n\t f. **Azure_Entra_Object_Id** - Enter Object id of your Microsoft Entra App. \n\n\t g. **Companies** - Please add valid company names separated by asterisk(*). For example: Actors Films*Goliath Investments LLC*HCL Group*Saperix, Inc. \n\n\t h. **Location** - The location in which the data collection rules and data collection endpoints should be deployed. \n\n\t i. **WorkspaceName** - Log analytics workspace name. Can be found under Log analytics \"Settings\". \n\n\t j. **Portfolio_Companies_Table_Name** - Name of the table to store portfolio companies. Default is BitsightPortfolio_Companies. Please do not keep this field as empty else you will get validation error. \n\n\t k. **Alerts_Table_Name** - Name of the table to store alerts. Default is BitsightAlerts_data. Please do not keep this field as empty else you will get validation error. \n\n\t l. **Breaches_Table_Name** - Name of the table to store breaches. Default is BitsightBreaches_data. Please do not keep this field as empty else you will get validation error. \n\n\t m. **Company_Table_Name** - Name of the table to store company details. Default is BitsightCompany_details. Please do not keep this field as empty else you will get validation error. \n\n\t n. **Company_Rating_Details_Table_Name** - Name of the table to store company rating details. Default is BitsightCompany_rating_details. Please do not keep this field as empty else you will get validation error. \n\n\t o. **Diligence_Historical_Statistics_Table_Name** - Name of the table to store diligence historical statistics. Default is BitsightDiligence_historical_statistics. Please do not keep this field as empty else you will get validation error. \n\n\t p. **Diligence_Statistics_Table_Name** - Name of the table to store diligence statistics. Default is BitsightDiligence_statistics. Please do not keep this field as empty else you will get validation error. \n\n\t q. **Findings_Summary_Table_Name** - Name of the table to store findings summary. Default is BitsightFindings_summary. Please do not keep this field as empty else you will get validation error. \n\n\t r. **Findings_Table_Name** - Name of the table to store findings data. Default is BitsightFindings_data. Please do not keep this field as empty else you will get validation error. \n\n\t s. **Graph_Table_Name** - Name of the table to store graph data. Default is BitsightGraph_data. Please do not keep this field as empty else you will get validation error. \n\n\t t. **Industrial_Statistics_Table_Name** - Name of the table to store industrial statistics. Default is BitsightIndustrial_statistics. Please do not keep this field as empty else you will get validation error. \n\n\t u. **Observation_Statistics_Table_Name** - Name of the table to store observation statistics. Default is BitsightObservation_statistics. Please do not keep this field as empty else you will get validation error. \n\n\t v. **LogLevel** - Select log level or log severity value from DEBUG, INFO, ERROR. By default it is set to INFO. \n\n\t w. **Schedule** - Please enter a valid Quartz cron-expression. (Example: 0 0 * * * *). \n\n\t x. **Schedule_Portfolio** - Please enter a valid Quartz cron-expression. (Example: 0 */30 * * * *). \n\n\t y. **AppInsightsWorkspaceResourceID** - Use 'Log Analytic Workspace-->Properties' blade having 'Resource ID' property value. This is a fully qualified resourceId which is in format '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}'. \n4. Once all application settings have been entered, click **Review + create** to deploy..", - "title": "Option 1 - Azure Resource Manager (ARM) Template" - }, - { - "description": "Use the following step-by-step instructions to deploy the BitSight data connector manually with Azure Functions (Deployment via Visual Studio Code).", - "title": "Option 2 - Manual Deployment of Azure Functions" - }, - { - "description": "**1. Deploy a Function App**\n\n> **NOTE:** You will need to [prepare VS code](https://docs.microsoft.com/azure/azure-functions/functions-create-first-function-python#prerequisites) for Azure function development.\n\n1. Download the [Azure Function App](https://aka.ms/sentinel-BitSight310-functionapp) file. Extract archive to your local development computer.\n2. Start VS Code. Choose File in the main menu and select Open Folder.\n3. Select the top level folder from extracted files.\n4. Choose the Azure icon in the Activity bar, then in the **Azure: Functions** area, choose the **Deploy to function app** button.\nIf you aren't already signed in, choose the Azure icon in the Activity bar, then in the **Azure: Functions** area, choose **Sign in to Azure**\nIf you're already signed in, go to the next step.\n5. Provide the following information at the prompts:\n\n\ta. **Select folder:** Choose a folder from your workspace or browse to one that contains your function app.\n\n\tb. **Select Subscription:** Choose the subscription to use.\n\n\tc. Select **Create new Function App in Azure** (Don't choose the Advanced option)\n\n\td. **Enter a globally unique name for the function app:** Type a name that is valid in a URL path. The name you type is validated to make sure that it's unique in Azure Functions. (e.g. BitSightXXXXX).\n\n\te. **Select a runtime:** Choose Python 3.8 or above.\n\n\tf. Select a location for new resources. For better performance and lower costs choose the same [region](https://azure.microsoft.com/regions/) where Microsoft Sentinel is located.\n\n6. Deployment will begin. A notification is displayed after your function app is created and the deployment package is applied.\n7. Go to Azure Portal for the Function App configuration." - }, - { - "description": "**2. Configure the Function App**\n\n1. In the Function App, select the Function App Name and select **Configuration**.\n2. In the **Application settings** tab, select **+ New application setting**.\n3. Add each of the following application settings individually, with their respective values (case-sensitive): \n\n\t a. **FunctionName** - Name of the Azure Function App to be created. Default is BitSight. \n\n\t b. **API_token** - Enter API Token of your BitSight account. \n\n\t c. **Azure_Client_Id** - Enter Azure Client Id that you have created during app registration. \n\n\t d. **Azure_Client_Secret** - Enter Azure Client Secret that you have created during creating the client secret. \n\n\t e. **Azure_Tenant_Id** - Enter Azure Tenant Id of your Microsoft Entra ID. \n\n\t f. **Azure_Entra_Object_Id** - Enter Object id of your Microsoft Entra App. \n\n\t g. **Companies** - Please add valid company names separated by asterisk(*). For example: Actors Films*Goliath Investments LLC*HCL Group*Saperix, Inc. \n\n\t h. **Location** - The location in which the data collection rules and data collection endpoints should be deployed. \n\n\t i. **WorkspaceName** - Log analytics workspace name. Can be found under Log analytics \"Settings\". \n\n\t j. **Portfolio_Companies_Table_Name** - Name of the table to store portfolio companies. Default is BitsightPortfolio_Companies. Please do not keep this field as empty else you will get validation error. \n\n\t k. **Alerts_Table_Name** - Name of the table to store alerts. Default is BitsightAlerts_data. Please do not keep this field as empty else you will get validation error. \n\n\t l. **Breaches_Table_Name** - Name of the table to store breaches. Default is BitsightBreaches_data. Please do not keep this field as empty else you will get validation error. \n\n\t m. **Company_Table_Name** - Name of the table to store company details. Default is BitsightCompany_details. Please do not keep this field as empty else you will get validation error. \n\n\t n. **Company_Rating_Details_Table_Name** - Name of the table to store company rating details. Default is BitsightCompany_rating_details. Please do not keep this field as empty else you will get validation error. \n\n\t o. **Diligence_Historical_Statistics_Table_Name** - Name of the table to store diligence historical statistics. Default is BitsightDiligence_historical_statistics. Please do not keep this field as empty else you will get validation error. \n\n\t p. **Diligence_Statistics_Table_Name** - Name of the table to store diligence statistics. Default is BitsightDiligence_statistics. Please do not keep this field as empty else you will get validation error. \n\n\t q. **Findings_Summary_Table_Name** - Name of the table to store findings summary. Default is BitsightFindings_summary. Please do not keep this field as empty else you will get validation error. \n\n\t r. **Findings_Table_Name** - Name of the table to store findings data. Default is BitsightFindings_data. Please do not keep this field as empty else you will get validation error. \n\n\t s. **Graph_Table_Name** - Name of the table to store graph data. Default is BitsightGraph_data. Please do not keep this field as empty else you will get validation error. \n\n\t t. **Industrial_Statistics_Table_Name** - Name of the table to store industrial statistics. Default is BitsightIndustrial_statistics. Please do not keep this field as empty else you will get validation error. \n\n\t u. **Observation_Statistics_Table_Name** - Name of the table to store observation statistics. Default is BitsightObservation_statistics. Please do not keep this field as empty else you will get validation error. \n\n\t v. **LogLevel** - Select log level or log severity value from DEBUG, INFO, ERROR. By default it is set to INFO. \n\n\t w. **Schedule** - Please enter a valid Quartz cron-expression. (Example: 0 0 * * * *). \n\n\t x. **Schedule_Portfolio** - Please enter a valid Quartz cron-expression. (Example: 0 */30 * * * *). \n\n\t y. **AppInsightsWorkspaceResourceID** - Use 'Log Analytic Workspace-->Properties' blade having 'Resource ID' property value. This is a fully qualified resourceId which is in format '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}'. \n4. Once all application settings have been entered, click **Save**." - } - ] - } - } - }, - { - "type": "Microsoft.OperationalInsights/workspaces/providers/metadata", - "apiVersion": "2023-04-01-preview", - "name": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat('DataConnector-', last(split(variables('_dataConnectorId1'),'/'))))]", - "properties": { - "parentId": "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/dataConnectors', variables('_dataConnectorContentId1'))]", - "contentId": "[variables('_dataConnectorContentId1')]", - "kind": "DataConnector", - "version": "[variables('dataConnectorVersion1')]", - "source": { - "kind": "Solution", - "name": "BitSight", - "sourceId": "[variables('_solutionId')]" - }, - "author": { - "name": "Microsoft", - "email": "[variables('_email')]" - }, - "support": { - "name": "BitSight Support", - "email": "support@bitsight.com", - "tier": "Partner", - "link": "https://www.bitsight.com/customer-success-support" - } - } - } - ] - }, - "packageKind": "Solution", - "packageVersion": "[variables('_solutionVersion')]", - "packageName": "[variables('_solutionName')]", - "packageId": "[variables('_solutionId')]", - "contentSchemaVersion": "3.0.0", - "contentId": "[variables('_dataConnectorContentId1')]", - "contentKind": "DataConnector", - "displayName": "Bitsight data connector (using Azure Functions)", - "contentProductId": "[variables('_dataConnectorcontentProductId1')]", - "id": "[variables('_dataConnectorcontentProductId1')]", - "version": "[variables('dataConnectorVersion1')]" - } - }, - { - "type": "Microsoft.OperationalInsights/workspaces/providers/metadata", - "apiVersion": "2023-04-01-preview", - "name": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat('DataConnector-', last(split(variables('_dataConnectorId1'),'/'))))]", - "dependsOn": [ - "[variables('_dataConnectorId1')]" - ], - "location": "[parameters('workspace-location')]", - "properties": { - "parentId": "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/dataConnectors', variables('_dataConnectorContentId1'))]", - "contentId": "[variables('_dataConnectorContentId1')]", - "kind": "DataConnector", - "version": "[variables('dataConnectorVersion1')]", - "source": { - "kind": "Solution", - "name": "BitSight", - "sourceId": "[variables('_solutionId')]" - }, - "author": { - "name": "Microsoft", - "email": "[variables('_email')]" - }, - "support": { - "name": "BitSight Support", - "email": "support@bitsight.com", - "tier": "Partner", - "link": "https://www.bitsight.com/customer-success-support" - } - } - }, - { - "name": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',variables('_dataConnectorContentId1'))]", - "apiVersion": "2021-03-01-preview", - "type": "Microsoft.OperationalInsights/workspaces/providers/dataConnectors", - "location": "[parameters('workspace-location')]", - "kind": "GenericUI", - "properties": { - "connectorUiConfig": { - "title": "Bitsight data connector (using Azure Functions)", - "publisher": "BitSight Technologies, Inc.", - "descriptionMarkdown": "The [BitSight](https://www.BitSight.com/) Data Connector supports evidence-based cyber risk monitoring by bringing BitSight data in Microsoft Sentinel.", - "graphQueries": [ - { - "metricName": "Total Alerts data received", - "legend": "BitsightAlerts_data_CL", - "baseQuery": "BitsightAlerts_data_CL" - }, - { - "metricName": "Total Breaches data received", - "legend": "BitsightBreaches_data_CL", - "baseQuery": "BitsightBreaches_data_CL" - }, - { - "metricName": "Total Company Details received", - "legend": "BitsightCompany_details_CL", - "baseQuery": "BitsightCompany_details_CL" - }, - { - "metricName": "Total Company Ratings received", - "legend": "BitsightCompany_rating_details_CL", - "baseQuery": "BitsightCompany_rating_details_CL" - }, - { - "metricName": "Total Diligence Historical Statistics data received", - "legend": "BitsightDiligence_historical_statistics_CL", - "baseQuery": "BitsightDiligence_historical_statistics_CL" - }, - { - "metricName": "Total Diligence Statistics data received", - "legend": "BitsightDiligence_statistics_CL", - "baseQuery": "BitsightDiligence_statistics_CL" - }, - { - "metricName": "Total Findings data received", - "legend": "BitsightFindings_data_CL", - "baseQuery": "BitsightFindings_data_CL" - }, - { - "metricName": "Total Findings Summary data received", - "legend": "BitsightFindings_summary_CL", - "baseQuery": "BitsightFindings_summary_CL" - }, - { - "metricName": "Total Graph data received", - "legend": "BitsightGraph_data_CL", - "baseQuery": "BitsightGraph_data_CL" - }, - { - "metricName": "Total Industrial Statistics data received", - "legend": "BitsightIndustrial_statistics_CL", - "baseQuery": "BitsightIndustrial_statistics_CL" - }, - { - "metricName": "Total Observation Statistics data received", - "legend": "BitsightObservation_statistics_CL", - "baseQuery": "BitsightObservation_statistics_CL" - } - ], - "dataTypes": [ - { - "name": "BitsightAlerts_data_CL", - "lastDataReceivedQuery": "BitsightAlerts_data_CL\n | summarize Time = max(TimeGenerated)\n | where isnotempty(Time)" - }, - { - "name": "BitsightBreaches_data_CL", - "lastDataReceivedQuery": "BitsightBreaches_data_CL\n | summarize Time = max(TimeGenerated)\n | where isnotempty(Time)" - }, - { - "name": "BitsightCompany_details_CL", - "lastDataReceivedQuery": "BitsightCompany_details_CL\n | summarize Time = max(TimeGenerated)\n | where isnotempty(Time)" - }, - { - "name": "BitsightCompany_rating_details_CL", - "lastDataReceivedQuery": "BitsightCompany_rating_details_CL\n | summarize Time = max(TimeGenerated)\n | where isnotempty(Time)" - }, - { - "name": "BitsightDiligence_historical_statistics_CL", - "lastDataReceivedQuery": "BitsightDiligence_historical_statistics_CL\n | summarize Time = max(TimeGenerated)\n | where isnotempty(Time)" - }, - { - "name": "BitsightDiligence_statistics_CL", - "lastDataReceivedQuery": "BitsightDiligence_statistics_CL\n | summarize Time = max(TimeGenerated)\n | where isnotempty(Time)" - }, - { - "name": "BitsightFindings_data_CL", - "lastDataReceivedQuery": "BitsightFindings_data_CL\n | summarize Time = max(TimeGenerated)\n | where isnotempty(Time)" - }, - { - "name": "BitsightFindings_summary_CL", - "lastDataReceivedQuery": "BitsightFindings_summary_CL\n | summarize Time = max(TimeGenerated)\n | where isnotempty(Time)" - }, - { - "name": "BitsightGraph_data_CL", - "lastDataReceivedQuery": "BitsightGraph_data_CL\n | summarize Time = max(TimeGenerated)\n | where isnotempty(Time)" - }, - { - "name": "BitsightIndustrial_statistics_CL", - "lastDataReceivedQuery": "BitsightIndustrial_statistics_CL\n | summarize Time = max(TimeGenerated)\n | where isnotempty(Time)" - }, - { - "name": "BitsightObservation_statistics_CL", - "lastDataReceivedQuery": "BitsightObservation_statistics_CL\n | summarize Time = max(TimeGenerated)\n | where isnotempty(Time)" - } - ], - "connectivityCriterias": [ - { - "type": "IsConnectedQuery", - "value": [ - "BitsightAlerts_data_CL\n | summarize LastLogReceived = max(TimeGenerated)\n | project IsConnected = LastLogReceived > ago(30d)" - ] - }, - { - "type": "IsConnectedQuery", - "value": [ - "BitsightBreaches_data_CL\n | summarize LastLogReceived = max(TimeGenerated)\n | project IsConnected = LastLogReceived > ago(30d)" - ] - }, - { - "type": "IsConnectedQuery", - "value": [ - "BitsightCompany_details_CL\n | summarize LastLogReceived = max(TimeGenerated)\n | project IsConnected = LastLogReceived > ago(30d)" - ] - }, - { - "type": "IsConnectedQuery", - "value": [ - "BitsightCompany_rating_details_CL\n | summarize LastLogReceived = max(TimeGenerated)\n | project IsConnected = LastLogReceived > ago(30d)" - ] - }, - { - "type": "IsConnectedQuery", - "value": [ - "BitsightDiligence_historical_statistics_CL\n | summarize LastLogReceived = max(TimeGenerated)\n | project IsConnected = LastLogReceived > ago(30d)" - ] - }, - { - "type": "IsConnectedQuery", - "value": [ - "BitsightDiligence_statistics_CL\n | summarize LastLogReceived = max(TimeGenerated)\n | project IsConnected = LastLogReceived > ago(30d)" - ] - }, - { - "type": "IsConnectedQuery", - "value": [ - "BitsightFindings_data_CL\n | summarize LastLogReceived = max(TimeGenerated)\n | project IsConnected = LastLogReceived > ago(30d)" - ] - }, - { - "type": "IsConnectedQuery", - "value": [ - "BitsightFindings_summary_CL\n | summarize LastLogReceived = max(TimeGenerated)\n | project IsConnected = LastLogReceived > ago(30d)" - ] - }, - { - "type": "IsConnectedQuery", - "value": [ - "BitsightGraph_data_CL\n | summarize LastLogReceived = max(TimeGenerated)\n | project IsConnected = LastLogReceived > ago(30d)" - ] - }, - { - "type": "IsConnectedQuery", - "value": [ - "BitsightIndustrial_statistics_CL\n | summarize LastLogReceived = max(TimeGenerated)\n | project IsConnected = LastLogReceived > ago(30d)" - ] - }, - { - "type": "IsConnectedQuery", - "value": [ - "BitsightObservation_statistics_CL\n | summarize LastLogReceived = max(TimeGenerated)\n | project IsConnected = LastLogReceived > ago(30d)" - ] - } - ], - "sampleQueries": [ - { - "description": "BitSight Alert Events - Alerts Event for all Companies in portfolio.", - "query": "BitsightAlerts_data_CL\n | sort by TimeGenerated desc" - }, - { - "description": "BitSight Breaches Events - Breaches Event for all Companies in portfolio.", - "query": "BitsightBreaches_data_CL\n | sort by TimeGenerated desc" - }, - { - "description": "BitSight Company Details Events - Company Details Event for all Companies in portfolio.", - "query": "BitsightCompany_details_CL\n | sort by TimeGenerated desc" - }, - { - "description": "BitSight Company Ratings Events - Company Ratings Event for all Companies.", - "query": "BitsightCompany_rating_details_CL\n | sort by TimeGenerated desc" - }, - { - "description": "BitSight Diligence Historical Statistics Events - Diligence Historical Statistics Event for all Companies.", - "query": "BitsightDiligence_historical_statistics_CL\n | sort by TimeGenerated desc" - }, - { - "description": "BitSight Diligence Statistics Events - Diligence Statistics Event for all Companies.", - "query": "BitsightDiligence_statistics_CL\n | sort by TimeGenerated desc" - }, - { - "description": "BitSight Findings Events - Findings Event for all Companies.", - "query": "BitsightFindings_data_CL\n | sort by TimeGenerated desc" - }, - { - "description": "BitSight Findings Summary Events - Findings Summary Event for all Companies.", - "query": "BitsightFindings_summary_CL\n | sort by TimeGenerated desc" - }, - { - "description": "BitSight Graph Events - Graph Event for all Companies.", - "query": "BitsightGraph_data_CL\n | sort by TimeGenerated desc" - }, - { - "description": "BitSight Industrial Statistics Events - Industrial Statistics Event for all Companies.", - "query": "BitsightIndustrial_statistics_CL\n | sort by TimeGenerated desc" - }, - { - "description": "BitSight Observation Statistics Events - Observation Statistics Event for all Companies.", - "query": "BitsightObservation_statistics_CL\n | sort by TimeGenerated desc" - } - ], - "availability": { - "status": 1, - "isPreview": false - }, - "permissions": { - "resourceProvider": [ - { - "provider": "Microsoft.OperationalInsights/workspaces", - "permissionsDisplayText": "read and write permissions on the workspace are required.", - "providerDisplayName": "Workspace", - "scope": "Workspace", - "requiredPermissions": { - "write": true, - "read": true, - "delete": true - } - }, - { - "provider": "Microsoft.OperationalInsights/workspaces/sharedKeys", - "permissionsDisplayText": "read permissions to shared keys for the workspace are required. [See the documentation to learn more about workspace keys](https://docs.microsoft.com/azure/azure-monitor/platform/agent-windows#obtain-workspace-id-and-key).", - "providerDisplayName": "Keys", - "scope": "Workspace", - "requiredPermissions": { - "action": true - } - } - ], - "customs": [ - { - "name": "Microsoft.Web/sites permissions", - "description": "Read and write permissions to Azure Functions to create a Function App is required. [See the documentation to learn more about Azure Functions](https://docs.microsoft.com/azure/azure-functions/)." - }, - { - "name": "REST API Credentials/permissions", - "description": "BitSight API Token is required. See the documentation to [learn more](https://help.bitsighttech.com/hc/en-us/articles/115014888388-API-Token-Management) about API Token." - } - ] - }, - "instructionSteps": [ - { - "description": ">**NOTE:** This connector uses Azure Functions to connect to the BitSight API to pull its logs into Microsoft Sentinel. This might result in additional data ingestion costs. Check the [Azure Functions pricing page](https://azure.microsoft.com/pricing/details/functions/) for details." - }, - { - "description": ">**(Optional Step)** Securely store workspace and API authorization key(s) or token(s) in Azure Key Vault. Azure Key Vault provides a secure mechanism to store and retrieve key values. [Follow these instructions](https://docs.microsoft.com/azure/app-service/app-service-key-vault-references) to use Azure Key Vault with an Azure Function App." - }, - { - "description": "**STEP 1 - Steps to Create/Get Bitsight API Token**\n\n Follow these instructions to get a BitSight API Token.\n 1. For SPM App: Refer to the [User Preference](https://service.bitsight.com/app/spm/account) tab of your Account page, \n\t\tGo to Settings > Account > User Preferences > API Token.\n 2. For TPRM App: Refer to the [User Preference](https://service.bitsight.com/app/tprm/account) tab of your Account page, \n\t\tGo to Settings > Account > User Preferences > API Token.\n 3. For Classic BitSight: Go to your [Account](https://service.bitsight.com/settings) page, \n\t\tGo to Settings > Account > API Token." - }, - { - "description": "**STEP 2 - App Registration steps for the Application in Microsoft Entra ID**\n\n This integration requires an App registration in the Azure portal. Follow the steps in this section to create a new application in Microsoft Entra ID:\n 1. Sign in to the [Azure portal](https://portal.azure.com/).\n 2. Search for and select **Microsoft Entra ID**.\n 3. Under **Manage**, select **App registrations > New registration**.\n 4. Enter a display **Name** for your application.\n 5. Select **Register** to complete the initial app registration.\n 6. When registration finishes, the Azure portal displays the app registration's Overview pane. You see the **Application (client) ID** and **Tenant ID**. The client ID and Tenant ID is required as configuration parameters for the execution of BitSight Data Connector. \n\n> **Reference link:** [https://learn.microsoft.com/azure/active-directory/develop/quickstart-register-app](https://learn.microsoft.com/azure/active-directory/develop/quickstart-register-app)" - }, - { - "description": "**STEP 3 - Add a client secret for application in Microsoft Entra ID**\n\n Sometimes called an application password, a client secret is a string value required for the execution of BitSight Data Connector. Follow the steps in this section to create a new Client Secret:\n 1. In the Azure portal, in **App registrations**, select your application.\n 2. Select **Certificates & secrets > Client secrets > New client secret**.\n 3. Add a description for your client secret.\n 4. Select an expiration for the secret or specify a custom lifetime. Limit is 24 months.\n 5. Select **Add**. \n 6. *Record the secret's value for use in your client application code. This secret value is never displayed again after you leave this page.* The secret value is required as configuration parameter for the execution of BitSight Data Connector. \n\n> **Reference link:** [https://learn.microsoft.com/azure/active-directory/develop/quickstart-register-app#add-a-client-secret](https://learn.microsoft.com/azure/active-directory/develop/quickstart-register-app#add-a-client-secret)" - }, - { - "description": "**STEP 4 - Get Object ID of your application in Microsoft Entra ID**\n\n After creating your app registration, follow the steps in this section to get Object ID:\n 1. Go to **Microsoft Entra ID**.\n 2. Select **Enterprise applications** from the left menu.\n 3. Find your newly created application in the list (you can search by the name you provided).\n 4. Click on the application.\n 5. On the overview page, copy the **Object ID**. This is the **AzureEntraObjectId** needed for your ARM template role assignment.\n" - }, - { - "description": "**STEP 5 - Assign role of Contributor to application in Microsoft Entra ID**\n\n Follow the steps in this section to assign the role:\n 1. In the Azure portal, Go to **Resource Group** and select your resource group.\n 2. Go to **Access control (IAM)** from left panel.\n 3. Click on **Add**, and then select **Add role assignment**.\n 4. Select **Contributor** as role and click on next.\n 5. In **Assign access to**, select `User, group, or service principal`.\n 6. Click on **add members** and type **your app name** that you have created and select it.\n 7. Now click on **Review + assign** and then again click on **Review + assign**. \n\n> **Reference link:** [https://learn.microsoft.com/azure/role-based-access-control/role-assignments-portal](https://learn.microsoft.com/azure/role-based-access-control/role-assignments-portal)" - }, - { - "description": "**STEP 6 - Choose ONE from the following two deployment options to deploy the connector and the associated Azure Function**\n\n>**IMPORTANT:** Before deploying the BitSight data connector, have the Workspace ID and Workspace Primary Key (can be copied from the following) readily available.., as well as the BitSight API Token.", - "instructions": [ - { - "parameters": { - "fillWith": [ - "WorkspaceId" - ], - "label": "Workspace ID" - }, - "type": "CopyableLabel" - }, - { - "parameters": { - "fillWith": [ - "PrimaryKey" - ], - "label": "Primary Key" - }, - "type": "CopyableLabel" - } - ] - }, - { - "description": "Use this method for automated deployment of the BitSight connector.\n\n1. Click the **Deploy to Azure** button below. \n\n\t[![Deploy To Azure](https://aka.ms/deploytoazurebutton)](https://aka.ms/sentinel-BitSight-azuredeploy)\n2. Select the preferred **Subscription**, **Resource Group** and **Location**. \n3. Enter the below information : \n\n\t a. **FunctionName** - Name of the Azure Function App to be created. Default is BitSight. \n\n\t b. **API_token** - Enter API Token of your BitSight account. \n\n\t c. **Azure_Client_Id** - Enter Azure Client Id that you have created during app registration. \n\n\t d. **Azure_Client_Secret** - Enter Azure Client Secret that you have created during creating the client secret. \n\n\t e. **Azure_Tenant_Id** - Enter Azure Tenant Id of your Microsoft Entra ID. \n\n\t f. **Azure_Entra_Object_Id** - Enter Object id of your Microsoft Entra App. \n\n\t g. **Companies** - Please add valid company names separated by asterisk(*). For example: Actors Films*Goliath Investments LLC*HCL Group*Saperix, Inc. \n\n\t h. **Location** - The location in which the data collection rules and data collection endpoints should be deployed. \n\n\t i. **WorkspaceName** - Log analytics workspace name. Can be found under Log analytics \"Settings\". \n\n\t j. **Portfolio_Companies_Table_Name** - Name of the table to store portfolio companies. Default is BitsightPortfolio_Companies. Please do not keep this field as empty else you will get validation error. \n\n\t k. **Alerts_Table_Name** - Name of the table to store alerts. Default is BitsightAlerts_data. Please do not keep this field as empty else you will get validation error. \n\n\t l. **Breaches_Table_Name** - Name of the table to store breaches. Default is BitsightBreaches_data. Please do not keep this field as empty else you will get validation error. \n\n\t m. **Company_Table_Name** - Name of the table to store company details. Default is BitsightCompany_details. Please do not keep this field as empty else you will get validation error. \n\n\t n. **Company_Rating_Details_Table_Name** - Name of the table to store company rating details. Default is BitsightCompany_rating_details. Please do not keep this field as empty else you will get validation error. \n\n\t o. **Diligence_Historical_Statistics_Table_Name** - Name of the table to store diligence historical statistics. Default is BitsightDiligence_historical_statistics. Please do not keep this field as empty else you will get validation error. \n\n\t p. **Diligence_Statistics_Table_Name** - Name of the table to store diligence statistics. Default is BitsightDiligence_statistics. Please do not keep this field as empty else you will get validation error. \n\n\t q. **Findings_Summary_Table_Name** - Name of the table to store findings summary. Default is BitsightFindings_summary. Please do not keep this field as empty else you will get validation error. \n\n\t r. **Findings_Table_Name** - Name of the table to store findings data. Default is BitsightFindings_data. Please do not keep this field as empty else you will get validation error. \n\n\t s. **Graph_Table_Name** - Name of the table to store graph data. Default is BitsightGraph_data. Please do not keep this field as empty else you will get validation error. \n\n\t t. **Industrial_Statistics_Table_Name** - Name of the table to store industrial statistics. Default is BitsightIndustrial_statistics. Please do not keep this field as empty else you will get validation error. \n\n\t u. **Observation_Statistics_Table_Name** - Name of the table to store observation statistics. Default is BitsightObservation_statistics. Please do not keep this field as empty else you will get validation error. \n\n\t v. **LogLevel** - Select log level or log severity value from DEBUG, INFO, ERROR. By default it is set to INFO. \n\n\t w. **Schedule** - Please enter a valid Quartz cron-expression. (Example: 0 0 * * * *). \n\n\t x. **Schedule_Portfolio** - Please enter a valid Quartz cron-expression. (Example: 0 */30 * * * *). \n\n\t y. **AppInsightsWorkspaceResourceID** - Use 'Log Analytic Workspace-->Properties' blade having 'Resource ID' property value. This is a fully qualified resourceId which is in format '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}'. \n4. Once all application settings have been entered, click **Review + create** to deploy..", - "title": "Option 1 - Azure Resource Manager (ARM) Template" - }, - { - "description": "Use the following step-by-step instructions to deploy the BitSight data connector manually with Azure Functions (Deployment via Visual Studio Code).", - "title": "Option 2 - Manual Deployment of Azure Functions" - }, - { - "description": "**1. Deploy a Function App**\n\n> **NOTE:** You will need to [prepare VS code](https://docs.microsoft.com/azure/azure-functions/functions-create-first-function-python#prerequisites) for Azure function development.\n\n1. Download the [Azure Function App](https://aka.ms/sentinel-BitSight310-functionapp) file. Extract archive to your local development computer.\n2. Start VS Code. Choose File in the main menu and select Open Folder.\n3. Select the top level folder from extracted files.\n4. Choose the Azure icon in the Activity bar, then in the **Azure: Functions** area, choose the **Deploy to function app** button.\nIf you aren't already signed in, choose the Azure icon in the Activity bar, then in the **Azure: Functions** area, choose **Sign in to Azure**\nIf you're already signed in, go to the next step.\n5. Provide the following information at the prompts:\n\n\ta. **Select folder:** Choose a folder from your workspace or browse to one that contains your function app.\n\n\tb. **Select Subscription:** Choose the subscription to use.\n\n\tc. Select **Create new Function App in Azure** (Don't choose the Advanced option)\n\n\td. **Enter a globally unique name for the function app:** Type a name that is valid in a URL path. The name you type is validated to make sure that it's unique in Azure Functions. (e.g. BitSightXXXXX).\n\n\te. **Select a runtime:** Choose Python 3.8 or above.\n\n\tf. Select a location for new resources. For better performance and lower costs choose the same [region](https://azure.microsoft.com/regions/) where Microsoft Sentinel is located.\n\n6. Deployment will begin. A notification is displayed after your function app is created and the deployment package is applied.\n7. Go to Azure Portal for the Function App configuration." - }, - { - "description": "**2. Configure the Function App**\n\n1. In the Function App, select the Function App Name and select **Configuration**.\n2. In the **Application settings** tab, select **+ New application setting**.\n3. Add each of the following application settings individually, with their respective values (case-sensitive): \n\n\t a. **FunctionName** - Name of the Azure Function App to be created. Default is BitSight. \n\n\t b. **API_token** - Enter API Token of your BitSight account. \n\n\t c. **Azure_Client_Id** - Enter Azure Client Id that you have created during app registration. \n\n\t d. **Azure_Client_Secret** - Enter Azure Client Secret that you have created during creating the client secret. \n\n\t e. **Azure_Tenant_Id** - Enter Azure Tenant Id of your Microsoft Entra ID. \n\n\t f. **Azure_Entra_Object_Id** - Enter Object id of your Microsoft Entra App. \n\n\t g. **Companies** - Please add valid company names separated by asterisk(*). For example: Actors Films*Goliath Investments LLC*HCL Group*Saperix, Inc. \n\n\t h. **Location** - The location in which the data collection rules and data collection endpoints should be deployed. \n\n\t i. **WorkspaceName** - Log analytics workspace name. Can be found under Log analytics \"Settings\". \n\n\t j. **Portfolio_Companies_Table_Name** - Name of the table to store portfolio companies. Default is BitsightPortfolio_Companies. Please do not keep this field as empty else you will get validation error. \n\n\t k. **Alerts_Table_Name** - Name of the table to store alerts. Default is BitsightAlerts_data. Please do not keep this field as empty else you will get validation error. \n\n\t l. **Breaches_Table_Name** - Name of the table to store breaches. Default is BitsightBreaches_data. Please do not keep this field as empty else you will get validation error. \n\n\t m. **Company_Table_Name** - Name of the table to store company details. Default is BitsightCompany_details. Please do not keep this field as empty else you will get validation error. \n\n\t n. **Company_Rating_Details_Table_Name** - Name of the table to store company rating details. Default is BitsightCompany_rating_details. Please do not keep this field as empty else you will get validation error. \n\n\t o. **Diligence_Historical_Statistics_Table_Name** - Name of the table to store diligence historical statistics. Default is BitsightDiligence_historical_statistics. Please do not keep this field as empty else you will get validation error. \n\n\t p. **Diligence_Statistics_Table_Name** - Name of the table to store diligence statistics. Default is BitsightDiligence_statistics. Please do not keep this field as empty else you will get validation error. \n\n\t q. **Findings_Summary_Table_Name** - Name of the table to store findings summary. Default is BitsightFindings_summary. Please do not keep this field as empty else you will get validation error. \n\n\t r. **Findings_Table_Name** - Name of the table to store findings data. Default is BitsightFindings_data. Please do not keep this field as empty else you will get validation error. \n\n\t s. **Graph_Table_Name** - Name of the table to store graph data. Default is BitsightGraph_data. Please do not keep this field as empty else you will get validation error. \n\n\t t. **Industrial_Statistics_Table_Name** - Name of the table to store industrial statistics. Default is BitsightIndustrial_statistics. Please do not keep this field as empty else you will get validation error. \n\n\t u. **Observation_Statistics_Table_Name** - Name of the table to store observation statistics. Default is BitsightObservation_statistics. Please do not keep this field as empty else you will get validation error. \n\n\t v. **LogLevel** - Select log level or log severity value from DEBUG, INFO, ERROR. By default it is set to INFO. \n\n\t w. **Schedule** - Please enter a valid Quartz cron-expression. (Example: 0 0 * * * *). \n\n\t x. **Schedule_Portfolio** - Please enter a valid Quartz cron-expression. (Example: 0 */30 * * * *). \n\n\t y. **AppInsightsWorkspaceResourceID** - Use 'Log Analytic Workspace-->Properties' blade having 'Resource ID' property value. This is a fully qualified resourceId which is in format '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}'. \n4. Once all application settings have been entered, click **Save**." - } - ], - "id": "[variables('_uiConfigId1')]" - } - } - }, - { - "type": "Microsoft.OperationalInsights/workspaces/providers/contentTemplates", - "apiVersion": "2023-04-01-preview", - "name": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/', variables('dataConnectorTemplateNameConnectorDefinition2'), variables('dataConnectorCCPVersion'))]", - "location": "[parameters('workspace-location')]", - "dependsOn": [ - "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]" - ], - "properties": { - "contentId": "[variables('_dataConnectorContentIdConnectorDefinition2')]", - "displayName": "BitSight Security Events (via Codeless Connector Framework)", - "contentKind": "DataConnector", - "mainTemplate": { - "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", - "contentVersion": "[variables('dataConnectorCCPVersion')]", - "parameters": {}, - "variables": {}, - "resources": [ - { - "name": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',variables('_dataConnectorContentIdConnectorDefinition2'))]", - "apiVersion": "2022-09-01-preview", - "type": "Microsoft.OperationalInsights/workspaces/providers/dataConnectorDefinitions", - "location": "[parameters('workspace-location')]", - "kind": "Customizable", - "properties": { - "connectorUiConfig": { - "id": "BitSightEventsConnector", - "title": "BitSight Security Events (via Codeless Connector Framework)", - "publisher": "Microsoft", - "descriptionMarkdown": "The [BitSight](https://www.bitsight.com/) data connector provides the capability to ingest security alerts, breaches, and findings from your BitSight portfolio into Microsoft Sentinel through the BitSight REST API. The connector monitors portfolio companies for rating changes, news alerts, data breaches, and detailed security findings across Diligence, Compromised Systems, and User Behavior risk categories. Refer to the [BitSight API documentation](https://help.bitsighttech.com/hc/en-us/articles/115014888388-API-Token-Management) for more information.", - "graphQueriesTableName": "BitSightAlerts", - "graphQueries": [ - { - "metricName": "Total Alerts received", - "legend": "BitSight Alerts", - "baseQuery": "{{graphQueriesTableName}}" - }, - { - "metricName": "Total Breaches received", - "legend": "BitSight Breaches", - "baseQuery": "BitSightBreaches" - }, - { - "metricName": "Total Findings received", - "legend": "BitSight Findings", - "baseQuery": "BitSightFindings" - } - ], - "sampleQueries": [ - { - "description": "Get sample of BitSight Alerts", - "query": "BitSightAlerts\n | take 10" - }, - { - "description": "Get recent high-severity alerts", - "query": "BitSightAlerts\n | where severity in ('WARN', 'CRITICAL') and TimeGenerated > ago(7d)\n | project TimeGenerated, company_name, alert_type, severity\n | order by TimeGenerated desc" - }, - { - "description": "Get sample of BitSight Findings", - "query": "BitSightFindings\n | take 10" - }, - { - "description": "Get active severe findings", - "query": "BitSightFindings\n | where currently_active == true and severity_category in ('MATERIAL', 'SEVERE')\n | project TimeGenerated, company_name, risk_vector_label, severity_category, severity, first_seen\n | order by severity desc" - }, - { - "description": "Get sample of BitSight Breaches", - "query": "BitSightBreaches\n | take 10" - } - ], - "dataTypes": [ - { - "name": "{{graphQueriesTableName}}", - "lastDataReceivedQuery": "{{graphQueriesTableName}}\n | where TimeGenerated > ago(12h)\n | summarize Time = max(TimeGenerated)\n | where isnotempty(Time)" - }, - { - "name": "BitSightBreaches", - "lastDataReceivedQuery": "BitSightBreaches\n | where TimeGenerated > ago(12h)\n | summarize Time = max(TimeGenerated)\n | where isnotempty(Time)" - }, - { - "name": "BitSightFindings", - "lastDataReceivedQuery": "BitSightFindings\n | where TimeGenerated > ago(12h)\n | summarize Time = max(TimeGenerated)\n | where isnotempty(Time)" - } - ], - "connectivityCriteria": [ - { - "type": "HasDataConnectors" - } - ], - "availability": { - "isPreview": true, - "status": 1 - }, - "permissions": { - "resourceProvider": [ - { - "provider": "Microsoft.OperationalInsights/workspaces", - "permissionsDisplayText": "Read and Write permissions are required.", - "providerDisplayName": "Workspace", - "scope": "Workspace", - "requiredPermissions": { - "write": true, - "read": true, - "delete": true, - "action": false - } - } - ], - "customs": [ - { - "name": "BitSight API Token", - "description": "A BitSight API Token is required to authenticate requests to the BitSight REST API. [See the documentation](https://help.bitsighttech.com/hc/en-us/articles/115014888388-API-Token-Management) to learn more about API Token management." - } - ] - }, - "instructionSteps": [ - { - "title": "1. Connection Management", - "description": "Manage your BitSight data stream connections", - "instructions": [ - { - "type": "Markdown", - "parameters": { - "content": "## BitSight Connections\n\nManage multiple BitSight data stream connections. Each connection selects a specific data type - **Alerts**, **Breaches**, or **Findings** - and assigns a **Connection Name** that is stored in the `ConnectorName` column of every ingested record.\n\n> **Authentication**: BitSight uses HTTP Basic Authentication where the API token is used as **both** the username and password." - } - }, - { - "type": "DataConnectorsGrid", - "parameters": { - "mapping": [ - { - "columnName": "Connection Name", - "columnValue": "properties.addOnAttributes.friendlyName" - }, - { - "columnName": "Data Stream", - "columnValue": "properties.addOnAttributes.userStream" - }, - { - "columnName": "API URL", - "columnValue": "properties.request.apiEndpoint" - } - ], - "menuItems": [ - "DeleteConnector" - ] - } - }, - { - "type": "ContextPane", - "parameters": { - "isPrimary": true, - "label": "Add Connection", - "title": "Add BitSight Connection", - "subtitle": "Configure a new BitSight data stream connection", - "contextPaneType": "DataConnectorsContextPane", - "instructionSteps": [ - { - "instructions": [ - { - "type": "Markdown", - "parameters": { - "content": "## 1. Select Data Stream\n\nChoose which BitSight data type to collect for this connection. Create separate connections for each stream you want to ingest." - } - }, - { - "type": "Dropdown", - "parameters": { - "label": "Data Stream", - "name": "dataStream", - "options": [ - { - "key": "ALERTS", - "text": "Alerts - Rating changes and news events (BitSightAlerts)" - }, - { - "key": "BREACHES", - "text": "Breaches - Data breach events for portfolio companies (BitSightBreaches)" - }, - { - "key": "DILIGENCE", - "text": "Diligence Findings - Web, app, and network risk factors (BitSightFindings)" - }, - { - "key": "COMPROMISED_SYSTEMS", - "text": "Compromised Systems Findings - Botnet and malware activity (BitSightFindings)" - }, - { - "key": "USER_BEHAVIOR", - "text": "User Behavior Findings - Credential and employee risk activity (BitSightFindings)" - } - ], - "required": true - } - }, - { - "type": "Markdown", - "parameters": { - "content": "## 2. API Configuration" - } - }, - { - "type": "Textbox", - "parameters": { - "label": "BitSight API Base URL", - "placeholder": "https://api.bitsighttech.com", - "type": "text", - "name": "bitSightApiUrl", - "validations": { - "required": true - } - } - }, - { - "type": "Markdown", - "parameters": { - "content": "## 3. Authentication\n\nBitSight uses your API token as **both** the username and password for HTTP Basic Authentication." - } - }, - { - "type": "Textbox", - "parameters": { - "label": "BitSight API Token (Username)", - "placeholder": "Paste your BitSight API Token", - "type": "text", - "name": "username", - "validations": { - "required": true - } - } - }, - { - "type": "Textbox", - "parameters": { - "label": "BitSight API Token (Password)", - "placeholder": "Paste your BitSight API Token again", - "type": "password", - "name": "password", - "validations": { - "required": true - } - } - }, - { - "type": "InfoMessage", - "parameters": { - "text": "Both fields must contain the **same API token value**. Entering different values will cause authentication to fail.", - "visible": true, - "inline": false - } - }, - { - "type": "InfoMessage", - "parameters": { - "text": "Obtain your API Token from **Settings > Account > User Preferences > API Token** in the BitSight portal.", - "visible": true, - "inline": false - } - }, - { - "type": "Markdown", - "parameters": { - "content": "## 4. Connection Name\n\nAssign a unique name to identify this connection in the grid and in every ingested log record." - } - }, - { - "type": "Textbox", - "parameters": { - "label": "Connection Name", - "placeholder": "e.g. BitSight-Alerts-Prod", - "type": "text", - "name": "friendlyName", - "validations": { - "required": true - } - } - }, - { - "type": "InfoMessage", - "parameters": { - "text": "The connection name is stored in the `ConnectorName` column of every ingested record, enabling you to trace data back to this specific connection.", - "visible": true, - "inline": true - } - } - ] - } - ] - } - } - ] - } - ] - } - } - }, - { - "name": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat('DataConnector-', variables('_dataConnectorContentIdConnectorDefinition2')))]", - "apiVersion": "2022-01-01-preview", - "type": "Microsoft.OperationalInsights/workspaces/providers/metadata", - "properties": { - "parentId": "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/dataConnectorDefinitions', variables('_dataConnectorContentIdConnectorDefinition2'))]", - "contentId": "[variables('_dataConnectorContentIdConnectorDefinition2')]", - "kind": "DataConnector", - "version": "[variables('dataConnectorCCPVersion')]", - "source": { - "sourceId": "[variables('_solutionId')]", - "name": "[variables('_solutionName')]", - "kind": "Solution" - }, - "author": { - "name": "Microsoft", - "email": "[variables('_email')]" - }, - "support": { - "name": "BitSight Support", - "email": "support@bitsight.com", - "tier": "Partner", - "link": "https://www.bitsight.com/customer-success-support" - }, - "dependencies": { - "criteria": [ - { - "version": "[variables('dataConnectorCCPVersion')]", - "contentId": "[variables('_dataConnectorContentIdConnections2')]", - "kind": "ResourcesDataConnector" - } - ] - } - } - }, - { - "name": "BitSightEventsDCR", - "apiVersion": "2022-06-01", - "type": "Microsoft.Insights/dataCollectionRules", - "location": "[parameters('workspace-location')]", - "kind": "[variables('blanks')]", - "properties": { - "dataCollectionEndpointId": "[variables('dataCollectionEndpointId2')]", - "streamDeclarations": { - "Custom-BitSightAlerts_CL": { - "columns": [ - { - "name": "guid", - "type": "string" - }, - { - "name": "alert_type", - "type": "string" - }, - { - "name": "alert_date", - "type": "string" - }, - { - "name": "start_date", - "type": "string" - }, - { - "name": "company_name", - "type": "string" - }, - { - "name": "company_guid", - "type": "string" - }, - { - "name": "company_url", - "type": "string" - }, - { - "name": "folder_guid", - "type": "string" - }, - { - "name": "folder_name", - "type": "string" - }, - { - "name": "severity", - "type": "string" - }, - { - "name": "trigger", - "type": "string" - }, - { - "name": "alert_set_name", - "type": "string" - }, - { - "name": "alert_set_guid", - "type": "string" - }, - { - "name": "friendlyName", - "type": "string" - } - ] - }, - "Custom-BitSightBreaches_CL": { - "columns": [ - { - "name": "company_guid", - "type": "string" - }, - { - "name": "company_name", - "type": "string" - }, - { - "name": "guid", - "type": "string" - }, - { - "name": "date", - "type": "string" - }, - { - "name": "date_created", - "type": "string" - }, - { - "name": "text", - "type": "string" - }, - { - "name": "preview_url", - "type": "string" - }, - { - "name": "event_type", - "type": "string" - }, - { - "name": "event_type_description", - "type": "string" - }, - { - "name": "severity", - "type": "int" - }, - { - "name": "breached_companies", - "type": "dynamic" - }, - { - "name": "dependent_companies", - "type": "dynamic" - }, - { - "name": "friendlyName", - "type": "string" - } - ] - }, - "Custom-BitSightFindings_CL": { - "columns": [ - { - "name": "temporary_id", - "type": "string" - }, - { - "name": "company_name", - "type": "string" - }, - { - "name": "company_guid", - "type": "string" - }, - { - "name": "risk_category", - "type": "string" - }, - { - "name": "risk_vector", - "type": "string" - }, - { - "name": "risk_vector_label", - "type": "string" - }, - { - "name": "severity_category", - "type": "string" - }, - { - "name": "severity", - "type": "real" - }, - { - "name": "first_seen", - "type": "string" - }, - { - "name": "last_seen", - "type": "string" - }, - { - "name": "currently_active", - "type": "boolean" - }, - { - "name": "asset_category", - "type": "string" - }, - { - "name": "assets", - "type": "dynamic" - }, - { - "name": "details", - "type": "dynamic" - }, - { - "name": "evidence_key", - "type": "string" - }, - { - "name": "attributed_companies", - "type": "dynamic" - }, - { - "name": "remediation_history", - "type": "dynamic" - }, - { - "name": "affects_rating", - "type": "boolean" - }, - { - "name": "comments", - "type": "dynamic" - }, - { - "name": "duration", - "type": "int" - }, - { - "name": "grace_period_end_date", - "type": "string" - }, - { - "name": "guest_network_end_date", - "type": "string" - }, - { - "name": "impacts_risk_vector_details", - "type": "dynamic" - }, - { - "name": "no_rv_grade_impact_end_date", - "type": "string" - }, - { - "name": "related_findings", - "type": "dynamic" - }, - { - "name": "remaining_decay", - "type": "int" - }, - { - "name": "remediated", - "type": "boolean" - }, - { - "name": "rolledup_observation_id", - "type": "string" - }, - { - "name": "tags", - "type": "dynamic" - }, - { - "name": "friendlyName", - "type": "string" - } - ] - } - }, - "destinations": { - "logAnalytics": [ - { - "workspaceResourceId": "[variables('workspaceResourceId')]", - "name": "clv2ws1" - } - ] - }, - "dataFlows": [ - { - "streams": [ - "Custom-BitSightAlerts_CL" - ], - "destinations": [ - "clv2ws1" - ], - "outputStream": "Custom-BitSightAlerts_CL", - "transformKql": "source | extend TimeGenerated = iff(isnull(['alert_date']) or todatetime(['alert_date']) < ago(2d), now(), todatetime(['alert_date'])) , Guid = ['guid'] , AlertType = ['alert_type'] , AlertDate = ['alert_date'] , StartDate = ['start_date'] , CompanyName = ['company_name'] , CompanyGuid = ['company_guid'] , CompanyUrl = ['company_url'] , FolderGuid = ['folder_guid'] , FolderName = ['folder_name'] , Severity = ['severity'] , Trigger = ['trigger'] , AlertSetName = ['alert_set_name'] , AlertSetGuid = ['alert_set_guid'] , ConnectorName = ['friendlyName'] | project TimeGenerated , Guid , AlertType , AlertDate , StartDate , CompanyName , CompanyGuid , CompanyUrl , FolderGuid , FolderName , Severity , Trigger , AlertSetName , AlertSetGuid , ConnectorName" - }, - { - "streams": [ - "Custom-BitSightBreaches_CL" - ], - "destinations": [ - "clv2ws1" - ], - "outputStream": "Custom-BitSightBreaches_CL", - "transformKql": "source | extend TimeGenerated = iff(isnull(['date']) or todatetime(['date']) < ago(2d), now(), todatetime(['date'])) , CompanyGuid = ['company_guid'] , CompanyName = ['company_name'] , Guid = ['guid'] , BreachDate = ['date'] , DateCreated = ['date_created'] , Text = ['text'] , PreviewUrl = ['preview_url'] , EventType = ['event_type'] , EventTypeDescription = ['event_type_description'] , Severity = ['severity'] , BreachedCompanies = ['breached_companies'] , DependentCompanies = ['dependent_companies'] , ConnectorName = ['friendlyName'] | project TimeGenerated , CompanyGuid , CompanyName , Guid , BreachDate , DateCreated , Text , PreviewUrl , EventType , EventTypeDescription , Severity , BreachedCompanies , DependentCompanies , ConnectorName" - }, - { - "streams": [ - "Custom-BitSightFindings_CL" - ], - "destinations": [ - "clv2ws1" - ], - "outputStream": "Custom-BitSightFindings_CL", - "transformKql": "source | extend TimeGenerated = iff(isnull(['last_seen']) or todatetime(['last_seen']) < ago(2d), now(), todatetime(['last_seen'])) , TemporaryId = ['temporary_id'] , CompanyName = ['company_name'] , CompanyGuid = ['company_guid'] , RiskCategory = ['risk_category'] , RiskVector = ['risk_vector'] , RiskVectorLabel = ['risk_vector_label'] , SeverityCategory = ['severity_category'] , Severity = ['severity'] , FirstSeen = ['first_seen'] , LastSeen = ['last_seen'] , CurrentlyActive = ['currently_active'] , AssetCategory = ['asset_category'] , Assets = ['assets'] , Details = ['details'] , EvidenceKey = ['evidence_key'] , AttributedCompanies = ['attributed_companies'] , RemediationHistory = ['remediation_history'] , AffectsRating = ['affects_rating'] , Comments = ['comments'] , Duration = ['duration'] , GracePeriodEndDate = ['grace_period_end_date'] , GuestNetworkEndDate = ['guest_network_end_date'] , ImpactsRiskVectorDetails = ['impacts_risk_vector_details'] , NoRvGradeImpactEndDate = ['no_rv_grade_impact_end_date'] , RelatedFindings = ['related_findings'] , RemainingDecay = ['remaining_decay'] , Remediated = ['remediated'] , RolledupObservationId = ['rolledup_observation_id'] , Tags = ['tags'] , ConnectorName = ['friendlyName'] | project TimeGenerated , TemporaryId , CompanyName , CompanyGuid , RiskCategory , RiskVector , RiskVectorLabel , SeverityCategory , Severity , FirstSeen , LastSeen , CurrentlyActive , AssetCategory , Assets , Details , EvidenceKey , AttributedCompanies , RemediationHistory , AffectsRating , Comments , Duration , GracePeriodEndDate , GuestNetworkEndDate , ImpactsRiskVectorDetails , NoRvGradeImpactEndDate , RelatedFindings , RemainingDecay , Remediated , RolledupObservationId , Tags , ConnectorName" - } - ] - } - }, - { - "name": "BitSightFindings_CL", - "apiVersion": "2022-10-01", - "type": "Microsoft.OperationalInsights/workspaces/tables", - "location": "[parameters('workspace-location')]", - "kind": null, - "properties": { - "retentionInDays": 180, - "schema": { - "name": "BitSightFindings_CL", - "description": "The BitSightFindings table contains security findings from the BitSight API including Diligence, Compromised Systems, and User Behavior findings for portfolio companies ingested into Microsoft Sentinel.", - "columns": [ - { - "name": "TimeGenerated", - "type": "datetime", - "isDefaultDisplay": true - }, - { - "name": "TemporaryId", - "type": "string", - "description": "The temporary identifier for a finding." - }, - { - "name": "CompanyName", - "type": "string", - "description": "Name of the company associated with the finding." - }, - { - "name": "CompanyGuid", - "type": "string", - "description": "GUID of the company associated with the finding." - }, - { - "name": "RiskCategory", - "type": "string", - "description": "The risk category (e.g., Diligence, Compromised Systems, User Behavior)." - }, - { - "name": "RiskVector", - "type": "string", - "description": "The risk vector slug for this finding." - }, - { - "name": "RiskVectorLabel", - "type": "string", - "description": "Human-readable label for the risk vector." - }, - { - "name": "SeverityCategory", - "type": "string", - "description": "Severity category (MINOR, MODERATE, MATERIAL, SEVERE)." - }, - { - "name": "Severity", - "type": "real", - "description": "Numeric severity score." - }, - { - "name": "FirstSeen", - "type": "string", - "description": "Date the finding was first observed (YYYY-MM-DD)." - }, - { - "name": "LastSeen", - "type": "string", - "description": "Date the finding was most recently observed (YYYY-MM-DD)." - }, - { - "name": "CurrentlyActive", - "type": "boolean", - "description": "Indicates if the finding is currently active." - }, - { - "name": "AssetCategory", - "type": "string", - "description": "Category of the affected asset." - }, - { - "name": "Assets", - "type": "dynamic", - "description": "Array of assets associated with this finding." - }, - { - "name": "Details", - "type": "dynamic", - "description": "Detailed finding data object (CVE info, diligence annotations, remediations, etc.)." - }, - { - "name": "EvidenceKey", - "type": "string", - "description": "Key identifying the source of evidence for the finding." - }, - { - "name": "AttributedCompanies", - "type": "dynamic", - "description": "Array of companies to which this finding has been attributed." - }, - { - "name": "RemediationHistory", - "type": "dynamic", - "description": "Remediation history object (last_requested_refresh_date, last_refresh_status, etc.)." - }, - { - "name": "AffectsRating", - "type": "boolean", - "description": "Indicates whether this finding contributes to the company's overall rating." - }, - { - "name": "Comments", - "type": "dynamic", - "description": "Array of analyst comments attached to this finding." - }, - { - "name": "Duration", - "type": "int", - "description": "Number of days the finding has been active." - }, - { - "name": "GracePeriodEndDate", - "type": "string", - "description": "Date until which the finding is in a grace period and does not affect the rating (YYYY-MM-DD)." - }, - { - "name": "GuestNetworkEndDate", - "type": "string", - "description": "Date until which the finding is suppressed as a guest network (YYYY-MM-DD)." - }, - { - "name": "ImpactsRiskVectorDetails", - "type": "dynamic", - "description": "Object describing which risk vectors are impacted by this finding." - }, - { - "name": "NoRvGradeImpactEndDate", - "type": "string", - "description": "Date until which the finding has no risk vector grade impact (YYYY-MM-DD)." - }, - { - "name": "RelatedFindings", - "type": "dynamic", - "description": "Array of finding identifiers related to this finding." - }, - { - "name": "RemainingDecay", - "type": "int", - "description": "Number of days remaining in the finding's decay window." - }, - { - "name": "Remediated", - "type": "boolean", - "description": "Indicates whether this finding has been remediated." - }, - { - "name": "RolledupObservationId", - "type": "string", - "description": "Identifier of the rolled-up observation this finding belongs to." - }, - { - "name": "Tags", - "type": "dynamic", - "description": "Array of tags applied to this finding." - }, - { - "name": "ConnectorName", - "type": "string", - "description": "Connection name assigned during connector setup." - } - ] - } - } - }, - { - "name": "BitSightCompanyDetails_CL", - "apiVersion": "2022-10-01", - "type": "Microsoft.OperationalInsights/workspaces/tables", - "location": "[parameters('workspace-location')]", - "kind": null, - "properties": { - "retentionInDays": 180, - "schema": { - "name": "BitSightCompanyDetails_CL", - "description": "The BitSightCompanyDetails table contains full company snapshots from the BitSight API per company GUID ingested into Microsoft Sentinel.", - "columns": [ - { - "name": "TimeGenerated", - "type": "datetime", - "isDefaultDisplay": true - }, - { - "name": "Guid", - "type": "string", - "description": "Unique identifier (GUID) for the company in BitSight." - }, - { - "name": "Name", - "type": "string", - "description": "Name of the company." - }, - { - "name": "Shortname", - "type": "string", - "description": "Short name of the company." - }, - { - "name": "CompanyType", - "type": "string", - "description": "The type of entity (e.g., CURATED,PRIVATE)." - }, - { - "name": "Description", - "type": "string", - "description": "Description of the company." - }, - { - "name": "PrimaryDomain", - "type": "string", - "description": "Primary internet domain of the company." - }, - { - "name": "Homepage", - "type": "string", - "description": "URL of the company homepage." - }, - { - "name": "DisplayUrl", - "type": "string", - "description": "URL to the company overview page in BitSight portal." - }, - { - "name": "Sparkline", - "type": "string", - "description": "URL to the company rating sparkline image." - }, - { - "name": "Industry", - "type": "string", - "description": "Industry sector name." - }, - { - "name": "IndustrySlug", - "type": "string", - "description": "URL-friendly identifier for the industry." - }, - { - "name": "SubIndustry", - "type": "string", - "description": "Sub-industry name." - }, - { - "name": "SubIndustrySlug", - "type": "string", - "description": "URL-friendly identifier for the sub-industry." - }, - { - "name": "Ipv4Count", - "type": "int", - "description": "Number of IPv4 addresses attributed to the company." - }, - { - "name": "PeopleCount", - "type": "int", - "description": "Number of people associated with the company." - }, - { - "name": "SearchCount", - "type": "int", - "description": "Number of searches for the company." - }, - { - "name": "CustomerMonitoringCount", - "type": "int", - "description": "Number of customers monitoring this company." - }, - { - "name": "CurrentRating", - "type": "int", - "description": "Current overall BitSight security rating." - }, - { - "name": "RatingIndustryMedian", - "type": "string", - "description": "Comparison of company rating to industry median (e.g., above, below)." - }, - { - "name": "Ratings", - "type": "dynamic", - "description": "Array of historical rating snapshots, each with rating_date, rating, range, and rating_color." - }, - { - "name": "SubscriptionType", - "type": "string", - "description": "Type of BitSight subscription (e.g., Continuous Monitoring)." - }, - { - "name": "SubscriptionTypeKey", - "type": "string", - "description": "Machine-readable subscription type key." - }, - { - "name": "SubscriptionEndDate", - "type": "string", - "description": "Date the subscription ends (YYYY-MM-DD), or null." - }, - { - "name": "BulkEmailSenderStatus", - "type": "string", - "description": "Bulk email sender classification (e.g., NONE)." - }, - { - "name": "SecurityGrade", - "type": "string", - "description": "Security grade, if available." - }, - { - "name": "ServiceProvider", - "type": "boolean", - "description": "Indicates whether this company is a service provider." - }, - { - "name": "HasCompanyTree", - "type": "boolean", - "description": "Indicates whether the company has a company tree." - }, - { - "name": "HasPreferredContact", - "type": "boolean", - "description": "Indicates whether the company has a preferred contact." - }, - { - "name": "IsBundle", - "type": "boolean", - "description": "Indicates whether this is a bundle entry." - }, - { - "name": "IsPrimary", - "type": "boolean", - "description": "Indicates whether this is the primary company record." - }, - { - "name": "InSpmPortfolio", - "type": "boolean", - "description": "Indicates whether the company is in the SPM portfolio." - }, - { - "name": "IsMycompMysubsBundle", - "type": "boolean", - "description": "Indicates whether this is a my-company/my-subsidiaries bundle." - }, - { - "name": "IsCsp", - "type": "boolean", - "description": "Indicates whether the company is a cloud service provider." - }, - { - "name": "HasDelegatedSecurityControls", - "type": "boolean", - "description": "Indicates whether security controls have been delegated." - }, - { - "name": "CustomId", - "type": "dynamic", - "description": "Customer-assigned identifier for the company." - }, - { - "name": "AvailableUpgradeTypes", - "type": "dynamic", - "description": "Array of available upgrade types for this company." - }, - { - "name": "CompanyFeatures", - "type": "dynamic", - "description": "Array of feature flags enabled for the company." - }, - { - "name": "RelatedCompanies", - "type": "dynamic", - "description": "Array of related company references." - }, - { - "name": "PrimaryCompany", - "type": "dynamic", - "description": "Primary company object (guid, name), or null." - }, - { - "name": "ComplianceClaim", - "type": "dynamic", - "description": "Compliance claim object, or null." - }, - { - "name": "Permissions", - "type": "dynamic", - "description": "Object of permission flags for this company (can_annotate, can_view_forensics, etc.)." - }, - { - "name": "ConnectorName", - "type": "string", - "description": "Connection name identifier for multi-instance tracking." - } - ] - } - } - }, - { - "name": "BitSightCompanyRatingDetails_CL", - "apiVersion": "2022-10-01", - "type": "Microsoft.OperationalInsights/workspaces/tables", - "location": "[parameters('workspace-location')]", - "kind": null, - "properties": { - "retentionInDays": 180, - "schema": { - "name": "BitSightCompanyRatingDetails_CL", - "description": "The BitSightCompanyRatingDetails table contains per-risk-vector rating breakdowns for each portfolio company from the BitSight API ingested into Microsoft Sentinel.", - "columns": [ - { - "name": "TimeGenerated", - "type": "datetime", - "isDefaultDisplay": true - }, - { - "name": "CompanyName", - "type": "string", - "description": "Name of the company." - }, - { - "name": "CompanyGuid", - "type": "string", - "description": "GUID of the company." - }, - { - "name": "RiskVectorSlug", - "type": "string", - "description": "URL-friendly identifier for the risk vector (dict key — always null due to CCF JSONPath limitation; use RiskVectorLabel)." - }, - { - "name": "RiskVectorLabel", - "type": "string", - "description": "Human-readable name of the risk vector (API field: name)." - }, - { - "name": "RiskCategory", - "type": "string", - "description": "Parent risk category for the risk vector (API field: category)." - }, - { - "name": "CategoryOrder", - "type": "int", - "description": "Display order of the category." - }, - { - "name": "Rating", - "type": "int", - "description": "Numeric score for this risk vector." - }, - { - "name": "Grade", - "type": "string", - "description": "Letter grade for this risk vector." - }, - { - "name": "Percentile", - "type": "int", - "description": "Percentile rank compared to peers for this risk vector (0-100)." - }, - { - "name": "GradeColor", - "type": "string", - "description": "Hex color code associated with the grade for UI display (e.g., '#239563')." - }, - { - "name": "RiskVectorOrder", - "type": "int", - "description": "Display order of the risk vector within its category." - }, - { - "name": "DisplayUrl", - "type": "string", - "description": "URL to the risk vector detail page in BitSight portal." - }, - { - "name": "Beta", - "type": "boolean", - "description": "Indicates if this risk vector is in beta status." - }, - { - "name": "ConnectorName", - "type": "string", - "description": "Connection name identifier for multi-instance tracking." - } - ] - } - } - }, - { - "name": "BitSightDiligenceHistoricalStatistics_CL", - "apiVersion": "2022-10-01", - "type": "Microsoft.OperationalInsights/workspaces/tables", - "location": "[parameters('workspace-location')]", - "kind": null, - "properties": { - "retentionInDays": 180, - "schema": { - "name": "BitSightDiligenceHistoricalStatistics_CL", - "description": "The BitSightDiligenceHistoricalStatistics table contains historical diligence statistics per company over time from the BitSight API ingested into Microsoft Sentinel.", - "columns": [ - { - "name": "TimeGenerated", - "type": "datetime", - "isDefaultDisplay": true - }, - { - "name": "CompanyName", - "type": "string", - "description": "Name of the company." - }, - { - "name": "CompanyGuid", - "type": "string", - "description": "GUID of the company." - }, - { - "name": "RecordDate", - "type": "string", - "description": "The date of the historical record (YYYY-MM-DD)." - }, - { - "name": "Grade", - "type": "string", - "description": "Letter grade for this record period." - }, - { - "name": "Counts", - "type": "dynamic", - "description": "Array of per-category count objects ({ count, category }). Expanded row-per-category at query time by the KQL parser via mv-expand." - }, - { - "name": "ConnectorName", - "type": "string", - "description": "Connection name identifier for multi-instance tracking." - } - ] - } - } - }, - { - "name": "BitSightDiligenceStatistics_CL", - "apiVersion": "2022-10-01", - "type": "Microsoft.OperationalInsights/workspaces/tables", - "location": "[parameters('workspace-location')]", - "kind": null, - "properties": { - "retentionInDays": 180, - "schema": { - "name": "BitSightDiligenceStatistics_CL", - "description": "The BitSightDiligenceStatistics table contains diligence statistics per risk vector for each portfolio company from the BitSight API ingested into Microsoft Sentinel.", - "columns": [ - { - "name": "TimeGenerated", - "type": "datetime", - "isDefaultDisplay": true - }, - { - "name": "CompanyName", - "type": "string", - "description": "Name of the company." - }, - { - "name": "CompanyGuid", - "type": "string", - "description": "GUID of the company." - }, - { - "name": "RiskVector", - "type": "string", - "description": "Risk vector slug (dict key — always null due to CCF JSONPath limitation)." - }, - { - "name": "Unknown", - "type": "int", - "description": "Count of findings with unknown severity." - }, - { - "name": "Bad", - "type": "int", - "description": "Count of bad findings." - }, - { - "name": "Warn", - "type": "int", - "description": "Count of warn findings." - }, - { - "name": "Neutral", - "type": "int", - "description": "Count of neutral findings." - }, - { - "name": "Fair", - "type": "int", - "description": "Count of fair findings." - }, - { - "name": "Good", - "type": "int", - "description": "Count of good findings." - }, - { - "name": "SpearPhishing", - "type": "int", - "description": "[domain_squatting] Count of spear-phishing lookalike domains." - }, - { - "name": "BitFlip", - "type": "int", - "description": "[domain_squatting] Count of bit-flip lookalike domains." - }, - { - "name": "TypographicalErrors", - "type": "int", - "description": "[domain_squatting] Count of typographical-error lookalike domains." - }, - { - "name": "TldVariant", - "type": "int", - "description": "[domain_squatting] Count of TLD-variant lookalike domains." - }, - { - "name": "TotalCount", - "type": "int", - "description": "[domain_squatting] Total count of all lookalike domain types." - }, - { - "name": "ConnectorName", - "type": "string", - "description": "Connection name identifier for multi-instance tracking." - } - ] - } - } - }, - { - "name": "BitSightFindingsSummary_CL", - "apiVersion": "2022-10-01", - "type": "Microsoft.OperationalInsights/workspaces/tables", - "location": "[parameters('workspace-location')]", - "kind": null, - "properties": { - "retentionInDays": 180, - "schema": { - "name": "BitSightFindingsSummary_CL", - "description": "The BitSightFindingsSummary table contains findings summary statistics per risk vector for each monitored company. Severity and description enrichment is resolved at query time by joining with BitsightVulnerabilitiesFindingsSummary on Name == DisplayName.", - "columns": [ - { - "name": "TimeGenerated", - "type": "datetime", - "isDefaultDisplay": true - }, - { - "name": "CompanyName", - "type": "string", - "description": "Name of the company associated with the findings summary." - }, - { - "name": "CompanyGuid", - "type": "string", - "description": "GUID of the company associated with the findings summary." - }, - { - "name": "StartDate", - "type": "string", - "description": "Start date of the reporting period (YYYY-MM-DD)." - }, - { - "name": "EndDate", - "type": "string", - "description": "End date of the reporting period (YYYY-MM-DD)." - }, - { - "name": "Stats", - "type": "dynamic", - "description": "Array of per-stat objects. Expanded row-per-stat at query time by the KQL parser via mv-expand into Name, StatId, Confidence, EventCount, HostCount, FirstSeen columns." - }, - { - "name": "ConnectorName", - "type": "string", - "description": "Connection name identifier for multi-instance tracking." - } - ] - } - } - }, - { - "name": "BitsightIndustrialStatistics_CL", - "apiVersion": "2022-10-01", - "type": "Microsoft.OperationalInsights/workspaces/tables", - "location": "[parameters('workspace-location')]", - "kind": null, - "properties": { - "retentionInDays": 180, - "schema": { - "name": "BitsightIndustrialStatistics_CL", - "description": "The BitsightIndustrialStatistics table contains industry peer comparison statistics per risk vector for each portfolio company from the BitSight API ingested into Microsoft Sentinel.", - "columns": [ - { - "name": "TimeGenerated", - "type": "datetime", - "isDefaultDisplay": true - }, - { - "name": "CompanyName", - "type": "string", - "description": "Name of the company." - }, - { - "name": "CompanyGuid", - "type": "string", - "description": "GUID of the company." - }, - { - "name": "RiskVector", - "type": "string", - "description": "Risk vector slug (dict key — always null due to CCF JSONPath limitation)." - }, - { - "name": "IncidentCount", - "type": "int", - "description": "Number of incidents for this risk vector in the industry over the measured period." - }, - { - "name": "CountPeriod", - "type": "string", - "description": "Measurement period (e.g., 'year')." - }, - { - "name": "AverageDurationDays", - "type": "real", - "description": "Average duration in days for incidents of this risk vector in the industry." - }, - { - "name": "ConnectorName", - "type": "string", - "description": "Connection name identifier for multi-instance tracking." - } - ] - } - } - }, - { - "name": "BitSightObservationStatistics_CL", - "apiVersion": "2022-10-01", - "type": "Microsoft.OperationalInsights/workspaces/tables", - "location": "[parameters('workspace-location')]", - "kind": null, - "properties": { - "retentionInDays": 180, - "schema": { - "name": "BitSightObservationStatistics_CL", - "description": "The BitSightObservationStatistics table contains observations statistics per risk vector for each portfolio company from the BitSight API ingested into Microsoft Sentinel.", - "columns": [ - { - "name": "TimeGenerated", - "type": "datetime", - "isDefaultDisplay": true - }, - { - "name": "CompanyName", - "type": "string", - "description": "Name of the company." - }, - { - "name": "CompanyGuid", - "type": "string", - "description": "GUID of the company." - }, - { - "name": "RiskVector", - "type": "string", - "description": "Risk vector slug (dict key — always null due to CCF JSONPath limitation)." - }, - { - "name": "ObservationCount", - "type": "int", - "description": "Total number of observations for this risk vector in the measurement period." - }, - { - "name": "CountPeriod", - "type": "string", - "description": "Measurement period (e.g., 'year')." - }, - { - "name": "AverageDurationDays", - "type": "real", - "description": "Average duration in days for observations." - }, - { - "name": "ConnectorName", - "type": "string", - "description": "Connection name identifier for multi-instance tracking." - } - ] - } - } - }, - { - "name": "BitsightVulnerabilitiesFindingsSummary_CL", - "apiVersion": "2022-10-01", - "type": "Microsoft.OperationalInsights/workspaces/tables", - "location": "[parameters('workspace-location')]", - "kind": null, - "properties": { - "retentionInDays": 180, - "schema": { - "name": "BitsightVulnerabilitiesFindingsSummary_CL", - "description": "The BitsightVulnerabilitiesFindingsSummary table contains vulnerability reference data from the BitSight defaults API. Used at query time to enrich BitSightFindingsSummary with Severity and Description via the KQL parser.", - "columns": [ - { - "name": "TimeGenerated", - "type": "datetime", - "isDefaultDisplay": true - }, - { - "name": "Name", - "type": "string", - "description": "Slug identifier for the vulnerability type (e.g., 'patching_cadence')." - }, - { - "name": "DisplayName", - "type": "string", - "description": "Human-readable name of the vulnerability type." - }, - { - "name": "Description", - "type": "string", - "description": "Description of what the vulnerability type measures." - }, - { - "name": "Severity", - "type": "string", - "description": "Severity level of the vulnerability type (e.g., 'high', 'medium', 'low')." - }, - { - "name": "ConnectorName", - "type": "string", - "description": "Connection name identifier for multi-instance tracking." - } - ] - } - } - }, - { - "name": "BitSightAlerts_CL", - "apiVersion": "2022-10-01", - "type": "Microsoft.OperationalInsights/workspaces/tables", - "location": "[parameters('workspace-location')]", - "kind": null, - "properties": { - "retentionInDays": 180, - "schema": { - "name": "BitSightAlerts_CL", - "description": "The BitSightAlerts table contains alert records from the BitSight API representing changes and news triggers for monitored portfolio companies ingested into Microsoft Sentinel.", - "columns": [ - { - "name": "TimeGenerated", - "type": "datetime", - "isDefaultDisplay": true - }, - { - "name": "Guid", - "type": "string", - "description": "Unique identifier of the alert." - }, - { - "name": "AlertType", - "type": "string", - "description": "The type of alert (e.g., THIRD_PARTY_INTEL)." - }, - { - "name": "AlertDate", - "type": "string", - "description": "The date the alert was triggered (YYYY-MM-DD)." - }, - { - "name": "StartDate", - "type": "string", - "description": "The start date of the alert (YYYY-MM-DD)." - }, - { - "name": "CompanyName", - "type": "string", - "description": "Name of the company associated with the alert." - }, - { - "name": "CompanyGuid", - "type": "string", - "description": "GUID of the company associated with the alert." - }, - { - "name": "CompanyUrl", - "type": "string", - "description": "URL of the company associated with the alert." - }, - { - "name": "FolderGuid", - "type": "string", - "description": "Folder GUID associated with the alert." - }, - { - "name": "FolderName", - "type": "string", - "description": "Folder name associated with the alert." - }, - { - "name": "Severity", - "type": "string", - "description": "Alert severity level (e.g., INFORMATIONAL)." - }, - { - "name": "Trigger", - "type": "string", - "description": "What triggered the alert." - }, - { - "name": "AlertSetName", - "type": "string", - "description": "Name of the alert set." - }, - { - "name": "AlertSetGuid", - "type": "string", - "description": "GUID of the alert set." - }, - { - "name": "ConnectorName", - "type": "string", - "description": "Connection name assigned during connector setup." - } - ] - } - } - }, - { - "name": "BitSightBreaches_CL", - "apiVersion": "2022-10-01", - "type": "Microsoft.OperationalInsights/workspaces/tables", - "location": "[parameters('workspace-location')]", - "kind": null, - "properties": { - "retentionInDays": 180, - "schema": { - "name": "BitSightBreaches_CL", - "description": "The BitSightBreaches table contains data breach records from the BitSight API for monitored portfolio companies ingested into Microsoft Sentinel.", - "columns": [ - { - "name": "TimeGenerated", - "type": "datetime", - "isDefaultDisplay": true - }, - { - "name": "CompanyGuid", - "type": "string", - "description": "GUID of the company that experienced the breach (enriched)." - }, - { - "name": "CompanyName", - "type": "string", - "description": "Name of the company that experienced the breach (enriched)." - }, - { - "name": "Guid", - "type": "string", - "description": "Unique identifier of the breach event." - }, - { - "name": "BreachDate", - "type": "string", - "description": "Date the breach event was recorded (YYYY-MM-DD)." - }, - { - "name": "DateCreated", - "type": "string", - "description": "Date this breach record was created in BitSight." - }, - { - "name": "Text", - "type": "string", - "description": "Description of the breach event." - }, - { - "name": "PreviewUrl", - "type": "string", - "description": "URL to a preview article about the breach." - }, - { - "name": "EventType", - "type": "string", - "description": "Breach event category (e.g., Human Error, Hacking)." - }, - { - "name": "EventTypeDescription", - "type": "string", - "description": "Detailed description of the breach event type." - }, - { - "name": "Severity", - "type": "int", - "description": "Numeric severity level of the breach." - }, - { - "name": "BreachedCompanies", - "type": "dynamic", - "description": "Array of companies directly affected by the breach." - }, - { - "name": "DependentCompanies", - "type": "dynamic", - "description": "Array of dependent companies impacted by this breach." - }, - { - "name": "ConnectorName", - "type": "string", - "description": "Connection name assigned during connector setup." - } - ] - } - } - } - ] - }, - "packageKind": "Solution", - "packageVersion": "[variables('_solutionVersion')]", - "packageName": "[variables('_solutionName')]", - "contentProductId": "[concat(take(variables('_solutionId'), 50),'-','dc','-', uniqueString(concat(variables('_solutionId'),'-','DataConnector','-',variables('_dataConnectorContentIdConnectorDefinition2'),'-', variables('dataConnectorCCPVersion'))))]", - "packageId": "[variables('_solutionId')]", - "contentSchemaVersion": "3.0.0", - "version": "[variables('dataConnectorCCPVersion')]" - } - }, - { - "name": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',variables('_dataConnectorContentIdConnectorDefinition2'))]", - "apiVersion": "2022-09-01-preview", - "type": "Microsoft.OperationalInsights/workspaces/providers/dataConnectorDefinitions", - "location": "[parameters('workspace-location')]", - "kind": "Customizable", - "properties": { - "connectorUiConfig": { - "id": "BitSightEventsConnector", - "title": "BitSight Security Events (via Codeless Connector Framework)", - "publisher": "Microsoft", - "descriptionMarkdown": "The [BitSight](https://www.bitsight.com/) data connector provides the capability to ingest security alerts, breaches, and findings from your BitSight portfolio into Microsoft Sentinel through the BitSight REST API. The connector monitors portfolio companies for rating changes, news alerts, data breaches, and detailed security findings across Diligence, Compromised Systems, and User Behavior risk categories. Refer to the [BitSight API documentation](https://help.bitsighttech.com/hc/en-us/articles/115014888388-API-Token-Management) for more information.", - "graphQueriesTableName": "BitSightAlerts", - "graphQueries": [ - { - "metricName": "Total Alerts received", - "legend": "BitSight Alerts", - "baseQuery": "{{graphQueriesTableName}}" - }, - { - "metricName": "Total Breaches received", - "legend": "BitSight Breaches", - "baseQuery": "BitSightBreaches" - }, - { - "metricName": "Total Findings received", - "legend": "BitSight Findings", - "baseQuery": "BitSightFindings" - } - ], - "sampleQueries": [ - { - "description": "Get sample of BitSight Alerts", - "query": "BitSightAlerts\n | take 10" - }, - { - "description": "Get recent high-severity alerts", - "query": "BitSightAlerts\n | where severity in ('WARN', 'CRITICAL') and TimeGenerated > ago(7d)\n | project TimeGenerated, company_name, alert_type, severity\n | order by TimeGenerated desc" - }, - { - "description": "Get sample of BitSight Findings", - "query": "BitSightFindings\n | take 10" - }, - { - "description": "Get active severe findings", - "query": "BitSightFindings\n | where currently_active == true and severity_category in ('MATERIAL', 'SEVERE')\n | project TimeGenerated, company_name, risk_vector_label, severity_category, severity, first_seen\n | order by severity desc" - }, - { - "description": "Get sample of BitSight Breaches", - "query": "BitSightBreaches\n | take 10" - } - ], - "dataTypes": [ - { - "name": "{{graphQueriesTableName}}", - "lastDataReceivedQuery": "{{graphQueriesTableName}}\n | where TimeGenerated > ago(12h)\n | summarize Time = max(TimeGenerated)\n | where isnotempty(Time)" - }, - { - "name": "BitSightBreaches", - "lastDataReceivedQuery": "BitSightBreaches\n | where TimeGenerated > ago(12h)\n | summarize Time = max(TimeGenerated)\n | where isnotempty(Time)" - }, - { - "name": "BitSightFindings", - "lastDataReceivedQuery": "BitSightFindings\n | where TimeGenerated > ago(12h)\n | summarize Time = max(TimeGenerated)\n | where isnotempty(Time)" - } - ], - "connectivityCriteria": [ - { - "type": "HasDataConnectors" - } - ], - "availability": { - "isPreview": true, - "status": 1 - }, - "permissions": { - "resourceProvider": [ - { - "provider": "Microsoft.OperationalInsights/workspaces", - "permissionsDisplayText": "Read and Write permissions are required.", - "providerDisplayName": "Workspace", - "scope": "Workspace", - "requiredPermissions": { - "write": true, - "read": true, - "delete": true, - "action": false - } - } - ], - "customs": [ - { - "name": "BitSight API Token", - "description": "A BitSight API Token is required to authenticate requests to the BitSight REST API. [See the documentation](https://help.bitsighttech.com/hc/en-us/articles/115014888388-API-Token-Management) to learn more about API Token management." - } - ] - }, - "instructionSteps": [ - { - "title": "1. Connection Management", - "description": "Manage your BitSight data stream connections", - "instructions": [ - { - "type": "Markdown", - "parameters": { - "content": "## BitSight Connections\n\nManage multiple BitSight data stream connections. Each connection selects a specific data type - **Alerts**, **Breaches**, or **Findings** - and assigns a **Connection Name** that is stored in the `ConnectorName` column of every ingested record.\n\n> **Authentication**: BitSight uses HTTP Basic Authentication where the API token is used as **both** the username and password." - } - }, - { - "type": "DataConnectorsGrid", - "parameters": { - "mapping": [ - { - "columnName": "Connection Name", - "columnValue": "properties.addOnAttributes.friendlyName" - }, - { - "columnName": "Data Stream", - "columnValue": "properties.addOnAttributes.userStream" - }, - { - "columnName": "API URL", - "columnValue": "properties.request.apiEndpoint" - } - ], - "menuItems": [ - "DeleteConnector" - ] - } - }, - { - "type": "ContextPane", - "parameters": { - "isPrimary": true, - "label": "Add Connection", - "title": "Add BitSight Connection", - "subtitle": "Configure a new BitSight data stream connection", - "contextPaneType": "DataConnectorsContextPane", - "instructionSteps": [ - { - "instructions": [ - { - "type": "Markdown", - "parameters": { - "content": "## 1. Select Data Stream\n\nChoose which BitSight data type to collect for this connection. Create separate connections for each stream you want to ingest." - } - }, - { - "type": "Dropdown", - "parameters": { - "label": "Data Stream", - "name": "dataStream", - "options": [ - { - "key": "ALERTS", - "text": "Alerts - Rating changes and news events (BitSightAlerts)" - }, - { - "key": "BREACHES", - "text": "Breaches - Data breach events for portfolio companies (BitSightBreaches)" - }, - { - "key": "DILIGENCE", - "text": "Diligence Findings - Web, app, and network risk factors (BitSightFindings)" - }, - { - "key": "COMPROMISED_SYSTEMS", - "text": "Compromised Systems Findings - Botnet and malware activity (BitSightFindings)" - }, - { - "key": "USER_BEHAVIOR", - "text": "User Behavior Findings - Credential and employee risk activity (BitSightFindings)" - } - ], - "required": true - } - }, - { - "type": "Markdown", - "parameters": { - "content": "## 2. API Configuration" - } - }, - { - "type": "Textbox", - "parameters": { - "label": "BitSight API Base URL", - "placeholder": "https://api.bitsighttech.com", - "type": "text", - "name": "bitSightApiUrl", - "validations": { - "required": true - } - } - }, - { - "type": "Markdown", - "parameters": { - "content": "## 3. Authentication\n\nBitSight uses your API token as **both** the username and password for HTTP Basic Authentication." - } - }, - { - "type": "Textbox", - "parameters": { - "label": "BitSight API Token (Username)", - "placeholder": "Paste your BitSight API Token", - "type": "text", - "name": "username", - "validations": { - "required": true - } - } - }, - { - "type": "Textbox", - "parameters": { - "label": "BitSight API Token (Password)", - "placeholder": "Paste your BitSight API Token again", - "type": "password", - "name": "password", - "validations": { - "required": true - } - } - }, - { - "type": "InfoMessage", - "parameters": { - "text": "Both fields must contain the **same API token value**. Entering different values will cause authentication to fail.", - "visible": true, - "inline": false - } - }, - { - "type": "InfoMessage", - "parameters": { - "text": "Obtain your API Token from **Settings > Account > User Preferences > API Token** in the BitSight portal.", - "visible": true, - "inline": false - } - }, - { - "type": "Markdown", - "parameters": { - "content": "## 4. Connection Name\n\nAssign a unique name to identify this connection in the grid and in every ingested log record." - } - }, - { - "type": "Textbox", - "parameters": { - "label": "Connection Name", - "placeholder": "e.g. BitSight-Alerts-Prod", - "type": "text", - "name": "friendlyName", - "validations": { - "required": true - } - } - }, - { - "type": "InfoMessage", - "parameters": { - "text": "The connection name is stored in the `ConnectorName` column of every ingested record, enabling you to trace data back to this specific connection.", - "visible": true, - "inline": true - } - } - ] - } - ] - } - } - ] - } - ] - } - } - }, - { - "name": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat('DataConnector-', variables('_dataConnectorContentIdConnectorDefinition2')))]", - "apiVersion": "2022-01-01-preview", - "type": "Microsoft.OperationalInsights/workspaces/providers/metadata", - "properties": { - "parentId": "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/dataConnectorDefinitions', variables('_dataConnectorContentIdConnectorDefinition2'))]", - "contentId": "[variables('_dataConnectorContentIdConnectorDefinition2')]", - "kind": "DataConnector", - "version": "[variables('dataConnectorCCPVersion')]", - "source": { - "sourceId": "[variables('_solutionId')]", - "name": "[variables('_solutionName')]", - "kind": "Solution" - }, - "author": { - "name": "Microsoft", - "email": "[variables('_email')]" - }, - "support": { - "name": "BitSight Support", - "email": "support@bitsight.com", - "tier": "Partner", - "link": "https://www.bitsight.com/customer-success-support" - }, - "dependencies": { - "criteria": [ - { - "version": "[variables('dataConnectorCCPVersion')]", - "contentId": "[variables('_dataConnectorContentIdConnections2')]", - "kind": "ResourcesDataConnector" - } - ] - } - } - }, - { - "type": "Microsoft.OperationalInsights/workspaces/providers/contentTemplates", - "apiVersion": "2023-04-01-preview", - "name": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/', variables('dataConnectorTemplateNameConnections2'), variables('dataConnectorCCPVersion'))]", - "location": "[parameters('workspace-location')]", - "dependsOn": [ - "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]" - ], - "properties": { - "contentId": "[variables('_dataConnectorContentIdConnections2')]", - "displayName": "BitSight Security Events (via Codeless Connector Framework)", - "contentKind": "ResourcesDataConnector", - "mainTemplate": { - "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", - "contentVersion": "[variables('dataConnectorCCPVersion')]", - "parameters": { - "guidValue": { - "defaultValue": "[[newGuid()]", - "type": "securestring" - }, - "innerWorkspace": { - "defaultValue": "[parameters('workspace')]", - "type": "securestring" - }, - "connectorDefinitionName": { - "defaultValue": "BitSight Security Events (via Codeless Connector Framework)", - "type": "securestring", - "minLength": 1 - }, - "workspace": { - "defaultValue": "[parameters('workspace')]", - "type": "securestring" - }, - "dcrConfig": { - "defaultValue": { - "dataCollectionEndpoint": "data collection Endpoint", - "dataCollectionRuleImmutableId": "data collection rule immutableId" - }, - "type": "object" - }, - "dataStream": { - "defaultValue": "dataStream", - "type": "array" - }, - "bitSightApiUrl": { - "defaultValue": "bitSightApiUrl", - "type": "securestring", - "minLength": 1 - }, - "username": { - "defaultValue": "username", - "type": "securestring", - "minLength": 1 - }, - "password": { - "defaultValue": "password", - "type": "securestring", - "minLength": 1 - }, - "friendlyName": { - "defaultValue": "friendlyName", - "type": "securestring", - "minLength": 1 - } - }, - "variables": { - "_dataConnectorContentIdConnections2": "[variables('_dataConnectorContentIdConnections2')]" - }, - "resources": [ - { - "name": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat('DataConnector-', variables('_dataConnectorContentIdConnections2')))]", - "apiVersion": "2022-01-01-preview", - "type": "Microsoft.OperationalInsights/workspaces/providers/metadata", - "properties": { - "parentId": "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/dataConnectors', variables('_dataConnectorContentIdConnections2'))]", - "contentId": "[variables('_dataConnectorContentIdConnections2')]", - "kind": "ResourcesDataConnector", - "version": "[variables('dataConnectorCCPVersion')]", - "source": { - "sourceId": "[variables('_solutionId')]", - "name": "[variables('_solutionName')]", - "kind": "Solution" - }, - "author": { - "name": "Microsoft", - "email": "[variables('_email')]" - }, - "support": { - "name": "BitSight Support", - "email": "support@bitsight.com", - "tier": "Partner", - "link": "https://www.bitsight.com/customer-success-support" - } - } - }, - { - "name": "[[concat('parameters('workspace')', '/Microsoft.SecurityInsights/','BitSightAlerts' , uniqueString(parameters('friendlyName')) )]", - "apiVersion": "2023-02-01-preview", - "type": "Microsoft.OperationalInsights/workspaces/providers/dataConnectors", - "location": "[parameters('workspace-location')]", - "kind": "RestApiPoller", - "properties": { - "auth": { - "type": "Basic", - "UserName": "[[parameters('username')]", - "Password": "[[parameters('password')]" - }, - "request": { - "apiEndpoint": "[[concat(parameters('bitSightApiUrl'), '/v2/alerts/')]", - "httpMethod": "GET", - "rateLimitQPS": 1, - "paginatedCallsPerSecond": 1.0, - "queryWindowInMin": 1440, - "queryWindowDelayInMin": 30, - "queryTimeFormat": "yyyy-MM-dd", - "retryCount": 3, - "timeoutInSeconds": 30, - "headers": { - "Accept": "application/json", - "X-BITSIGHT-CALLING-PLATFORM-VERSION": "Microsoft-Sentinel", - "X-BITSIGHT-CONNECTOR-NAME-VERSION": "3.0.2" - }, - "queryParameters": { - "sort": "alert_date", - "alert_date_gte": "{_QueryWindowStartTime}", - "alert_date_lte": "{_QueryWindowEndTime}" - } - }, - "response": { - "eventsJsonPaths": [ - "$.results[*]" - ], - "format": "json" - }, - "paging": { - "pagingType": "Offset", - "offsetParaName": "offset", - "pageSize": 1000, - "pageSizeParameterName": "limit" - }, - "connectorDefinitionName": "BitSightEventsConnector", - "dataType": "BitSightAlerts", - "dcrConfig": { - "streamName": "Custom-BitSightAlerts_CL", - "dataCollectionEndpoint": "[[parameters('dcrConfig').dataCollectionEndpoint]", - "dataCollectionRuleImmutableId": "[[parameters('dcrConfig').dataCollectionRuleImmutableId]" - }, - "addOnAttributes": { - "friendlyName": "[[parameters('friendlyName')]", - "userStream": "ALERTS" - } - }, - "condition": "[[equals(parameters('dataStream')[0], 'ALERTS')]" - }, - { - "name": "[[concat('parameters('workspace')', '/Microsoft.SecurityInsights/','BitSightBreaches' , uniqueString(parameters('friendlyName')) )]", - "apiVersion": "2023-02-01-preview", - "type": "Microsoft.OperationalInsights/workspaces/providers/dataConnectors", - "location": "[parameters('workspace-location')]", - "kind": "RestApiPoller", - "properties": { - "auth": { - "type": "Basic", - "UserName": "[[parameters('username')]", - "Password": "[[parameters('password')]" - }, - "request": { - "apiEndpoint": "[[concat(parameters('bitSightApiUrl'), '/ratings/v2/portfolio')]", - "httpMethod": "GET", - "rateLimitQPS": 1, - "paginatedCallsPerSecond": 1.0, - "queryWindowInMin": 1440, - "queryWindowDelayInMin": 60, - "retryCount": 3, - "timeoutInSeconds": 30, - "headers": { - "Accept": "application/json", - "X-BITSIGHT-CALLING-PLATFORM-VERSION": "Microsoft-Sentinel", - "X-BITSIGHT-CONNECTOR-NAME-VERSION": "3.0.2" - }, - "queryParameters": { - "fields": "name,guid" - } - }, - "response": { - "eventsJsonPaths": [ - "$.results[*]" - ], - "format": "json" - }, - "paging": { - "pagingType": "Offset", - "offsetParaName": "offset", - "pageSize": 500, - "pageSizeParameterName": "limit" - }, - "stepInfo": { - "stepType": "Nested", - "nextSteps": [ - { - "stepId": "fetch_company_breaches", - "stepPlaceholdersParsingKql": "source | project res = parse_json(data) | project company_guid_PlaceHolder = tostring(res['guid']), company_name_PlaceHolder = tostring(res['name'])" - } - ] - }, - "stepCollectorConfigs": { - "fetch_company_breaches": { - "shouldJoinNestedData": false, - "request": { - "apiEndpoint": "[[concat(parameters('bitSightApiUrl'), '/v1/companies/$company_guid_PlaceHolder$/providers/breaches')]", - "httpMethod": "GET", - "queryWindowInMin": 1440, - "queryTimeFormat": "yyyy-MM-dd", - "retryCount": 3, - "timeoutInSeconds": 30, - "headers": { - "Accept": "application/json", - "X-BITSIGHT-CALLING-PLATFORM-VERSION": "Microsoft-Sentinel", - "X-BITSIGHT-CONNECTOR-NAME-VERSION": "3.0.2" - }, - "queryParameters": { - "date_created_gte": "{_QueryWindowStartTime}", - "date_created_lte": "{_QueryWindowEndTime}" - } - }, - "response": { - "eventsJsonPaths": [ - "$.results[*]" - ], - "format": "json" - }, - "paging": { - "pagingType": "Offset", - "offsetParaName": "offset", - "pageSize": 500, - "pageSizeParaName": "limit" - } - } - }, - "connectorDefinitionName": "BitSightEventsConnector", - "dataType": "BitSightBreaches", - "dcrConfig": { - "streamName": "Custom-BitSightBreaches_CL", - "dataCollectionEndpoint": "[[parameters('dcrConfig').dataCollectionEndpoint]", - "dataCollectionRuleImmutableId": "[[parameters('dcrConfig').dataCollectionRuleImmutableId]" - }, - "addOnAttributes": { - "company_guid": "$company_guid_PlaceHolder$", - "company_name": "$company_name_PlaceHolder$", - "friendlyName": "[[parameters('friendlyName')]", - "userStream": "BREACHES" - } - }, - "condition": "[[equals(parameters('dataStream')[0], 'BREACHES')]" - }, - { - "name": "[[concat('parameters('workspace')', '/Microsoft.SecurityInsights/','BitSightFindings' , uniqueString(parameters('friendlyName')), uniqueString('Diligence') )]", - "apiVersion": "2023-02-01-preview", - "type": "Microsoft.OperationalInsights/workspaces/providers/dataConnectors", - "location": "[parameters('workspace-location')]", - "kind": "RestApiPoller", - "properties": { - "auth": { - "type": "Basic", - "UserName": "[[parameters('username')]", - "Password": "[[parameters('password')]" - }, - "request": { - "apiEndpoint": "[[concat(parameters('bitSightApiUrl'), '/ratings/v2/portfolio')]", - "httpMethod": "GET", - "rateLimitQPS": 1, - "paginatedCallsPerSecond": 1.0, - "queryWindowInMin": 1, - "queryWindowDelayInMin": 60, - "retryCount": 3, - "timeoutInSeconds": 30, - "headers": { - "Accept": "application/json", - "X-BITSIGHT-CALLING-PLATFORM-VERSION": "Microsoft-Sentinel", - "X-BITSIGHT-CONNECTOR-NAME-VERSION": "3.0.2" - }, - "queryParameters": { - "fields": "name,guid" - } - }, - "response": { - "eventsJsonPaths": [ - "$.results[*]" - ], - "format": "json" - }, - "paging": { - "pagingType": "Offset", - "offsetParaName": "offset", - "pageSize": 500, - "pageSizeParameterName": "limit" - }, - "stepInfo": { - "stepType": "Nested", - "nextSteps": [ - { - "stepId": "fetch_company_findings", - "stepPlaceholdersParsingKql": "source | project res = parse_json(data) | project company_guid_PlaceHolder = tostring(res['guid']), company_name_PlaceHolder = tostring(res['name'])" - } - ] - }, - "stepCollectorConfigs": { - "fetch_company_findings": { - "shouldJoinNestedData": false, - "request": { - "apiEndpoint": "[[concat(parameters('bitSightApiUrl'), '/ratings/v1/companies/$company_guid_PlaceHolder$/findings')]", - "httpMethod": "GET", - "queryWindowInMin": 1440, - "queryTimeFormat": "yyyy-MM-dd", - "retryCount": 3, - "timeoutInSeconds": 30, - "headers": { - "Accept": "application/json", - "X-BITSIGHT-CALLING-PLATFORM-VERSION": "Microsoft-Sentinel", - "X-BITSIGHT-CONNECTOR-NAME-VERSION": "3.0.2" - }, - "queryParameters": { - "sort": "last_seen", - "expand": "attributed_companies", - "risk_category": "Diligence", - "last_seen_gte": "{_QueryWindowStartTime}", - "last_seen_lte": "{_QueryWindowEndTime}" - } - }, - "response": { - "eventsJsonPaths": [ - "$.results[*]" - ], - "format": "json" - }, - "paging": { - "pagingType": "Offset", - "offsetParaName": "offset", - "pageSize": 1000, - "pageSizeParaName": "limit" - } - } - }, - "connectorDefinitionName": "BitSightEventsConnector", - "dataType": "BitSightFindings", - "dcrConfig": { - "streamName": "Custom-BitSightFindings_CL", - "dataCollectionEndpoint": "[[parameters('dcrConfig').dataCollectionEndpoint]", - "dataCollectionRuleImmutableId": "[[parameters('dcrConfig').dataCollectionRuleImmutableId]" - }, - "addOnAttributes": { - "company_guid": "$company_guid_PlaceHolder$", - "company_name": "$company_name_PlaceHolder$", - "userStream": "DILIGENCE", - "friendlyName": "[[parameters('friendlyName')]" - } - }, - "condition": "[[equals(parameters('dataStream')[0], 'DILIGENCE')]" - }, - { - "name": "[[concat('parameters('workspace')', '/Microsoft.SecurityInsights/','BitSightFindings' , uniqueString(parameters('friendlyName')), uniqueString('Compromised Systems') )]", - "apiVersion": "2023-02-01-preview", - "type": "Microsoft.OperationalInsights/workspaces/providers/dataConnectors", - "location": "[parameters('workspace-location')]", - "kind": "RestApiPoller", - "properties": { - "auth": { - "type": "Basic", - "UserName": "[[parameters('username')]", - "Password": "[[parameters('password')]" - }, - "request": { - "apiEndpoint": "[[concat(parameters('bitSightApiUrl'), '/ratings/v2/portfolio')]", - "httpMethod": "GET", - "rateLimitQPS": 1, - "paginatedCallsPerSecond": 1.0, - "queryWindowInMin": 1, - "queryWindowDelayInMin": 60, - "retryCount": 3, - "timeoutInSeconds": 30, - "headers": { - "Accept": "application/json", - "X-BITSIGHT-CALLING-PLATFORM-VERSION": "Microsoft-Sentinel", - "X-BITSIGHT-CONNECTOR-NAME-VERSION": "3.0.2" - }, - "queryParameters": { - "fields": "name,guid" - } - }, - "response": { - "eventsJsonPaths": [ - "$.results[*]" - ], - "format": "json" - }, - "paging": { - "pagingType": "Offset", - "offsetParaName": "offset", - "pageSize": 500, - "pageSizeParameterName": "limit" - }, - "stepInfo": { - "stepType": "Nested", - "nextSteps": [ - { - "stepId": "fetch_company_findings", - "stepPlaceholdersParsingKql": "source | project res = parse_json(data) | project company_guid_PlaceHolder = tostring(res['guid']), company_name_PlaceHolder = tostring(res['name'])" - } - ] - }, - "stepCollectorConfigs": { - "fetch_company_findings": { - "shouldJoinNestedData": false, - "request": { - "apiEndpoint": "[[concat(parameters('bitSightApiUrl'), '/ratings/v1/companies/$company_guid_PlaceHolder$/findings')]", - "httpMethod": "GET", - "queryWindowInMin": 1440, - "queryTimeFormat": "yyyy-MM-dd", - "retryCount": 3, - "timeoutInSeconds": 30, - "headers": { - "Accept": "application/json", - "X-BITSIGHT-CALLING-PLATFORM-VERSION": "Microsoft-Sentinel", - "X-BITSIGHT-CONNECTOR-NAME-VERSION": "3.0.2" - }, - "queryParameters": { - "sort": "last_seen", - "expand": "attributed_companies", - "risk_category": "Compromised Systems", - "last_seen_gte": "{_QueryWindowStartTime}", - "last_seen_lte": "{_QueryWindowEndTime}" - } - }, - "response": { - "eventsJsonPaths": [ - "$.results[*]" - ], - "format": "json" - }, - "paging": { - "pagingType": "Offset", - "offsetParaName": "offset", - "pageSize": 1000, - "pageSizeParaName": "limit" - } - } - }, - "connectorDefinitionName": "BitSightEventsConnector", - "dataType": "BitSightFindings", - "dcrConfig": { - "streamName": "Custom-BitSightFindings_CL", - "dataCollectionEndpoint": "[[parameters('dcrConfig').dataCollectionEndpoint]", - "dataCollectionRuleImmutableId": "[[parameters('dcrConfig').dataCollectionRuleImmutableId]" - }, - "addOnAttributes": { - "company_guid": "$company_guid_PlaceHolder$", - "company_name": "$company_name_PlaceHolder$", - "userStream": "COMPROMISED_SYSTEMS", - "friendlyName": "[[parameters('friendlyName')]" - } - }, - "condition": "[[equals(parameters('dataStream')[0], 'COMPROMISED_SYSTEMS')]" - }, - { - "name": "[[concat('parameters('workspace')', '/Microsoft.SecurityInsights/','BitSightFindings' , uniqueString(parameters('friendlyName')), uniqueString('User Behavior') )]", - "apiVersion": "2023-02-01-preview", - "type": "Microsoft.OperationalInsights/workspaces/providers/dataConnectors", - "location": "[parameters('workspace-location')]", - "kind": "RestApiPoller", - "properties": { - "auth": { - "type": "Basic", - "UserName": "[[parameters('username')]", - "Password": "[[parameters('password')]" - }, - "request": { - "apiEndpoint": "[[concat(parameters('bitSightApiUrl'), '/ratings/v2/portfolio')]", - "httpMethod": "GET", - "rateLimitQPS": 1, - "paginatedCallsPerSecond": 1.0, - "queryWindowInMin": 1, - "queryWindowDelayInMin": 60, - "retryCount": 3, - "timeoutInSeconds": 30, - "headers": { - "Accept": "application/json", - "X-BITSIGHT-CALLING-PLATFORM-VERSION": "Microsoft-Sentinel", - "X-BITSIGHT-CONNECTOR-NAME-VERSION": "3.0.2" - }, - "queryParameters": { - "fields": "name,guid" - } - }, - "response": { - "eventsJsonPaths": [ - "$.results[*]" - ], - "format": "json" - }, - "paging": { - "pagingType": "Offset", - "offsetParaName": "offset", - "pageSize": 500, - "pageSizeParameterName": "limit" - }, - "stepInfo": { - "stepType": "Nested", - "nextSteps": [ - { - "stepId": "fetch_company_findings", - "stepPlaceholdersParsingKql": "source | project res = parse_json(data) | project company_guid_PlaceHolder = tostring(res['guid']), company_name_PlaceHolder = tostring(res['name'])" - } - ] - }, - "stepCollectorConfigs": { - "fetch_company_findings": { - "shouldJoinNestedData": false, - "request": { - "apiEndpoint": "[[concat(parameters('bitSightApiUrl'), '/ratings/v1/companies/$company_guid_PlaceHolder$/findings')]", - "httpMethod": "GET", - "queryWindowInMin": 1440, - "queryTimeFormat": "yyyy-MM-dd", - "retryCount": 3, - "timeoutInSeconds": 30, - "headers": { - "Accept": "application/json", - "X-BITSIGHT-CALLING-PLATFORM-VERSION": "Microsoft-Sentinel", - "X-BITSIGHT-CONNECTOR-NAME-VERSION": "3.0.2" - }, - "queryParameters": { - "sort": "last_seen", - "expand": "attributed_companies", - "risk_category": "User Behavior", - "last_seen_gte": "{_QueryWindowStartTime}", - "last_seen_lte": "{_QueryWindowEndTime}" - } - }, - "response": { - "eventsJsonPaths": [ - "$.results[*]" - ], - "format": "json" - }, - "paging": { - "pagingType": "Offset", - "offsetParaName": "offset", - "pageSize": 1000, - "pageSizeParaName": "limit" - } - } - }, - "connectorDefinitionName": "BitSightEventsConnector", - "dataType": "BitSightFindings", - "dcrConfig": { - "streamName": "Custom-BitSightFindings_CL", - "dataCollectionEndpoint": "[[parameters('dcrConfig').dataCollectionEndpoint]", - "dataCollectionRuleImmutableId": "[[parameters('dcrConfig').dataCollectionRuleImmutableId]" - }, - "addOnAttributes": { - "company_guid": "$company_guid_PlaceHolder$", - "company_name": "$company_name_PlaceHolder$", - "userStream": "USER_BEHAVIOR", - "friendlyName": "[[parameters('friendlyName')]" - } - }, - "condition": "[[equals(parameters('dataStream')[0], 'USER_BEHAVIOR')]" - } - ] - }, - "packageKind": "Solution", - "packageVersion": "[variables('_solutionVersion')]", - "packageName": "[variables('_solutionName')]", - "contentProductId": "[concat(take(variables('_solutionId'), 50),'-','rdc','-', uniqueString(concat(variables('_solutionId'),'-','ResourcesDataConnector','-',variables('_dataConnectorContentIdConnections2'),'-', variables('dataConnectorCCPVersion'))))]", - "packageId": "[variables('_solutionId')]", - "contentSchemaVersion": "3.0.0", - "version": "[variables('dataConnectorCCPVersion')]" - } - }, - { - "type": "Microsoft.OperationalInsights/workspaces/providers/contentTemplates", - "apiVersion": "2023-04-01-preview", - "name": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/', variables('dataConnectorTemplateNameConnectorDefinition3'), variables('dataConnectorCCPVersion'))]", - "location": "[parameters('workspace-location')]", - "dependsOn": [ - "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]" - ], - "properties": { - "contentId": "[variables('_dataConnectorContentIdConnectorDefinition3')]", - "displayName": "BitSight Security Statistics (via Codeless Connector Framework)", - "contentKind": "DataConnector", - "mainTemplate": { - "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", - "contentVersion": "[variables('dataConnectorCCPVersion')]", - "parameters": {}, - "variables": {}, - "resources": [ - { - "name": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',variables('_dataConnectorContentIdConnectorDefinition3'))]", - "apiVersion": "2022-09-01-preview", - "type": "Microsoft.OperationalInsights/workspaces/providers/dataConnectorDefinitions", - "location": "[parameters('workspace-location')]", - "kind": "Customizable", - "properties": { - "connectorUiConfig": { - "id": "BitSightStatisticsConnector", - "title": "BitSight Security Statistics (via Codeless Connector Framework)", - "publisher": "Microsoft", - "descriptionMarkdown": "The [BitSight](https://www.bitsight.com/) data connector provides the capability to ingest security statistics, company profiles, rating details, diligence history, risk vector statistics, and vulnerability data from your BitSight portfolio into Microsoft Sentinel through the BitSight REST API. Refer to the [BitSight API documentation](https://help.bitsighttech.com/hc/en-us/articles/115014888388-API-Token-Management) for more information.", - "graphQueriesTableName": "BitSightCompanyDetails", - "graphQueries": [ - { - "metricName": "Total Company Detail records received", - "legend": "BitSight Company Details", - "baseQuery": "{{graphQueriesTableName}}" - }, - { - "metricName": "Total Company Rating Details received", - "legend": "BitSight Company Rating Details", - "baseQuery": "BitSightCompanyRatingDetails" - }, - { - "metricName": "Total Diligence Historical Statistics received", - "legend": "BitSight Diligence Historical Statistics", - "baseQuery": "BitSightDiligenceHistoricalStatistics" - }, - { - "metricName": "Total Diligence Statistics received", - "legend": "BitSight Diligence Statistics", - "baseQuery": "BitSightDiligenceStatistics" - }, - { - "metricName": "Total Observations Statistics received", - "legend": "BitSight Observations Statistics", - "baseQuery": "BitSightObservationStatistics" - }, - { - "metricName": "Total Industries Statistics received", - "legend": "BitSight Industries Statistics", - "baseQuery": "BitsightIndustrialStatistics" - }, - { - "metricName": "Total Findings Summary records received", - "legend": "BitSight Findings Summary", - "baseQuery": "BitSightFindingsSummary" - }, - { - "metricName": "Total Vulnerabilities received", - "legend": "BitSight Vulnerabilities", - "baseQuery": "BitsightVulnerabilitiesFindingsSummary" - } - ], - "sampleQueries": [ - { - "description": "Get sample of BitSight Company Details", - "query": "{{graphQueriesTableName}}\n | take 10" - }, - { - "description": "Get company security ratings over time", - "query": "{{graphQueriesTableName}}\n | where TimeGenerated > ago(90d)\n | summarize LatestRating = arg_max(TimeGenerated, CurrentRating) by Name\n | order by LatestRating asc" - }, - { - "description": "Get sample of BitSight Company Rating Details", - "query": "BitSightCompanyRatingDetails\n | take 10" - }, - { - "description": "Get findings summary with latest data per company/stat", - "query": "BitSightFindingsSummary\n | where TimeGenerated > ago(1d)\n | take 10" - }, - { - "description": "Get sample of BitSight Vulnerabilities", - "query": "BitsightVulnerabilitiesFindingsSummary\n | take 10" - } - ], - "dataTypes": [ - { - "name": "{{graphQueriesTableName}}", - "lastDataReceivedQuery": "{{graphQueriesTableName}}\n | where TimeGenerated > ago(12h)\n | summarize Time = max(TimeGenerated)\n | where isnotempty(Time)" - }, - { - "name": "BitSightCompanyRatingDetails", - "lastDataReceivedQuery": "BitSightCompanyRatingDetails\n | where TimeGenerated > ago(12h)\n | summarize Time = max(TimeGenerated)\n | where isnotempty(Time)" - }, - { - "name": "BitSightFindingsSummary", - "lastDataReceivedQuery": "BitSightFindingsSummary\n | where TimeGenerated > ago(12h)\n | summarize Time = max(TimeGenerated)\n | where isnotempty(Time)" - }, - { - "name": "BitSightDiligenceHistoricalStatistics", - "lastDataReceivedQuery": "BitSightDiligenceHistoricalStatistics\n| where TimeGenerated > ago(12h)\n| summarize Time = max(TimeGenerated)\n| where isnotempty(Time)" - }, - { - "name": "BitSightDiligenceStatistics", - "lastDataReceivedQuery": "BitSightDiligenceStatistics\n| where TimeGenerated > ago(12h)\n| summarize Time = max(TimeGenerated)\n| where isnotempty(Time)" - }, - { - "name": "BitSightObservationStatistics", - "lastDataReceivedQuery": "BitSightObservationStatistics\n| where TimeGenerated > ago(12h)\n| summarize Time = max(TimeGenerated)\n| where isnotempty(Time)" - }, - { - "name": "BitsightIndustrialStatistics", - "lastDataReceivedQuery": "BitsightIndustrialStatistics\n| where TimeGenerated > ago(12h)\n| summarize Time = max(TimeGenerated)\n| where isnotempty(Time)" - }, - { - "name": "BitsightVulnerabilitiesFindingsSummary", - "lastDataReceivedQuery": "BitsightVulnerabilitiesFindingsSummary\n| where TimeGenerated > ago(12h)\n| summarize Time = max(TimeGenerated)\n| where isnotempty(Time)" - } - ], - "connectivityCriteria": [ - { - "type": "HasDataConnectors" - } - ], - "availability": { - "isPreview": true, - "status": 1 - }, - "permissions": { - "resourceProvider": [ - { - "provider": "Microsoft.OperationalInsights/workspaces", - "permissionsDisplayText": "Read and Write permissions are required.", - "providerDisplayName": "Workspace", - "scope": "Workspace", - "requiredPermissions": { - "write": true, - "read": true, - "delete": true, - "action": false - } - } - ], - "customs": [ - { - "name": "BitSight API Token", - "description": "A BitSight API Token is required to authenticate requests to the BitSight REST API. [See the documentation](https://help.bitsighttech.com/hc/en-us/articles/115014888388-API-Token-Management) to learn more about API Token management." - } - ] - }, - "instructionSteps": [ - { - "title": "1. Connection Management", - "description": "Manage your BitSight statistics data stream connections", - "instructions": [ - { - "type": "Markdown", - "parameters": { - "content": "## BitSight Statistics Connections\n\nManage multiple BitSight statistics connections. Each connection selects one or more **data streams** to ingest and assigns a **Connection Name** stored in the `connectionName` column of every ingested record.\n\n> **Authentication**: BitSight uses HTTP Basic Authentication where the API token is used as **both** the username and password." - } - }, - { - "type": "DataConnectorsGrid", - "parameters": { - "mapping": [ - { - "columnName": "Connection Name", - "columnValue": "properties.addOnAttributes.connectionName" - }, - { - "columnName": "Active Streams", - "columnValue": "properties.addOnAttributes.streams" - }, - { - "columnName": "API URL", - "columnValue": "properties.request.apiEndpoint" - } - ], - "menuItems": [ - "DeleteConnector" - ] - } - }, - { - "type": "ContextPane", - "parameters": { - "isPrimary": true, - "label": "Add Connection", - "title": "Add BitSight Statistics Connection", - "subtitle": "Configure a new BitSight statistics connection", - "contextPaneType": "DataConnectorsContextPane", - "instructionSteps": [ - { - "instructions": [ - { - "type": "Markdown", - "parameters": { - "content": "## 1. Select Data Streams\n\nChoose which BitSight statistics data types to collect for this connection. You can select multiple streams." - } - }, - { - "type": "Dropdown", - "parameters": { - "label": "Data Streams", - "name": "streams", - "options": [ - { - "key": "FindingsSummary", - "text": "FindingsSummary" - }, - { - "key": "CompanyDetails", - "text": "CompanyDetails" - }, - { - "key": "CompanyRatingDetails", - "text": "CompanyRatingDetails" - }, - { - "key": "DiligenceHistoricalStatistics", - "text": "DiligenceHistoricalStatistics" - }, - { - "key": "RiskVectorStatistics", - "text": "RiskVectorStatistics" - }, - { - "key": "IndustriesStatistics", - "text": "IndustriesStatistics" - }, - { - "key": "Vulnerabilities", - "text": "Vulnerabilities" - }, - { - "key": "ObservationsStatistics", - "text": "ObservationsStatistics" - } - ], - "isMultiSelect": true, - "defaultAllSelected": false, - "required": true - } - }, - { - "type": "Markdown", - "parameters": { - "content": "## 2. API Configuration" - } - }, - { - "type": "Textbox", - "parameters": { - "label": "BitSight API Base URL", - "placeholder": "https://api.bitsighttech.com", - "type": "text", - "name": "bitSightApiUrl", - "validations": { - "required": true - } - } - }, - { - "type": "Markdown", - "parameters": { - "content": "## 3. Authentication\n\nBitSight uses your API token as **both** the username and password for HTTP Basic Authentication." - } - }, - { - "type": "Textbox", - "parameters": { - "label": "BitSight API Token (Username)", - "placeholder": "Paste your BitSight API Token", - "type": "text", - "name": "username", - "validations": { - "required": true - } - } - }, - { - "type": "Textbox", - "parameters": { - "label": "BitSight API Token (Password)", - "placeholder": "Paste your BitSight API Token again", - "type": "password", - "name": "password", - "validations": { - "required": true - } - } - }, - { - "type": "InfoMessage", - "parameters": { - "text": "Obtain your API Token from **Settings > Account > User Preferences > API Token** in the BitSight portal.", - "visible": true, - "inline": false - } - }, - { - "type": "Markdown", - "parameters": { - "content": "## 4. Connection Name\n\nAssign a unique name to identify this connection in the grid and in every ingested log record." - } - }, - { - "type": "Textbox", - "parameters": { - "label": "Connection Name", - "placeholder": "e.g. BitSight-Statistics-Prod", - "type": "text", - "name": "connectionName", - "validations": { - "required": true - } - } - }, - { - "type": "InfoMessage", - "parameters": { - "text": "The connection name is stored in the `connectionName` column of every ingested record, enabling you to trace data back to this specific connection.", - "visible": true, - "inline": true - } - } - ] - } - ] - } - } - ] - } - ] - } - } - }, - { - "name": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat('DataConnector-', variables('_dataConnectorContentIdConnectorDefinition3')))]", - "apiVersion": "2022-01-01-preview", - "type": "Microsoft.OperationalInsights/workspaces/providers/metadata", - "properties": { - "parentId": "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/dataConnectorDefinitions', variables('_dataConnectorContentIdConnectorDefinition3'))]", - "contentId": "[variables('_dataConnectorContentIdConnectorDefinition3')]", - "kind": "DataConnector", - "version": "[variables('dataConnectorCCPVersion')]", - "source": { - "sourceId": "[variables('_solutionId')]", - "name": "[variables('_solutionName')]", - "kind": "Solution" - }, - "author": { - "name": "Microsoft", - "email": "[variables('_email')]" - }, - "support": { - "name": "BitSight Support", - "email": "support@bitsight.com", - "tier": "Partner", - "link": "https://www.bitsight.com/customer-success-support" - }, - "dependencies": { - "criteria": [ - { - "version": "[variables('dataConnectorCCPVersion')]", - "contentId": "[variables('_dataConnectorContentIdConnections3')]", - "kind": "ResourcesDataConnector" - } - ] - } - } - }, - { - "name": "BitSightStatisticsDCR", - "apiVersion": "2022-06-01", - "type": "Microsoft.Insights/dataCollectionRules", - "location": "[parameters('workspace-location')]", - "kind": "[variables('blanks')]", - "properties": { - "dataCollectionEndpointId": "[variables('dataCollectionEndpointId3')]", - "streamDeclarations": { - "Custom-BitSightFindingsSummary_CL": { - "columns": [ - { - "name": "company_name", - "type": "string" - }, - { - "name": "company_guid", - "type": "string" - }, - { - "name": "start_date", - "type": "string" - }, - { - "name": "end_date", - "type": "string" - }, - { - "name": "stats", - "type": "dynamic" - }, - { - "name": "connectionName", - "type": "string" - } - ] - }, - "Custom-BitSightCompanyDetails_CL": { - "columns": [ - { - "name": "guid", - "type": "string" - }, - { - "name": "name", - "type": "string" - }, - { - "name": "shortname", - "type": "string" - }, - { - "name": "type", - "type": "string" - }, - { - "name": "description", - "type": "string" - }, - { - "name": "primary_domain", - "type": "string" - }, - { - "name": "homepage", - "type": "string" - }, - { - "name": "display_url", - "type": "string" - }, - { - "name": "sparkline", - "type": "string" - }, - { - "name": "industry", - "type": "string" - }, - { - "name": "industry_slug", - "type": "string" - }, - { - "name": "sub_industry", - "type": "string" - }, - { - "name": "sub_industry_slug", - "type": "string" - }, - { - "name": "ipv4_count", - "type": "int" - }, - { - "name": "people_count", - "type": "int" - }, - { - "name": "search_count", - "type": "int" - }, - { - "name": "customer_monitoring_count", - "type": "int" - }, - { - "name": "current_rating", - "type": "int" - }, - { - "name": "rating_industry_median", - "type": "string" - }, - { - "name": "ratings", - "type": "dynamic" - }, - { - "name": "subscription_type", - "type": "string" - }, - { - "name": "subscription_type_key", - "type": "string" - }, - { - "name": "subscription_end_date", - "type": "string" - }, - { - "name": "bulk_email_sender_status", - "type": "string" - }, - { - "name": "security_grade", - "type": "string" - }, - { - "name": "service_provider", - "type": "boolean" - }, - { - "name": "has_company_tree", - "type": "boolean" - }, - { - "name": "has_preferred_contact", - "type": "boolean" - }, - { - "name": "is_bundle", - "type": "boolean" - }, - { - "name": "is_primary", - "type": "boolean" - }, - { - "name": "in_spm_portfolio", - "type": "boolean" - }, - { - "name": "is_mycomp_mysubs_bundle", - "type": "boolean" - }, - { - "name": "is_csp", - "type": "boolean" - }, - { - "name": "has_delegated_security_controls", - "type": "boolean" - }, - { - "name": "custom_id", - "type": "dynamic" - }, - { - "name": "available_upgrade_types", - "type": "dynamic" - }, - { - "name": "company_features", - "type": "dynamic" - }, - { - "name": "related_companies", - "type": "dynamic" - }, - { - "name": "primary_company", - "type": "dynamic" - }, - { - "name": "compliance_claim", - "type": "dynamic" - }, - { - "name": "permissions", - "type": "dynamic" - }, - { - "name": "connectionName", - "type": "string" - } - ] - }, - "Custom-BitSightCompanyRatingDetails_CL": { - "columns": [ - { - "name": "company_name", - "type": "string" - }, - { - "name": "company_guid", - "type": "string" - }, - { - "name": "risk_vector_slug", - "type": "string" - }, - { - "name": "name", - "type": "string" - }, - { - "name": "category", - "type": "string" - }, - { - "name": "category_order", - "type": "int" - }, - { - "name": "rating", - "type": "int" - }, - { - "name": "grade", - "type": "string" - }, - { - "name": "percentile", - "type": "int" - }, - { - "name": "grade_color", - "type": "string" - }, - { - "name": "order", - "type": "int" - }, - { - "name": "display_url", - "type": "string" - }, - { - "name": "beta", - "type": "boolean" - }, - { - "name": "connectionName", - "type": "string" - } - ] - }, - "Custom-BitSightDiligenceHistoricalStatistics_CL": { - "columns": [ - { - "name": "company_name", - "type": "string" - }, - { - "name": "company_guid", - "type": "string" - }, - { - "name": "date", - "type": "string" - }, - { - "name": "grade", - "type": "string" - }, - { - "name": "counts", - "type": "dynamic" - }, - { - "name": "connectionName", - "type": "string" - } - ] - }, - "Custom-BitSightDiligenceStatistics_CL": { - "columns": [ - { - "name": "company_name", - "type": "string" - }, - { - "name": "company_guid", - "type": "string" - }, - { - "name": "risk_vector", - "type": "string" - }, - { - "name": "unknown", - "type": "int" - }, - { - "name": "bad", - "type": "int" - }, - { - "name": "warn", - "type": "int" - }, - { - "name": "neutral", - "type": "int" - }, - { - "name": "fair", - "type": "int" - }, - { - "name": "good", - "type": "int" - }, - { - "name": "spear_phishing", - "type": "int" - }, - { - "name": "bit_flip", - "type": "int" - }, - { - "name": "typographical_errors", - "type": "int" - }, - { - "name": "tld_variant", - "type": "int" - }, - { - "name": "total_count", - "type": "int" - }, - { - "name": "connectionName", - "type": "string" - } - ] - }, - "Custom-BitSightObservationStatistics_CL": { - "columns": [ - { - "name": "company_name", - "type": "string" - }, - { - "name": "company_guid", - "type": "string" - }, - { - "name": "risk_vector", - "type": "string" - }, - { - "name": "count", - "type": "int" - }, - { - "name": "count_period", - "type": "string" - }, - { - "name": "average_duration_days", - "type": "real" - }, - { - "name": "connectionName", - "type": "string" - } - ] - }, - "Custom-BitsightVulnerabilitiesFindingsSummary_CL": { - "columns": [ - { - "name": "name", - "type": "string" - }, - { - "name": "display_name", - "type": "string" - }, - { - "name": "description", - "type": "string" - }, - { - "name": "severity", - "type": "string" - }, - { - "name": "connectionName", - "type": "string" - } - ] - }, - "Custom-BitsightIndustrialStatistics_CL": { - "columns": [ - { - "name": "company_name", - "type": "string" - }, - { - "name": "company_guid", - "type": "string" - }, - { - "name": "risk_vector", - "type": "string" - }, - { - "name": "count", - "type": "int" - }, - { - "name": "count_period", - "type": "string" - }, - { - "name": "average_duration_days", - "type": "real" - }, - { - "name": "connectionName", - "type": "string" - } - ] - } - }, - "destinations": { - "logAnalytics": [ - { - "workspaceResourceId": "[variables('workspaceResourceId')]", - "name": "clv2ws1" - } - ] - }, - "dataFlows": [ - { - "streams": [ - "Custom-BitSightFindingsSummary_CL" - ], - "destinations": [ - "clv2ws1" - ], - "outputStream": "Custom-BitSightFindingsSummary_CL", - "transformKql": "source | extend TimeGenerated = iff(isnull(['end_date']) or todatetime(['end_date']) < ago(2d), now(), todatetime(['end_date'])) , CompanyName = ['company_name'] , CompanyGuid = ['company_guid'] , StartDate = ['start_date'] , EndDate = ['end_date'] , Stats = ['stats'] , ConnectorName = ['connectionName'] | project TimeGenerated , CompanyName , CompanyGuid , StartDate , EndDate , Stats , ConnectorName" - }, - { - "streams": [ - "Custom-BitSightCompanyDetails_CL" - ], - "destinations": [ - "clv2ws1" - ], - "outputStream": "Custom-BitSightCompanyDetails_CL", - "transformKql": "source | extend TimeGenerated = now() , Guid = ['guid'] , Name = ['name'] , Shortname = ['shortname'] , CompanyType = ['type'] , Description = ['description'] , PrimaryDomain = ['primary_domain'] , Homepage = ['homepage'] , DisplayUrl = ['display_url'] , Sparkline = ['sparkline'] , Industry = ['industry'] , IndustrySlug = ['industry_slug'] , SubIndustry = ['sub_industry'] , SubIndustrySlug = ['sub_industry_slug'] , Ipv4Count = ['ipv4_count'] , PeopleCount = ['people_count'] , SearchCount = ['search_count'] , CustomerMonitoringCount = ['customer_monitoring_count'] , CurrentRating = ['current_rating'] , RatingIndustryMedian = ['rating_industry_median'] , Ratings = ['ratings'] , SubscriptionType = ['subscription_type'] , SubscriptionTypeKey = ['subscription_type_key'] , SubscriptionEndDate = ['subscription_end_date'] , BulkEmailSenderStatus = ['bulk_email_sender_status'] , SecurityGrade = ['security_grade'] , ServiceProvider = ['service_provider'] , HasCompanyTree = ['has_company_tree'] , HasPreferredContact = ['has_preferred_contact'] , IsBundle = ['is_bundle'] , IsPrimary = ['is_primary'] , InSpmPortfolio = ['in_spm_portfolio'] , IsMycompMysubsBundle = ['is_mycomp_mysubs_bundle'] , IsCsp = ['is_csp'] , HasDelegatedSecurityControls = ['has_delegated_security_controls'] , CustomId = ['custom_id'] , AvailableUpgradeTypes = ['available_upgrade_types'] , CompanyFeatures = ['company_features'] , RelatedCompanies = ['related_companies'] , PrimaryCompany = ['primary_company'] , ComplianceClaim = ['compliance_claim'] , Permissions = ['permissions'] , ConnectorName = ['connectionName'] | project TimeGenerated , Guid , Name , Shortname , CompanyType , Description , PrimaryDomain , Homepage , DisplayUrl , Sparkline , Industry , IndustrySlug , SubIndustry , SubIndustrySlug , Ipv4Count , PeopleCount , SearchCount , CustomerMonitoringCount , CurrentRating , RatingIndustryMedian , Ratings , SubscriptionType , SubscriptionTypeKey , SubscriptionEndDate , BulkEmailSenderStatus , SecurityGrade , ServiceProvider , HasCompanyTree , HasPreferredContact , IsBundle , IsPrimary , InSpmPortfolio , IsMycompMysubsBundle , IsCsp , HasDelegatedSecurityControls , CustomId , AvailableUpgradeTypes , CompanyFeatures , RelatedCompanies , PrimaryCompany , ComplianceClaim , Permissions , ConnectorName" - }, - { - "streams": [ - "Custom-BitSightCompanyRatingDetails_CL" - ], - "destinations": [ - "clv2ws1" - ], - "outputStream": "Custom-BitSightCompanyRatingDetails_CL", - "transformKql": "source | extend TimeGenerated = now() , CompanyName = ['company_name'] , CompanyGuid = ['company_guid'] , RiskVectorSlug = ['risk_vector_slug'] , RiskVectorLabel = ['name'] , RiskCategory = ['category'] , CategoryOrder = ['category_order'] , Rating = ['rating'] , Grade = ['grade'] , Percentile = ['percentile'] , GradeColor = ['grade_color'] , RiskVectorOrder = ['order'] , DisplayUrl = ['display_url'] , Beta = ['beta'] , ConnectorName = ['connectionName'] | project TimeGenerated , CompanyName , CompanyGuid , RiskVectorSlug , RiskVectorLabel , RiskCategory , CategoryOrder , Rating , Grade , Percentile , GradeColor , RiskVectorOrder , DisplayUrl , Beta , ConnectorName" - }, - { - "streams": [ - "Custom-BitSightDiligenceHistoricalStatistics_CL" - ], - "destinations": [ - "clv2ws1" - ], - "outputStream": "Custom-BitSightDiligenceHistoricalStatistics_CL", - "transformKql": "source | extend TimeGenerated = now() , CompanyName = ['company_name'] , CompanyGuid = ['company_guid'] , RecordDate = ['date'] , Grade = ['grade'] , Counts = ['counts'] , ConnectorName = ['connectionName'] | project TimeGenerated , CompanyName , CompanyGuid , RecordDate , Grade , Counts , ConnectorName" - }, - { - "streams": [ - "Custom-BitSightDiligenceStatistics_CL" - ], - "destinations": [ - "clv2ws1" - ], - "outputStream": "Custom-BitSightDiligenceStatistics_CL", - "transformKql": "source | extend TimeGenerated = now() , CompanyName = ['company_name'] , CompanyGuid = ['company_guid'] , RiskVector = ['risk_vector'] , Unknown = ['unknown'] , Bad = ['bad'] , Warn = ['warn'] , Neutral = ['neutral'] , Fair = ['fair'] , Good = ['good'] , SpearPhishing = ['spear_phishing'] , BitFlip = ['bit_flip'] , TypographicalErrors = ['typographical_errors'] , TldVariant = ['tld_variant'] , TotalCount = ['total_count'] , ConnectorName = ['connectionName'] | project TimeGenerated , CompanyName , CompanyGuid , RiskVector , Unknown , Bad , Warn , Neutral , Fair , Good , SpearPhishing , BitFlip , TypographicalErrors , TldVariant , TotalCount , ConnectorName" - }, - { - "streams": [ - "Custom-BitSightObservationStatistics_CL" - ], - "destinations": [ - "clv2ws1" - ], - "outputStream": "Custom-BitSightObservationStatistics_CL", - "transformKql": "source | extend TimeGenerated = now() , CompanyName = ['company_name'] , CompanyGuid = ['company_guid'] , RiskVector = ['risk_vector'] , ObservationCount = ['count'] , CountPeriod = ['count_period'] , AverageDurationDays = ['average_duration_days'] , ConnectorName = ['connectionName'] | project TimeGenerated , CompanyName , CompanyGuid , RiskVector , ObservationCount , CountPeriod , AverageDurationDays , ConnectorName" - }, - { - "streams": [ - "Custom-BitsightIndustrialStatistics_CL" - ], - "destinations": [ - "clv2ws1" - ], - "outputStream": "Custom-BitsightIndustrialStatistics_CL", - "transformKql": "source | extend TimeGenerated = now() , CompanyName = ['company_name'] , CompanyGuid = ['company_guid'] , RiskVector = ['risk_vector'] , IncidentCount = ['count'] , CountPeriod = ['count_period'] , AverageDurationDays = ['average_duration_days'] , ConnectorName = ['connectionName'] | project TimeGenerated , CompanyName , CompanyGuid , RiskVector , IncidentCount , CountPeriod , AverageDurationDays , ConnectorName" - }, - { - "streams": [ - "Custom-BitsightVulnerabilitiesFindingsSummary_CL" - ], - "destinations": [ - "clv2ws1" - ], - "outputStream": "Custom-BitsightVulnerabilitiesFindingsSummary_CL", - "transformKql": "source | extend TimeGenerated = now() , Name = ['name'] , DisplayName = ['display_name'] , Description = ['description'] , Severity = ['severity'] , ConnectorName = ['connectionName'] | project TimeGenerated , Name , DisplayName , Description , Severity , ConnectorName" - } - ] - } - }, - { - "name": "BitsightVulnerabilitiesFindingsSummary_CL", - "apiVersion": "2022-10-01", - "type": "Microsoft.OperationalInsights/workspaces/tables", - "location": "[parameters('workspace-location')]", - "kind": null, - "properties": { - "retentionInDays": 180, - "schema": { - "name": "BitsightVulnerabilitiesFindingsSummary_CL", - "description": "The BitsightVulnerabilitiesFindingsSummary table contains vulnerability reference data from the BitSight defaults API. Used at query time to enrich BitSightFindingsSummary with Severity and Description via the KQL parser.", - "columns": [ - { - "name": "TimeGenerated", - "type": "datetime", - "isDefaultDisplay": true - }, - { - "name": "Name", - "type": "string", - "description": "Slug identifier for the vulnerability type (e.g., 'patching_cadence')." - }, - { - "name": "DisplayName", - "type": "string", - "description": "Human-readable name of the vulnerability type." - }, - { - "name": "Description", - "type": "string", - "description": "Description of what the vulnerability type measures." - }, - { - "name": "Severity", - "type": "string", - "description": "Severity level of the vulnerability type (e.g., 'high', 'medium', 'low')." - }, - { - "name": "ConnectorName", - "type": "string", - "description": "Connection name identifier for multi-instance tracking." - } - ] - } - } - } - ] - }, - "packageKind": "Solution", - "packageVersion": "[variables('_solutionVersion')]", - "packageName": "[variables('_solutionName')]", - "contentProductId": "[concat(take(variables('_solutionId'), 50),'-','dc','-', uniqueString(concat(variables('_solutionId'),'-','DataConnector','-',variables('_dataConnectorContentIdConnectorDefinition3'),'-', variables('dataConnectorCCPVersion'))))]", - "packageId": "[variables('_solutionId')]", - "contentSchemaVersion": "3.0.0", - "version": "[variables('dataConnectorCCPVersion')]" - } - }, - { - "name": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',variables('_dataConnectorContentIdConnectorDefinition3'))]", - "apiVersion": "2022-09-01-preview", - "type": "Microsoft.OperationalInsights/workspaces/providers/dataConnectorDefinitions", - "location": "[parameters('workspace-location')]", - "kind": "Customizable", - "properties": { - "connectorUiConfig": { - "id": "BitSightStatisticsConnector", - "title": "BitSight Security Statistics (via Codeless Connector Framework)", - "publisher": "Microsoft", - "descriptionMarkdown": "The [BitSight](https://www.bitsight.com/) data connector provides the capability to ingest security statistics, company profiles, rating details, diligence history, risk vector statistics, and vulnerability data from your BitSight portfolio into Microsoft Sentinel through the BitSight REST API. Refer to the [BitSight API documentation](https://help.bitsighttech.com/hc/en-us/articles/115014888388-API-Token-Management) for more information.", - "graphQueriesTableName": "BitSightCompanyDetails", - "graphQueries": [ - { - "metricName": "Total Company Detail records received", - "legend": "BitSight Company Details", - "baseQuery": "{{graphQueriesTableName}}" - }, - { - "metricName": "Total Company Rating Details received", - "legend": "BitSight Company Rating Details", - "baseQuery": "BitSightCompanyRatingDetails" - }, - { - "metricName": "Total Diligence Historical Statistics received", - "legend": "BitSight Diligence Historical Statistics", - "baseQuery": "BitSightDiligenceHistoricalStatistics" - }, - { - "metricName": "Total Diligence Statistics received", - "legend": "BitSight Diligence Statistics", - "baseQuery": "BitSightDiligenceStatistics" - }, - { - "metricName": "Total Observations Statistics received", - "legend": "BitSight Observations Statistics", - "baseQuery": "BitSightObservationStatistics" - }, - { - "metricName": "Total Industries Statistics received", - "legend": "BitSight Industries Statistics", - "baseQuery": "BitsightIndustrialStatistics" - }, - { - "metricName": "Total Findings Summary records received", - "legend": "BitSight Findings Summary", - "baseQuery": "BitSightFindingsSummary" - }, - { - "metricName": "Total Vulnerabilities received", - "legend": "BitSight Vulnerabilities", - "baseQuery": "BitsightVulnerabilitiesFindingsSummary" - } - ], - "sampleQueries": [ - { - "description": "Get sample of BitSight Company Details", - "query": "{{graphQueriesTableName}}\n | take 10" - }, - { - "description": "Get company security ratings over time", - "query": "{{graphQueriesTableName}}\n | where TimeGenerated > ago(90d)\n | summarize LatestRating = arg_max(TimeGenerated, CurrentRating) by Name\n | order by LatestRating asc" - }, - { - "description": "Get sample of BitSight Company Rating Details", - "query": "BitSightCompanyRatingDetails\n | take 10" - }, - { - "description": "Get findings summary with latest data per company/stat", - "query": "BitSightFindingsSummary\n | where TimeGenerated > ago(1d)\n | take 10" - }, - { - "description": "Get sample of BitSight Vulnerabilities", - "query": "BitsightVulnerabilitiesFindingsSummary\n | take 10" - } - ], - "dataTypes": [ - { - "name": "{{graphQueriesTableName}}", - "lastDataReceivedQuery": "{{graphQueriesTableName}}\n | where TimeGenerated > ago(12h)\n | summarize Time = max(TimeGenerated)\n | where isnotempty(Time)" - }, - { - "name": "BitSightCompanyRatingDetails", - "lastDataReceivedQuery": "BitSightCompanyRatingDetails\n | where TimeGenerated > ago(12h)\n | summarize Time = max(TimeGenerated)\n | where isnotempty(Time)" - }, - { - "name": "BitSightFindingsSummary", - "lastDataReceivedQuery": "BitSightFindingsSummary\n | where TimeGenerated > ago(12h)\n | summarize Time = max(TimeGenerated)\n | where isnotempty(Time)" - }, - { - "name": "BitSightDiligenceHistoricalStatistics", - "lastDataReceivedQuery": "BitSightDiligenceHistoricalStatistics\n| where TimeGenerated > ago(12h)\n| summarize Time = max(TimeGenerated)\n| where isnotempty(Time)" - }, - { - "name": "BitSightDiligenceStatistics", - "lastDataReceivedQuery": "BitSightDiligenceStatistics\n| where TimeGenerated > ago(12h)\n| summarize Time = max(TimeGenerated)\n| where isnotempty(Time)" - }, - { - "name": "BitSightObservationStatistics", - "lastDataReceivedQuery": "BitSightObservationStatistics\n| where TimeGenerated > ago(12h)\n| summarize Time = max(TimeGenerated)\n| where isnotempty(Time)" - }, - { - "name": "BitsightIndustrialStatistics", - "lastDataReceivedQuery": "BitsightIndustrialStatistics\n| where TimeGenerated > ago(12h)\n| summarize Time = max(TimeGenerated)\n| where isnotempty(Time)" - }, - { - "name": "BitsightVulnerabilitiesFindingsSummary", - "lastDataReceivedQuery": "BitsightVulnerabilitiesFindingsSummary\n| where TimeGenerated > ago(12h)\n| summarize Time = max(TimeGenerated)\n| where isnotempty(Time)" - } - ], - "connectivityCriteria": [ - { - "type": "HasDataConnectors" - } - ], - "availability": { - "isPreview": true, - "status": 1 - }, - "permissions": { - "resourceProvider": [ - { - "provider": "Microsoft.OperationalInsights/workspaces", - "permissionsDisplayText": "Read and Write permissions are required.", - "providerDisplayName": "Workspace", - "scope": "Workspace", - "requiredPermissions": { - "write": true, - "read": true, - "delete": true, - "action": false - } - } - ], - "customs": [ - { - "name": "BitSight API Token", - "description": "A BitSight API Token is required to authenticate requests to the BitSight REST API. [See the documentation](https://help.bitsighttech.com/hc/en-us/articles/115014888388-API-Token-Management) to learn more about API Token management." - } - ] - }, - "instructionSteps": [ - { - "title": "1. Connection Management", - "description": "Manage your BitSight statistics data stream connections", - "instructions": [ - { - "type": "Markdown", - "parameters": { - "content": "## BitSight Statistics Connections\n\nManage multiple BitSight statistics connections. Each connection selects one or more **data streams** to ingest and assigns a **Connection Name** stored in the `connectionName` column of every ingested record.\n\n> **Authentication**: BitSight uses HTTP Basic Authentication where the API token is used as **both** the username and password." - } - }, - { - "type": "DataConnectorsGrid", - "parameters": { - "mapping": [ - { - "columnName": "Connection Name", - "columnValue": "properties.addOnAttributes.connectionName" - }, - { - "columnName": "Active Streams", - "columnValue": "properties.addOnAttributes.streams" - }, - { - "columnName": "API URL", - "columnValue": "properties.request.apiEndpoint" - } - ], - "menuItems": [ - "DeleteConnector" - ] - } - }, - { - "type": "ContextPane", - "parameters": { - "isPrimary": true, - "label": "Add Connection", - "title": "Add BitSight Statistics Connection", - "subtitle": "Configure a new BitSight statistics connection", - "contextPaneType": "DataConnectorsContextPane", - "instructionSteps": [ - { - "instructions": [ - { - "type": "Markdown", - "parameters": { - "content": "## 1. Select Data Streams\n\nChoose which BitSight statistics data types to collect for this connection. You can select multiple streams." - } - }, - { - "type": "Dropdown", - "parameters": { - "label": "Data Streams", - "name": "streams", - "options": [ - { - "key": "FindingsSummary", - "text": "FindingsSummary" - }, - { - "key": "CompanyDetails", - "text": "CompanyDetails" - }, - { - "key": "CompanyRatingDetails", - "text": "CompanyRatingDetails" - }, - { - "key": "DiligenceHistoricalStatistics", - "text": "DiligenceHistoricalStatistics" - }, - { - "key": "RiskVectorStatistics", - "text": "RiskVectorStatistics" - }, - { - "key": "IndustriesStatistics", - "text": "IndustriesStatistics" - }, - { - "key": "Vulnerabilities", - "text": "Vulnerabilities" - }, - { - "key": "ObservationsStatistics", - "text": "ObservationsStatistics" - } - ], - "isMultiSelect": true, - "defaultAllSelected": false, - "required": true - } - }, - { - "type": "Markdown", - "parameters": { - "content": "## 2. API Configuration" - } - }, - { - "type": "Textbox", - "parameters": { - "label": "BitSight API Base URL", - "placeholder": "https://api.bitsighttech.com", - "type": "text", - "name": "bitSightApiUrl", - "validations": { - "required": true - } - } - }, - { - "type": "Markdown", - "parameters": { - "content": "## 3. Authentication\n\nBitSight uses your API token as **both** the username and password for HTTP Basic Authentication." - } - }, - { - "type": "Textbox", - "parameters": { - "label": "BitSight API Token (Username)", - "placeholder": "Paste your BitSight API Token", - "type": "text", - "name": "username", - "validations": { - "required": true - } - } - }, - { - "type": "Textbox", - "parameters": { - "label": "BitSight API Token (Password)", - "placeholder": "Paste your BitSight API Token again", - "type": "password", - "name": "password", - "validations": { - "required": true - } - } - }, - { - "type": "InfoMessage", - "parameters": { - "text": "Obtain your API Token from **Settings > Account > User Preferences > API Token** in the BitSight portal.", - "visible": true, - "inline": false - } - }, - { - "type": "Markdown", - "parameters": { - "content": "## 4. Connection Name\n\nAssign a unique name to identify this connection in the grid and in every ingested log record." - } - }, - { - "type": "Textbox", - "parameters": { - "label": "Connection Name", - "placeholder": "e.g. BitSight-Statistics-Prod", - "type": "text", - "name": "connectionName", - "validations": { - "required": true - } - } - }, - { - "type": "InfoMessage", - "parameters": { - "text": "The connection name is stored in the `connectionName` column of every ingested record, enabling you to trace data back to this specific connection.", - "visible": true, - "inline": true - } - } - ] - } - ] - } - } - ] - } - ] - } - } - }, - { - "name": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat('DataConnector-', variables('_dataConnectorContentIdConnectorDefinition3')))]", - "apiVersion": "2022-01-01-preview", - "type": "Microsoft.OperationalInsights/workspaces/providers/metadata", - "properties": { - "parentId": "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/dataConnectorDefinitions', variables('_dataConnectorContentIdConnectorDefinition3'))]", - "contentId": "[variables('_dataConnectorContentIdConnectorDefinition3')]", - "kind": "DataConnector", - "version": "[variables('dataConnectorCCPVersion')]", - "source": { - "sourceId": "[variables('_solutionId')]", - "name": "[variables('_solutionName')]", - "kind": "Solution" - }, - "author": { - "name": "Microsoft", - "email": "[variables('_email')]" - }, - "support": { - "name": "BitSight Support", - "email": "support@bitsight.com", - "tier": "Partner", - "link": "https://www.bitsight.com/customer-success-support" - }, - "dependencies": { - "criteria": [ - { - "version": "[variables('dataConnectorCCPVersion')]", - "contentId": "[variables('_dataConnectorContentIdConnections3')]", - "kind": "ResourcesDataConnector" - } - ] - } - } - }, - { - "type": "Microsoft.OperationalInsights/workspaces/providers/contentTemplates", - "apiVersion": "2023-04-01-preview", - "name": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/', variables('dataConnectorTemplateNameConnections3'), variables('dataConnectorCCPVersion'))]", - "location": "[parameters('workspace-location')]", - "dependsOn": [ - "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]" - ], - "properties": { - "contentId": "[variables('_dataConnectorContentIdConnections3')]", - "displayName": "BitSight Security Statistics (via Codeless Connector Framework)", - "contentKind": "ResourcesDataConnector", - "mainTemplate": { - "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", - "contentVersion": "[variables('dataConnectorCCPVersion')]", - "parameters": { - "guidValue": { - "defaultValue": "[[newGuid()]", - "type": "securestring" - }, - "innerWorkspace": { - "defaultValue": "[parameters('workspace')]", - "type": "securestring" - }, - "connectorDefinitionName": { - "defaultValue": "BitSight Security Statistics (via Codeless Connector Framework)", - "type": "securestring", - "minLength": 1 - }, - "workspace": { - "defaultValue": "[parameters('workspace')]", - "type": "securestring" - }, - "dcrConfig": { - "defaultValue": { - "dataCollectionEndpoint": "data collection Endpoint", - "dataCollectionRuleImmutableId": "data collection rule immutableId" - }, - "type": "object" - }, - "streams": { - "defaultValue": "streams", - "type": "array" - }, - "bitSightApiUrl": { - "defaultValue": "bitSightApiUrl", - "type": "securestring", - "minLength": 1 - }, - "username": { - "defaultValue": "username", - "type": "securestring", - "minLength": 1 - }, - "password": { - "defaultValue": "password", - "type": "securestring", - "minLength": 1 - }, - "connectionName": { - "defaultValue": "connectionName", - "type": "securestring", - "minLength": 1 - } - }, - "variables": { - "_dataConnectorContentIdConnections3": "[variables('_dataConnectorContentIdConnections3')]" - }, - "resources": [ - { - "name": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat('DataConnector-', variables('_dataConnectorContentIdConnections3')))]", - "apiVersion": "2022-01-01-preview", - "type": "Microsoft.OperationalInsights/workspaces/providers/metadata", - "properties": { - "parentId": "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/dataConnectors', variables('_dataConnectorContentIdConnections3'))]", - "contentId": "[variables('_dataConnectorContentIdConnections3')]", - "kind": "ResourcesDataConnector", - "version": "[variables('dataConnectorCCPVersion')]", - "source": { - "sourceId": "[variables('_solutionId')]", - "name": "[variables('_solutionName')]", - "kind": "Solution" - }, - "author": { - "name": "Microsoft", - "email": "[variables('_email')]" - }, - "support": { - "name": "BitSight Support", - "email": "support@bitsight.com", - "tier": "Partner", - "link": "https://www.bitsight.com/customer-success-support" - } - } - }, - { - "name": "[[concat('parameters('workspace')', '/Microsoft.SecurityInsights/','BitSightFindingsSummary' , uniqueString(parameters('connectionName')) )]", - "apiVersion": "2023-02-01-preview", - "type": "Microsoft.OperationalInsights/workspaces/providers/dataConnectors", - "location": "[parameters('workspace-location')]", - "kind": "RestApiPoller", - "properties": { - "auth": { - "type": "Basic", - "UserName": "[[parameters('username')]", - "Password": "[[parameters('password')]" - }, - "request": { - "apiEndpoint": "[[concat(parameters('bitSightApiUrl'), '/ratings/v2/portfolio')]", - "httpMethod": "GET", - "rateLimitQPS": 1, - "paginatedCallsPerSecond": 1.0, - "queryWindowInMin": 1440, - "queryWindowDelayInMin": 60, - "retryCount": 3, - "timeoutInSeconds": 30, - "headers": { - "Accept": "application/json", - "X-BITSIGHT-CALLING-PLATFORM-VERSION": "Microsoft-Sentinel", - "X-BITSIGHT-CONNECTOR-NAME-VERSION": "3.0.2" - }, - "queryParameters": { - "fields": "name,guid" - } - }, - "response": { - "eventsJsonPaths": [ - "$.results[*]" - ], - "format": "json" - }, - "paging": { - "pagingType": "Offset", - "offsetParaName": "offset", - "pageSize": 500, - "pageSizeParameterName": "limit" - }, - "stepInfo": { - "stepType": "Nested", - "nextSteps": [ - { - "stepId": "fetch_findings_summary", - "stepPlaceholdersParsingKql": "source | project res = parse_json(data) | project company_guid_PlaceHolder = tostring(res['guid']), company_name_PlaceHolder = tostring(res['name'])" - } - ] - }, - "stepCollectorConfigs": { - "fetch_findings_summary": { - "shouldJoinNestedData": false, - "request": { - "apiEndpoint": "[[concat(parameters('bitSightApiUrl'), '/ratings/v1/companies/$company_guid_PlaceHolder$/findings/summary')]", - "httpMethod": "GET", - "queryWindowInMin": 1440, - "retryCount": 3, - "timeoutInSeconds": 30, - "headers": { - "Accept": "application/json", - "X-BITSIGHT-CALLING-PLATFORM-VERSION": "Microsoft-Sentinel", - "X-BITSIGHT-CONNECTOR-NAME-VERSION": "3.0.2" - } - }, - "response": { - "eventsJsonPaths": [ - "$[*]" - ], - "format": "json" - } - } - }, - "connectorDefinitionName": "BitSightStatisticsConnector", - "dataType": "BitSightFindingsSummary", - "dcrConfig": { - "streamName": "Custom-BitSightFindingsSummary_CL", - "dataCollectionEndpoint": "[[parameters('dcrConfig').dataCollectionEndpoint]", - "dataCollectionRuleImmutableId": "[[parameters('dcrConfig').dataCollectionRuleImmutableId]" - }, - "addOnAttributes": { - "company_guid": "$company_guid_PlaceHolder$", - "company_name": "$company_name_PlaceHolder$", - "connectionName": "[[parameters('connectionName')]", - "streams": "[[string(parameters('streams'))]" - } - }, - "condition": "[[contains(parameters('streams'), 'FindingsSummary')]" - }, - { - "name": "[[concat('parameters('workspace')', '/Microsoft.SecurityInsights/','BitSightCompanyDetails' , uniqueString(parameters('connectionName')) )]", - "apiVersion": "2023-02-01-preview", - "type": "Microsoft.OperationalInsights/workspaces/providers/dataConnectors", - "location": "[parameters('workspace-location')]", - "kind": "RestApiPoller", - "properties": { - "auth": { - "type": "Basic", - "UserName": "[[parameters('username')]", - "Password": "[[parameters('password')]" - }, - "request": { - "apiEndpoint": "[[concat(parameters('bitSightApiUrl'), '/ratings/v2/portfolio')]", - "httpMethod": "GET", - "rateLimitQPS": 1, - "paginatedCallsPerSecond": 1.0, - "queryWindowInMin": 1440, - "queryWindowDelayInMin": 60, - "retryCount": 3, - "timeoutInSeconds": 30, - "headers": { - "Accept": "application/json", - "X-BITSIGHT-CALLING-PLATFORM-VERSION": "Microsoft-Sentinel", - "X-BITSIGHT-CONNECTOR-NAME-VERSION": "3.0.2" - }, - "queryParameters": { - "fields": "name,guid" - } - }, - "response": { - "eventsJsonPaths": [ - "$.results[*]" - ], - "format": "json" - }, - "paging": { - "pagingType": "Offset", - "offsetParaName": "offset", - "pageSize": 500, - "pageSizeParameterName": "limit" - }, - "stepInfo": { - "stepType": "Nested", - "nextSteps": [ - { - "stepId": "fetch_company_detail", - "stepPlaceholdersParsingKql": "source | project res = parse_json(data) | project company_guid_PlaceHolder = tostring(res['guid'])" - } - ] - }, - "stepCollectorConfigs": { - "fetch_company_detail": { - "shouldJoinNestedData": false, - "request": { - "apiEndpoint": "[[concat(parameters('bitSightApiUrl'), '/ratings/v1/companies/$company_guid_PlaceHolder$')]", - "httpMethod": "GET", - "queryWindowInMin": 1440, - "retryCount": 3, - "timeoutInSeconds": 30, - "headers": { - "Accept": "application/json", - "X-BITSIGHT-CALLING-PLATFORM-VERSION": "Microsoft-Sentinel", - "X-BITSIGHT-CONNECTOR-NAME-VERSION": "3.0.2" - } - }, - "response": { - "eventsJsonPaths": [ - "$" - ], - "format": "json" - } - } - }, - "connectorDefinitionName": "BitSightStatisticsConnector", - "dataType": "BitSightCompanyDetails", - "dcrConfig": { - "streamName": "Custom-BitSightCompanyDetails_CL", - "dataCollectionEndpoint": "[[parameters('dcrConfig').dataCollectionEndpoint]", - "dataCollectionRuleImmutableId": "[[parameters('dcrConfig').dataCollectionRuleImmutableId]" - }, - "addOnAttributes": { - "connectionName": "[[parameters('connectionName')]", - "streams": "[[string(parameters('streams'))]" - } - }, - "condition": "[[contains(parameters('streams'), 'CompanyDetails')]" - }, - { - "name": "[[concat('parameters('workspace')', '/Microsoft.SecurityInsights/','BitSightCompanyRatingDetails' , uniqueString(parameters('connectionName')) )]", - "apiVersion": "2023-02-01-preview", - "type": "Microsoft.OperationalInsights/workspaces/providers/dataConnectors", - "location": "[parameters('workspace-location')]", - "kind": "RestApiPoller", - "properties": { - "auth": { - "type": "Basic", - "UserName": "[[parameters('username')]", - "Password": "[[parameters('password')]" - }, - "request": { - "apiEndpoint": "[[concat(parameters('bitSightApiUrl'), '/ratings/v2/portfolio')]", - "httpMethod": "GET", - "rateLimitQPS": 1, - "paginatedCallsPerSecond": 1.0, - "queryWindowInMin": 1440, - "queryWindowDelayInMin": 60, - "retryCount": 3, - "timeoutInSeconds": 30, - "headers": { - "Accept": "application/json", - "X-BITSIGHT-CALLING-PLATFORM-VERSION": "Microsoft-Sentinel", - "X-BITSIGHT-CONNECTOR-NAME-VERSION": "3.0.2" - }, - "queryParameters": { - "fields": "name,guid" - } - }, - "response": { - "eventsJsonPaths": [ - "$.results[*]" - ], - "format": "json" - }, - "paging": { - "pagingType": "Offset", - "offsetParaName": "offset", - "pageSize": 500, - "pageSizeParameterName": "limit" - }, - "stepInfo": { - "stepType": "Nested", - "nextSteps": [ - { - "stepId": "fetch_rating_details", - "stepPlaceholdersParsingKql": "source | project res = parse_json(data) | project company_guid_PlaceHolder = tostring(res['guid']), company_name_PlaceHolder = tostring(res['name'])" - } - ] - }, - "stepCollectorConfigs": { - "fetch_rating_details": { - "shouldJoinNestedData": false, - "request": { - "apiEndpoint": "[[concat(parameters('bitSightApiUrl'), '/ratings/v1/companies/$company_guid_PlaceHolder$')]", - "httpMethod": "GET", - "queryWindowInMin": 1440, - "retryCount": 3, - "timeoutInSeconds": 30, - "headers": { - "Accept": "application/json", - "X-BITSIGHT-CALLING-PLATFORM-VERSION": "Microsoft-Sentinel", - "X-BITSIGHT-CONNECTOR-NAME-VERSION": "3.0.2" - } - }, - "response": { - "eventsJsonPaths": [ - "$.rating_details.*" - ], - "format": "json" - } - } - }, - "connectorDefinitionName": "BitSightStatisticsConnector", - "dataType": "BitSightCompanyRatingDetails", - "dcrConfig": { - "streamName": "Custom-BitSightCompanyRatingDetails_CL", - "dataCollectionEndpoint": "[[parameters('dcrConfig').dataCollectionEndpoint]", - "dataCollectionRuleImmutableId": "[[parameters('dcrConfig').dataCollectionRuleImmutableId]" - }, - "addOnAttributes": { - "company_guid": "$company_guid_PlaceHolder$", - "company_name": "$company_name_PlaceHolder$", - "connectionName": "[[parameters('connectionName')]", - "streams": "[[string(parameters('streams'))]" - } - }, - "condition": "[[contains(parameters('streams'), 'CompanyRatingDetails')]" - }, - { - "name": "[[concat('parameters('workspace')', '/Microsoft.SecurityInsights/','BitSightDiligenceHistoricalStatistics' , uniqueString(parameters('connectionName')) )]", - "apiVersion": "2023-02-01-preview", - "type": "Microsoft.OperationalInsights/workspaces/providers/dataConnectors", - "location": "[parameters('workspace-location')]", - "kind": "RestApiPoller", - "properties": { - "auth": { - "type": "Basic", - "UserName": "[[parameters('username')]", - "Password": "[[parameters('password')]" - }, - "request": { - "apiEndpoint": "[[concat(parameters('bitSightApiUrl'), '/ratings/v2/portfolio')]", - "httpMethod": "GET", - "rateLimitQPS": 1, - "paginatedCallsPerSecond": 1.0, - "queryWindowInMin": 1440, - "queryWindowDelayInMin": 60, - "retryCount": 3, - "timeoutInSeconds": 30, - "headers": { - "Accept": "application/json", - "X-BITSIGHT-CALLING-PLATFORM-VERSION": "Microsoft-Sentinel", - "X-BITSIGHT-CONNECTOR-NAME-VERSION": "3.0.2" - }, - "queryParameters": { - "fields": "name,guid" - } - }, - "response": { - "eventsJsonPaths": [ - "$.results[*]" - ], - "format": "json" - }, - "paging": { - "pagingType": "Offset", - "offsetParaName": "offset", - "pageSize": 500, - "pageSizeParameterName": "limit" - }, - "stepInfo": { - "stepType": "Nested", - "nextSteps": [ - { - "stepId": "fetch_diligence_historical", - "stepPlaceholdersParsingKql": "source | project res = parse_json(data) | project company_guid_PlaceHolder = tostring(res['guid']), company_name_PlaceHolder = tostring(res['name'])" - } - ] - }, - "stepCollectorConfigs": { - "fetch_diligence_historical": { - "shouldJoinNestedData": false, - "request": { - "apiEndpoint": "[[concat(parameters('bitSightApiUrl'), '/ratings/v1/companies/$company_guid_PlaceHolder$/diligence/historical-statistics')]", - "httpMethod": "GET", - "queryWindowInMin": 1440, - "retryCount": 3, - "timeoutInSeconds": 30, - "headers": { - "Accept": "application/json", - "X-BITSIGHT-CALLING-PLATFORM-VERSION": "Microsoft-Sentinel", - "X-BITSIGHT-CONNECTOR-NAME-VERSION": "3.0.2" - } - }, - "response": { - "eventsJsonPaths": [ - "$.results[*]" - ], - "format": "json" - } - } - }, - "connectorDefinitionName": "BitSightStatisticsConnector", - "dataType": "BitSightDiligenceHistoricalStatistics", - "dcrConfig": { - "streamName": "Custom-BitSightDiligenceHistoricalStatistics_CL", - "dataCollectionEndpoint": "[[parameters('dcrConfig').dataCollectionEndpoint]", - "dataCollectionRuleImmutableId": "[[parameters('dcrConfig').dataCollectionRuleImmutableId]" - }, - "addOnAttributes": { - "company_guid": "$company_guid_PlaceHolder$", - "company_name": "$company_name_PlaceHolder$", - "connectionName": "[[parameters('connectionName')]", - "streams": "[[string(parameters('streams'))]" - } - }, - "condition": "[[contains(parameters('streams'), 'DiligenceHistoricalStatistics')]" - }, - { - "name": "[[concat('parameters('workspace')', '/Microsoft.SecurityInsights/','BitSightDiligenceStatistics' , uniqueString(parameters('connectionName')) )]", - "apiVersion": "2023-02-01-preview", - "type": "Microsoft.OperationalInsights/workspaces/providers/dataConnectors", - "location": "[parameters('workspace-location')]", - "kind": "RestApiPoller", - "properties": { - "auth": { - "type": "Basic", - "UserName": "[[parameters('username')]", - "Password": "[[parameters('password')]" - }, - "request": { - "apiEndpoint": "[[concat(parameters('bitSightApiUrl'), '/ratings/v2/portfolio')]", - "httpMethod": "GET", - "rateLimitQPS": 1, - "paginatedCallsPerSecond": 1.0, - "queryWindowInMin": 1440, - "queryWindowDelayInMin": 60, - "retryCount": 3, - "timeoutInSeconds": 30, - "headers": { - "Accept": "application/json", - "X-BITSIGHT-CALLING-PLATFORM-VERSION": "Microsoft-Sentinel", - "X-BITSIGHT-CONNECTOR-NAME-VERSION": "3.0.2" - }, - "queryParameters": { - "fields": "name,guid" - } - }, - "response": { - "eventsJsonPaths": [ - "$.results[*]" - ], - "format": "json" - }, - "paging": { - "pagingType": "Offset", - "offsetParaName": "offset", - "pageSize": 500, - "pageSizeParameterName": "limit" - }, - "stepInfo": { - "stepType": "Nested", - "nextSteps": [ - { - "stepId": "fetch_diligence_statistics", - "stepPlaceholdersParsingKql": "source | project res = parse_json(data) | project company_guid_PlaceHolder = tostring(res['guid']), company_name_PlaceHolder = tostring(res['name'])" - } - ] - }, - "stepCollectorConfigs": { - "fetch_diligence_statistics": { - "shouldJoinNestedData": false, - "request": { - "apiEndpoint": "[[concat(parameters('bitSightApiUrl'), '/ratings/v1/companies/$company_guid_PlaceHolder$/diligence/statistics')]", - "httpMethod": "GET", - "queryWindowInMin": 1440, - "retryCount": 3, - "timeoutInSeconds": 30, - "headers": { - "Accept": "application/json", - "X-BITSIGHT-CALLING-PLATFORM-VERSION": "Microsoft-Sentinel", - "X-BITSIGHT-CONNECTOR-NAME-VERSION": "3.0.2" - } - }, - "response": { - "eventsJsonPaths": [ - "$.risk_vectors.*" - ], - "format": "json" - } - } - }, - "connectorDefinitionName": "BitSightStatisticsConnector", - "dataType": "BitSightDiligenceStatistics", - "dcrConfig": { - "streamName": "Custom-BitSightDiligenceStatistics_CL", - "dataCollectionEndpoint": "[[parameters('dcrConfig').dataCollectionEndpoint]", - "dataCollectionRuleImmutableId": "[[parameters('dcrConfig').dataCollectionRuleImmutableId]" - }, - "addOnAttributes": { - "company_guid": "$company_guid_PlaceHolder$", - "company_name": "$company_name_PlaceHolder$", - "connectionName": "[[parameters('connectionName')]", - "streams": "[[string(parameters('streams'))]" - } - }, - "condition": "[[contains(parameters('streams'), 'RiskVectorStatistics')]" - }, - { - "name": "[[concat('parameters('workspace')', '/Microsoft.SecurityInsights/','BitSightObservationStatistics' , uniqueString(parameters('connectionName')), uniqueString('Obs') )]", - "apiVersion": "2023-02-01-preview", - "type": "Microsoft.OperationalInsights/workspaces/providers/dataConnectors", - "location": "[parameters('workspace-location')]", - "kind": "RestApiPoller", - "properties": { - "auth": { - "type": "Basic", - "UserName": "[[parameters('username')]", - "Password": "[[parameters('password')]" - }, - "request": { - "apiEndpoint": "[[concat(parameters('bitSightApiUrl'), '/ratings/v2/portfolio')]", - "httpMethod": "GET", - "rateLimitQPS": 1, - "paginatedCallsPerSecond": 1.0, - "queryWindowInMin": 1440, - "queryWindowDelayInMin": 60, - "retryCount": 3, - "timeoutInSeconds": 30, - "headers": { - "Accept": "application/json", - "X-BITSIGHT-CALLING-PLATFORM-VERSION": "Microsoft-Sentinel", - "X-BITSIGHT-CONNECTOR-NAME-VERSION": "3.0.2" - }, - "queryParameters": { - "fields": "name,guid" - } - }, - "response": { - "eventsJsonPaths": [ - "$.results[*]" - ], - "format": "json" - }, - "paging": { - "pagingType": "Offset", - "offsetParaName": "offset", - "pageSize": 500, - "pageSizeParameterName": "limit" - }, - "stepInfo": { - "stepType": "Nested", - "nextSteps": [ - { - "stepId": "fetch_observations_statistics", - "stepPlaceholdersParsingKql": "source | project res = parse_json(data) | project company_guid_PlaceHolder = tostring(res['guid']), company_name_PlaceHolder = tostring(res['name'])" - } - ] - }, - "stepCollectorConfigs": { - "fetch_observations_statistics": { - "shouldJoinNestedData": false, - "request": { - "apiEndpoint": "[[concat(parameters('bitSightApiUrl'), '/ratings/v1/companies/$company_guid_PlaceHolder$/observations/statistics')]", - "httpMethod": "GET", - "queryWindowInMin": 1440, - "retryCount": 3, - "timeoutInSeconds": 30, - "headers": { - "Accept": "application/json", - "X-BITSIGHT-CALLING-PLATFORM-VERSION": "Microsoft-Sentinel", - "X-BITSIGHT-CONNECTOR-NAME-VERSION": "3.0.2" - } - }, - "response": { - "eventsJsonPaths": [ - "$.risk_vectors.*" - ], - "format": "json" - } - } - }, - "connectorDefinitionName": "BitSightStatisticsConnector", - "dataType": "BitSightObservationStatistics", - "dcrConfig": { - "streamName": "Custom-BitSightObservationStatistics_CL", - "dataCollectionEndpoint": "[[parameters('dcrConfig').dataCollectionEndpoint]", - "dataCollectionRuleImmutableId": "[[parameters('dcrConfig').dataCollectionRuleImmutableId]" - }, - "addOnAttributes": { - "company_guid": "$company_guid_PlaceHolder$", - "company_name": "$company_name_PlaceHolder$", - "connectionName": "[[parameters('connectionName')]", - "streams": "[[string(parameters('streams'))]" - } - }, - "condition": "[[contains(parameters('streams'), 'ObservationsStatistics')]" - }, - { - "name": "[[concat('parameters('workspace')', '/Microsoft.SecurityInsights/','BitsightIndustrialStatistics' , uniqueString(parameters('connectionName')) )]", - "apiVersion": "2023-02-01-preview", - "type": "Microsoft.OperationalInsights/workspaces/providers/dataConnectors", - "location": "[parameters('workspace-location')]", - "kind": "RestApiPoller", - "properties": { - "auth": { - "type": "Basic", - "UserName": "[[parameters('username')]", - "Password": "[[parameters('password')]" - }, - "request": { - "apiEndpoint": "[[concat(parameters('bitSightApiUrl'), '/ratings/v2/portfolio')]", - "httpMethod": "GET", - "rateLimitQPS": 1, - "paginatedCallsPerSecond": 1.0, - "queryWindowInMin": 1440, - "queryWindowDelayInMin": 60, - "retryCount": 3, - "timeoutInSeconds": 30, - "headers": { - "Accept": "application/json", - "X-BITSIGHT-CALLING-PLATFORM-VERSION": "Microsoft-Sentinel", - "X-BITSIGHT-CONNECTOR-NAME-VERSION": "3.0.2" - }, - "queryParameters": { - "fields": "name,guid" - } - }, - "response": { - "eventsJsonPaths": [ - "$.results[*]" - ], - "format": "json" - }, - "paging": { - "pagingType": "Offset", - "offsetParaName": "offset", - "pageSize": 500, - "pageSizeParameterName": "limit" - }, - "stepInfo": { - "stepType": "Nested", - "nextSteps": [ - { - "stepId": "fetch_industries_statistics", - "stepPlaceholdersParsingKql": "source | project res = parse_json(data) | project company_guid_PlaceHolder = tostring(res['guid']), company_name_PlaceHolder = tostring(res['name'])" - } - ] - }, - "stepCollectorConfigs": { - "fetch_industries_statistics": { - "shouldJoinNestedData": false, - "request": { - "apiEndpoint": "[[concat(parameters('bitSightApiUrl'), '/ratings/v1/companies/$company_guid_PlaceHolder$/industries/statistics')]", - "httpMethod": "GET", - "queryWindowInMin": 1440, - "retryCount": 3, - "timeoutInSeconds": 30, - "headers": { - "Accept": "application/json", - "X-BITSIGHT-CALLING-PLATFORM-VERSION": "Microsoft-Sentinel", - "X-BITSIGHT-CONNECTOR-NAME-VERSION": "3.0.2" - } - }, - "response": { - "eventsJsonPaths": [ - "$.risk_vectors.*" - ], - "format": "json" - } - } - }, - "connectorDefinitionName": "BitSightStatisticsConnector", - "dataType": "BitsightIndustrialStatistics", - "dcrConfig": { - "streamName": "Custom-BitsightIndustrialStatistics_CL", - "dataCollectionEndpoint": "[[parameters('dcrConfig').dataCollectionEndpoint]", - "dataCollectionRuleImmutableId": "[[parameters('dcrConfig').dataCollectionRuleImmutableId]" - }, - "addOnAttributes": { - "company_guid": "$company_guid_PlaceHolder$", - "company_name": "$company_name_PlaceHolder$", - "connectionName": "[[parameters('connectionName')]", - "streams": "[[string(parameters('streams'))]" - } - }, - "condition": "[[contains(parameters('streams'), 'IndustriesStatistics')]" - }, - { - "name": "[[concat('parameters('workspace')', '/Microsoft.SecurityInsights/','BitsightVulnerabilitiesFindingsSummary' , uniqueString(parameters('connectionName')) )]", - "apiVersion": "2023-02-01-preview", - "type": "Microsoft.OperationalInsights/workspaces/providers/dataConnectors", - "location": "[parameters('workspace-location')]", - "kind": "RestApiPoller", - "properties": { - "auth": { - "type": "Basic", - "UserName": "[[parameters('username')]", - "Password": "[[parameters('password')]" - }, - "request": { - "apiEndpoint": "https://service.bitsighttech.com/customer-api/v1/defaults/vulnerabilities", - "httpMethod": "GET", - "rateLimitQPS": 1, - "paginatedCallsPerSecond": 1.0, - "queryWindowInMin": 1440, - "queryWindowDelayInMin": 60, - "retryCount": 3, - "timeoutInSeconds": 30, - "headers": { - "Accept": "application/json" - }, - "queryParameters": { - "fields": "name,display_name,description,severity" - } - }, - "response": { - "eventsJsonPaths": [ - "$[*]" - ], - "format": "json" - }, - "paging": { - "pagingType": "Offset", - "offsetParaName": "offset", - "pageSize": 500, - "pageSizeParameterName": "limit" - }, - "connectorDefinitionName": "BitSightStatisticsConnector", - "dataType": "BitsightVulnerabilitiesFindingsSummary", - "dcrConfig": { - "streamName": "Custom-BitsightVulnerabilitiesFindingsSummary_CL", - "dataCollectionEndpoint": "[[parameters('dcrConfig').dataCollectionEndpoint]", - "dataCollectionRuleImmutableId": "[[parameters('dcrConfig').dataCollectionRuleImmutableId]" - }, - "addOnAttributes": { - "connectionName": "[[parameters('connectionName')]", - "streams": "[[string(parameters('streams'))]" - } - }, - "condition": "[[contains(parameters('streams'), 'Vulnerabilities')]" - } - ] - }, - "packageKind": "Solution", - "packageVersion": "[variables('_solutionVersion')]", - "packageName": "[variables('_solutionName')]", - "contentProductId": "[concat(take(variables('_solutionId'), 50),'-','rdc','-', uniqueString(concat(variables('_solutionId'),'-','ResourcesDataConnector','-',variables('_dataConnectorContentIdConnections3'),'-', variables('dataConnectorCCPVersion'))))]", - "packageId": "[variables('_solutionId')]", - "contentSchemaVersion": "3.0.0", - "version": "[variables('dataConnectorCCPVersion')]" - } - }, - { - "type": "Microsoft.OperationalInsights/workspaces/providers/contentPackages", - "apiVersion": "2023-04-01-preview", - "location": "[parameters('workspace-location')]", - "properties": { - "version": "3.2.0", - "kind": "Solution", - "contentSchemaVersion": "3.0.0", - "displayName": "BitSight", - "publisherDisplayName": "BitSight Support", - "descriptionHtml": "

Note: Please refer to the following before installing the solution:

\n

• Review the solution Release Notes

\n

• There may be known issues pertaining to this Solution, please refer to them before installing.

\n

The BitSight solution enables security operations teams to integrate insights from BitSight's Security Ratings platform into Microsoft Sentinel via the Codeless Connector Framework (CCF). The connector ingests Security Ratings, Company Profiles, Risk Vector breakdowns, Diligence Historical Statistics, Findings Summaries, Industry peer comparisons, and Vulnerability reference data for companies in your BitSight portfolio.

\n

Underlying Microsoft Technologies used:

\n

This solution takes a dependency on the following technologies, and some of these dependencies either may be in Preview state or might result in additional ingestion or operational costs:

\n
    \n
  1. Codeless Connector Framework (CCF)
    2. \n
\n

Data Connectors: 3, Parsers: 13, Workbooks: 1, Analytic Rules: 6

\n

Learn more about Microsoft Sentinel | Learn more about Solutions

\n", - "contentKind": "Solution", - "contentProductId": "[variables('_solutioncontentProductId')]", - "id": "[variables('_solutioncontentProductId')]", - "icon": "", - "contentId": "[variables('_solutionId')]", - "parentId": "[variables('_solutionId')]", - "source": { - "kind": "Solution", - "name": "BitSight", - "sourceId": "[variables('_solutionId')]" - }, - "author": { - "name": "Microsoft", - "email": "[variables('_email')]" - }, - "support": { - "name": "BitSight Support", - "email": "support@bitsight.com", - "tier": "Partner", - "link": "https://www.bitsight.com/customer-success-support" - }, - "dependencies": { - "operator": "AND", - "criteria": [ - { - "kind": "Workbook", - "contentId": "[variables('_workbookContentId1')]", - "version": "[variables('workbookVersion1')]" - }, - { - "kind": "AnalyticsRule", - "contentId": "[variables('analyticRuleObject1')._analyticRulecontentId1]", - "version": "[variables('analyticRuleObject1').analyticRuleVersion1]" - }, - { - "kind": "AnalyticsRule", - "contentId": "[variables('analyticRuleObject2')._analyticRulecontentId2]", - "version": "[variables('analyticRuleObject2').analyticRuleVersion2]" - }, - { - "kind": "AnalyticsRule", - "contentId": "[variables('analyticRuleObject3')._analyticRulecontentId3]", - "version": "[variables('analyticRuleObject3').analyticRuleVersion3]" - }, - { - "kind": "AnalyticsRule", - "contentId": "[variables('analyticRuleObject4')._analyticRulecontentId4]", - "version": "[variables('analyticRuleObject4').analyticRuleVersion4]" - }, - { - "kind": "AnalyticsRule", - "contentId": "[variables('analyticRuleObject5')._analyticRulecontentId5]", - "version": "[variables('analyticRuleObject5').analyticRuleVersion5]" - }, - { - "kind": "AnalyticsRule", - "contentId": "[variables('analyticRuleObject6')._analyticRulecontentId6]", - "version": "[variables('analyticRuleObject6').analyticRuleVersion6]" - }, - { - "kind": "Parser", - "contentId": "[variables('parserObject1').parserContentId1]", - "version": "[variables('parserObject1').parserVersion1]" - }, - { - "kind": "Parser", - "contentId": "[variables('parserObject2').parserContentId2]", - "version": "[variables('parserObject2').parserVersion2]" - }, - { - "kind": "Parser", - "contentId": "[variables('parserObject3').parserContentId3]", - "version": "[variables('parserObject3').parserVersion3]" - }, - { - "kind": "Parser", - "contentId": "[variables('parserObject4').parserContentId4]", - "version": "[variables('parserObject4').parserVersion4]" - }, - { - "kind": "Parser", - "contentId": "[variables('parserObject5').parserContentId5]", - "version": "[variables('parserObject5').parserVersion5]" - }, - { - "kind": "Parser", - "contentId": "[variables('parserObject6').parserContentId6]", - "version": "[variables('parserObject6').parserVersion6]" - }, - { - "kind": "Parser", - "contentId": "[variables('parserObject7').parserContentId7]", - "version": "[variables('parserObject7').parserVersion7]" - }, - { - "kind": "Parser", - "contentId": "[variables('parserObject8').parserContentId8]", - "version": "[variables('parserObject8').parserVersion8]" - }, - { - "kind": "Parser", - "contentId": "[variables('parserObject9').parserContentId9]", - "version": "[variables('parserObject9').parserVersion9]" - }, - { - "kind": "Parser", - "contentId": "[variables('parserObject10').parserContentId10]", - "version": "[variables('parserObject10').parserVersion10]" - }, - { - "kind": "Parser", - "contentId": "[variables('parserObject11').parserContentId11]", - "version": "[variables('parserObject11').parserVersion11]" - }, - { - "kind": "Parser", - "contentId": "[variables('parserObject12').parserContentId12]", - "version": "[variables('parserObject12').parserVersion12]" - }, - { - "kind": "Parser", - "contentId": "[variables('parserObject13').parserContentId13]", - "version": "[variables('parserObject13').parserVersion13]" - }, - { - "kind": "DataConnector", - "contentId": "[variables('_dataConnectorContentId1')]", - "version": "[variables('dataConnectorVersion1')]" - }, - { - "kind": "DataConnector", - "contentId": "[variables('_dataConnectorContentIdConnections2')]", - "version": "[variables('dataConnectorCCPVersion')]" - }, - { - "kind": "DataConnector", - "contentId": "[variables('_dataConnectorContentIdConnections3')]", - "version": "[variables('dataConnectorCCPVersion')]" - } - ] - }, - "firstPublishDate": "2023-02-20", - "lastPublishDate": "2024-02-20", - "providers": [ - "Bitsight" - ], - "categories": { - "domains": [ - "Security - Others" - ] - } - }, - "name": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/', variables('_solutionId'))]" - } - ], - "outputs": {} -} +{ + "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", + "contentVersion": "1.0.0.0", + "metadata": { + "author": "Microsoft - support@microsoft.com", + "comments": "Solution template for BitSight" + }, + "parameters": { + "location": { + "type": "string", + "minLength": 1, + "defaultValue": "[resourceGroup().location]", + "metadata": { + "description": "Not used, but needed to pass arm-ttk test `Location-Should-Not-Be-Hardcoded`. We instead use the `workspace-location` which is derived from the LA workspace" + } + }, + "workspace-location": { + "type": "string", + "defaultValue": "", + "metadata": { + "description": "[concat('Region to deploy solution resources -- separate from location selection',parameters('location'))]" + } + }, + "workspace": { + "defaultValue": "", + "type": "string", + "metadata": { + "description": "Workspace name for Log Analytics where Microsoft Sentinel is setup" + } + }, + "workbook1-name": { + "type": "string", + "defaultValue": "BitSight", + "minLength": 1, + "metadata": { + "description": "Name for the workbook" + } + }, + "resourceGroupName": { + "type": "string", + "defaultValue": "[resourceGroup().name]", + "metadata": { + "description": "resource group name where Microsoft Sentinel is setup" + } + }, + "subscription": { + "type": "string", + "defaultValue": "[last(split(subscription().id, '/'))]", + "metadata": { + "description": "subscription id where Microsoft Sentinel is setup" + } + } + }, + "variables": { + "email": "support@microsoft.com", + "_email": "[variables('email')]", + "_solutionName": "BitSight", + "_solutionVersion": "3.2.0", + "solutionId": "bitsight_technologies_inc.bitsight_sentinel", + "_solutionId": "[variables('solutionId')]", + "workbookVersion1": "1.0.0", + "workbookContentId1": "BitSightWorkbook", + "workbookId1": "[resourceId('Microsoft.Insights/workbooks', variables('workbookContentId1'))]", + "workbookTemplateSpecName1": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat(parameters('workspace'),'-wb-',uniquestring(variables('_workbookContentId1'))))]", + "_workbookContentId1": "[variables('workbookContentId1')]", + "workspaceResourceId": "[resourceId('microsoft.OperationalInsights/Workspaces', parameters('workspace'))]", + "_workbookcontentProductId1": "[concat(take(variables('_solutionId'),50),'-','wb','-', uniqueString(concat(variables('_solutionId'),'-','Workbook','-',variables('_workbookContentId1'),'-', variables('workbookVersion1'))))]", + "analyticRuleObject1": { + "analyticRuleVersion1": "1.0.2", + "_analyticRulecontentId1": "d8844f11-3a36-4b97-9062-1e6d57c00e37", + "analyticRuleId1": "[resourceId('Microsoft.SecurityInsights/AlertRuleTemplates', 'd8844f11-3a36-4b97-9062-1e6d57c00e37')]", + "analyticRuleTemplateSpecName1": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat(parameters('workspace'),'-ar-',uniquestring('d8844f11-3a36-4b97-9062-1e6d57c00e37')))]", + "_analyticRulecontentProductId1": "[concat(take(variables('_solutionId'),50),'-','ar','-', uniqueString(concat(variables('_solutionId'),'-','AnalyticsRule','-','d8844f11-3a36-4b97-9062-1e6d57c00e37','-', '1.0.2')))]" + }, + "analyticRuleObject2": { + "analyticRuleVersion2": "1.0.1", + "_analyticRulecontentId2": "a1275c5e-0ff4-4d15-a7b7-96018cd979f5", + "analyticRuleId2": "[resourceId('Microsoft.SecurityInsights/AlertRuleTemplates', 'a1275c5e-0ff4-4d15-a7b7-96018cd979f5')]", + "analyticRuleTemplateSpecName2": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat(parameters('workspace'),'-ar-',uniquestring('a1275c5e-0ff4-4d15-a7b7-96018cd979f5')))]", + "_analyticRulecontentProductId2": "[concat(take(variables('_solutionId'),50),'-','ar','-', uniqueString(concat(variables('_solutionId'),'-','AnalyticsRule','-','a1275c5e-0ff4-4d15-a7b7-96018cd979f5','-', '1.0.1')))]" + }, + "analyticRuleObject3": { + "analyticRuleVersion3": "1.0.2", + "_analyticRulecontentId3": "d68b758a-b117-4cb8-8e1d-dcab5a4a2f21", + "analyticRuleId3": "[resourceId('Microsoft.SecurityInsights/AlertRuleTemplates', 'd68b758a-b117-4cb8-8e1d-dcab5a4a2f21')]", + "analyticRuleTemplateSpecName3": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat(parameters('workspace'),'-ar-',uniquestring('d68b758a-b117-4cb8-8e1d-dcab5a4a2f21')))]", + "_analyticRulecontentProductId3": "[concat(take(variables('_solutionId'),50),'-','ar','-', uniqueString(concat(variables('_solutionId'),'-','AnalyticsRule','-','d68b758a-b117-4cb8-8e1d-dcab5a4a2f21','-', '1.0.2')))]" + }, + "analyticRuleObject4": { + "analyticRuleVersion4": "1.0.2", + "_analyticRulecontentId4": "161ed3ac-b242-4b13-8c6b-58716e5e9972", + "analyticRuleId4": "[resourceId('Microsoft.SecurityInsights/AlertRuleTemplates', '161ed3ac-b242-4b13-8c6b-58716e5e9972')]", + "analyticRuleTemplateSpecName4": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat(parameters('workspace'),'-ar-',uniquestring('161ed3ac-b242-4b13-8c6b-58716e5e9972')))]", + "_analyticRulecontentProductId4": "[concat(take(variables('_solutionId'),50),'-','ar','-', uniqueString(concat(variables('_solutionId'),'-','AnalyticsRule','-','161ed3ac-b242-4b13-8c6b-58716e5e9972','-', '1.0.2')))]" + }, + "analyticRuleObject5": { + "analyticRuleVersion5": "1.0.2", + "_analyticRulecontentId5": "b11fdc35-6368-4cc0-8128-52cd2e2cdda0", + "analyticRuleId5": "[resourceId('Microsoft.SecurityInsights/AlertRuleTemplates', 'b11fdc35-6368-4cc0-8128-52cd2e2cdda0')]", + "analyticRuleTemplateSpecName5": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat(parameters('workspace'),'-ar-',uniquestring('b11fdc35-6368-4cc0-8128-52cd2e2cdda0')))]", + "_analyticRulecontentProductId5": "[concat(take(variables('_solutionId'),50),'-','ar','-', uniqueString(concat(variables('_solutionId'),'-','AnalyticsRule','-','b11fdc35-6368-4cc0-8128-52cd2e2cdda0','-', '1.0.2')))]" + }, + "analyticRuleObject6": { + "analyticRuleVersion6": "1.0.1", + "_analyticRulecontentId6": "a5526ba9-5997-47c6-bf2e-60a08b681e9b", + "analyticRuleId6": "[resourceId('Microsoft.SecurityInsights/AlertRuleTemplates', 'a5526ba9-5997-47c6-bf2e-60a08b681e9b')]", + "analyticRuleTemplateSpecName6": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat(parameters('workspace'),'-ar-',uniquestring('a5526ba9-5997-47c6-bf2e-60a08b681e9b')))]", + "_analyticRulecontentProductId6": "[concat(take(variables('_solutionId'),50),'-','ar','-', uniqueString(concat(variables('_solutionId'),'-','AnalyticsRule','-','a5526ba9-5997-47c6-bf2e-60a08b681e9b','-', '1.0.1')))]" + }, + "parserObject1": { + "_parserName1": "[concat(parameters('workspace'),'/','BitSightAlerts')]", + "_parserId1": "[resourceId('Microsoft.OperationalInsights/workspaces/savedSearches', parameters('workspace'), 'BitSightAlerts')]", + "parserTemplateSpecName1": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat(parameters('workspace'),'-pr-',uniquestring('BitSightAlerts-Parser')))]", + "parserVersion1": "1.1.0", + "parserContentId1": "BitSightAlerts-Parser" + }, + "parserObject2": { + "_parserName2": "[concat(parameters('workspace'),'/','BitSightBreaches')]", + "_parserId2": "[resourceId('Microsoft.OperationalInsights/workspaces/savedSearches', parameters('workspace'), 'BitSightBreaches')]", + "parserTemplateSpecName2": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat(parameters('workspace'),'-pr-',uniquestring('BitSightBreaches-Parser')))]", + "parserVersion2": "1.1.0", + "parserContentId2": "BitSightBreaches-Parser" + }, + "parserObject3": { + "_parserName3": "[concat(parameters('workspace'),'/','BitSightCompanyDetails')]", + "_parserId3": "[resourceId('Microsoft.OperationalInsights/workspaces/savedSearches', parameters('workspace'), 'BitSightCompanyDetails')]", + "parserTemplateSpecName3": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat(parameters('workspace'),'-pr-',uniquestring('BitSightCompanyDetails-Parser')))]", + "parserVersion3": "1.1.0", + "parserContentId3": "BitSightCompanyDetails-Parser" + }, + "parserObject4": { + "_parserName4": "[concat(parameters('workspace'),'/','BitSightCompanyRatingDetails')]", + "_parserId4": "[resourceId('Microsoft.OperationalInsights/workspaces/savedSearches', parameters('workspace'), 'BitSightCompanyRatingDetails')]", + "parserTemplateSpecName4": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat(parameters('workspace'),'-pr-',uniquestring('BitSightCompanyRatingDetails-Parser')))]", + "parserVersion4": "1.0.0", + "parserContentId4": "BitSightCompanyRatingDetails-Parser" + }, + "parserObject5": { + "_parserName5": "[concat(parameters('workspace'),'/','BitSightCompanyRatings')]", + "_parserId5": "[resourceId('Microsoft.OperationalInsights/workspaces/savedSearches', parameters('workspace'), 'BitSightCompanyRatings')]", + "parserTemplateSpecName5": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat(parameters('workspace'),'-pr-',uniquestring('BitSightCompanyRatings-Parser')))]", + "parserVersion5": "1.1.0", + "parserContentId5": "BitSightCompanyRatings-Parser" + }, + "parserObject6": { + "_parserName6": "[concat(parameters('workspace'),'/','BitSightDiligenceHistoricalStatistics')]", + "_parserId6": "[resourceId('Microsoft.OperationalInsights/workspaces/savedSearches', parameters('workspace'), 'BitSightDiligenceHistoricalStatistics')]", + "parserTemplateSpecName6": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat(parameters('workspace'),'-pr-',uniquestring('BitSightDiligenceHistoricalStatistics-Parser')))]", + "parserVersion6": "1.1.0", + "parserContentId6": "BitSightDiligenceHistoricalStatistics-Parser" + }, + "parserObject7": { + "_parserName7": "[concat(parameters('workspace'),'/','BitSightDiligenceStatistics')]", + "_parserId7": "[resourceId('Microsoft.OperationalInsights/workspaces/savedSearches', parameters('workspace'), 'BitSightDiligenceStatistics')]", + "parserTemplateSpecName7": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat(parameters('workspace'),'-pr-',uniquestring('BitSightDiligenceStatistics-Parser')))]", + "parserVersion7": "1.1.0", + "parserContentId7": "BitSightDiligenceStatistics-Parser" + }, + "parserObject8": { + "_parserName8": "[concat(parameters('workspace'),'/','BitSightFindingsData')]", + "_parserId8": "[resourceId('Microsoft.OperationalInsights/workspaces/savedSearches', parameters('workspace'), 'BitSightFindingsData')]", + "parserTemplateSpecName8": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat(parameters('workspace'),'-pr-',uniquestring('BitSightFindingsData-Parser')))]", + "parserVersion8": "1.1.0", + "parserContentId8": "BitSightFindingsData-Parser" + }, + "parserObject9": { + "_parserName9": "[concat(parameters('workspace'),'/','BitSightFindingsSummary')]", + "_parserId9": "[resourceId('Microsoft.OperationalInsights/workspaces/savedSearches', parameters('workspace'), 'BitSightFindingsSummary')]", + "parserTemplateSpecName9": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat(parameters('workspace'),'-pr-',uniquestring('BitSightFindingsSummary-Parser')))]", + "parserVersion9": "1.1.0", + "parserContentId9": "BitSightFindingsSummary-Parser" + }, + "parserObject10": { + "_parserName10": "[concat(parameters('workspace'),'/','BitSightGraphData')]", + "_parserId10": "[resourceId('Microsoft.OperationalInsights/workspaces/savedSearches', parameters('workspace'), 'BitSightGraphData')]", + "parserTemplateSpecName10": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat(parameters('workspace'),'-pr-',uniquestring('BitSightGraphData-Parser')))]", + "parserVersion10": "1.1.0", + "parserContentId10": "BitSightGraphData-Parser" + }, + "parserObject11": { + "_parserName11": "[concat(parameters('workspace'),'/','BitSightIndustrialStatistics')]", + "_parserId11": "[resourceId('Microsoft.OperationalInsights/workspaces/savedSearches', parameters('workspace'), 'BitSightIndustrialStatistics')]", + "parserTemplateSpecName11": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat(parameters('workspace'),'-pr-',uniquestring('BitSightIndustrialStatistics-Parser')))]", + "parserVersion11": "1.1.0", + "parserContentId11": "BitSightIndustrialStatistics-Parser" + }, + "parserObject12": { + "_parserName12": "[concat(parameters('workspace'),'/','BitSightObservationStatistics')]", + "_parserId12": "[resourceId('Microsoft.OperationalInsights/workspaces/savedSearches', parameters('workspace'), 'BitSightObservationStatistics')]", + "parserTemplateSpecName12": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat(parameters('workspace'),'-pr-',uniquestring('BitSightObservationStatistics-Parser')))]", + "parserVersion12": "1.1.0", + "parserContentId12": "BitSightObservationStatistics-Parser" + }, + "parserObject13": { + "_parserName13": "[concat(parameters('workspace'),'/','BitSightVulnerabilitiesFindingsSummary')]", + "_parserId13": "[resourceId('Microsoft.OperationalInsights/workspaces/savedSearches', parameters('workspace'), 'BitSightVulnerabilitiesFindingsSummary')]", + "parserTemplateSpecName13": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat(parameters('workspace'),'-pr-',uniquestring('BitSightVulnerabilitiesFindingsSummary-Parser')))]", + "parserVersion13": "1.0.0", + "parserContentId13": "BitSightVulnerabilitiesFindingsSummary-Parser" + }, + "uiConfigId1": "BitSight", + "_uiConfigId1": "[variables('uiConfigId1')]", + "dataConnectorContentId1": "BitSight", + "_dataConnectorContentId1": "[variables('dataConnectorContentId1')]", + "dataConnectorId1": "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/dataConnectors', variables('_dataConnectorContentId1'))]", + "_dataConnectorId1": "[variables('dataConnectorId1')]", + "dataConnectorTemplateSpecName1": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat(parameters('workspace'),'-dc-',uniquestring(variables('_dataConnectorContentId1'))))]", + "dataConnectorVersion1": "1.0.0", + "_dataConnectorcontentProductId1": "[concat(take(variables('_solutionId'),50),'-','dc','-', uniqueString(concat(variables('_solutionId'),'-','DataConnector','-',variables('_dataConnectorContentId1'),'-', variables('dataConnectorVersion1'))))]", + "dataConnectorCCPVersion": "3.2.0", + "_dataConnectorContentIdConnectorDefinition2": "BitSightEventsConnector", + "dataConnectorTemplateNameConnectorDefinition2": "[concat(parameters('workspace'),'-dc-',uniquestring(variables('_dataConnectorContentIdConnectorDefinition2')))]", + "_dataConnectorContentIdConnections2": "BitSightEventsConnectorConnections", + "dataConnectorTemplateNameConnections2": "[concat(parameters('workspace'),'-dc-',uniquestring(variables('_dataConnectorContentIdConnections2')))]", + "dataCollectionEndpointId2": "[concat('/subscriptions/',parameters('subscription'),'/resourceGroups/',parameters('resourceGroupName'),'/providers/Microsoft.Insights/dataCollectionEndpoints/',parameters('workspace'))]", + "blanks": "[replace('b', 'b', '')]", + "_dataConnectorContentIdConnectorDefinition3": "BitSightStatisticsConnector", + "dataConnectorTemplateNameConnectorDefinition3": "[concat(parameters('workspace'),'-dc-',uniquestring(variables('_dataConnectorContentIdConnectorDefinition3')))]", + "_dataConnectorContentIdConnections3": "BitSightStatisticsConnectorConnections", + "dataConnectorTemplateNameConnections3": "[concat(parameters('workspace'),'-dc-',uniquestring(variables('_dataConnectorContentIdConnections3')))]", + "dataCollectionEndpointId3": "[concat('/subscriptions/',parameters('subscription'),'/resourceGroups/',parameters('resourceGroupName'),'/providers/Microsoft.Insights/dataCollectionEndpoints/',parameters('workspace'))]", + "_solutioncontentProductId": "[concat(take(variables('_solutionId'),50),'-','sl','-', uniqueString(concat(variables('_solutionId'),'-','Solution','-',variables('_solutionId'),'-', variables('_solutionVersion'))))]" + }, + "resources": [ + { + "type": "Microsoft.OperationalInsights/workspaces/providers/contentTemplates", + "apiVersion": "2023-04-01-preview", + "name": "[variables('workbookTemplateSpecName1')]", + "location": "[parameters('workspace-location')]", + "dependsOn": [ + "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]" + ], + "properties": { + "description": "BitSightWorkbook Workbook with template version 3.2.0", + "mainTemplate": { + "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", + "contentVersion": "[variables('workbookVersion1')]", + "parameters": {}, + "variables": {}, + "resources": [ + { + "type": "Microsoft.Insights/workbooks", + "name": "[variables('workbookContentId1')]", + "location": "[parameters('workspace-location')]", + "kind": "shared", + "apiVersion": "2021-08-01", + "metadata": { + "description": "Gain insights into BitSight data." + }, + "properties": { + "displayName": "[parameters('workbook1-name')]", + "serializedData": "{\"version\":\"Notebook/1.0\",\"items\":[{\"type\":12,\"content\":{\"version\":\"NotebookGroup/1.0\",\"groupType\":\"editable\",\"items\":[{\"type\":12,\"content\":{\"version\":\"NotebookGroup/1.0\",\"groupType\":\"editable\",\"items\":[{\"type\":1,\"content\":{\"json\":\"# My Company\"},\"name\":\"text - 2\"},{\"type\":9,\"content\":{\"version\":\"KqlParameterItem/1.0\",\"parameters\":[{\"id\":\"df9ebd46-967c-445f-9328-d3538237ba3b\",\"version\":\"KqlParameterItem/1.0\",\"name\":\"company\",\"label\":\"Company Name\",\"type\":2,\"isRequired\":true,\"query\":\"BitSightCompanyDetails\\r\\n| distinct Name\",\"typeSettings\":{\"showDefault\":false},\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"value\":\"Kati Communications, Inc.\"}],\"style\":\"pills\",\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\"},\"customWidth\":\"0\",\"name\":\"parameters - 1\"},{\"type\":9,\"content\":{\"version\":\"KqlParameterItem/1.0\",\"parameters\":[{\"id\":\"ae71f2b2-2245-4937-827e-20960f9ae3b8\",\"version\":\"KqlParameterItem/1.0\",\"name\":\"Timer\",\"label\":\"Time Range\",\"type\":4,\"isRequired\":true,\"typeSettings\":{\"selectableValues\":[{\"durationMs\":300000},{\"durationMs\":900000},{\"durationMs\":1800000},{\"durationMs\":3600000},{\"durationMs\":14400000},{\"durationMs\":43200000},{\"durationMs\":86400000},{\"durationMs\":172800000},{\"durationMs\":259200000},{\"durationMs\":604800000},{\"durationMs\":1209600000},{\"durationMs\":2419200000},{\"durationMs\":2592000000},{\"durationMs\":5184000000},{\"durationMs\":7776000000}],\"allowCustom\":true},\"timeContext\":{\"durationMs\":86400000},\"value\":{\"durationMs\":604800000}}],\"style\":\"pills\",\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\"},\"customWidth\":\"0\",\"name\":\"parameters - 0\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"let latest_Rating = toscalar(BitSightGraphData\\r\\n| where todatetime(RatingDate) {Timer} and CompanyName == '{company}'\\r\\n| distinct CompanyName, RatingDate, Rating\\r\\n| summarize High = max(Rating), Low = min(Rating), any(RatingDate, Rating)\\r\\n| order by any_RatingDate desc\\r\\n| project strcat_delim(\\\"-\\\",any_Rating, High, Low)\\r\\n| limit 1);\\r\\nBitSightCompanyDetails\\r\\n| where Name == '{company}'\\r\\n| sort by TimeGenerated\\r\\n| extend LatestRating = toint(todecimal(split(latest_Rating, \\\"-\\\")[0])), High = toint(todecimal(split(latest_Rating, \\\"-\\\")[1])), Low = toint(todecimal(split(latest_Rating, \\\"-\\\")[2]))\\r\\n| project-rename Name = Name, Subscription = SubscriptionType , Industry = Industry, [\\\"Customer Monitoring Count\\\"] = CustomerMonitoringCount, [\\\"Latest Rating\\\"] = LatestRating\\r\\n| project Name, [\\\"Latest Rating\\\"], High, Low, Industry, [\\\"Customer Monitoring Count\\\"]\\r\\n| limit 1\",\"size\":4,\"timeContext\":{\"durationMs\":2592000000},\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\"},\"name\":\"query - 3\",\"styleSettings\":{\"margin\":\"0px\",\"padding\":\"0px\"}},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"BitSightGraphData\\r\\n| where todatetime(RatingDate) {Timer} and CompanyName == '{company}'\\r\\n| distinct CompanyName, RatingDate, Rating\\r\\n| project CompanyName, RatingDate, Rating\\r\\n| order by RatingDate asc\",\"size\":0,\"aggregation\":4,\"title\":\"Security Ratings Over Time\",\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"visualization\":\"linechart\",\"chartSettings\":{\"xAxis\":\"RatingDate\",\"createOtherGroup\":0,\"showDataPoints\":true,\"ySettings\":{\"min\":300,\"max\":850}}},\"name\":\"query - 4\",\"styleSettings\":{\"showBorder\":true}},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"BitSightFindingsData\\r\\n| where todatetime(LastSeen) {Timer} and CompanyName == '{company}'\\r\\n| summarize count() by RiskVectorLabel\\r\\n| order by count_ desc\",\"size\":0,\"title\":\"Count of Observations by Risk Vector\",\"exportFieldName\":\"x\",\"exportParameterName\":\"SelectedRiskVectorLabel\",\"exportDefaultValue\":\"none\",\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"visualization\":\"categoricalbar\",\"chartSettings\":{\"xAxis\":\"RiskVectorLabel\",\"createOtherGroup\":0,\"showLegend\":true}},\"name\":\"query - 5\",\"styleSettings\":{\"showBorder\":true}},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"BitSightFindingsData\\r\\n| where todatetime(LastSeen) {Timer} and CompanyName == '{company}'\\r\\n| where RiskVectorLabel == '{SelectedRiskVectorLabel}'\\r\\n| project-away EventVendor, EventProduct\",\"size\":0,\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"gridSettings\":{\"rowLimit\":10000,\"sortBy\":[{\"itemKey\":\"RemediationHistoryLastRefreshStatusDate\",\"sortOrder\":2}]},\"sortBy\":[{\"itemKey\":\"RemediationHistoryLastRefreshStatusDate\",\"sortOrder\":2}]},\"conditionalVisibility\":{\"parameterName\":\"SelectedRiskVectorLabel\",\"comparison\":\"isNotEqualTo\",\"value\":\"none\"},\"name\":\"query - 16\",\"styleSettings\":{\"showBorder\":true}},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"BitSightFindingsData\\r\\n| where todatetime(LastSeen) {Timer} and CompanyName == '{company}' and RiskCategory == \\\"Compromised Systems\\\"\\r\\n| extend Date = format_datetime(todatetime(LastSeen), 'yyyy-MM')\\r\\n| summarize count() by RiskVectorLabel,Date\\r\\n| project Date, count_, RiskVectorLabel\\r\\n| order by Date asc\\r\\n\",\"size\":0,\"aggregation\":4,\"title\":\"Compromised Systems by Risk Vector Over Time\",\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"visualization\":\"linechart\",\"graphSettings\":{\"type\":0,\"topContent\":{\"columnMatch\":\"Date\",\"formatter\":1},\"centerContent\":{\"columnMatch\":\"count_\",\"formatter\":1,\"numberFormat\":{\"unit\":17,\"options\":{\"maximumSignificantDigits\":3,\"maximumFractionDigits\":2}}}},\"chartSettings\":{\"xAxis\":\"Date\",\"yAxis\":[\"count_\"],\"group\":\"RiskVectorLabel\",\"showDataPoints\":true}},\"name\":\"query - 6\",\"styleSettings\":{\"showBorder\":true}},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"BitSightFindingsData\\r\\n| where todatetime(LastSeen) {Timer} and CompanyName == '{company}' and RiskCategory == \\\"User Behavior\\\"\\r\\n| extend Date = format_datetime(todatetime(LastSeen), 'yyyy-MM')\\r\\n| summarize count() by RiskVectorLabel,Date\\r\\n| project Date, count_, RiskVectorLabel\\r\\n| order by Date asc\\r\\n\",\"size\":0,\"aggregation\":4,\"title\":\"User Behavior by Risk Vector Over Time\",\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"visualization\":\"linechart\",\"chartSettings\":{\"xAxis\":\"Date\",\"yAxis\":[\"count_\"],\"group\":\"RiskVectorLabel\"}},\"name\":\"query - 15\"},{\"type\":1,\"content\":{\"json\":\"##### Diligence by Risk Vector Over Time\"},\"name\":\"text - 13\"},{\"type\":9,\"content\":{\"version\":\"KqlParameterItem/1.0\",\"parameters\":[{\"id\":\"4d26ba1c-db98-437a-9a0c-63126f341afb\",\"version\":\"KqlParameterItem/1.0\",\"name\":\"Risk_Vector\",\"label\":\"Risk Vector\",\"type\":2,\"isRequired\":true,\"multiSelect\":true,\"quote\":\"'\",\"delimiter\":\",\",\"query\":\"BitSightFindingsData\\r\\n| where todatetime(LastSeen) {Timer} and CompanyName == '{company}' and RiskCategory == \\\"Diligence\\\"\\r\\n| distinct RiskVectorLabel\\r\\n\",\"typeSettings\":{\"additionalResourceOptions\":[\"value::all\"],\"selectAllValue\":\"*\",\"showDefault\":false},\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"value\":[\"value::all\"]}],\"style\":\"pills\",\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\"},\"name\":\"parameters - 12\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"BitSightFindingsData\\r\\n| where todatetime(LastSeen) {Timer} and CompanyName == '{company}' and RiskCategory == \\\"Diligence\\\" and ('*' in ({Risk_Vector}) or RiskVectorLabel in ({Risk_Vector}))\\r\\n| extend Date = format_datetime(todatetime(LastSeen), 'yyyy-MM')\\r\\n| summarize count() by RiskVectorLabel,Date\\r\\n| project Date, count_, RiskVectorLabel\\r\\n| order by Date asc\\r\\n\",\"size\":0,\"aggregation\":4,\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"visualization\":\"linechart\",\"tileSettings\":{\"showBorder\":false,\"titleContent\":{\"columnMatch\":\"Date\",\"formatter\":1},\"leftContent\":{\"columnMatch\":\"count_\",\"formatter\":12,\"formatOptions\":{\"palette\":\"auto\"},\"numberFormat\":{\"unit\":17,\"options\":{\"maximumSignificantDigits\":3,\"maximumFractionDigits\":2}}}},\"chartSettings\":{\"xAxis\":\"Date\",\"yAxis\":[\"count_\"],\"group\":\"RiskVectorLabel\",\"createOtherGroup\":0,\"showDataPoints\":true}},\"name\":\"query - 14\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"BitSightDiligenceHistoricalStatistics\\r\\n| where todatetime(Date) {Timer} and CompanyName == '{company}'\\r\\n| extend yyyy_mm = format_datetime(todatetime(Date), 'yyyy-MM')\\r\\n| summarize round(avg(Count),2) by yyyy_mm, Category\\r\\n| project Category, avg_Count, yyyy_mm = strcat(yyyy_mm,\\\" (Avg)\\\")\\r\\n| order by yyyy_mm asc, Category asc\\r\\n| limit 15\",\"size\":0,\"aggregation\":4,\"title\":\"Diligence Observations by Severity\",\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"visualization\":\"unstackedbar\",\"chartSettings\":{\"xAxis\":\"yyyy_mm\",\"yAxis\":[\"avg_Count\"],\"group\":\"Category\"}},\"name\":\"query - 8\",\"styleSettings\":{\"showBorder\":true}},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"BitSightFindingsData\\r\\n| where todatetime(LastSeen) {Timer} and CompanyName == '{company}' and RiskCategory == \\\"Compromised Systems\\\" and RiskVectorLabel == \\\"Botnet Infections\\\"\\r\\n| extend d=parse_json(Details) \\r\\n| mv-expand asset = todynamic(Assets)\\r\\n| project Infection = dynamic_to_json(d[0].infection.family), [\\\"Detection Method\\\"] = dynamic_to_json(d[0].detection_method), [\\\"Last Seen\\\"] = column_ifexists(\\\"LastSeen\\\",\\\"\\\"), Asset = dynamic_to_json(asset.asset)\\r\\n| distinct Infection, [\\\"Detection Method\\\"], Asset, [\\\"Last Seen\\\"]\\r\\n| order by [\\\"Last Seen\\\"] desc\",\"size\":0,\"title\":\"Infections\",\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"gridSettings\":{\"rowLimit\":10000,\"filter\":true}},\"name\":\"query - 7\",\"styleSettings\":{\"showBorder\":true}},{\"type\":1,\"content\":{\"json\":\"##### Vulnerabilities\"},\"name\":\"text - 11\"},{\"type\":9,\"content\":{\"version\":\"KqlParameterItem/1.0\",\"parameters\":[{\"id\":\"c7ff4374-c346-4c43-9354-8936687c2704\",\"version\":\"KqlParameterItem/1.0\",\"name\":\"Severity\",\"type\":2,\"isRequired\":true,\"multiSelect\":true,\"quote\":\"'\",\"delimiter\":\",\",\"query\":\"BitSightFindingsSummary\\r\\n| where todatetime(StartDate) {Timer} and Company == '{company}'\\r\\n| extend Filter = case(toreal(Severity) <= 3.9 and toreal(Severity) >= 0.0, \\\"Minor\\\", \\r\\n toreal(Severity) <= 6.9 and toreal(Severity) >= 4.0, \\\"Moderate\\\",\\r\\n toreal(Severity) <= 8.9 and toreal(Severity) >= 7.0, \\\"Material\\\",\\r\\n toreal(Severity) <= 10.0 and toreal(Severity) >= 9.0, \\\"Severe\\\",\\r\\n \\\"\\\")\\r\\n| distinct Filter\",\"typeSettings\":{\"additionalResourceOptions\":[\"value::all\"],\"selectAllValue\":\"*\",\"showDefault\":false},\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"value\":[\"value::all\"]}],\"style\":\"pills\",\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\"},\"name\":\"parameters - 10\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"BitSightFindingsSummary\\r\\n| where todatetime(StartDate) {Timer} and Company == '{company}'\\r\\n| distinct Name, Severity, StartDate, EndDate, Description\\r\\n| extend [\\\"Severity Details\\\"] = case(toreal(Severity) <= 3.9 and toreal(Severity) >= 0.0, \\\"Minor\\\", \\r\\n toreal(Severity) <= 6.9 and toreal(Severity) >= 4.0, \\\"Moderate\\\",\\r\\n toreal(Severity) <= 8.9 and toreal(Severity) >= 7.0, \\\"Material\\\",\\r\\n toreal(Severity) <= 10.0 and toreal(Severity) >= 9.0, \\\"Severe\\\",\\r\\n \\\"\\\")\\r\\n| where ('*' in ({Severity}) or [\\\"Severity Details\\\"] in ({Severity}))\\r\\n| project-rename Name = Name, [\\\"Start Date\\\"] = StartDate, [\\\"End Date\\\"] = EndDate\\r\\n| project Name, [\\\"Severity Details\\\"], [\\\"Start Date\\\"], [\\\"End Date\\\"], Description\\r\\n\",\"size\":0,\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"gridSettings\":{\"rowLimit\":10000,\"filter\":true}},\"name\":\"query - 9\",\"styleSettings\":{\"showBorder\":true}}]},\"name\":\"My Company\"}]},\"name\":\"Main\",\"styleSettings\":{\"showBorder\":true}}],\"fromTemplateId\":\"sentinel-BitSightWorkbook\",\"$schema\":\"https://github.com/Microsoft/Application-Insights-Workbooks/blob/master/schema/workbook.json\"}\n", + "version": "1.0", + "sourceId": "[variables('workspaceResourceId')]", + "category": "sentinel" + } + }, + { + "type": "Microsoft.OperationalInsights/workspaces/providers/metadata", + "apiVersion": "2022-01-01-preview", + "name": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat('Workbook-', last(split(variables('workbookId1'),'/'))))]", + "properties": { + "description": "@{workbookKey=BitSightWorkbook; logoFileName=BitSight.svg; description=Gain insights into BitSight data.; dataTypesDependencies=System.Object[]; dataConnectorsDependencies=System.Object[]; previewImagesFileNames=System.Object[]; version=1.0.0; title=BitSight; templateRelativePath=BitSightWorkbook.json; subtitle=; provider=BitSight}.description", + "parentId": "[variables('workbookId1')]", + "contentId": "[variables('_workbookContentId1')]", + "kind": "Workbook", + "version": "[variables('workbookVersion1')]", + "source": { + "kind": "Solution", + "name": "BitSight", + "sourceId": "[variables('_solutionId')]" + }, + "author": { + "name": "Microsoft", + "email": "[variables('_email')]" + }, + "support": { + "name": "BitSight Support", + "email": "support@bitsight.com", + "tier": "Partner", + "link": "https://www.bitsight.com/customer-success-support" + }, + "dependencies": { + "operator": "AND", + "criteria": [ + { + "contentId": "Alerts_data_CL", + "kind": "DataType" + }, + { + "contentId": "BitsightBreaches_data_CL", + "kind": "DataType" + }, + { + "contentId": "BitsightCompany_details_CL", + "kind": "DataType" + }, + { + "contentId": "BitsightCompany_rating_details_CL", + "kind": "DataType" + }, + { + "contentId": "BitsightDiligence_historical_statistics_CL", + "kind": "DataType" + }, + { + "contentId": "BitsightDiligence_statistics_CL", + "kind": "DataType" + }, + { + "contentId": "BitsightFindings_summary_CL", + "kind": "DataType" + }, + { + "contentId": "BitsightFindings_data_CL", + "kind": "DataType" + }, + { + "contentId": "BitsightGraph_data_CL", + "kind": "DataType" + }, + { + "contentId": "BitsightIndustrial_statistics_CL", + "kind": "DataType" + }, + { + "contentId": "BitsightObservation_statistics_CL", + "kind": "DataType" + }, + { + "contentId": "BitSightDatConnector", + "kind": "DataConnector" + } + ] + } + } + } + ] + }, + "packageKind": "Solution", + "packageVersion": "[variables('_solutionVersion')]", + "packageName": "[variables('_solutionName')]", + "packageId": "[variables('_solutionId')]", + "contentSchemaVersion": "3.0.0", + "contentId": "[variables('_workbookContentId1')]", + "contentKind": "Workbook", + "displayName": "[parameters('workbook1-name')]", + "contentProductId": "[variables('_workbookcontentProductId1')]", + "id": "[variables('_workbookcontentProductId1')]", + "version": "[variables('workbookVersion1')]" + } + }, + { + "type": "Microsoft.OperationalInsights/workspaces/providers/contentTemplates", + "apiVersion": "2023-04-01-preview", + "name": "[variables('analyticRuleObject1').analyticRuleTemplateSpecName1]", + "location": "[parameters('workspace-location')]", + "dependsOn": [ + "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]" + ], + "properties": { + "description": "BitSightDropInCompanyRatings_AnalyticalRules Analytics Rule with template version 3.2.0", + "mainTemplate": { + "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", + "contentVersion": "[variables('analyticRuleObject1').analyticRuleVersion1]", + "parameters": {}, + "variables": {}, + "resources": [ + { + "type": "Microsoft.SecurityInsights/AlertRuleTemplates", + "name": "[variables('analyticRuleObject1')._analyticRulecontentId1]", + "apiVersion": "2023-02-01-preview", + "kind": "Scheduled", + "location": "[parameters('workspace-location')]", + "properties": { + "description": "Rule helps to detect when there is a drop of 10% or more in BitSight company ratings.", + "displayName": "BitSight - drop in company ratings", + "enabled": false, + "query": "let timeframe = 24h;\nBitSightGraphData\n| where ingestion_time() > ago(timeframe)and toint(RatingDifferance) < 0\n| extend percentage = -(toreal(RatingDifferance)/toreal(Rating))*100\n| where percentage >= 10\n| project RatingDate, Rating, CompanyName, percentage\n", + "queryFrequency": "P1D", + "queryPeriod": "PT24H", + "severity": "High", + "suppressionDuration": "PT1H", + "suppressionEnabled": false, + "triggerOperator": "GreaterThan", + "triggerThreshold": 0, + "status": "Available", + "requiredDataConnectors": [ + { + "dataTypes": [ + "BitSightGraphData" + ], + "connectorId": "BitSight" + } + ], + "tactics": [ + "Reconnaissance", + "CommandAndControl" + ], + "techniques": [ + "T1591", + "T1090" + ], + "eventGroupingSettings": { + "aggregationKind": "AlertPerResult" + }, + "customDetails": { + "CompanyName": "CompanyName", + "CompanyRating": "Rating" + }, + "alertDetailsOverride": { + "alertDisplayNameFormat": "BitSight : Alert for >10% drop in ratings of {{CompanyName}}.", + "alertDescriptionFormat": "Alert is generated for {{CompanyName}}.\\n\\nRating Date: {{RatingDate}}\\nPercentage Drop: {{percentage}}%" + }, + "incidentConfiguration": { + "createIncident": false + } + } + }, + { + "type": "Microsoft.OperationalInsights/workspaces/providers/metadata", + "apiVersion": "2022-01-01-preview", + "name": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat('AnalyticsRule-', last(split(variables('analyticRuleObject1').analyticRuleId1,'/'))))]", + "properties": { + "description": "BitSight Analytics Rule 1", + "parentId": "[variables('analyticRuleObject1').analyticRuleId1]", + "contentId": "[variables('analyticRuleObject1')._analyticRulecontentId1]", + "kind": "AnalyticsRule", + "version": "[variables('analyticRuleObject1').analyticRuleVersion1]", + "source": { + "kind": "Solution", + "name": "BitSight", + "sourceId": "[variables('_solutionId')]" + }, + "author": { + "name": "Microsoft", + "email": "[variables('_email')]" + }, + "support": { + "name": "BitSight Support", + "email": "support@bitsight.com", + "tier": "Partner", + "link": "https://www.bitsight.com/customer-success-support" + } + } + } + ] + }, + "packageKind": "Solution", + "packageVersion": "[variables('_solutionVersion')]", + "packageName": "[variables('_solutionName')]", + "packageId": "[variables('_solutionId')]", + "contentSchemaVersion": "3.0.0", + "contentId": "[variables('analyticRuleObject1')._analyticRulecontentId1]", + "contentKind": "AnalyticsRule", + "displayName": "BitSight - drop in company ratings", + "contentProductId": "[variables('analyticRuleObject1')._analyticRulecontentProductId1]", + "id": "[variables('analyticRuleObject1')._analyticRulecontentProductId1]", + "version": "[variables('analyticRuleObject1').analyticRuleVersion1]" + } + }, + { + "type": "Microsoft.OperationalInsights/workspaces/providers/contentTemplates", + "apiVersion": "2023-04-01-preview", + "name": "[variables('analyticRuleObject2').analyticRuleTemplateSpecName2]", + "location": "[parameters('workspace-location')]", + "dependsOn": [ + "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]" + ], + "properties": { + "description": "BitSightNewAlertFound_AnalyticalRules Analytics Rule with template version 3.2.0", + "mainTemplate": { + "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", + "contentVersion": "[variables('analyticRuleObject2').analyticRuleVersion2]", + "parameters": {}, + "variables": {}, + "resources": [ + { + "type": "Microsoft.SecurityInsights/AlertRuleTemplates", + "name": "[variables('analyticRuleObject2')._analyticRulecontentId2]", + "apiVersion": "2023-02-01-preview", + "kind": "Scheduled", + "location": "[parameters('workspace-location')]", + "properties": { + "description": "Rule helps to detect a new alerts generated in BitSight.", + "displayName": "BitSight - new alert found", + "enabled": false, + "query": "let timeframe = 24h;\nBitSightAlerts\n| where ingestion_time() > ago(timeframe)\n| extend Severity = case( Severity contains \"INCREASE\", \"Low\",\n Severity contains \"WARN\" or Severity contains \"DECREASE\", \"Medium\",\n Severity contains \"CRITICAL\", \"High\",\n \"Informational\")\n| extend CompanyURL = strcat(\"https://service.bitsighttech.com/app/spm\",CompanyURL)\n| project CompanyName, Severity, Trigger, CompanyURL, AlertDate, GUID\n", + "queryFrequency": "P1D", + "queryPeriod": "PT24H", + "severity": "High", + "suppressionDuration": "PT1H", + "suppressionEnabled": false, + "triggerOperator": "GreaterThan", + "triggerThreshold": 0, + "status": "Available", + "requiredDataConnectors": [ + { + "dataTypes": [ + "BitSightAlerts" + ], + "connectorId": "BitSight" + } + ], + "tactics": [ + "Impact", + "InitialAccess" + ], + "techniques": [ + "T1491", + "T1190" + ], + "entityMappings": [ + { + "fieldMappings": [ + { + "columnName": "CompanyURL", + "identifier": "Url" + } + ], + "entityType": "URL" + } + ], + "eventGroupingSettings": { + "aggregationKind": "AlertPerResult" + }, + "alertDetailsOverride": { + "alertSeverityColumnName": "Severity", + "alertDisplayNameFormat": "BitSight: Alert for {{Trigger}} in {{CompanyName}} from bitsight.", + "alertDescriptionFormat": "Alert generated on {{AlertDate}} in BitSight.\\n\\nCompany URL: {{CompanyURL}}\\nAlert GUID: {{GUID}}" + }, + "incidentConfiguration": { + "createIncident": false + } + } + }, + { + "type": "Microsoft.OperationalInsights/workspaces/providers/metadata", + "apiVersion": "2022-01-01-preview", + "name": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat('AnalyticsRule-', last(split(variables('analyticRuleObject2').analyticRuleId2,'/'))))]", + "properties": { + "description": "BitSight Analytics Rule 2", + "parentId": "[variables('analyticRuleObject2').analyticRuleId2]", + "contentId": "[variables('analyticRuleObject2')._analyticRulecontentId2]", + "kind": "AnalyticsRule", + "version": "[variables('analyticRuleObject2').analyticRuleVersion2]", + "source": { + "kind": "Solution", + "name": "BitSight", + "sourceId": "[variables('_solutionId')]" + }, + "author": { + "name": "Microsoft", + "email": "[variables('_email')]" + }, + "support": { + "name": "BitSight Support", + "email": "support@bitsight.com", + "tier": "Partner", + "link": "https://www.bitsight.com/customer-success-support" + } + } + } + ] + }, + "packageKind": "Solution", + "packageVersion": "[variables('_solutionVersion')]", + "packageName": "[variables('_solutionName')]", + "packageId": "[variables('_solutionId')]", + "contentSchemaVersion": "3.0.0", + "contentId": "[variables('analyticRuleObject2')._analyticRulecontentId2]", + "contentKind": "AnalyticsRule", + "displayName": "BitSight - new alert found", + "contentProductId": "[variables('analyticRuleObject2')._analyticRulecontentProductId2]", + "id": "[variables('analyticRuleObject2')._analyticRulecontentProductId2]", + "version": "[variables('analyticRuleObject2').analyticRuleVersion2]" + } + }, + { + "type": "Microsoft.OperationalInsights/workspaces/providers/contentTemplates", + "apiVersion": "2023-04-01-preview", + "name": "[variables('analyticRuleObject3').analyticRuleTemplateSpecName3]", + "location": "[parameters('workspace-location')]", + "dependsOn": [ + "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]" + ], + "properties": { + "description": "BitSightCompromisedSystemsDetected_AnalyticalRules Analytics Rule with template version 3.2.0", + "mainTemplate": { + "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", + "contentVersion": "[variables('analyticRuleObject3').analyticRuleVersion3]", + "parameters": {}, + "variables": {}, + "resources": [ + { + "type": "Microsoft.SecurityInsights/AlertRuleTemplates", + "name": "[variables('analyticRuleObject3')._analyticRulecontentId3]", + "apiVersion": "2023-02-01-preview", + "kind": "Scheduled", + "location": "[parameters('workspace-location')]", + "properties": { + "description": "Rule helps to detect whenever there is a compromised systems found in BitSight.", + "displayName": "BitSight - compromised systems detected", + "enabled": false, + "query": "let timeframe = 24h;\nBitSightFindingsData\n| where ingestion_time() > ago(timeframe)\n| where RiskCategory == \"Compromised Systems\"\n| extend Severity = toreal(Severity)\n| extend Severity = case( Severity <= 6.9 and Severity >= 4.0, \"Low\",\n Severity <= 8.9 and Severity >= 7.0, \"Medium\",\n Severity <= 10.0 and Severity >= 9.0, \"High\",\n \"Informational\")\n| project FirstSeen, CompanyName, Severity, RiskCategory, RiskVector, TemporaryId\n", + "queryFrequency": "P1D", + "queryPeriod": "PT24H", + "severity": "Medium", + "suppressionDuration": "PT1H", + "suppressionEnabled": false, + "triggerOperator": "GreaterThan", + "triggerThreshold": 0, + "status": "Available", + "requiredDataConnectors": [ + { + "dataTypes": [ + "BitSightFindingsData" + ], + "connectorId": "BitSight" + } + ], + "tactics": [ + "Execution" + ], + "techniques": [ + "T1203" + ], + "entityMappings": [ + { + "fieldMappings": [ + { + "columnName": "RiskVector", + "identifier": "Name" + }, + { + "columnName": "RiskCategory", + "identifier": "Category" + } + ], + "entityType": "Malware" + } + ], + "eventGroupingSettings": { + "aggregationKind": "AlertPerResult" + }, + "alertDetailsOverride": { + "alertSeverityColumnName": "Severity", + "alertDisplayNameFormat": "BitSight: Alert for {{RiskVector}} in {{CompanyName}} from BitSight", + "alertDescriptionFormat": "Alert is generated for {{CompanyName}}.\\n\\nRisk Vector: {{RiskVector}}\\nTemporaryId: {{TemporaryId}}\\nRisk Category: Compromised Systems" + }, + "incidentConfiguration": { + "createIncident": true + } + } + }, + { + "type": "Microsoft.OperationalInsights/workspaces/providers/metadata", + "apiVersion": "2022-01-01-preview", + "name": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat('AnalyticsRule-', last(split(variables('analyticRuleObject3').analyticRuleId3,'/'))))]", + "properties": { + "description": "BitSight Analytics Rule 3", + "parentId": "[variables('analyticRuleObject3').analyticRuleId3]", + "contentId": "[variables('analyticRuleObject3')._analyticRulecontentId3]", + "kind": "AnalyticsRule", + "version": "[variables('analyticRuleObject3').analyticRuleVersion3]", + "source": { + "kind": "Solution", + "name": "BitSight", + "sourceId": "[variables('_solutionId')]" + }, + "author": { + "name": "Microsoft", + "email": "[variables('_email')]" + }, + "support": { + "name": "BitSight Support", + "email": "support@bitsight.com", + "tier": "Partner", + "link": "https://www.bitsight.com/customer-success-support" + } + } + } + ] + }, + "packageKind": "Solution", + "packageVersion": "[variables('_solutionVersion')]", + "packageName": "[variables('_solutionName')]", + "packageId": "[variables('_solutionId')]", + "contentSchemaVersion": "3.0.0", + "contentId": "[variables('analyticRuleObject3')._analyticRulecontentId3]", + "contentKind": "AnalyticsRule", + "displayName": "BitSight - compromised systems detected", + "contentProductId": "[variables('analyticRuleObject3')._analyticRulecontentProductId3]", + "id": "[variables('analyticRuleObject3')._analyticRulecontentProductId3]", + "version": "[variables('analyticRuleObject3').analyticRuleVersion3]" + } + }, + { + "type": "Microsoft.OperationalInsights/workspaces/providers/contentTemplates", + "apiVersion": "2023-04-01-preview", + "name": "[variables('analyticRuleObject4').analyticRuleTemplateSpecName4]", + "location": "[parameters('workspace-location')]", + "dependsOn": [ + "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]" + ], + "properties": { + "description": "BitSightDiligenceRiskCategoryDetected_AnalyticalRules Analytics Rule with template version 3.2.0", + "mainTemplate": { + "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", + "contentVersion": "[variables('analyticRuleObject4').analyticRuleVersion4]", + "parameters": {}, + "variables": {}, + "resources": [ + { + "type": "Microsoft.SecurityInsights/AlertRuleTemplates", + "name": "[variables('analyticRuleObject4')._analyticRulecontentId4]", + "apiVersion": "2023-02-01-preview", + "kind": "Scheduled", + "location": "[parameters('workspace-location')]", + "properties": { + "description": "Rule helps to detect whenever there is a diligence risk category found in BitSight.", + "displayName": "BitSight - diligence risk category detected", + "enabled": false, + "query": "let timeframe = 24h;\nBitSightFindingsData\n| where ingestion_time() > ago(timeframe)\n| where RiskCategory == \"Diligence\"\n| extend Severity = toreal(Severity)\n| extend Severity = case( Severity <= 6.9 and Severity >= 4.0, \"Low\",\n Severity <= 8.9 and Severity >= 7.0, \"Medium\",\n Severity <= 10.0 and Severity >= 9.0, \"High\",\n \"Informational\")\n| project FirstSeen, CompanyName, Severity, RiskCategory, TemporaryId, RiskVector\n", + "queryFrequency": "P1D", + "queryPeriod": "PT24H", + "severity": "Medium", + "suppressionDuration": "PT1H", + "suppressionEnabled": false, + "triggerOperator": "GreaterThan", + "triggerThreshold": 0, + "status": "Available", + "requiredDataConnectors": [ + { + "dataTypes": [ + "BitSightFindingsData" + ], + "connectorId": "BitSight" + } + ], + "tactics": [ + "Execution", + "Reconnaissance" + ], + "subTechniques": [ + "T1595.002" + ], + "techniques": [ + "T1203", + "T1595" + ], + "entityMappings": [ + { + "fieldMappings": [ + { + "columnName": "RiskVector", + "identifier": "Name" + }, + { + "columnName": "RiskCategory", + "identifier": "Category" + } + ], + "entityType": "Malware" + } + ], + "eventGroupingSettings": { + "aggregationKind": "AlertPerResult" + }, + "alertDetailsOverride": { + "alertSeverityColumnName": "Severity", + "alertDisplayNameFormat": "BitSight: Alert for {{RiskVector}} in {{CompanyName}} from BitSight", + "alertDescriptionFormat": "Alert is generated for {{CompanyName}}.\\n\\nRisk Vector: {{RiskVector}}\\nTemporaryId: {{TemporaryId}}\\nRisk Category: Diligence" + }, + "incidentConfiguration": { + "createIncident": false + } + } + }, + { + "type": "Microsoft.OperationalInsights/workspaces/providers/metadata", + "apiVersion": "2022-01-01-preview", + "name": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat('AnalyticsRule-', last(split(variables('analyticRuleObject4').analyticRuleId4,'/'))))]", + "properties": { + "description": "BitSight Analytics Rule 4", + "parentId": "[variables('analyticRuleObject4').analyticRuleId4]", + "contentId": "[variables('analyticRuleObject4')._analyticRulecontentId4]", + "kind": "AnalyticsRule", + "version": "[variables('analyticRuleObject4').analyticRuleVersion4]", + "source": { + "kind": "Solution", + "name": "BitSight", + "sourceId": "[variables('_solutionId')]" + }, + "author": { + "name": "Microsoft", + "email": "[variables('_email')]" + }, + "support": { + "name": "BitSight Support", + "email": "support@bitsight.com", + "tier": "Partner", + "link": "https://www.bitsight.com/customer-success-support" + } + } + } + ] + }, + "packageKind": "Solution", + "packageVersion": "[variables('_solutionVersion')]", + "packageName": "[variables('_solutionName')]", + "packageId": "[variables('_solutionId')]", + "contentSchemaVersion": "3.0.0", + "contentId": "[variables('analyticRuleObject4')._analyticRulecontentId4]", + "contentKind": "AnalyticsRule", + "displayName": "BitSight - diligence risk category detected", + "contentProductId": "[variables('analyticRuleObject4')._analyticRulecontentProductId4]", + "id": "[variables('analyticRuleObject4')._analyticRulecontentProductId4]", + "version": "[variables('analyticRuleObject4').analyticRuleVersion4]" + } + }, + { + "type": "Microsoft.OperationalInsights/workspaces/providers/contentTemplates", + "apiVersion": "2023-04-01-preview", + "name": "[variables('analyticRuleObject5').analyticRuleTemplateSpecName5]", + "location": "[parameters('workspace-location')]", + "dependsOn": [ + "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]" + ], + "properties": { + "description": "BitSightDropInHeadlineRating_AnalyticalRules Analytics Rule with template version 3.2.0", + "mainTemplate": { + "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", + "contentVersion": "[variables('analyticRuleObject5').analyticRuleVersion5]", + "parameters": {}, + "variables": {}, + "resources": [ + { + "type": "Microsoft.SecurityInsights/AlertRuleTemplates", + "name": "[variables('analyticRuleObject5')._analyticRulecontentId5]", + "apiVersion": "2023-02-01-preview", + "kind": "Scheduled", + "location": "[parameters('workspace-location')]", + "properties": { + "description": "Rule helps to detect if headline ratings is drop in BitSight.", + "displayName": "BitSight - drop in the headline rating", + "enabled": false, + "query": "let timeframe = 24h;\nBitSightGraphData\n| where ingestion_time() > ago(timeframe)\n| where toint(RatingDifferance) < 0\n| project RatingDate, Rating, CompanyName, RatingDifferance\n", + "queryFrequency": "P1D", + "queryPeriod": "PT24H", + "severity": "High", + "suppressionDuration": "PT1H", + "suppressionEnabled": false, + "triggerOperator": "GreaterThan", + "triggerThreshold": 0, + "status": "Available", + "requiredDataConnectors": [ + { + "dataTypes": [ + "BitSightGraphData" + ], + "connectorId": "BitSight" + } + ], + "tactics": [ + "Reconnaissance", + "CommandAndControl" + ], + "techniques": [ + "T1591", + "T1090" + ], + "eventGroupingSettings": { + "aggregationKind": "AlertPerResult" + }, + "customDetails": { + "CompanyName": "CompanyName", + "CompanyRating": "Rating" + }, + "alertDetailsOverride": { + "alertDisplayNameFormat": "BitSight : Alert for drop in the headline rating of {{CompanyName}}.", + "alertDescriptionFormat": "Alert is generated for {{CompanyName}}.\\n\\nRating Date: {{RatingDate}}\\nRating Drop: {{RatingDifferance}}" + }, + "incidentConfiguration": { + "createIncident": false + } + } + }, + { + "type": "Microsoft.OperationalInsights/workspaces/providers/metadata", + "apiVersion": "2022-01-01-preview", + "name": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat('AnalyticsRule-', last(split(variables('analyticRuleObject5').analyticRuleId5,'/'))))]", + "properties": { + "description": "BitSight Analytics Rule 5", + "parentId": "[variables('analyticRuleObject5').analyticRuleId5]", + "contentId": "[variables('analyticRuleObject5')._analyticRulecontentId5]", + "kind": "AnalyticsRule", + "version": "[variables('analyticRuleObject5').analyticRuleVersion5]", + "source": { + "kind": "Solution", + "name": "BitSight", + "sourceId": "[variables('_solutionId')]" + }, + "author": { + "name": "Microsoft", + "email": "[variables('_email')]" + }, + "support": { + "name": "BitSight Support", + "email": "support@bitsight.com", + "tier": "Partner", + "link": "https://www.bitsight.com/customer-success-support" + } + } + } + ] + }, + "packageKind": "Solution", + "packageVersion": "[variables('_solutionVersion')]", + "packageName": "[variables('_solutionName')]", + "packageId": "[variables('_solutionId')]", + "contentSchemaVersion": "3.0.0", + "contentId": "[variables('analyticRuleObject5')._analyticRulecontentId5]", + "contentKind": "AnalyticsRule", + "displayName": "BitSight - drop in the headline rating", + "contentProductId": "[variables('analyticRuleObject5')._analyticRulecontentProductId5]", + "id": "[variables('analyticRuleObject5')._analyticRulecontentProductId5]", + "version": "[variables('analyticRuleObject5').analyticRuleVersion5]" + } + }, + { + "type": "Microsoft.OperationalInsights/workspaces/providers/contentTemplates", + "apiVersion": "2023-04-01-preview", + "name": "[variables('analyticRuleObject6').analyticRuleTemplateSpecName6]", + "location": "[parameters('workspace-location')]", + "dependsOn": [ + "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]" + ], + "properties": { + "description": "BitSightNewBreachFound_AnalyticalRules Analytics Rule with template version 3.2.0", + "mainTemplate": { + "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", + "contentVersion": "[variables('analyticRuleObject6').analyticRuleVersion6]", + "parameters": {}, + "variables": {}, + "resources": [ + { + "type": "Microsoft.SecurityInsights/AlertRuleTemplates", + "name": "[variables('analyticRuleObject6')._analyticRulecontentId6]", + "apiVersion": "2023-02-01-preview", + "kind": "Scheduled", + "location": "[parameters('workspace-location')]", + "properties": { + "description": "Rule helps to detect a new breach generated in BitSight.", + "displayName": "BitSight - new breach found", + "enabled": false, + "query": "let timeframe = 24h;\nBitSightBreaches\n| where ingestion_time() > ago(timeframe)\n| extend Severity = toreal(Severity)\n| extend Severity = case( Severity == 1, \"Low\",\n Severity == 2, \"Medium\",\n Severity == 3, \"High\",\n \"Informational\")\n| project DateCreated, Companyname, Severity, PreviwURL, GUID\n", + "queryFrequency": "P1D", + "queryPeriod": "PT24H", + "severity": "Medium", + "suppressionDuration": "PT1H", + "suppressionEnabled": false, + "triggerOperator": "GreaterThan", + "triggerThreshold": 0, + "status": "Available", + "requiredDataConnectors": [ + { + "dataTypes": [ + "BitSightBreaches" + ], + "connectorId": "BitSight" + } + ], + "tactics": [ + "Impact", + "InitialAccess" + ], + "techniques": [ + "T1491", + "T1190" + ], + "entityMappings": [ + { + "fieldMappings": [ + { + "columnName": "PreviwURL", + "identifier": "Url" + } + ], + "entityType": "URL" + } + ], + "eventGroupingSettings": { + "aggregationKind": "AlertPerResult" + }, + "alertDetailsOverride": { + "alertSeverityColumnName": "Severity", + "alertDisplayNameFormat": "BitSight: Alert for new breach in {{Companyname}}.", + "alertDescriptionFormat": "Alert is generated on {{DateCreated}} at BitSight.\\n\\nGUID: {{GUID}}\\nPreview URL: {{PreviwURL}}" + }, + "incidentConfiguration": { + "createIncident": false + } + } + }, + { + "type": "Microsoft.OperationalInsights/workspaces/providers/metadata", + "apiVersion": "2022-01-01-preview", + "name": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat('AnalyticsRule-', last(split(variables('analyticRuleObject6').analyticRuleId6,'/'))))]", + "properties": { + "description": "BitSight Analytics Rule 6", + "parentId": "[variables('analyticRuleObject6').analyticRuleId6]", + "contentId": "[variables('analyticRuleObject6')._analyticRulecontentId6]", + "kind": "AnalyticsRule", + "version": "[variables('analyticRuleObject6').analyticRuleVersion6]", + "source": { + "kind": "Solution", + "name": "BitSight", + "sourceId": "[variables('_solutionId')]" + }, + "author": { + "name": "Microsoft", + "email": "[variables('_email')]" + }, + "support": { + "name": "BitSight Support", + "email": "support@bitsight.com", + "tier": "Partner", + "link": "https://www.bitsight.com/customer-success-support" + } + } + } + ] + }, + "packageKind": "Solution", + "packageVersion": "[variables('_solutionVersion')]", + "packageName": "[variables('_solutionName')]", + "packageId": "[variables('_solutionId')]", + "contentSchemaVersion": "3.0.0", + "contentId": "[variables('analyticRuleObject6')._analyticRulecontentId6]", + "contentKind": "AnalyticsRule", + "displayName": "BitSight - new breach found", + "contentProductId": "[variables('analyticRuleObject6')._analyticRulecontentProductId6]", + "id": "[variables('analyticRuleObject6')._analyticRulecontentProductId6]", + "version": "[variables('analyticRuleObject6').analyticRuleVersion6]" + } + }, + { + "type": "Microsoft.OperationalInsights/workspaces/providers/contentTemplates", + "apiVersion": "2023-04-01-preview", + "name": "[variables('parserObject1').parserTemplateSpecName1]", + "location": "[parameters('workspace-location')]", + "dependsOn": [ + "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]" + ], + "properties": { + "description": "BitSightAlerts Data Parser with template version 3.2.0", + "mainTemplate": { + "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", + "contentVersion": "[variables('parserObject1').parserVersion1]", + "parameters": {}, + "variables": {}, + "resources": [ + { + "name": "[variables('parserObject1')._parserName1]", + "apiVersion": "2025-07-01", + "type": "Microsoft.OperationalInsights/workspaces/savedSearches", + "location": "[parameters('workspace-location')]", + "properties": { + "eTag": "*", + "displayName": "Parser for BitSightAlerts", + "category": "Microsoft Sentinel Parser", + "functionAlias": "BitSightAlerts", + "query": "union isfuzzy=true\n (\n BitsightAlerts_data_CL\n | extend\n EventVendor = \"BitSight\",\n EventProduct = \"Alert\",\n GUID = column_ifexists('guid', ''),\n AlertType = column_ifexists('alert_type', ''),\n AlertDate = column_ifexists('alert_date', ''),\n StartDate = column_ifexists('start_date', ''),\n CompanyName = column_ifexists('company_name', ''),\n CompanyGUID = column_ifexists('company_guid', ''),\n CompanyURL = column_ifexists('company_url', ''),\n FolderGUID = column_ifexists('folder_guid', ''),\n FolderName = column_ifexists('folder_name', ''),\n Severity = column_ifexists('severity', ''),\n Trigger = column_ifexists('trigger', '')\n | project\n TimeGenerated,\n EventVendor,\n EventProduct,\n GUID,\n AlertType,\n AlertDate,\n StartDate,\n CompanyName,\n CompanyGUID,\n CompanyURL,\n FolderGUID,\n FolderName,\n Severity,\n Trigger\n ),\n (\n BitSightAlerts_CL\n | extend\n EventVendor = \"BitSight\",\n EventProduct = \"Alert\"\n | project\n TimeGenerated,\n EventVendor,\n EventProduct,\n Guid,\n AlertType,\n AlertDate,\n StartDate,\n CompanyName,\n CompanyGuid,\n CompanyUrl,\n FolderGuid,\n FolderName,\n Severity,\n Trigger,\n AlertSetName,\n AlertSetGuid,\n ConnectorName\n )\n", + "functionParameters": "", + "version": 2, + "tags": [ + { + "name": "description", + "value": "" + } + ] + } + }, + { + "type": "Microsoft.OperationalInsights/workspaces/providers/metadata", + "apiVersion": "2022-01-01-preview", + "name": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat('Parser-', last(split(variables('parserObject1')._parserId1,'/'))))]", + "dependsOn": [ + "[variables('parserObject1')._parserId1]" + ], + "properties": { + "parentId": "[resourceId('Microsoft.OperationalInsights/workspaces/savedSearches', parameters('workspace'), 'BitSightAlerts')]", + "contentId": "[variables('parserObject1').parserContentId1]", + "kind": "Parser", + "version": "[variables('parserObject1').parserVersion1]", + "source": { + "name": "BitSight", + "kind": "Solution", + "sourceId": "[variables('_solutionId')]" + }, + "author": { + "name": "Microsoft", + "email": "[variables('_email')]" + }, + "support": { + "name": "BitSight Support", + "email": "support@bitsight.com", + "tier": "Partner", + "link": "https://www.bitsight.com/customer-success-support" + } + } + } + ] + }, + "packageKind": "Solution", + "packageVersion": "[variables('_solutionVersion')]", + "packageName": "[variables('_solutionName')]", + "packageId": "[variables('_solutionId')]", + "contentSchemaVersion": "3.0.0", + "contentId": "[variables('parserObject1').parserContentId1]", + "contentKind": "Parser", + "displayName": "Parser for BitSightAlerts", + "contentProductId": "[concat(take(variables('_solutionId'),50),'-','pr','-', uniqueString(concat(variables('_solutionId'),'-','Parser','-',variables('parserObject1').parserContentId1,'-', '1.1.0')))]", + "id": "[concat(take(variables('_solutionId'),50),'-','pr','-', uniqueString(concat(variables('_solutionId'),'-','Parser','-',variables('parserObject1').parserContentId1,'-', '1.1.0')))]", + "version": "[variables('parserObject1').parserVersion1]" + } + }, + { + "type": "Microsoft.OperationalInsights/workspaces/savedSearches", + "apiVersion": "2025-07-01", + "name": "[variables('parserObject1')._parserName1]", + "location": "[parameters('workspace-location')]", + "properties": { + "eTag": "*", + "displayName": "Parser for BitSightAlerts", + "category": "Microsoft Sentinel Parser", + "functionAlias": "BitSightAlerts", + "query": "union isfuzzy=true\n (\n BitsightAlerts_data_CL\n | extend\n EventVendor = \"BitSight\",\n EventProduct = \"Alert\",\n GUID = column_ifexists('guid', ''),\n AlertType = column_ifexists('alert_type', ''),\n AlertDate = column_ifexists('alert_date', ''),\n StartDate = column_ifexists('start_date', ''),\n CompanyName = column_ifexists('company_name', ''),\n CompanyGUID = column_ifexists('company_guid', ''),\n CompanyURL = column_ifexists('company_url', ''),\n FolderGUID = column_ifexists('folder_guid', ''),\n FolderName = column_ifexists('folder_name', ''),\n Severity = column_ifexists('severity', ''),\n Trigger = column_ifexists('trigger', '')\n | project\n TimeGenerated,\n EventVendor,\n EventProduct,\n GUID,\n AlertType,\n AlertDate,\n StartDate,\n CompanyName,\n CompanyGUID,\n CompanyURL,\n FolderGUID,\n FolderName,\n Severity,\n Trigger\n ),\n (\n BitSightAlerts_CL\n | extend\n EventVendor = \"BitSight\",\n EventProduct = \"Alert\"\n | project\n TimeGenerated,\n EventVendor,\n EventProduct,\n Guid,\n AlertType,\n AlertDate,\n StartDate,\n CompanyName,\n CompanyGuid,\n CompanyUrl,\n FolderGuid,\n FolderName,\n Severity,\n Trigger,\n AlertSetName,\n AlertSetGuid,\n ConnectorName\n )\n", + "functionParameters": "", + "version": 2, + "tags": [ + { + "name": "description", + "value": "" + } + ] + } + }, + { + "type": "Microsoft.OperationalInsights/workspaces/providers/metadata", + "apiVersion": "2022-01-01-preview", + "location": "[parameters('workspace-location')]", + "name": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat('Parser-', last(split(variables('parserObject1')._parserId1,'/'))))]", + "dependsOn": [ + "[variables('parserObject1')._parserId1]" + ], + "properties": { + "parentId": "[resourceId('Microsoft.OperationalInsights/workspaces/savedSearches', parameters('workspace'), 'BitSightAlerts')]", + "contentId": "[variables('parserObject1').parserContentId1]", + "kind": "Parser", + "version": "[variables('parserObject1').parserVersion1]", + "source": { + "kind": "Solution", + "name": "BitSight", + "sourceId": "[variables('_solutionId')]" + }, + "author": { + "name": "Microsoft", + "email": "[variables('_email')]" + }, + "support": { + "name": "BitSight Support", + "email": "support@bitsight.com", + "tier": "Partner", + "link": "https://www.bitsight.com/customer-success-support" + } + } + }, + { + "type": "Microsoft.OperationalInsights/workspaces/providers/contentTemplates", + "apiVersion": "2023-04-01-preview", + "name": "[variables('parserObject2').parserTemplateSpecName2]", + "location": "[parameters('workspace-location')]", + "dependsOn": [ + "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]" + ], + "properties": { + "description": "BitSightBreaches Data Parser with template version 3.2.0", + "mainTemplate": { + "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", + "contentVersion": "[variables('parserObject2').parserVersion2]", + "parameters": {}, + "variables": {}, + "resources": [ + { + "name": "[variables('parserObject2')._parserName2]", + "apiVersion": "2025-07-01", + "type": "Microsoft.OperationalInsights/workspaces/savedSearches", + "location": "[parameters('workspace-location')]", + "properties": { + "eTag": "*", + "displayName": "Parser for BitSightBreaches", + "category": "Microsoft Sentinel Parser", + "functionAlias": "BitSightBreaches", + "query": "union isfuzzy=true\n (\n BitsightBreaches_data_CL\n | extend\n EventVendor = \"BitSight\",\n EventProduct = \"Breaches\",\n GUID = column_ifexists('guid', ''),\n Date = column_ifexists('date', ''),\n Severity = column_ifexists('severity', ''),\n Text = column_ifexists('text', ''),\n DateCreated = column_ifexists('date_created', ''),\n PreviwURL = column_ifexists('preview_url', ''),\n EventType = column_ifexists('event_type', ''),\n EventTypeDescription = column_ifexists('event_type_description', ''),\n BreachedCompanies = column_ifexists('breached_companies', ''),\n DependentCompanies = column_ifexists('dependent_companies', ''),\n Companyname = column_ifexists('company_name', ''),\n CompanyGUID = column_ifexists('company_guid', '')\n | project\n TimeGenerated,\n EventVendor,\n EventProduct,\n GUID,\n Date,\n Severity,\n Text,\n DateCreated,\n PreviwURL,\n EventType,\n EventTypeDescription,\n BreachedCompanies,\n DependentCompanies,\n Companyname,\n CompanyGUID\n ),\n (\n BitSightBreaches_CL\n | summarize arg_max(TimeGenerated, *) by Guid, CompanyGuid\n | extend\n EventVendor = \"BitSight\",\n EventProduct = \"Breaches\"\n | project\n TimeGenerated,\n EventVendor,\n EventProduct,\n Guid,\n CompanyName,\n CompanyGuid,\n BreachDate,\n DateCreated,\n Text,\n PreviewUrl,\n EventType,\n EventTypeDescription,\n Severity,\n BreachedCompanies,\n DependentCompanies,\n ConnectorName\n )\n", + "functionParameters": "", + "version": 2, + "tags": [ + { + "name": "description", + "value": "" + } + ] + } + }, + { + "type": "Microsoft.OperationalInsights/workspaces/providers/metadata", + "apiVersion": "2022-01-01-preview", + "name": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat('Parser-', last(split(variables('parserObject2')._parserId2,'/'))))]", + "dependsOn": [ + "[variables('parserObject2')._parserId2]" + ], + "properties": { + "parentId": "[resourceId('Microsoft.OperationalInsights/workspaces/savedSearches', parameters('workspace'), 'BitSightBreaches')]", + "contentId": "[variables('parserObject2').parserContentId2]", + "kind": "Parser", + "version": "[variables('parserObject2').parserVersion2]", + "source": { + "name": "BitSight", + "kind": "Solution", + "sourceId": "[variables('_solutionId')]" + }, + "author": { + "name": "Microsoft", + "email": "[variables('_email')]" + }, + "support": { + "name": "BitSight Support", + "email": "support@bitsight.com", + "tier": "Partner", + "link": "https://www.bitsight.com/customer-success-support" + } + } + } + ] + }, + "packageKind": "Solution", + "packageVersion": "[variables('_solutionVersion')]", + "packageName": "[variables('_solutionName')]", + "packageId": "[variables('_solutionId')]", + "contentSchemaVersion": "3.0.0", + "contentId": "[variables('parserObject2').parserContentId2]", + "contentKind": "Parser", + "displayName": "Parser for BitSightBreaches", + "contentProductId": "[concat(take(variables('_solutionId'),50),'-','pr','-', uniqueString(concat(variables('_solutionId'),'-','Parser','-',variables('parserObject2').parserContentId2,'-', '1.1.0')))]", + "id": "[concat(take(variables('_solutionId'),50),'-','pr','-', uniqueString(concat(variables('_solutionId'),'-','Parser','-',variables('parserObject2').parserContentId2,'-', '1.1.0')))]", + "version": "[variables('parserObject2').parserVersion2]" + } + }, + { + "type": "Microsoft.OperationalInsights/workspaces/savedSearches", + "apiVersion": "2025-07-01", + "name": "[variables('parserObject2')._parserName2]", + "location": "[parameters('workspace-location')]", + "properties": { + "eTag": "*", + "displayName": "Parser for BitSightBreaches", + "category": "Microsoft Sentinel Parser", + "functionAlias": "BitSightBreaches", + "query": "union isfuzzy=true\n (\n BitsightBreaches_data_CL\n | extend\n EventVendor = \"BitSight\",\n EventProduct = \"Breaches\",\n GUID = column_ifexists('guid', ''),\n Date = column_ifexists('date', ''),\n Severity = column_ifexists('severity', ''),\n Text = column_ifexists('text', ''),\n DateCreated = column_ifexists('date_created', ''),\n PreviwURL = column_ifexists('preview_url', ''),\n EventType = column_ifexists('event_type', ''),\n EventTypeDescription = column_ifexists('event_type_description', ''),\n BreachedCompanies = column_ifexists('breached_companies', ''),\n DependentCompanies = column_ifexists('dependent_companies', ''),\n Companyname = column_ifexists('company_name', ''),\n CompanyGUID = column_ifexists('company_guid', '')\n | project\n TimeGenerated,\n EventVendor,\n EventProduct,\n GUID,\n Date,\n Severity,\n Text,\n DateCreated,\n PreviwURL,\n EventType,\n EventTypeDescription,\n BreachedCompanies,\n DependentCompanies,\n Companyname,\n CompanyGUID\n ),\n (\n BitSightBreaches_CL\n | summarize arg_max(TimeGenerated, *) by Guid, CompanyGuid\n | extend\n EventVendor = \"BitSight\",\n EventProduct = \"Breaches\"\n | project\n TimeGenerated,\n EventVendor,\n EventProduct,\n Guid,\n CompanyName,\n CompanyGuid,\n BreachDate,\n DateCreated,\n Text,\n PreviewUrl,\n EventType,\n EventTypeDescription,\n Severity,\n BreachedCompanies,\n DependentCompanies,\n ConnectorName\n )\n", + "functionParameters": "", + "version": 2, + "tags": [ + { + "name": "description", + "value": "" + } + ] + } + }, + { + "type": "Microsoft.OperationalInsights/workspaces/providers/metadata", + "apiVersion": "2022-01-01-preview", + "location": "[parameters('workspace-location')]", + "name": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat('Parser-', last(split(variables('parserObject2')._parserId2,'/'))))]", + "dependsOn": [ + "[variables('parserObject2')._parserId2]" + ], + "properties": { + "parentId": "[resourceId('Microsoft.OperationalInsights/workspaces/savedSearches', parameters('workspace'), 'BitSightBreaches')]", + "contentId": "[variables('parserObject2').parserContentId2]", + "kind": "Parser", + "version": "[variables('parserObject2').parserVersion2]", + "source": { + "kind": "Solution", + "name": "BitSight", + "sourceId": "[variables('_solutionId')]" + }, + "author": { + "name": "Microsoft", + "email": "[variables('_email')]" + }, + "support": { + "name": "BitSight Support", + "email": "support@bitsight.com", + "tier": "Partner", + "link": "https://www.bitsight.com/customer-success-support" + } + } + }, + { + "type": "Microsoft.OperationalInsights/workspaces/providers/contentTemplates", + "apiVersion": "2023-04-01-preview", + "name": "[variables('parserObject3').parserTemplateSpecName3]", + "location": "[parameters('workspace-location')]", + "dependsOn": [ + "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]" + ], + "properties": { + "description": "BitSightCompanyDetails Data Parser with template version 3.2.0", + "mainTemplate": { + "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", + "contentVersion": "[variables('parserObject3').parserVersion3]", + "parameters": {}, + "variables": {}, + "resources": [ + { + "name": "[variables('parserObject3')._parserName3]", + "apiVersion": "2025-07-01", + "type": "Microsoft.OperationalInsights/workspaces/savedSearches", + "location": "[parameters('workspace-location')]", + "properties": { + "eTag": "*", + "displayName": "Parser for BitSightCompanyDetails", + "category": "Microsoft Sentinel Parser", + "functionAlias": "BitSightCompanyDetails", + "query": "union isfuzzy=true\n (\n BitsightCompany_details_CL\n | extend\n EventVendor = \"BitSight\",\n EventProduct = \"CompanyDetails\",\n PrimaryCompanyGUID = column_ifexists('primary_company_guid', ''),\n PrimaryCompanyName = column_ifexists('primary_company_name', ''),\n AvailableUpgradeTypes = column_ifexists('available_upgrade_types', ''),\n BulkEmailSenderStatus = column_ifexists('bulk_email_sender_status', ''),\n CompanyFeatures = column_ifexists('company_features', ''),\n CustomerMonitoringCount = column_ifexists('customer_monitoring_count', ''),\n Description = column_ifexists('description', ''),\n DisplayURL = column_ifexists('display_url', ''),\n GUID = column_ifexists('guid', ''),\n HasCompanyTree = column_ifexists('has_company_tree', ''),\n HasPreferredContact = column_ifexists('has_preferred_contact', ''),\n Hompage = column_ifexists('homepage', ''),\n InSpmPortfolio = column_ifexists('in_spm_portfolio', ''),\n Industry = column_ifexists('industry', ''),\n IndustrySlug = column_ifexists('industry_slug', ''),\n Ipv4Count = column_ifexists('ipv4_count', ''),\n IsBundle = column_ifexists('is_bundle', ''),\n IsCsp = column_ifexists('is_csp', ''),\n IsMycompMysubsBundle = column_ifexists('is_mycomp_mysubs_bundle', ''),\n IsPrimary = column_ifexists('is_primary', ''),\n IsUnsampledAllowed = column_ifexists('is_unsampled_allowed', ''),\n Name = column_ifexists('name', ''),\n PeopleCount = column_ifexists('people_count', ''),\n PermissionCanAnnotate = column_ifexists('permissions_can_annotate', ''),\n PermissionCanDownloadCompanyReport = column_ifexists('permissions_can_download_company_report', ''),\n PermissionCanEnableVendorAccess = column_ifexists('permissions_can_enable_vendor_access', ''),\n PermissionCanViewCompanyReports = column_ifexists('permissions_can_view_company_reports', ''),\n PermissionCanViewForensics = column_ifexists('permissions_can_view_forensics', ''),\n PermissionCanViewInfrastructure = column_ifexists('permissions_can_view_infrastructure', ''),\n PermissionCanViewIpAttributions = column_ifexists('permissions_can_view_ip_attributions', ''),\n PermissionCanViewServiceProviders = column_ifexists('permissions_can_view_service_providers', ''),\n PermissionsHasControl = column_ifexists('permissions_has_control', ''),\n PrimaryDomain = column_ifexists('primary_domain', ''),\n RatingIndustryMedian = column_ifexists('rating_industry_median', ''),\n Ratings = column_ifexists('ratings', ''),\n RelatedCompanies = column_ifexists('related_companies', ''),\n SearchCount = column_ifexists('search_count', ''),\n ServiceProvider = column_ifexists('service_provider', ''),\n Shortname = column_ifexists('shortname', ''),\n Sparkline = column_ifexists('sparkline', ''),\n SubIndustry = column_ifexists('sub_industry', ''),\n SubIndustrySlug = column_ifexists('sub_industry_slug', ''),\n SubscriptionType = column_ifexists('subscription_type', ''),\n SubscriptionTypeKey = column_ifexists('subscription_type_key', ''),\n ComplianceClaimCertifications = column_ifexists('compliance_claim_certifications', ''),\n ComplianceClaimTrustPage = column_ifexists('compliance_claim_trust_page', ''),\n type = column_ifexists('type', '')\n | project\n TimeGenerated,\n EventVendor,\n EventProduct,\n PrimaryCompanyGUID,\n PrimaryCompanyName,\n AvailableUpgradeTypes,\n BulkEmailSenderStatus,\n CompanyFeatures,\n CustomerMonitoringCount,\n Description,\n DisplayURL,\n GUID,\n HasCompanyTree,\n HasPreferredContact,\n Hompage,\n InSpmPortfolio,\n Industry,\n IndustrySlug,\n Ipv4Count,\n IsBundle,\n IsCsp,\n IsMycompMysubsBundle,\n IsPrimary,\n IsUnsampledAllowed,\n Name,\n PeopleCount,\n PermissionCanAnnotate,\n PermissionCanDownloadCompanyReport,\n PermissionCanEnableVendorAccess,\n PermissionCanViewCompanyReports,\n PermissionCanViewForensics,\n PermissionCanViewInfrastructure,\n PermissionCanViewIpAttributions,\n PermissionCanViewServiceProviders,\n PermissionsHasControl,\n PrimaryDomain,\n RatingIndustryMedian,\n Ratings,\n RelatedCompanies,\n SearchCount,\n ServiceProvider,\n Shortname,\n Sparkline,\n SubIndustry,\n SubIndustrySlug,\n SubscriptionType,\n SubscriptionTypeKey,\n ComplianceClaimCertifications,\n ComplianceClaimTrustPage,\n type\n ),\n (\n BitSightCompanyDetails_CL\n | summarize arg_max(TimeGenerated, *) by Guid\n | extend\n EventVendor = \"BitSight\",\n EventProduct = \"CompanyDetails\"\n | project\n TimeGenerated,\n EventVendor,\n EventProduct,\n Guid,\n Name,\n CompanyType,\n Shortname,\n Description,\n PrimaryDomain,\n Homepage,\n DisplayUrl,\n Sparkline,\n Industry,\n IndustrySlug,\n SubIndustry,\n SubIndustrySlug,\n Ipv4Count,\n PeopleCount,\n SearchCount,\n CustomerMonitoringCount,\n CurrentRating,\n RatingIndustryMedian,\n Ratings,\n SubscriptionType,\n SubscriptionTypeKey,\n SubscriptionEndDate,\n BulkEmailSenderStatus,\n SecurityGrade,\n ServiceProvider,\n HasCompanyTree,\n HasPreferredContact,\n IsBundle,\n IsPrimary,\n InSpmPortfolio,\n IsMycompMysubsBundle,\n IsCsp,\n HasDelegatedSecurityControls,\n CustomId,\n AvailableUpgradeTypes,\n CompanyFeatures,\n RelatedCompanies,\n PrimaryCompany,\n ComplianceClaim,\n Permissions,\n ConnectorName\n )\n", + "functionParameters": "", + "version": 2, + "tags": [ + { + "name": "description", + "value": "" + } + ] + } + }, + { + "type": "Microsoft.OperationalInsights/workspaces/providers/metadata", + "apiVersion": "2022-01-01-preview", + "name": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat('Parser-', last(split(variables('parserObject3')._parserId3,'/'))))]", + "dependsOn": [ + "[variables('parserObject3')._parserId3]" + ], + "properties": { + "parentId": "[resourceId('Microsoft.OperationalInsights/workspaces/savedSearches', parameters('workspace'), 'BitSightCompanyDetails')]", + "contentId": "[variables('parserObject3').parserContentId3]", + "kind": "Parser", + "version": "[variables('parserObject3').parserVersion3]", + "source": { + "name": "BitSight", + "kind": "Solution", + "sourceId": "[variables('_solutionId')]" + }, + "author": { + "name": "Microsoft", + "email": "[variables('_email')]" + }, + "support": { + "name": "BitSight Support", + "email": "support@bitsight.com", + "tier": "Partner", + "link": "https://www.bitsight.com/customer-success-support" + } + } + } + ] + }, + "packageKind": "Solution", + "packageVersion": "[variables('_solutionVersion')]", + "packageName": "[variables('_solutionName')]", + "packageId": "[variables('_solutionId')]", + "contentSchemaVersion": "3.0.0", + "contentId": "[variables('parserObject3').parserContentId3]", + "contentKind": "Parser", + "displayName": "Parser for BitSightCompanyDetails", + "contentProductId": "[concat(take(variables('_solutionId'),50),'-','pr','-', uniqueString(concat(variables('_solutionId'),'-','Parser','-',variables('parserObject3').parserContentId3,'-', '1.1.0')))]", + "id": "[concat(take(variables('_solutionId'),50),'-','pr','-', uniqueString(concat(variables('_solutionId'),'-','Parser','-',variables('parserObject3').parserContentId3,'-', '1.1.0')))]", + "version": "[variables('parserObject3').parserVersion3]" + } + }, + { + "type": "Microsoft.OperationalInsights/workspaces/savedSearches", + "apiVersion": "2025-07-01", + "name": "[variables('parserObject3')._parserName3]", + "location": "[parameters('workspace-location')]", + "properties": { + "eTag": "*", + "displayName": "Parser for BitSightCompanyDetails", + "category": "Microsoft Sentinel Parser", + "functionAlias": "BitSightCompanyDetails", + "query": "union isfuzzy=true\n (\n BitsightCompany_details_CL\n | extend\n EventVendor = \"BitSight\",\n EventProduct = \"CompanyDetails\",\n PrimaryCompanyGUID = column_ifexists('primary_company_guid', ''),\n PrimaryCompanyName = column_ifexists('primary_company_name', ''),\n AvailableUpgradeTypes = column_ifexists('available_upgrade_types', ''),\n BulkEmailSenderStatus = column_ifexists('bulk_email_sender_status', ''),\n CompanyFeatures = column_ifexists('company_features', ''),\n CustomerMonitoringCount = column_ifexists('customer_monitoring_count', ''),\n Description = column_ifexists('description', ''),\n DisplayURL = column_ifexists('display_url', ''),\n GUID = column_ifexists('guid', ''),\n HasCompanyTree = column_ifexists('has_company_tree', ''),\n HasPreferredContact = column_ifexists('has_preferred_contact', ''),\n Hompage = column_ifexists('homepage', ''),\n InSpmPortfolio = column_ifexists('in_spm_portfolio', ''),\n Industry = column_ifexists('industry', ''),\n IndustrySlug = column_ifexists('industry_slug', ''),\n Ipv4Count = column_ifexists('ipv4_count', ''),\n IsBundle = column_ifexists('is_bundle', ''),\n IsCsp = column_ifexists('is_csp', ''),\n IsMycompMysubsBundle = column_ifexists('is_mycomp_mysubs_bundle', ''),\n IsPrimary = column_ifexists('is_primary', ''),\n IsUnsampledAllowed = column_ifexists('is_unsampled_allowed', ''),\n Name = column_ifexists('name', ''),\n PeopleCount = column_ifexists('people_count', ''),\n PermissionCanAnnotate = column_ifexists('permissions_can_annotate', ''),\n PermissionCanDownloadCompanyReport = column_ifexists('permissions_can_download_company_report', ''),\n PermissionCanEnableVendorAccess = column_ifexists('permissions_can_enable_vendor_access', ''),\n PermissionCanViewCompanyReports = column_ifexists('permissions_can_view_company_reports', ''),\n PermissionCanViewForensics = column_ifexists('permissions_can_view_forensics', ''),\n PermissionCanViewInfrastructure = column_ifexists('permissions_can_view_infrastructure', ''),\n PermissionCanViewIpAttributions = column_ifexists('permissions_can_view_ip_attributions', ''),\n PermissionCanViewServiceProviders = column_ifexists('permissions_can_view_service_providers', ''),\n PermissionsHasControl = column_ifexists('permissions_has_control', ''),\n PrimaryDomain = column_ifexists('primary_domain', ''),\n RatingIndustryMedian = column_ifexists('rating_industry_median', ''),\n Ratings = column_ifexists('ratings', ''),\n RelatedCompanies = column_ifexists('related_companies', ''),\n SearchCount = column_ifexists('search_count', ''),\n ServiceProvider = column_ifexists('service_provider', ''),\n Shortname = column_ifexists('shortname', ''),\n Sparkline = column_ifexists('sparkline', ''),\n SubIndustry = column_ifexists('sub_industry', ''),\n SubIndustrySlug = column_ifexists('sub_industry_slug', ''),\n SubscriptionType = column_ifexists('subscription_type', ''),\n SubscriptionTypeKey = column_ifexists('subscription_type_key', ''),\n ComplianceClaimCertifications = column_ifexists('compliance_claim_certifications', ''),\n ComplianceClaimTrustPage = column_ifexists('compliance_claim_trust_page', ''),\n type = column_ifexists('type', '')\n | project\n TimeGenerated,\n EventVendor,\n EventProduct,\n PrimaryCompanyGUID,\n PrimaryCompanyName,\n AvailableUpgradeTypes,\n BulkEmailSenderStatus,\n CompanyFeatures,\n CustomerMonitoringCount,\n Description,\n DisplayURL,\n GUID,\n HasCompanyTree,\n HasPreferredContact,\n Hompage,\n InSpmPortfolio,\n Industry,\n IndustrySlug,\n Ipv4Count,\n IsBundle,\n IsCsp,\n IsMycompMysubsBundle,\n IsPrimary,\n IsUnsampledAllowed,\n Name,\n PeopleCount,\n PermissionCanAnnotate,\n PermissionCanDownloadCompanyReport,\n PermissionCanEnableVendorAccess,\n PermissionCanViewCompanyReports,\n PermissionCanViewForensics,\n PermissionCanViewInfrastructure,\n PermissionCanViewIpAttributions,\n PermissionCanViewServiceProviders,\n PermissionsHasControl,\n PrimaryDomain,\n RatingIndustryMedian,\n Ratings,\n RelatedCompanies,\n SearchCount,\n ServiceProvider,\n Shortname,\n Sparkline,\n SubIndustry,\n SubIndustrySlug,\n SubscriptionType,\n SubscriptionTypeKey,\n ComplianceClaimCertifications,\n ComplianceClaimTrustPage,\n type\n ),\n (\n BitSightCompanyDetails_CL\n | summarize arg_max(TimeGenerated, *) by Guid\n | extend\n EventVendor = \"BitSight\",\n EventProduct = \"CompanyDetails\"\n | project\n TimeGenerated,\n EventVendor,\n EventProduct,\n Guid,\n Name,\n CompanyType,\n Shortname,\n Description,\n PrimaryDomain,\n Homepage,\n DisplayUrl,\n Sparkline,\n Industry,\n IndustrySlug,\n SubIndustry,\n SubIndustrySlug,\n Ipv4Count,\n PeopleCount,\n SearchCount,\n CustomerMonitoringCount,\n CurrentRating,\n RatingIndustryMedian,\n Ratings,\n SubscriptionType,\n SubscriptionTypeKey,\n SubscriptionEndDate,\n BulkEmailSenderStatus,\n SecurityGrade,\n ServiceProvider,\n HasCompanyTree,\n HasPreferredContact,\n IsBundle,\n IsPrimary,\n InSpmPortfolio,\n IsMycompMysubsBundle,\n IsCsp,\n HasDelegatedSecurityControls,\n CustomId,\n AvailableUpgradeTypes,\n CompanyFeatures,\n RelatedCompanies,\n PrimaryCompany,\n ComplianceClaim,\n Permissions,\n ConnectorName\n )\n", + "functionParameters": "", + "version": 2, + "tags": [ + { + "name": "description", + "value": "" + } + ] + } + }, + { + "type": "Microsoft.OperationalInsights/workspaces/providers/metadata", + "apiVersion": "2022-01-01-preview", + "location": "[parameters('workspace-location')]", + "name": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat('Parser-', last(split(variables('parserObject3')._parserId3,'/'))))]", + "dependsOn": [ + "[variables('parserObject3')._parserId3]" + ], + "properties": { + "parentId": "[resourceId('Microsoft.OperationalInsights/workspaces/savedSearches', parameters('workspace'), 'BitSightCompanyDetails')]", + "contentId": "[variables('parserObject3').parserContentId3]", + "kind": "Parser", + "version": "[variables('parserObject3').parserVersion3]", + "source": { + "kind": "Solution", + "name": "BitSight", + "sourceId": "[variables('_solutionId')]" + }, + "author": { + "name": "Microsoft", + "email": "[variables('_email')]" + }, + "support": { + "name": "BitSight Support", + "email": "support@bitsight.com", + "tier": "Partner", + "link": "https://www.bitsight.com/customer-success-support" + } + } + }, + { + "type": "Microsoft.OperationalInsights/workspaces/providers/contentTemplates", + "apiVersion": "2023-04-01-preview", + "name": "[variables('parserObject4').parserTemplateSpecName4]", + "location": "[parameters('workspace-location')]", + "dependsOn": [ + "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]" + ], + "properties": { + "description": "BitSightCompanyRatingDetails Data Parser with template version 3.2.0", + "mainTemplate": { + "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", + "contentVersion": "[variables('parserObject4').parserVersion4]", + "parameters": {}, + "variables": {}, + "resources": [ + { + "name": "[variables('parserObject4')._parserName4]", + "apiVersion": "2025-07-01", + "type": "Microsoft.OperationalInsights/workspaces/savedSearches", + "location": "[parameters('workspace-location')]", + "properties": { + "eTag": "*", + "displayName": "Parser for BitSightCompanyRatingDetails", + "category": "Microsoft Sentinel Parser", + "functionAlias": "BitSightCompanyRatingDetails", + "query": "BitSightCompanyRatingDetails_CL\n| summarize arg_max(TimeGenerated, *) by CompanyGuid, RiskVectorLabel\n| extend\n EventVendor = \"BitSight\",\n EventProduct = \"CompanyRatingDetails\"\n| project\n TimeGenerated,\n EventVendor,\n EventProduct,\n CompanyName,\n CompanyGuid,\n RiskVectorSlug,\n RiskVectorLabel,\n RiskCategory,\n CategoryOrder,\n Rating,\n Grade,\n Percentile,\n GradeColor,\n RiskVectorOrder,\n DisplayUrl,\n Beta,\n ConnectorName\n", + "functionParameters": "", + "version": 2, + "tags": [ + { + "name": "description", + "value": "" + } + ] + } + }, + { + "type": "Microsoft.OperationalInsights/workspaces/providers/metadata", + "apiVersion": "2022-01-01-preview", + "name": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat('Parser-', last(split(variables('parserObject4')._parserId4,'/'))))]", + "dependsOn": [ + "[variables('parserObject4')._parserId4]" + ], + "properties": { + "parentId": "[resourceId('Microsoft.OperationalInsights/workspaces/savedSearches', parameters('workspace'), 'BitSightCompanyRatingDetails')]", + "contentId": "[variables('parserObject4').parserContentId4]", + "kind": "Parser", + "version": "[variables('parserObject4').parserVersion4]", + "source": { + "name": "BitSight", + "kind": "Solution", + "sourceId": "[variables('_solutionId')]" + }, + "author": { + "name": "Microsoft", + "email": "[variables('_email')]" + }, + "support": { + "name": "BitSight Support", + "email": "support@bitsight.com", + "tier": "Partner", + "link": "https://www.bitsight.com/customer-success-support" + } + } + } + ] + }, + "packageKind": "Solution", + "packageVersion": "[variables('_solutionVersion')]", + "packageName": "[variables('_solutionName')]", + "packageId": "[variables('_solutionId')]", + "contentSchemaVersion": "3.0.0", + "contentId": "[variables('parserObject4').parserContentId4]", + "contentKind": "Parser", + "displayName": "Parser for BitSightCompanyRatingDetails", + "contentProductId": "[concat(take(variables('_solutionId'),50),'-','pr','-', uniqueString(concat(variables('_solutionId'),'-','Parser','-',variables('parserObject4').parserContentId4,'-', '1.0.0')))]", + "id": "[concat(take(variables('_solutionId'),50),'-','pr','-', uniqueString(concat(variables('_solutionId'),'-','Parser','-',variables('parserObject4').parserContentId4,'-', '1.0.0')))]", + "version": "[variables('parserObject4').parserVersion4]" + } + }, + { + "type": "Microsoft.OperationalInsights/workspaces/savedSearches", + "apiVersion": "2025-07-01", + "name": "[variables('parserObject4')._parserName4]", + "location": "[parameters('workspace-location')]", + "properties": { + "eTag": "*", + "displayName": "Parser for BitSightCompanyRatingDetails", + "category": "Microsoft Sentinel Parser", + "functionAlias": "BitSightCompanyRatingDetails", + "query": "BitSightCompanyRatingDetails_CL\n| summarize arg_max(TimeGenerated, *) by CompanyGuid, RiskVectorLabel\n| extend\n EventVendor = \"BitSight\",\n EventProduct = \"CompanyRatingDetails\"\n| project\n TimeGenerated,\n EventVendor,\n EventProduct,\n CompanyName,\n CompanyGuid,\n RiskVectorSlug,\n RiskVectorLabel,\n RiskCategory,\n CategoryOrder,\n Rating,\n Grade,\n Percentile,\n GradeColor,\n RiskVectorOrder,\n DisplayUrl,\n Beta,\n ConnectorName\n", + "functionParameters": "", + "version": 2, + "tags": [ + { + "name": "description", + "value": "" + } + ] + } + }, + { + "type": "Microsoft.OperationalInsights/workspaces/providers/metadata", + "apiVersion": "2022-01-01-preview", + "location": "[parameters('workspace-location')]", + "name": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat('Parser-', last(split(variables('parserObject4')._parserId4,'/'))))]", + "dependsOn": [ + "[variables('parserObject4')._parserId4]" + ], + "properties": { + "parentId": "[resourceId('Microsoft.OperationalInsights/workspaces/savedSearches', parameters('workspace'), 'BitSightCompanyRatingDetails')]", + "contentId": "[variables('parserObject4').parserContentId4]", + "kind": "Parser", + "version": "[variables('parserObject4').parserVersion4]", + "source": { + "kind": "Solution", + "name": "BitSight", + "sourceId": "[variables('_solutionId')]" + }, + "author": { + "name": "Microsoft", + "email": "[variables('_email')]" + }, + "support": { + "name": "BitSight Support", + "email": "support@bitsight.com", + "tier": "Partner", + "link": "https://www.bitsight.com/customer-success-support" + } + } + }, + { + "type": "Microsoft.OperationalInsights/workspaces/providers/contentTemplates", + "apiVersion": "2023-04-01-preview", + "name": "[variables('parserObject5').parserTemplateSpecName5]", + "location": "[parameters('workspace-location')]", + "dependsOn": [ + "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]" + ], + "properties": { + "description": "BitSightCompanyRatings Data Parser with template version 3.2.0", + "mainTemplate": { + "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", + "contentVersion": "[variables('parserObject5').parserVersion5]", + "parameters": {}, + "variables": {}, + "resources": [ + { + "name": "[variables('parserObject5')._parserName5]", + "apiVersion": "2025-07-01", + "type": "Microsoft.OperationalInsights/workspaces/savedSearches", + "location": "[parameters('workspace-location')]", + "properties": { + "eTag": "*", + "displayName": "Parser for BitSightCompanyRatings", + "category": "Microsoft Sentinel Parser", + "functionAlias": "BitSightCompanyRatings", + "query": "union isfuzzy=true\n (\n BitsightCompany_rating_details_CL\n | extend\n EventVendor = \"BitSight\",\n EventProduct = \"CompanyRating\",\n CompanyName = column_ifexists('Company_name', ''),\n Beta = column_ifexists('beta', ''),\n Category = column_ifexists('category', ''),\n CategoryOrder = column_ifexists('category_order', ''),\n DisplayURL = column_ifexists('display_url', ''),\n Grade = column_ifexists('grade', ''),\n GradeColor = column_ifexists('grade_color', ''),\n Name = column_ifexists('name', ''),\n Order = column_ifexists('order', ''),\n Percentile = column_ifexists('percentile', ''),\n Rating = column_ifexists('rating', '')\n | project\n TimeGenerated,\n EventVendor,\n EventProduct,\n CompanyName,\n Beta,\n Category,\n CategoryOrder,\n DisplayURL,\n Grade,\n GradeColor,\n Name,\n Order,\n Percentile,\n Rating\n ),\n (\n BitSightCompanyRatingDetails_CL\n | summarize arg_max(TimeGenerated, *) by CompanyGuid, RiskVectorLabel\n | extend\n EventVendor = \"BitSight\",\n EventProduct = \"CompanyRating\"\n | project\n TimeGenerated,\n EventVendor,\n EventProduct,\n CompanyName,\n CompanyGuid,\n RiskVectorSlug,\n RiskVectorLabel,\n RiskCategory,\n CategoryOrder,\n Rating,\n Grade,\n Percentile,\n GradeColor,\n RiskVectorOrder,\n DisplayUrl,\n Beta,\n ConnectorName\n )\n", + "functionParameters": "", + "version": 2, + "tags": [ + { + "name": "description", + "value": "" + } + ] + } + }, + { + "type": "Microsoft.OperationalInsights/workspaces/providers/metadata", + "apiVersion": "2022-01-01-preview", + "name": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat('Parser-', last(split(variables('parserObject5')._parserId5,'/'))))]", + "dependsOn": [ + "[variables('parserObject5')._parserId5]" + ], + "properties": { + "parentId": "[resourceId('Microsoft.OperationalInsights/workspaces/savedSearches', parameters('workspace'), 'BitSightCompanyRatings')]", + "contentId": "[variables('parserObject5').parserContentId5]", + "kind": "Parser", + "version": "[variables('parserObject5').parserVersion5]", + "source": { + "name": "BitSight", + "kind": "Solution", + "sourceId": "[variables('_solutionId')]" + }, + "author": { + "name": "Microsoft", + "email": "[variables('_email')]" + }, + "support": { + "name": "BitSight Support", + "email": "support@bitsight.com", + "tier": "Partner", + "link": "https://www.bitsight.com/customer-success-support" + } + } + } + ] + }, + "packageKind": "Solution", + "packageVersion": "[variables('_solutionVersion')]", + "packageName": "[variables('_solutionName')]", + "packageId": "[variables('_solutionId')]", + "contentSchemaVersion": "3.0.0", + "contentId": "[variables('parserObject5').parserContentId5]", + "contentKind": "Parser", + "displayName": "Parser for BitSightCompanyRatings", + "contentProductId": "[concat(take(variables('_solutionId'),50),'-','pr','-', uniqueString(concat(variables('_solutionId'),'-','Parser','-',variables('parserObject5').parserContentId5,'-', '1.1.0')))]", + "id": "[concat(take(variables('_solutionId'),50),'-','pr','-', uniqueString(concat(variables('_solutionId'),'-','Parser','-',variables('parserObject5').parserContentId5,'-', '1.1.0')))]", + "version": "[variables('parserObject5').parserVersion5]" + } + }, + { + "type": "Microsoft.OperationalInsights/workspaces/savedSearches", + "apiVersion": "2025-07-01", + "name": "[variables('parserObject5')._parserName5]", + "location": "[parameters('workspace-location')]", + "properties": { + "eTag": "*", + "displayName": "Parser for BitSightCompanyRatings", + "category": "Microsoft Sentinel Parser", + "functionAlias": "BitSightCompanyRatings", + "query": "union isfuzzy=true\n (\n BitsightCompany_rating_details_CL\n | extend\n EventVendor = \"BitSight\",\n EventProduct = \"CompanyRating\",\n CompanyName = column_ifexists('Company_name', ''),\n Beta = column_ifexists('beta', ''),\n Category = column_ifexists('category', ''),\n CategoryOrder = column_ifexists('category_order', ''),\n DisplayURL = column_ifexists('display_url', ''),\n Grade = column_ifexists('grade', ''),\n GradeColor = column_ifexists('grade_color', ''),\n Name = column_ifexists('name', ''),\n Order = column_ifexists('order', ''),\n Percentile = column_ifexists('percentile', ''),\n Rating = column_ifexists('rating', '')\n | project\n TimeGenerated,\n EventVendor,\n EventProduct,\n CompanyName,\n Beta,\n Category,\n CategoryOrder,\n DisplayURL,\n Grade,\n GradeColor,\n Name,\n Order,\n Percentile,\n Rating\n ),\n (\n BitSightCompanyRatingDetails_CL\n | summarize arg_max(TimeGenerated, *) by CompanyGuid, RiskVectorLabel\n | extend\n EventVendor = \"BitSight\",\n EventProduct = \"CompanyRating\"\n | project\n TimeGenerated,\n EventVendor,\n EventProduct,\n CompanyName,\n CompanyGuid,\n RiskVectorSlug,\n RiskVectorLabel,\n RiskCategory,\n CategoryOrder,\n Rating,\n Grade,\n Percentile,\n GradeColor,\n RiskVectorOrder,\n DisplayUrl,\n Beta,\n ConnectorName\n )\n", + "functionParameters": "", + "version": 2, + "tags": [ + { + "name": "description", + "value": "" + } + ] + } + }, + { + "type": "Microsoft.OperationalInsights/workspaces/providers/metadata", + "apiVersion": "2022-01-01-preview", + "location": "[parameters('workspace-location')]", + "name": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat('Parser-', last(split(variables('parserObject5')._parserId5,'/'))))]", + "dependsOn": [ + "[variables('parserObject5')._parserId5]" + ], + "properties": { + "parentId": "[resourceId('Microsoft.OperationalInsights/workspaces/savedSearches', parameters('workspace'), 'BitSightCompanyRatings')]", + "contentId": "[variables('parserObject5').parserContentId5]", + "kind": "Parser", + "version": "[variables('parserObject5').parserVersion5]", + "source": { + "kind": "Solution", + "name": "BitSight", + "sourceId": "[variables('_solutionId')]" + }, + "author": { + "name": "Microsoft", + "email": "[variables('_email')]" + }, + "support": { + "name": "BitSight Support", + "email": "support@bitsight.com", + "tier": "Partner", + "link": "https://www.bitsight.com/customer-success-support" + } + } + }, + { + "type": "Microsoft.OperationalInsights/workspaces/providers/contentTemplates", + "apiVersion": "2023-04-01-preview", + "name": "[variables('parserObject6').parserTemplateSpecName6]", + "location": "[parameters('workspace-location')]", + "dependsOn": [ + "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]" + ], + "properties": { + "description": "BitSightDiligenceHistoricalStatistics Data Parser with template version 3.2.0", + "mainTemplate": { + "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", + "contentVersion": "[variables('parserObject6').parserVersion6]", + "parameters": {}, + "variables": {}, + "resources": [ + { + "name": "[variables('parserObject6')._parserName6]", + "apiVersion": "2025-07-01", + "type": "Microsoft.OperationalInsights/workspaces/savedSearches", + "location": "[parameters('workspace-location')]", + "properties": { + "eTag": "*", + "displayName": "Parser for BitSightDiligenceHistoricalStatistics", + "category": "Microsoft Sentinel Parser", + "functionAlias": "BitSightDiligenceHistoricalStatistics", + "query": "union isfuzzy=true\n (\n BitsightDiligence_historical_statistics_CL\n | extend\n EventVendor = \"BitSight\",\n EventProduct = \"DiligenceHistoricalStatistics\",\n Count = column_ifexists('count', ''),\n Category = column_ifexists('category', ''),\n Date = column_ifexists('date', ''),\n CompanyName = column_ifexists('company_name', '')\n | project\n TimeGenerated,\n EventVendor,\n EventProduct,\n Count,\n Category,\n Date,\n CompanyName\n ),\n (\n BitSightDiligenceHistoricalStatistics_CL\n | summarize arg_max(TimeGenerated, *) by CompanyGuid, RecordDate\n | mv-expand CountEntry = Counts\n | extend\n EventVendor = \"BitSight\",\n EventProduct = \"DiligenceHistoricalStatistics\",\n Count = toint(CountEntry[\"count\"]),\n Category = tostring(CountEntry[\"category\"])\n | project\n TimeGenerated,\n EventVendor,\n EventProduct,\n CompanyName,\n CompanyGuid,\n RecordDate,\n Grade,\n Count,\n Category,\n ConnectorName\n )\n", + "functionParameters": "", + "version": 2, + "tags": [ + { + "name": "description", + "value": "" + } + ] + } + }, + { + "type": "Microsoft.OperationalInsights/workspaces/providers/metadata", + "apiVersion": "2022-01-01-preview", + "name": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat('Parser-', last(split(variables('parserObject6')._parserId6,'/'))))]", + "dependsOn": [ + "[variables('parserObject6')._parserId6]" + ], + "properties": { + "parentId": "[resourceId('Microsoft.OperationalInsights/workspaces/savedSearches', parameters('workspace'), 'BitSightDiligenceHistoricalStatistics')]", + "contentId": "[variables('parserObject6').parserContentId6]", + "kind": "Parser", + "version": "[variables('parserObject6').parserVersion6]", + "source": { + "name": "BitSight", + "kind": "Solution", + "sourceId": "[variables('_solutionId')]" + }, + "author": { + "name": "Microsoft", + "email": "[variables('_email')]" + }, + "support": { + "name": "BitSight Support", + "email": "support@bitsight.com", + "tier": "Partner", + "link": "https://www.bitsight.com/customer-success-support" + } + } + } + ] + }, + "packageKind": "Solution", + "packageVersion": "[variables('_solutionVersion')]", + "packageName": "[variables('_solutionName')]", + "packageId": "[variables('_solutionId')]", + "contentSchemaVersion": "3.0.0", + "contentId": "[variables('parserObject6').parserContentId6]", + "contentKind": "Parser", + "displayName": "Parser for BitSightDiligenceHistoricalStatistics", + "contentProductId": "[concat(take(variables('_solutionId'),50),'-','pr','-', uniqueString(concat(variables('_solutionId'),'-','Parser','-',variables('parserObject6').parserContentId6,'-', '1.1.0')))]", + "id": "[concat(take(variables('_solutionId'),50),'-','pr','-', uniqueString(concat(variables('_solutionId'),'-','Parser','-',variables('parserObject6').parserContentId6,'-', '1.1.0')))]", + "version": "[variables('parserObject6').parserVersion6]" + } + }, + { + "type": "Microsoft.OperationalInsights/workspaces/savedSearches", + "apiVersion": "2025-07-01", + "name": "[variables('parserObject6')._parserName6]", + "location": "[parameters('workspace-location')]", + "properties": { + "eTag": "*", + "displayName": "Parser for BitSightDiligenceHistoricalStatistics", + "category": "Microsoft Sentinel Parser", + "functionAlias": "BitSightDiligenceHistoricalStatistics", + "query": "union isfuzzy=true\n (\n BitsightDiligence_historical_statistics_CL\n | extend\n EventVendor = \"BitSight\",\n EventProduct = \"DiligenceHistoricalStatistics\",\n Count = column_ifexists('count', ''),\n Category = column_ifexists('category', ''),\n Date = column_ifexists('date', ''),\n CompanyName = column_ifexists('company_name', '')\n | project\n TimeGenerated,\n EventVendor,\n EventProduct,\n Count,\n Category,\n Date,\n CompanyName\n ),\n (\n BitSightDiligenceHistoricalStatistics_CL\n | summarize arg_max(TimeGenerated, *) by CompanyGuid, RecordDate\n | mv-expand CountEntry = Counts\n | extend\n EventVendor = \"BitSight\",\n EventProduct = \"DiligenceHistoricalStatistics\",\n Count = toint(CountEntry[\"count\"]),\n Category = tostring(CountEntry[\"category\"])\n | project\n TimeGenerated,\n EventVendor,\n EventProduct,\n CompanyName,\n CompanyGuid,\n RecordDate,\n Grade,\n Count,\n Category,\n ConnectorName\n )\n", + "functionParameters": "", + "version": 2, + "tags": [ + { + "name": "description", + "value": "" + } + ] + } + }, + { + "type": "Microsoft.OperationalInsights/workspaces/providers/metadata", + "apiVersion": "2022-01-01-preview", + "location": "[parameters('workspace-location')]", + "name": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat('Parser-', last(split(variables('parserObject6')._parserId6,'/'))))]", + "dependsOn": [ + "[variables('parserObject6')._parserId6]" + ], + "properties": { + "parentId": "[resourceId('Microsoft.OperationalInsights/workspaces/savedSearches', parameters('workspace'), 'BitSightDiligenceHistoricalStatistics')]", + "contentId": "[variables('parserObject6').parserContentId6]", + "kind": "Parser", + "version": "[variables('parserObject6').parserVersion6]", + "source": { + "kind": "Solution", + "name": "BitSight", + "sourceId": "[variables('_solutionId')]" + }, + "author": { + "name": "Microsoft", + "email": "[variables('_email')]" + }, + "support": { + "name": "BitSight Support", + "email": "support@bitsight.com", + "tier": "Partner", + "link": "https://www.bitsight.com/customer-success-support" + } + } + }, + { + "type": "Microsoft.OperationalInsights/workspaces/providers/contentTemplates", + "apiVersion": "2023-04-01-preview", + "name": "[variables('parserObject7').parserTemplateSpecName7]", + "location": "[parameters('workspace-location')]", + "dependsOn": [ + "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]" + ], + "properties": { + "description": "BitSightDiligenceStatistics Data Parser with template version 3.2.0", + "mainTemplate": { + "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", + "contentVersion": "[variables('parserObject7').parserVersion7]", + "parameters": {}, + "variables": {}, + "resources": [ + { + "name": "[variables('parserObject7')._parserName7]", + "apiVersion": "2025-07-01", + "type": "Microsoft.OperationalInsights/workspaces/savedSearches", + "location": "[parameters('workspace-location')]", + "properties": { + "eTag": "*", + "displayName": "Parser for BitSightDiligenceStatistics", + "category": "Microsoft Sentinel Parser", + "functionAlias": "BitSightDiligenceStatistics", + "query": "union isfuzzy=true\n (\n BitsightDiligence_statistics_CL\n | extend\n EventVendor = \"BitSight\",\n EventProduct = \"DiligenceStatistics\",\n Unknown = column_ifexists('unknown', ''),\n Bad = column_ifexists('bad', ''),\n Warn = column_ifexists('warn', ''),\n Neutral = column_ifexists('neutral', ''),\n Fair = column_ifexists('fair', ''),\n Good = column_ifexists('good', ''),\n RiskVector = column_ifexists('risk_vector', ''),\n CompanyName = column_ifexists('Company_name', ''),\n SpearPhishing = column_ifexists('spear_phishing', ''),\n BitFlip = column_ifexists('bit_flip', ''),\n TypographicalErrors = column_ifexists('typographical_errors', ''),\n TLDVariant = column_ifexists('tld_variant', ''),\n TotalCount = column_ifexists('total_count', '')\n | project\n TimeGenerated,\n EventVendor,\n EventProduct,\n Unknown,\n Bad,\n Warn,\n Neutral,\n Fair,\n Good,\n RiskVector,\n CompanyName,\n SpearPhishing,\n BitFlip,\n TypographicalErrors,\n TLDVariant,\n TotalCount\n ),\n (\n BitSightDiligenceStatistics_CL\n | extend\n EventVendor = \"BitSight\",\n EventProduct = \"DiligenceStatistics\"\n | project\n TimeGenerated,\n EventVendor,\n EventProduct,\n CompanyName,\n CompanyGuid,\n RiskVector,\n Unknown,\n Bad,\n Warn,\n Neutral,\n Fair,\n Good,\n SpearPhishing,\n BitFlip,\n TypographicalErrors,\n TldVariant,\n TotalCount,\n ConnectorName\n )\n", + "functionParameters": "", + "version": 2, + "tags": [ + { + "name": "description", + "value": "" + } + ] + } + }, + { + "type": "Microsoft.OperationalInsights/workspaces/providers/metadata", + "apiVersion": "2022-01-01-preview", + "name": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat('Parser-', last(split(variables('parserObject7')._parserId7,'/'))))]", + "dependsOn": [ + "[variables('parserObject7')._parserId7]" + ], + "properties": { + "parentId": "[resourceId('Microsoft.OperationalInsights/workspaces/savedSearches', parameters('workspace'), 'BitSightDiligenceStatistics')]", + "contentId": "[variables('parserObject7').parserContentId7]", + "kind": "Parser", + "version": "[variables('parserObject7').parserVersion7]", + "source": { + "name": "BitSight", + "kind": "Solution", + "sourceId": "[variables('_solutionId')]" + }, + "author": { + "name": "Microsoft", + "email": "[variables('_email')]" + }, + "support": { + "name": "BitSight Support", + "email": "support@bitsight.com", + "tier": "Partner", + "link": "https://www.bitsight.com/customer-success-support" + } + } + } + ] + }, + "packageKind": "Solution", + "packageVersion": "[variables('_solutionVersion')]", + "packageName": "[variables('_solutionName')]", + "packageId": "[variables('_solutionId')]", + "contentSchemaVersion": "3.0.0", + "contentId": "[variables('parserObject7').parserContentId7]", + "contentKind": "Parser", + "displayName": "Parser for BitSightDiligenceStatistics", + "contentProductId": "[concat(take(variables('_solutionId'),50),'-','pr','-', uniqueString(concat(variables('_solutionId'),'-','Parser','-',variables('parserObject7').parserContentId7,'-', '1.1.0')))]", + "id": "[concat(take(variables('_solutionId'),50),'-','pr','-', uniqueString(concat(variables('_solutionId'),'-','Parser','-',variables('parserObject7').parserContentId7,'-', '1.1.0')))]", + "version": "[variables('parserObject7').parserVersion7]" + } + }, + { + "type": "Microsoft.OperationalInsights/workspaces/savedSearches", + "apiVersion": "2025-07-01", + "name": "[variables('parserObject7')._parserName7]", + "location": "[parameters('workspace-location')]", + "properties": { + "eTag": "*", + "displayName": "Parser for BitSightDiligenceStatistics", + "category": "Microsoft Sentinel Parser", + "functionAlias": "BitSightDiligenceStatistics", + "query": "union isfuzzy=true\n (\n BitsightDiligence_statistics_CL\n | extend\n EventVendor = \"BitSight\",\n EventProduct = \"DiligenceStatistics\",\n Unknown = column_ifexists('unknown', ''),\n Bad = column_ifexists('bad', ''),\n Warn = column_ifexists('warn', ''),\n Neutral = column_ifexists('neutral', ''),\n Fair = column_ifexists('fair', ''),\n Good = column_ifexists('good', ''),\n RiskVector = column_ifexists('risk_vector', ''),\n CompanyName = column_ifexists('Company_name', ''),\n SpearPhishing = column_ifexists('spear_phishing', ''),\n BitFlip = column_ifexists('bit_flip', ''),\n TypographicalErrors = column_ifexists('typographical_errors', ''),\n TLDVariant = column_ifexists('tld_variant', ''),\n TotalCount = column_ifexists('total_count', '')\n | project\n TimeGenerated,\n EventVendor,\n EventProduct,\n Unknown,\n Bad,\n Warn,\n Neutral,\n Fair,\n Good,\n RiskVector,\n CompanyName,\n SpearPhishing,\n BitFlip,\n TypographicalErrors,\n TLDVariant,\n TotalCount\n ),\n (\n BitSightDiligenceStatistics_CL\n | extend\n EventVendor = \"BitSight\",\n EventProduct = \"DiligenceStatistics\"\n | project\n TimeGenerated,\n EventVendor,\n EventProduct,\n CompanyName,\n CompanyGuid,\n RiskVector,\n Unknown,\n Bad,\n Warn,\n Neutral,\n Fair,\n Good,\n SpearPhishing,\n BitFlip,\n TypographicalErrors,\n TldVariant,\n TotalCount,\n ConnectorName\n )\n", + "functionParameters": "", + "version": 2, + "tags": [ + { + "name": "description", + "value": "" + } + ] + } + }, + { + "type": "Microsoft.OperationalInsights/workspaces/providers/metadata", + "apiVersion": "2022-01-01-preview", + "location": "[parameters('workspace-location')]", + "name": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat('Parser-', last(split(variables('parserObject7')._parserId7,'/'))))]", + "dependsOn": [ + "[variables('parserObject7')._parserId7]" + ], + "properties": { + "parentId": "[resourceId('Microsoft.OperationalInsights/workspaces/savedSearches', parameters('workspace'), 'BitSightDiligenceStatistics')]", + "contentId": "[variables('parserObject7').parserContentId7]", + "kind": "Parser", + "version": "[variables('parserObject7').parserVersion7]", + "source": { + "kind": "Solution", + "name": "BitSight", + "sourceId": "[variables('_solutionId')]" + }, + "author": { + "name": "Microsoft", + "email": "[variables('_email')]" + }, + "support": { + "name": "BitSight Support", + "email": "support@bitsight.com", + "tier": "Partner", + "link": "https://www.bitsight.com/customer-success-support" + } + } + }, + { + "type": "Microsoft.OperationalInsights/workspaces/providers/contentTemplates", + "apiVersion": "2023-04-01-preview", + "name": "[variables('parserObject8').parserTemplateSpecName8]", + "location": "[parameters('workspace-location')]", + "dependsOn": [ + "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]" + ], + "properties": { + "description": "BitSightFindingsData Data Parser with template version 3.2.0", + "mainTemplate": { + "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", + "contentVersion": "[variables('parserObject8').parserVersion8]", + "parameters": {}, + "variables": {}, + "resources": [ + { + "name": "[variables('parserObject8')._parserName8]", + "apiVersion": "2025-07-01", + "type": "Microsoft.OperationalInsights/workspaces/savedSearches", + "location": "[parameters('workspace-location')]", + "properties": { + "eTag": "*", + "displayName": "Parser for BitSightFindingsData", + "category": "Microsoft Sentinel Parser", + "functionAlias": "BitSightFindingsData", + "query": "union isfuzzy=true\n (\n BitsightFindings_data_CL\n | extend\n EventVendor = \"BitSight\",\n EventProduct = \"FindingsData\",\n RemediationHistoryLastRequestedRefreshDate = column_ifexists('remediation_history_last_requested_refresh_date', ''),\n RemediationHistoryLastRefreshStatusDate = column_ifexists('remediation_history_last_refresh_status_date', ''),\n RemediationHistoryLastRefreshStatusLabel = column_ifexists('remediation_history_last_refresh_status_label', ''),\n RemediationHistoryLastRefreshReasonCode = column_ifexists('remediation_history_last_refresh_reason_code', ''),\n Comments = column_ifexists('comments', ''),\n TemporaryId = column_ifexists('temporary_id', ''),\n PcapID = column_ifexists('pcap_id', ''),\n AffectsRating = column_ifexists('affects_rating', ''),\n Assets = column_ifexists('assets', ''),\n Details = column_ifexists('details', ''),\n EvidenceKey = column_ifexists('evidence_key', ''),\n FirstSeen = column_ifexists('first_seen', ''),\n LastSeen = column_ifexists('last_seen', ''),\n RelatedFindings = column_ifexists('related_findings', ''),\n RiskCategory = column_ifexists('risk_category', ''),\n RiskVector = column_ifexists('risk_vector', ''),\n RiskVectorLabel = column_ifexists('risk_vector_label', ''),\n RolledupObservationId = column_ifexists('rolledup_observation_id', ''),\n Severity = column_ifexists('severity', ''),\n SeverityCategory = column_ifexists('severity_category', ''),\n Tags = column_ifexists('tags', ''),\n AssetOverrides = column_ifexists('asset_overrides', ''),\n Duration = column_ifexists('duration', ''),\n AttributedCompanies = column_ifexists('attributed_companies', ''),\n CompanyName = column_ifexists('company_name', ''),\n RemainingDecay = column_ifexists('remaining_decay', '')\n | project\n TimeGenerated,\n EventVendor,\n EventProduct,\n RemediationHistoryLastRequestedRefreshDate,\n RemediationHistoryLastRefreshStatusDate,\n RemediationHistoryLastRefreshStatusLabel,\n RemediationHistoryLastRefreshReasonCode,\n Comments,\n TemporaryId,\n PcapID,\n AffectsRating,\n Assets,\n Details,\n EvidenceKey,\n FirstSeen,\n LastSeen,\n RelatedFindings,\n RiskCategory,\n RiskVector,\n RiskVectorLabel,\n RolledupObservationId,\n Severity,\n SeverityCategory,\n Tags,\n AssetOverrides,\n Duration,\n AttributedCompanies,\n CompanyName,\n RemainingDecay\n ),\n (\n BitSightFindings_CL\n | extend\n EventVendor = \"BitSight\",\n EventProduct = \"FindingsData\"\n | project\n TimeGenerated,\n EventVendor,\n EventProduct,\n TemporaryId,\n CompanyName,\n CompanyGuid,\n RiskCategory,\n RiskVector,\n RiskVectorLabel,\n SeverityCategory,\n Severity,\n FirstSeen,\n LastSeen,\n CurrentlyActive,\n AssetCategory,\n Assets,\n Details,\n EvidenceKey,\n AttributedCompanies,\n RemediationHistory,\n AffectsRating,\n Comments,\n Duration,\n GracePeriodEndDate,\n GuestNetworkEndDate,\n ImpactsRiskVectorDetails,\n NoRvGradeImpactEndDate,\n RelatedFindings,\n RemainingDecay,\n Remediated,\n RolledupObservationId,\n Tags,\n ConnectorName\n )\n", + "functionParameters": "", + "version": 2, + "tags": [ + { + "name": "description", + "value": "" + } + ] + } + }, + { + "type": "Microsoft.OperationalInsights/workspaces/providers/metadata", + "apiVersion": "2022-01-01-preview", + "name": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat('Parser-', last(split(variables('parserObject8')._parserId8,'/'))))]", + "dependsOn": [ + "[variables('parserObject8')._parserId8]" + ], + "properties": { + "parentId": "[resourceId('Microsoft.OperationalInsights/workspaces/savedSearches', parameters('workspace'), 'BitSightFindingsData')]", + "contentId": "[variables('parserObject8').parserContentId8]", + "kind": "Parser", + "version": "[variables('parserObject8').parserVersion8]", + "source": { + "name": "BitSight", + "kind": "Solution", + "sourceId": "[variables('_solutionId')]" + }, + "author": { + "name": "Microsoft", + "email": "[variables('_email')]" + }, + "support": { + "name": "BitSight Support", + "email": "support@bitsight.com", + "tier": "Partner", + "link": "https://www.bitsight.com/customer-success-support" + } + } + } + ] + }, + "packageKind": "Solution", + "packageVersion": "[variables('_solutionVersion')]", + "packageName": "[variables('_solutionName')]", + "packageId": "[variables('_solutionId')]", + "contentSchemaVersion": "3.0.0", + "contentId": "[variables('parserObject8').parserContentId8]", + "contentKind": "Parser", + "displayName": "Parser for BitSightFindingsData", + "contentProductId": "[concat(take(variables('_solutionId'),50),'-','pr','-', uniqueString(concat(variables('_solutionId'),'-','Parser','-',variables('parserObject8').parserContentId8,'-', '1.1.0')))]", + "id": "[concat(take(variables('_solutionId'),50),'-','pr','-', uniqueString(concat(variables('_solutionId'),'-','Parser','-',variables('parserObject8').parserContentId8,'-', '1.1.0')))]", + "version": "[variables('parserObject8').parserVersion8]" + } + }, + { + "type": "Microsoft.OperationalInsights/workspaces/savedSearches", + "apiVersion": "2025-07-01", + "name": "[variables('parserObject8')._parserName8]", + "location": "[parameters('workspace-location')]", + "properties": { + "eTag": "*", + "displayName": "Parser for BitSightFindingsData", + "category": "Microsoft Sentinel Parser", + "functionAlias": "BitSightFindingsData", + "query": "union isfuzzy=true\n (\n BitsightFindings_data_CL\n | extend\n EventVendor = \"BitSight\",\n EventProduct = \"FindingsData\",\n RemediationHistoryLastRequestedRefreshDate = column_ifexists('remediation_history_last_requested_refresh_date', ''),\n RemediationHistoryLastRefreshStatusDate = column_ifexists('remediation_history_last_refresh_status_date', ''),\n RemediationHistoryLastRefreshStatusLabel = column_ifexists('remediation_history_last_refresh_status_label', ''),\n RemediationHistoryLastRefreshReasonCode = column_ifexists('remediation_history_last_refresh_reason_code', ''),\n Comments = column_ifexists('comments', ''),\n TemporaryId = column_ifexists('temporary_id', ''),\n PcapID = column_ifexists('pcap_id', ''),\n AffectsRating = column_ifexists('affects_rating', ''),\n Assets = column_ifexists('assets', ''),\n Details = column_ifexists('details', ''),\n EvidenceKey = column_ifexists('evidence_key', ''),\n FirstSeen = column_ifexists('first_seen', ''),\n LastSeen = column_ifexists('last_seen', ''),\n RelatedFindings = column_ifexists('related_findings', ''),\n RiskCategory = column_ifexists('risk_category', ''),\n RiskVector = column_ifexists('risk_vector', ''),\n RiskVectorLabel = column_ifexists('risk_vector_label', ''),\n RolledupObservationId = column_ifexists('rolledup_observation_id', ''),\n Severity = column_ifexists('severity', ''),\n SeverityCategory = column_ifexists('severity_category', ''),\n Tags = column_ifexists('tags', ''),\n AssetOverrides = column_ifexists('asset_overrides', ''),\n Duration = column_ifexists('duration', ''),\n AttributedCompanies = column_ifexists('attributed_companies', ''),\n CompanyName = column_ifexists('company_name', ''),\n RemainingDecay = column_ifexists('remaining_decay', '')\n | project\n TimeGenerated,\n EventVendor,\n EventProduct,\n RemediationHistoryLastRequestedRefreshDate,\n RemediationHistoryLastRefreshStatusDate,\n RemediationHistoryLastRefreshStatusLabel,\n RemediationHistoryLastRefreshReasonCode,\n Comments,\n TemporaryId,\n PcapID,\n AffectsRating,\n Assets,\n Details,\n EvidenceKey,\n FirstSeen,\n LastSeen,\n RelatedFindings,\n RiskCategory,\n RiskVector,\n RiskVectorLabel,\n RolledupObservationId,\n Severity,\n SeverityCategory,\n Tags,\n AssetOverrides,\n Duration,\n AttributedCompanies,\n CompanyName,\n RemainingDecay\n ),\n (\n BitSightFindings_CL\n | extend\n EventVendor = \"BitSight\",\n EventProduct = \"FindingsData\"\n | project\n TimeGenerated,\n EventVendor,\n EventProduct,\n TemporaryId,\n CompanyName,\n CompanyGuid,\n RiskCategory,\n RiskVector,\n RiskVectorLabel,\n SeverityCategory,\n Severity,\n FirstSeen,\n LastSeen,\n CurrentlyActive,\n AssetCategory,\n Assets,\n Details,\n EvidenceKey,\n AttributedCompanies,\n RemediationHistory,\n AffectsRating,\n Comments,\n Duration,\n GracePeriodEndDate,\n GuestNetworkEndDate,\n ImpactsRiskVectorDetails,\n NoRvGradeImpactEndDate,\n RelatedFindings,\n RemainingDecay,\n Remediated,\n RolledupObservationId,\n Tags,\n ConnectorName\n )\n", + "functionParameters": "", + "version": 2, + "tags": [ + { + "name": "description", + "value": "" + } + ] + } + }, + { + "type": "Microsoft.OperationalInsights/workspaces/providers/metadata", + "apiVersion": "2022-01-01-preview", + "location": "[parameters('workspace-location')]", + "name": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat('Parser-', last(split(variables('parserObject8')._parserId8,'/'))))]", + "dependsOn": [ + "[variables('parserObject8')._parserId8]" + ], + "properties": { + "parentId": "[resourceId('Microsoft.OperationalInsights/workspaces/savedSearches', parameters('workspace'), 'BitSightFindingsData')]", + "contentId": "[variables('parserObject8').parserContentId8]", + "kind": "Parser", + "version": "[variables('parserObject8').parserVersion8]", + "source": { + "kind": "Solution", + "name": "BitSight", + "sourceId": "[variables('_solutionId')]" + }, + "author": { + "name": "Microsoft", + "email": "[variables('_email')]" + }, + "support": { + "name": "BitSight Support", + "email": "support@bitsight.com", + "tier": "Partner", + "link": "https://www.bitsight.com/customer-success-support" + } + } + }, + { + "type": "Microsoft.OperationalInsights/workspaces/providers/contentTemplates", + "apiVersion": "2023-04-01-preview", + "name": "[variables('parserObject9').parserTemplateSpecName9]", + "location": "[parameters('workspace-location')]", + "dependsOn": [ + "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]" + ], + "properties": { + "description": "BitSightFindingsSummary Data Parser with template version 3.2.0", + "mainTemplate": { + "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", + "contentVersion": "[variables('parserObject9').parserVersion9]", + "parameters": {}, + "variables": {}, + "resources": [ + { + "name": "[variables('parserObject9')._parserName9]", + "apiVersion": "2025-07-01", + "type": "Microsoft.OperationalInsights/workspaces/savedSearches", + "location": "[parameters('workspace-location')]", + "properties": { + "eTag": "*", + "displayName": "Parser for BitSightFindingsSummary", + "category": "Microsoft Sentinel Parser", + "functionAlias": "BitSightFindingsSummary", + "query": "union isfuzzy=true\n (\n BitsightFindings_summary_CL\n | extend\n EventVendor = \"BitSight\",\n EventProduct = \"FindingsSummary\",\n Company = column_ifexists('Company', ''),\n Confidence = column_ifexists('confidence', ''),\n EndDate = column_ifexists('end_date', ''),\n EventCount = column_ifexists('event_count', ''),\n FirstSeen = column_ifexists('first_seen', ''),\n HostCount = column_ifexists('host_count', ''),\n Id = column_ifexists('id', ''),\n Name = column_ifexists('name', ''),\n Severity = column_ifexists('severity', ''),\n StartDate = column_ifexists('start_date', ''),\n Description = column_ifexists('description', '')\n | project\n TimeGenerated,\n EventVendor,\n EventProduct,\n Company,\n Confidence,\n EndDate,\n EventCount,\n FirstSeen,\n HostCount,\n Id,\n Name,\n Severity,\n StartDate,\n Description\n ),\n (\n BitSightFindingsSummary_CL\n | summarize arg_max(TimeGenerated, *) by CompanyGuid, StartDate, EndDate\n | mv-expand StatEntry = Stats\n | extend\n EventVendor = \"BitSight\",\n EventProduct = \"FindingsSummary\",\n StatName = tostring(StatEntry[\"name\"]),\n StatId = tostring(StatEntry[\"id\"]),\n Confidence = tostring(StatEntry[\"confidence\"]),\n EventCount = toint(StatEntry[\"event_count\"]),\n HostCount = toint(StatEntry[\"host_count\"]),\n FirstSeen = tostring(StatEntry[\"first_seen\"])\n | join kind=leftouter (\n BitsightVulnerabilitiesFindingsSummary_CL\n | summarize arg_max(TimeGenerated, *) by DisplayName\n | project DisplayName, VulnSeverity = Severity, VulnDescription = Description\n ) on $left.StatName == $right.DisplayName\n | project\n TimeGenerated,\n EventVendor,\n EventProduct,\n CompanyName,\n CompanyGuid,\n StartDate,\n EndDate,\n StatName,\n StatId,\n Confidence,\n EventCount,\n HostCount,\n FirstSeen,\n VulnSeverity,\n VulnDescription,\n ConnectorName\n )\n", + "functionParameters": "", + "version": 2, + "tags": [ + { + "name": "description", + "value": "" + } + ] + } + }, + { + "type": "Microsoft.OperationalInsights/workspaces/providers/metadata", + "apiVersion": "2022-01-01-preview", + "name": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat('Parser-', last(split(variables('parserObject9')._parserId9,'/'))))]", + "dependsOn": [ + "[variables('parserObject9')._parserId9]" + ], + "properties": { + "parentId": "[resourceId('Microsoft.OperationalInsights/workspaces/savedSearches', parameters('workspace'), 'BitSightFindingsSummary')]", + "contentId": "[variables('parserObject9').parserContentId9]", + "kind": "Parser", + "version": "[variables('parserObject9').parserVersion9]", + "source": { + "name": "BitSight", + "kind": "Solution", + "sourceId": "[variables('_solutionId')]" + }, + "author": { + "name": "Microsoft", + "email": "[variables('_email')]" + }, + "support": { + "name": "BitSight Support", + "email": "support@bitsight.com", + "tier": "Partner", + "link": "https://www.bitsight.com/customer-success-support" + } + } + } + ] + }, + "packageKind": "Solution", + "packageVersion": "[variables('_solutionVersion')]", + "packageName": "[variables('_solutionName')]", + "packageId": "[variables('_solutionId')]", + "contentSchemaVersion": "3.0.0", + "contentId": "[variables('parserObject9').parserContentId9]", + "contentKind": "Parser", + "displayName": "Parser for BitSightFindingsSummary", + "contentProductId": "[concat(take(variables('_solutionId'),50),'-','pr','-', uniqueString(concat(variables('_solutionId'),'-','Parser','-',variables('parserObject9').parserContentId9,'-', '1.1.0')))]", + "id": "[concat(take(variables('_solutionId'),50),'-','pr','-', uniqueString(concat(variables('_solutionId'),'-','Parser','-',variables('parserObject9').parserContentId9,'-', '1.1.0')))]", + "version": "[variables('parserObject9').parserVersion9]" + } + }, + { + "type": "Microsoft.OperationalInsights/workspaces/savedSearches", + "apiVersion": "2025-07-01", + "name": "[variables('parserObject9')._parserName9]", + "location": "[parameters('workspace-location')]", + "properties": { + "eTag": "*", + "displayName": "Parser for BitSightFindingsSummary", + "category": "Microsoft Sentinel Parser", + "functionAlias": "BitSightFindingsSummary", + "query": "union isfuzzy=true\n (\n BitsightFindings_summary_CL\n | extend\n EventVendor = \"BitSight\",\n EventProduct = \"FindingsSummary\",\n Company = column_ifexists('Company', ''),\n Confidence = column_ifexists('confidence', ''),\n EndDate = column_ifexists('end_date', ''),\n EventCount = column_ifexists('event_count', ''),\n FirstSeen = column_ifexists('first_seen', ''),\n HostCount = column_ifexists('host_count', ''),\n Id = column_ifexists('id', ''),\n Name = column_ifexists('name', ''),\n Severity = column_ifexists('severity', ''),\n StartDate = column_ifexists('start_date', ''),\n Description = column_ifexists('description', '')\n | project\n TimeGenerated,\n EventVendor,\n EventProduct,\n Company,\n Confidence,\n EndDate,\n EventCount,\n FirstSeen,\n HostCount,\n Id,\n Name,\n Severity,\n StartDate,\n Description\n ),\n (\n BitSightFindingsSummary_CL\n | summarize arg_max(TimeGenerated, *) by CompanyGuid, StartDate, EndDate\n | mv-expand StatEntry = Stats\n | extend\n EventVendor = \"BitSight\",\n EventProduct = \"FindingsSummary\",\n StatName = tostring(StatEntry[\"name\"]),\n StatId = tostring(StatEntry[\"id\"]),\n Confidence = tostring(StatEntry[\"confidence\"]),\n EventCount = toint(StatEntry[\"event_count\"]),\n HostCount = toint(StatEntry[\"host_count\"]),\n FirstSeen = tostring(StatEntry[\"first_seen\"])\n | join kind=leftouter (\n BitsightVulnerabilitiesFindingsSummary_CL\n | summarize arg_max(TimeGenerated, *) by DisplayName\n | project DisplayName, VulnSeverity = Severity, VulnDescription = Description\n ) on $left.StatName == $right.DisplayName\n | project\n TimeGenerated,\n EventVendor,\n EventProduct,\n CompanyName,\n CompanyGuid,\n StartDate,\n EndDate,\n StatName,\n StatId,\n Confidence,\n EventCount,\n HostCount,\n FirstSeen,\n VulnSeverity,\n VulnDescription,\n ConnectorName\n )\n", + "functionParameters": "", + "version": 2, + "tags": [ + { + "name": "description", + "value": "" + } + ] + } + }, + { + "type": "Microsoft.OperationalInsights/workspaces/providers/metadata", + "apiVersion": "2022-01-01-preview", + "location": "[parameters('workspace-location')]", + "name": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat('Parser-', last(split(variables('parserObject9')._parserId9,'/'))))]", + "dependsOn": [ + "[variables('parserObject9')._parserId9]" + ], + "properties": { + "parentId": "[resourceId('Microsoft.OperationalInsights/workspaces/savedSearches', parameters('workspace'), 'BitSightFindingsSummary')]", + "contentId": "[variables('parserObject9').parserContentId9]", + "kind": "Parser", + "version": "[variables('parserObject9').parserVersion9]", + "source": { + "kind": "Solution", + "name": "BitSight", + "sourceId": "[variables('_solutionId')]" + }, + "author": { + "name": "Microsoft", + "email": "[variables('_email')]" + }, + "support": { + "name": "BitSight Support", + "email": "support@bitsight.com", + "tier": "Partner", + "link": "https://www.bitsight.com/customer-success-support" + } + } + }, + { + "type": "Microsoft.OperationalInsights/workspaces/providers/contentTemplates", + "apiVersion": "2023-04-01-preview", + "name": "[variables('parserObject10').parserTemplateSpecName10]", + "location": "[parameters('workspace-location')]", + "dependsOn": [ + "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]" + ], + "properties": { + "description": "BitSightGraphData Data Parser with template version 3.2.0", + "mainTemplate": { + "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", + "contentVersion": "[variables('parserObject10').parserVersion10]", + "parameters": {}, + "variables": {}, + "resources": [ + { + "name": "[variables('parserObject10')._parserName10]", + "apiVersion": "2025-07-01", + "type": "Microsoft.OperationalInsights/workspaces/savedSearches", + "location": "[parameters('workspace-location')]", + "properties": { + "eTag": "*", + "displayName": "Parser for BitSightGraphData", + "category": "Microsoft Sentinel Parser", + "functionAlias": "BitSightGraphData", + "query": "union isfuzzy=true\n (\n BitsightGraph_data_CL\n | extend\n EventVendor = \"BitSight\",\n EventProduct = \"GraphData\",\n RatingDate = column_ifexists('Rating_Date', ''),\n Rating = column_ifexists('Rating', ''),\n CompanyName = column_ifexists('Company_name', ''),\n RatingDifferance = column_ifexists('Rating_differance', '')\n | project\n TimeGenerated,\n EventVendor,\n EventProduct,\n RatingDate,\n Rating,\n CompanyName,\n RatingDifferance\n ),\n (\n BitSightCompanyDetails_CL\n | summarize arg_max(TimeGenerated, *) by Guid\n | mv-expand RatingEntry = Ratings\n | extend\n EventVendor = \"BitSight\",\n EventProduct = \"GraphData\",\n CompanyName = Name,\n RatingDate = tostring(RatingEntry[\"rating_date\"]),\n Rating = toint(RatingEntry[\"rating\"]),\n RatingRange = tostring(RatingEntry[\"range\"]),\n RatingColor = tostring(RatingEntry[\"rating_color\"])\n | sort by Guid asc, RatingDate asc\n | serialize\n | extend\n PrevGuid = prev(Guid, 1),\n PrevRating = prev(Rating, 1)\n | extend\n RatingDifference = iff(Guid == PrevGuid, Rating - PrevRating, int(null)),\n RatingDifferance = iff(Guid == PrevGuid, Rating - PrevRating, int(null))\n | project-away PrevGuid, PrevRating\n | project\n TimeGenerated,\n EventVendor,\n EventProduct,\n CompanyName,\n Guid,\n RatingDate,\n Rating,\n RatingRange,\n RatingColor,\n RatingDifference,\n RatingDifferance,\n ConnectorName\n )\n", + "functionParameters": "", + "version": 2, + "tags": [ + { + "name": "description", + "value": "" + } + ] + } + }, + { + "type": "Microsoft.OperationalInsights/workspaces/providers/metadata", + "apiVersion": "2022-01-01-preview", + "name": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat('Parser-', last(split(variables('parserObject10')._parserId10,'/'))))]", + "dependsOn": [ + "[variables('parserObject10')._parserId10]" + ], + "properties": { + "parentId": "[resourceId('Microsoft.OperationalInsights/workspaces/savedSearches', parameters('workspace'), 'BitSightGraphData')]", + "contentId": "[variables('parserObject10').parserContentId10]", + "kind": "Parser", + "version": "[variables('parserObject10').parserVersion10]", + "source": { + "name": "BitSight", + "kind": "Solution", + "sourceId": "[variables('_solutionId')]" + }, + "author": { + "name": "Microsoft", + "email": "[variables('_email')]" + }, + "support": { + "name": "BitSight Support", + "email": "support@bitsight.com", + "tier": "Partner", + "link": "https://www.bitsight.com/customer-success-support" + } + } + } + ] + }, + "packageKind": "Solution", + "packageVersion": "[variables('_solutionVersion')]", + "packageName": "[variables('_solutionName')]", + "packageId": "[variables('_solutionId')]", + "contentSchemaVersion": "3.0.0", + "contentId": "[variables('parserObject10').parserContentId10]", + "contentKind": "Parser", + "displayName": "Parser for BitSightGraphData", + "contentProductId": "[concat(take(variables('_solutionId'),50),'-','pr','-', uniqueString(concat(variables('_solutionId'),'-','Parser','-',variables('parserObject10').parserContentId10,'-', '1.1.0')))]", + "id": "[concat(take(variables('_solutionId'),50),'-','pr','-', uniqueString(concat(variables('_solutionId'),'-','Parser','-',variables('parserObject10').parserContentId10,'-', '1.1.0')))]", + "version": "[variables('parserObject10').parserVersion10]" + } + }, + { + "type": "Microsoft.OperationalInsights/workspaces/savedSearches", + "apiVersion": "2025-07-01", + "name": "[variables('parserObject10')._parserName10]", + "location": "[parameters('workspace-location')]", + "properties": { + "eTag": "*", + "displayName": "Parser for BitSightGraphData", + "category": "Microsoft Sentinel Parser", + "functionAlias": "BitSightGraphData", + "query": "union isfuzzy=true\n (\n BitsightGraph_data_CL\n | extend\n EventVendor = \"BitSight\",\n EventProduct = \"GraphData\",\n RatingDate = column_ifexists('Rating_Date', ''),\n Rating = column_ifexists('Rating', ''),\n CompanyName = column_ifexists('Company_name', ''),\n RatingDifferance = column_ifexists('Rating_differance', '')\n | project\n TimeGenerated,\n EventVendor,\n EventProduct,\n RatingDate,\n Rating,\n CompanyName,\n RatingDifferance\n ),\n (\n BitSightCompanyDetails_CL\n | summarize arg_max(TimeGenerated, *) by Guid\n | mv-expand RatingEntry = Ratings\n | extend\n EventVendor = \"BitSight\",\n EventProduct = \"GraphData\",\n CompanyName = Name,\n RatingDate = tostring(RatingEntry[\"rating_date\"]),\n Rating = toint(RatingEntry[\"rating\"]),\n RatingRange = tostring(RatingEntry[\"range\"]),\n RatingColor = tostring(RatingEntry[\"rating_color\"])\n | sort by Guid asc, RatingDate asc\n | serialize\n | extend\n PrevGuid = prev(Guid, 1),\n PrevRating = prev(Rating, 1)\n | extend\n RatingDifference = iff(Guid == PrevGuid, Rating - PrevRating, int(null)),\n RatingDifferance = iff(Guid == PrevGuid, Rating - PrevRating, int(null))\n | project-away PrevGuid, PrevRating\n | project\n TimeGenerated,\n EventVendor,\n EventProduct,\n CompanyName,\n Guid,\n RatingDate,\n Rating,\n RatingRange,\n RatingColor,\n RatingDifference,\n RatingDifferance,\n ConnectorName\n )\n", + "functionParameters": "", + "version": 2, + "tags": [ + { + "name": "description", + "value": "" + } + ] + } + }, + { + "type": "Microsoft.OperationalInsights/workspaces/providers/metadata", + "apiVersion": "2022-01-01-preview", + "location": "[parameters('workspace-location')]", + "name": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat('Parser-', last(split(variables('parserObject10')._parserId10,'/'))))]", + "dependsOn": [ + "[variables('parserObject10')._parserId10]" + ], + "properties": { + "parentId": "[resourceId('Microsoft.OperationalInsights/workspaces/savedSearches', parameters('workspace'), 'BitSightGraphData')]", + "contentId": "[variables('parserObject10').parserContentId10]", + "kind": "Parser", + "version": "[variables('parserObject10').parserVersion10]", + "source": { + "kind": "Solution", + "name": "BitSight", + "sourceId": "[variables('_solutionId')]" + }, + "author": { + "name": "Microsoft", + "email": "[variables('_email')]" + }, + "support": { + "name": "BitSight Support", + "email": "support@bitsight.com", + "tier": "Partner", + "link": "https://www.bitsight.com/customer-success-support" + } + } + }, + { + "type": "Microsoft.OperationalInsights/workspaces/providers/contentTemplates", + "apiVersion": "2023-04-01-preview", + "name": "[variables('parserObject11').parserTemplateSpecName11]", + "location": "[parameters('workspace-location')]", + "dependsOn": [ + "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]" + ], + "properties": { + "description": "BitSightIndustrialStatistics Data Parser with template version 3.2.0", + "mainTemplate": { + "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", + "contentVersion": "[variables('parserObject11').parserVersion11]", + "parameters": {}, + "variables": {}, + "resources": [ + { + "name": "[variables('parserObject11')._parserName11]", + "apiVersion": "2025-07-01", + "type": "Microsoft.OperationalInsights/workspaces/savedSearches", + "location": "[parameters('workspace-location')]", + "properties": { + "eTag": "*", + "displayName": "Parser for BitSightIndustrialStatistics", + "category": "Microsoft Sentinel Parser", + "functionAlias": "BitSightIndustrialStatistics", + "query": "union isfuzzy=true\n (\n BitsightIndustrial_statistics_CL\n | extend\n EventVendor = \"BitSight\",\n EventProduct = \"IndustrialStatistics\",\n Count = column_ifexists('count', ''),\n CountPeriod = column_ifexists('count_period', ''),\n AverageDurationDays = column_ifexists('average_duration_days', ''),\n RiskVector = column_ifexists('risk_vector', ''),\n CompanyName = column_ifexists('Company_name', '')\n | project\n TimeGenerated,\n EventVendor,\n EventProduct,\n Count,\n CountPeriod,\n AverageDurationDays,\n RiskVector,\n CompanyName\n ),\n (\n BitsightIndustrialStatistics_CL\n | extend\n EventVendor = \"BitSight\",\n EventProduct = \"IndustrialStatistics\"\n | project\n TimeGenerated,\n EventVendor,\n EventProduct,\n CompanyName,\n CompanyGuid,\n RiskVector,\n IncidentCount,\n CountPeriod,\n AverageDurationDays,\n ConnectorName\n )\n", + "functionParameters": "", + "version": 2, + "tags": [ + { + "name": "description", + "value": "" + } + ] + } + }, + { + "type": "Microsoft.OperationalInsights/workspaces/providers/metadata", + "apiVersion": "2022-01-01-preview", + "name": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat('Parser-', last(split(variables('parserObject11')._parserId11,'/'))))]", + "dependsOn": [ + "[variables('parserObject11')._parserId11]" + ], + "properties": { + "parentId": "[resourceId('Microsoft.OperationalInsights/workspaces/savedSearches', parameters('workspace'), 'BitSightIndustrialStatistics')]", + "contentId": "[variables('parserObject11').parserContentId11]", + "kind": "Parser", + "version": "[variables('parserObject11').parserVersion11]", + "source": { + "name": "BitSight", + "kind": "Solution", + "sourceId": "[variables('_solutionId')]" + }, + "author": { + "name": "Microsoft", + "email": "[variables('_email')]" + }, + "support": { + "name": "BitSight Support", + "email": "support@bitsight.com", + "tier": "Partner", + "link": "https://www.bitsight.com/customer-success-support" + } + } + } + ] + }, + "packageKind": "Solution", + "packageVersion": "[variables('_solutionVersion')]", + "packageName": "[variables('_solutionName')]", + "packageId": "[variables('_solutionId')]", + "contentSchemaVersion": "3.0.0", + "contentId": "[variables('parserObject11').parserContentId11]", + "contentKind": "Parser", + "displayName": "Parser for BitSightIndustrialStatistics", + "contentProductId": "[concat(take(variables('_solutionId'),50),'-','pr','-', uniqueString(concat(variables('_solutionId'),'-','Parser','-',variables('parserObject11').parserContentId11,'-', '1.1.0')))]", + "id": "[concat(take(variables('_solutionId'),50),'-','pr','-', uniqueString(concat(variables('_solutionId'),'-','Parser','-',variables('parserObject11').parserContentId11,'-', '1.1.0')))]", + "version": "[variables('parserObject11').parserVersion11]" + } + }, + { + "type": "Microsoft.OperationalInsights/workspaces/savedSearches", + "apiVersion": "2025-07-01", + "name": "[variables('parserObject11')._parserName11]", + "location": "[parameters('workspace-location')]", + "properties": { + "eTag": "*", + "displayName": "Parser for BitSightIndustrialStatistics", + "category": "Microsoft Sentinel Parser", + "functionAlias": "BitSightIndustrialStatistics", + "query": "union isfuzzy=true\n (\n BitsightIndustrial_statistics_CL\n | extend\n EventVendor = \"BitSight\",\n EventProduct = \"IndustrialStatistics\",\n Count = column_ifexists('count', ''),\n CountPeriod = column_ifexists('count_period', ''),\n AverageDurationDays = column_ifexists('average_duration_days', ''),\n RiskVector = column_ifexists('risk_vector', ''),\n CompanyName = column_ifexists('Company_name', '')\n | project\n TimeGenerated,\n EventVendor,\n EventProduct,\n Count,\n CountPeriod,\n AverageDurationDays,\n RiskVector,\n CompanyName\n ),\n (\n BitsightIndustrialStatistics_CL\n | extend\n EventVendor = \"BitSight\",\n EventProduct = \"IndustrialStatistics\"\n | project\n TimeGenerated,\n EventVendor,\n EventProduct,\n CompanyName,\n CompanyGuid,\n RiskVector,\n IncidentCount,\n CountPeriod,\n AverageDurationDays,\n ConnectorName\n )\n", + "functionParameters": "", + "version": 2, + "tags": [ + { + "name": "description", + "value": "" + } + ] + } + }, + { + "type": "Microsoft.OperationalInsights/workspaces/providers/metadata", + "apiVersion": "2022-01-01-preview", + "location": "[parameters('workspace-location')]", + "name": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat('Parser-', last(split(variables('parserObject11')._parserId11,'/'))))]", + "dependsOn": [ + "[variables('parserObject11')._parserId11]" + ], + "properties": { + "parentId": "[resourceId('Microsoft.OperationalInsights/workspaces/savedSearches', parameters('workspace'), 'BitSightIndustrialStatistics')]", + "contentId": "[variables('parserObject11').parserContentId11]", + "kind": "Parser", + "version": "[variables('parserObject11').parserVersion11]", + "source": { + "kind": "Solution", + "name": "BitSight", + "sourceId": "[variables('_solutionId')]" + }, + "author": { + "name": "Microsoft", + "email": "[variables('_email')]" + }, + "support": { + "name": "BitSight Support", + "email": "support@bitsight.com", + "tier": "Partner", + "link": "https://www.bitsight.com/customer-success-support" + } + } + }, + { + "type": "Microsoft.OperationalInsights/workspaces/providers/contentTemplates", + "apiVersion": "2023-04-01-preview", + "name": "[variables('parserObject12').parserTemplateSpecName12]", + "location": "[parameters('workspace-location')]", + "dependsOn": [ + "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]" + ], + "properties": { + "description": "BitSightObservationStatistics Data Parser with template version 3.2.0", + "mainTemplate": { + "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", + "contentVersion": "[variables('parserObject12').parserVersion12]", + "parameters": {}, + "variables": {}, + "resources": [ + { + "name": "[variables('parserObject12')._parserName12]", + "apiVersion": "2025-07-01", + "type": "Microsoft.OperationalInsights/workspaces/savedSearches", + "location": "[parameters('workspace-location')]", + "properties": { + "eTag": "*", + "displayName": "Parser for BitSightObservationStatistics", + "category": "Microsoft Sentinel Parser", + "functionAlias": "BitSightObservationStatistics", + "query": "union isfuzzy=true\n (\n BitsightObservation_statistics_CL\n | extend\n EventVendor = \"BitSight\",\n EventProduct = \"ObservationStatistics\",\n Count = column_ifexists('count', ''),\n CountPeriod = column_ifexists('count_period', ''),\n AverageDurationDays = column_ifexists('average_duration_days', ''),\n RiskVector = column_ifexists('risk_vector', ''),\n CompanyName = column_ifexists('Company_name', '')\n | project\n TimeGenerated,\n EventVendor,\n EventProduct,\n Count,\n CountPeriod,\n AverageDurationDays,\n RiskVector,\n CompanyName\n ),\n (\n BitSightObservationStatistics_CL\n | extend\n EventVendor = \"BitSight\",\n EventProduct = \"ObservationStatistics\"\n | project\n TimeGenerated,\n EventVendor,\n EventProduct,\n CompanyName,\n CompanyGuid,\n RiskVector,\n ObservationCount,\n CountPeriod,\n AverageDurationDays,\n ConnectorName\n )\n", + "functionParameters": "", + "version": 2, + "tags": [ + { + "name": "description", + "value": "" + } + ] + } + }, + { + "type": "Microsoft.OperationalInsights/workspaces/providers/metadata", + "apiVersion": "2022-01-01-preview", + "name": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat('Parser-', last(split(variables('parserObject12')._parserId12,'/'))))]", + "dependsOn": [ + "[variables('parserObject12')._parserId12]" + ], + "properties": { + "parentId": "[resourceId('Microsoft.OperationalInsights/workspaces/savedSearches', parameters('workspace'), 'BitSightObservationStatistics')]", + "contentId": "[variables('parserObject12').parserContentId12]", + "kind": "Parser", + "version": "[variables('parserObject12').parserVersion12]", + "source": { + "name": "BitSight", + "kind": "Solution", + "sourceId": "[variables('_solutionId')]" + }, + "author": { + "name": "Microsoft", + "email": "[variables('_email')]" + }, + "support": { + "name": "BitSight Support", + "email": "support@bitsight.com", + "tier": "Partner", + "link": "https://www.bitsight.com/customer-success-support" + } + } + } + ] + }, + "packageKind": "Solution", + "packageVersion": "[variables('_solutionVersion')]", + "packageName": "[variables('_solutionName')]", + "packageId": "[variables('_solutionId')]", + "contentSchemaVersion": "3.0.0", + "contentId": "[variables('parserObject12').parserContentId12]", + "contentKind": "Parser", + "displayName": "Parser for BitSightObservationStatistics", + "contentProductId": "[concat(take(variables('_solutionId'),50),'-','pr','-', uniqueString(concat(variables('_solutionId'),'-','Parser','-',variables('parserObject12').parserContentId12,'-', '1.1.0')))]", + "id": "[concat(take(variables('_solutionId'),50),'-','pr','-', uniqueString(concat(variables('_solutionId'),'-','Parser','-',variables('parserObject12').parserContentId12,'-', '1.1.0')))]", + "version": "[variables('parserObject12').parserVersion12]" + } + }, + { + "type": "Microsoft.OperationalInsights/workspaces/savedSearches", + "apiVersion": "2025-07-01", + "name": "[variables('parserObject12')._parserName12]", + "location": "[parameters('workspace-location')]", + "properties": { + "eTag": "*", + "displayName": "Parser for BitSightObservationStatistics", + "category": "Microsoft Sentinel Parser", + "functionAlias": "BitSightObservationStatistics", + "query": "union isfuzzy=true\n (\n BitsightObservation_statistics_CL\n | extend\n EventVendor = \"BitSight\",\n EventProduct = \"ObservationStatistics\",\n Count = column_ifexists('count', ''),\n CountPeriod = column_ifexists('count_period', ''),\n AverageDurationDays = column_ifexists('average_duration_days', ''),\n RiskVector = column_ifexists('risk_vector', ''),\n CompanyName = column_ifexists('Company_name', '')\n | project\n TimeGenerated,\n EventVendor,\n EventProduct,\n Count,\n CountPeriod,\n AverageDurationDays,\n RiskVector,\n CompanyName\n ),\n (\n BitSightObservationStatistics_CL\n | extend\n EventVendor = \"BitSight\",\n EventProduct = \"ObservationStatistics\"\n | project\n TimeGenerated,\n EventVendor,\n EventProduct,\n CompanyName,\n CompanyGuid,\n RiskVector,\n ObservationCount,\n CountPeriod,\n AverageDurationDays,\n ConnectorName\n )\n", + "functionParameters": "", + "version": 2, + "tags": [ + { + "name": "description", + "value": "" + } + ] + } + }, + { + "type": "Microsoft.OperationalInsights/workspaces/providers/metadata", + "apiVersion": "2022-01-01-preview", + "location": "[parameters('workspace-location')]", + "name": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat('Parser-', last(split(variables('parserObject12')._parserId12,'/'))))]", + "dependsOn": [ + "[variables('parserObject12')._parserId12]" + ], + "properties": { + "parentId": "[resourceId('Microsoft.OperationalInsights/workspaces/savedSearches', parameters('workspace'), 'BitSightObservationStatistics')]", + "contentId": "[variables('parserObject12').parserContentId12]", + "kind": "Parser", + "version": "[variables('parserObject12').parserVersion12]", + "source": { + "kind": "Solution", + "name": "BitSight", + "sourceId": "[variables('_solutionId')]" + }, + "author": { + "name": "Microsoft", + "email": "[variables('_email')]" + }, + "support": { + "name": "BitSight Support", + "email": "support@bitsight.com", + "tier": "Partner", + "link": "https://www.bitsight.com/customer-success-support" + } + } + }, + { + "type": "Microsoft.OperationalInsights/workspaces/providers/contentTemplates", + "apiVersion": "2023-04-01-preview", + "name": "[variables('parserObject13').parserTemplateSpecName13]", + "location": "[parameters('workspace-location')]", + "dependsOn": [ + "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]" + ], + "properties": { + "description": "BitSightVulnerabilitiesFindingsSummary Data Parser with template version 3.2.0", + "mainTemplate": { + "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", + "contentVersion": "[variables('parserObject13').parserVersion13]", + "parameters": {}, + "variables": {}, + "resources": [ + { + "name": "[variables('parserObject13')._parserName13]", + "apiVersion": "2025-07-01", + "type": "Microsoft.OperationalInsights/workspaces/savedSearches", + "location": "[parameters('workspace-location')]", + "properties": { + "eTag": "*", + "displayName": "Parser for BitSightVulnerabilitiesFindingsSummary", + "category": "Microsoft Sentinel Parser", + "functionAlias": "BitSightVulnerabilitiesFindingsSummary", + "query": "BitsightVulnerabilitiesFindingsSummary_CL\n| summarize arg_max(TimeGenerated, *) by DisplayName\n| extend\n EventVendor = \"BitSight\",\n EventProduct = \"VulnerabilitiesFindingsSummary\"\n| project\n TimeGenerated,\n EventVendor,\n EventProduct,\n DisplayName,\n Severity,\n Description,\n ConnectorName\n", + "functionParameters": "", + "version": 2, + "tags": [ + { + "name": "description", + "value": "" + } + ] + } + }, + { + "type": "Microsoft.OperationalInsights/workspaces/providers/metadata", + "apiVersion": "2022-01-01-preview", + "name": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat('Parser-', last(split(variables('parserObject13')._parserId13,'/'))))]", + "dependsOn": [ + "[variables('parserObject13')._parserId13]" + ], + "properties": { + "parentId": "[resourceId('Microsoft.OperationalInsights/workspaces/savedSearches', parameters('workspace'), 'BitSightVulnerabilitiesFindingsSummary')]", + "contentId": "[variables('parserObject13').parserContentId13]", + "kind": "Parser", + "version": "[variables('parserObject13').parserVersion13]", + "source": { + "name": "BitSight", + "kind": "Solution", + "sourceId": "[variables('_solutionId')]" + }, + "author": { + "name": "Microsoft", + "email": "[variables('_email')]" + }, + "support": { + "name": "BitSight Support", + "email": "support@bitsight.com", + "tier": "Partner", + "link": "https://www.bitsight.com/customer-success-support" + } + } + } + ] + }, + "packageKind": "Solution", + "packageVersion": "[variables('_solutionVersion')]", + "packageName": "[variables('_solutionName')]", + "packageId": "[variables('_solutionId')]", + "contentSchemaVersion": "3.0.0", + "contentId": "[variables('parserObject13').parserContentId13]", + "contentKind": "Parser", + "displayName": "Parser for BitSightVulnerabilitiesFindingsSummary", + "contentProductId": "[concat(take(variables('_solutionId'),50),'-','pr','-', uniqueString(concat(variables('_solutionId'),'-','Parser','-',variables('parserObject13').parserContentId13,'-', '1.0.0')))]", + "id": "[concat(take(variables('_solutionId'),50),'-','pr','-', uniqueString(concat(variables('_solutionId'),'-','Parser','-',variables('parserObject13').parserContentId13,'-', '1.0.0')))]", + "version": "[variables('parserObject13').parserVersion13]" + } + }, + { + "type": "Microsoft.OperationalInsights/workspaces/savedSearches", + "apiVersion": "2025-07-01", + "name": "[variables('parserObject13')._parserName13]", + "location": "[parameters('workspace-location')]", + "properties": { + "eTag": "*", + "displayName": "Parser for BitSightVulnerabilitiesFindingsSummary", + "category": "Microsoft Sentinel Parser", + "functionAlias": "BitSightVulnerabilitiesFindingsSummary", + "query": "BitsightVulnerabilitiesFindingsSummary_CL\n| summarize arg_max(TimeGenerated, *) by DisplayName\n| extend\n EventVendor = \"BitSight\",\n EventProduct = \"VulnerabilitiesFindingsSummary\"\n| project\n TimeGenerated,\n EventVendor,\n EventProduct,\n DisplayName,\n Severity,\n Description,\n ConnectorName\n", + "functionParameters": "", + "version": 2, + "tags": [ + { + "name": "description", + "value": "" + } + ] + } + }, + { + "type": "Microsoft.OperationalInsights/workspaces/providers/metadata", + "apiVersion": "2022-01-01-preview", + "location": "[parameters('workspace-location')]", + "name": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat('Parser-', last(split(variables('parserObject13')._parserId13,'/'))))]", + "dependsOn": [ + "[variables('parserObject13')._parserId13]" + ], + "properties": { + "parentId": "[resourceId('Microsoft.OperationalInsights/workspaces/savedSearches', parameters('workspace'), 'BitSightVulnerabilitiesFindingsSummary')]", + "contentId": "[variables('parserObject13').parserContentId13]", + "kind": "Parser", + "version": "[variables('parserObject13').parserVersion13]", + "source": { + "kind": "Solution", + "name": "BitSight", + "sourceId": "[variables('_solutionId')]" + }, + "author": { + "name": "Microsoft", + "email": "[variables('_email')]" + }, + "support": { + "name": "BitSight Support", + "email": "support@bitsight.com", + "tier": "Partner", + "link": "https://www.bitsight.com/customer-success-support" + } + } + }, + { + "type": "Microsoft.OperationalInsights/workspaces/providers/contentTemplates", + "apiVersion": "2023-04-01-preview", + "name": "[variables('dataConnectorTemplateSpecName1')]", + "location": "[parameters('workspace-location')]", + "dependsOn": [ + "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]" + ], + "properties": { + "description": "BitSight data connector with template version 3.2.0", + "mainTemplate": { + "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", + "contentVersion": "[variables('dataConnectorVersion1')]", + "parameters": {}, + "variables": {}, + "resources": [ + { + "name": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',variables('_dataConnectorContentId1'))]", + "apiVersion": "2021-03-01-preview", + "type": "Microsoft.OperationalInsights/workspaces/providers/dataConnectors", + "location": "[parameters('workspace-location')]", + "kind": "GenericUI", + "properties": { + "connectorUiConfig": { + "id": "[variables('_uiConfigId1')]", + "title": "Bitsight data connector (using Azure Functions)", + "publisher": "BitSight Technologies, Inc.", + "descriptionMarkdown": "The [BitSight](https://www.BitSight.com/) Data Connector supports evidence-based cyber risk monitoring by bringing BitSight data into Microsoft Sentinel using the [Logs Ingestion API](https://learn.microsoft.com/azure/azure-monitor/logs/logs-ingestion-api-overview).", + "graphQueries": [ + { + "metricName": "Total Alerts data received", + "legend": "BitsightAlerts_data_CL", + "baseQuery": "BitsightAlerts_data_CL" + }, + { + "metricName": "Total Breaches data received", + "legend": "BitsightBreaches_data_CL", + "baseQuery": "BitsightBreaches_data_CL" + }, + { + "metricName": "Total Company Details received", + "legend": "BitsightCompany_details_CL", + "baseQuery": "BitsightCompany_details_CL" + }, + { + "metricName": "Total Company Ratings received", + "legend": "BitsightCompany_rating_details_CL", + "baseQuery": "BitsightCompany_rating_details_CL" + }, + { + "metricName": "Total Diligence Historical Statistics data received", + "legend": "BitsightDiligence_historical_statistics_CL", + "baseQuery": "BitsightDiligence_historical_statistics_CL" + }, + { + "metricName": "Total Diligence Statistics data received", + "legend": "BitsightDiligence_statistics_CL", + "baseQuery": "BitsightDiligence_statistics_CL" + }, + { + "metricName": "Total Findings data received", + "legend": "BitsightFindings_data_CL", + "baseQuery": "BitsightFindings_data_CL" + }, + { + "metricName": "Total Findings Summary data received", + "legend": "BitsightFindings_summary_CL", + "baseQuery": "BitsightFindings_summary_CL" + }, + { + "metricName": "Total Graph data received", + "legend": "BitsightGraph_data_CL", + "baseQuery": "BitsightGraph_data_CL" + }, + { + "metricName": "Total Industrial Statistics data received", + "legend": "BitsightIndustrial_statistics_CL", + "baseQuery": "BitsightIndustrial_statistics_CL" + }, + { + "metricName": "Total Observation Statistics data received", + "legend": "BitsightObservation_statistics_CL", + "baseQuery": "BitsightObservation_statistics_CL" + } + ], + "sampleQueries": [ + { + "description": "BitSight Alert Events - Alerts Event for all Companies in portfolio.", + "query": "BitsightAlerts_data_CL\n | sort by TimeGenerated desc" + }, + { + "description": "BitSight Breaches Events - Breaches Event for all Companies in portfolio.", + "query": "BitsightBreaches_data_CL\n | sort by TimeGenerated desc" + }, + { + "description": "BitSight Company Details Events - Company Details Event for all Companies in portfolio.", + "query": "BitsightCompany_details_CL\n | sort by TimeGenerated desc" + }, + { + "description": "BitSight Company Ratings Events - Company Ratings Event for all Companies.", + "query": "BitsightCompany_rating_details_CL\n | sort by TimeGenerated desc" + }, + { + "description": "BitSight Diligence Historical Statistics Events - Diligence Historical Statistics Event for all Companies.", + "query": "BitsightDiligence_historical_statistics_CL\n | sort by TimeGenerated desc" + }, + { + "description": "BitSight Diligence Statistics Events - Diligence Statistics Event for all Companies.", + "query": "BitsightDiligence_statistics_CL\n | sort by TimeGenerated desc" + }, + { + "description": "BitSight Findings Events - Findings Event for all Companies.", + "query": "BitsightFindings_data_CL\n | sort by TimeGenerated desc" + }, + { + "description": "BitSight Findings Summary Events - Findings Summary Event for all Companies.", + "query": "BitsightFindings_summary_CL\n | sort by TimeGenerated desc" + }, + { + "description": "BitSight Graph Events - Graph Event for all Companies.", + "query": "BitsightGraph_data_CL\n | sort by TimeGenerated desc" + }, + { + "description": "BitSight Industrial Statistics Events - Industrial Statistics Event for all Companies.", + "query": "BitsightIndustrial_statistics_CL\n | sort by TimeGenerated desc" + }, + { + "description": "BitSight Observation Statistics Events - Observation Statistics Event for all Companies.", + "query": "BitsightObservation_statistics_CL\n | sort by TimeGenerated desc" + } + ], + "dataTypes": [ + { + "name": "BitsightAlerts_data_CL", + "lastDataReceivedQuery": "BitsightAlerts_data_CL\n | summarize Time = max(TimeGenerated)\n | where isnotempty(Time)" + }, + { + "name": "BitsightBreaches_data_CL", + "lastDataReceivedQuery": "BitsightBreaches_data_CL\n | summarize Time = max(TimeGenerated)\n | where isnotempty(Time)" + }, + { + "name": "BitsightCompany_details_CL", + "lastDataReceivedQuery": "BitsightCompany_details_CL\n | summarize Time = max(TimeGenerated)\n | where isnotempty(Time)" + }, + { + "name": "BitsightCompany_rating_details_CL", + "lastDataReceivedQuery": "BitsightCompany_rating_details_CL\n | summarize Time = max(TimeGenerated)\n | where isnotempty(Time)" + }, + { + "name": "BitsightDiligence_historical_statistics_CL", + "lastDataReceivedQuery": "BitsightDiligence_historical_statistics_CL\n | summarize Time = max(TimeGenerated)\n | where isnotempty(Time)" + }, + { + "name": "BitsightDiligence_statistics_CL", + "lastDataReceivedQuery": "BitsightDiligence_statistics_CL\n | summarize Time = max(TimeGenerated)\n | where isnotempty(Time)" + }, + { + "name": "BitsightFindings_data_CL", + "lastDataReceivedQuery": "BitsightFindings_data_CL\n | summarize Time = max(TimeGenerated)\n | where isnotempty(Time)" + }, + { + "name": "BitsightFindings_summary_CL", + "lastDataReceivedQuery": "BitsightFindings_summary_CL\n | summarize Time = max(TimeGenerated)\n | where isnotempty(Time)" + }, + { + "name": "BitsightGraph_data_CL", + "lastDataReceivedQuery": "BitsightGraph_data_CL\n | summarize Time = max(TimeGenerated)\n | where isnotempty(Time)" + }, + { + "name": "BitsightIndustrial_statistics_CL", + "lastDataReceivedQuery": "BitsightIndustrial_statistics_CL\n | summarize Time = max(TimeGenerated)\n | where isnotempty(Time)" + }, + { + "name": "BitsightObservation_statistics_CL", + "lastDataReceivedQuery": "BitsightObservation_statistics_CL\n | summarize Time = max(TimeGenerated)\n | where isnotempty(Time)" + } + ], + "connectivityCriterias": [ + { + "type": "IsConnectedQuery", + "value": [ + "BitsightAlerts_data_CL\n | summarize LastLogReceived = max(TimeGenerated)\n | project IsConnected = LastLogReceived > ago(30d)" + ] + }, + { + "type": "IsConnectedQuery", + "value": [ + "BitsightBreaches_data_CL\n | summarize LastLogReceived = max(TimeGenerated)\n | project IsConnected = LastLogReceived > ago(30d)" + ] + }, + { + "type": "IsConnectedQuery", + "value": [ + "BitsightCompany_details_CL\n | summarize LastLogReceived = max(TimeGenerated)\n | project IsConnected = LastLogReceived > ago(30d)" + ] + }, + { + "type": "IsConnectedQuery", + "value": [ + "BitsightCompany_rating_details_CL\n | summarize LastLogReceived = max(TimeGenerated)\n | project IsConnected = LastLogReceived > ago(30d)" + ] + }, + { + "type": "IsConnectedQuery", + "value": [ + "BitsightDiligence_historical_statistics_CL\n | summarize LastLogReceived = max(TimeGenerated)\n | project IsConnected = LastLogReceived > ago(30d)" + ] + }, + { + "type": "IsConnectedQuery", + "value": [ + "BitsightDiligence_statistics_CL\n | summarize LastLogReceived = max(TimeGenerated)\n | project IsConnected = LastLogReceived > ago(30d)" + ] + }, + { + "type": "IsConnectedQuery", + "value": [ + "BitsightFindings_data_CL\n | summarize LastLogReceived = max(TimeGenerated)\n | project IsConnected = LastLogReceived > ago(30d)" + ] + }, + { + "type": "IsConnectedQuery", + "value": [ + "BitsightFindings_summary_CL\n | summarize LastLogReceived = max(TimeGenerated)\n | project IsConnected = LastLogReceived > ago(30d)" + ] + }, + { + "type": "IsConnectedQuery", + "value": [ + "BitsightGraph_data_CL\n | summarize LastLogReceived = max(TimeGenerated)\n | project IsConnected = LastLogReceived > ago(30d)" + ] + }, + { + "type": "IsConnectedQuery", + "value": [ + "BitsightIndustrial_statistics_CL\n | summarize LastLogReceived = max(TimeGenerated)\n | project IsConnected = LastLogReceived > ago(30d)" + ] + }, + { + "type": "IsConnectedQuery", + "value": [ + "BitsightObservation_statistics_CL\n | summarize LastLogReceived = max(TimeGenerated)\n | project IsConnected = LastLogReceived > ago(30d)" + ] + } + ], + "availability": { + "status": 1, + "isPreview": false + }, + "permissions": { + "resourceProvider": [ + { + "provider": "Microsoft.OperationalInsights/workspaces", + "permissionsDisplayText": "read and write permissions on the workspace are required.", + "providerDisplayName": "Workspace", + "scope": "Workspace", + "requiredPermissions": { + "write": true, + "read": true, + "delete": true + } + } + ], + "customs": [ + { + "name": "Microsoft.Web/sites permissions", + "description": "Read and write permissions to Azure Functions to create a Function App is required. [See the documentation to learn more about Azure Functions](https://docs.microsoft.com/azure/azure-functions/)." + }, + { + "name": "Permission to assign a role to the registered application", + "description": "Permission to assign a role to the registered application in Microsoft Entra ID is required." + }, + { + "name": "REST API Credentials/permissions", + "description": "BitSight API Token is required. See the documentation to [learn more](https://help.bitsighttech.com/hc/en-us/articles/115014888388-API-Token-Management) about API Token." + } + ] + }, + "instructionSteps": [ + { + "description": ">**NOTE:** This connector uses Azure Functions to connect to the BitSight API to pull its logs into Microsoft Sentinel using the Logs Ingestion API (DCR). This might result in additional data ingestion costs. Check the [Azure Functions pricing page](https://azure.microsoft.com/pricing/details/functions/) for details." + }, + { + "description": ">**(Optional Step)** Securely store workspace and API authorization key(s) or token(s) in Azure Key Vault. Azure Key Vault provides a secure mechanism to store and retrieve key values. [Follow these instructions](https://docs.microsoft.com/azure/app-service/app-service-key-vault-references) to use Azure Key Vault with an Azure Function App." + }, + { + "description": "**STEP 1 - Steps to Create/Get Bitsight API Token**\n\n Follow these instructions to get a BitSight API Token.\n 1. For SPM App: Refer to the [User Preference](https://service.bitsight.com/app/spm/account) tab of your Account page, \n\t\tGo to Settings > Account > User Preferences > API Token.\n 2. For TPRM App: Refer to the [User Preference](https://service.bitsight.com/app/tprm/account) tab of your Account page, \n\t\tGo to Settings > Account > User Preferences > API Token.\n 3. For Classic BitSight: Go to your [Account](https://service.bitsight.com/settings) page, \n\t\tGo to Settings > Account > API Token." + }, + { + "description": "**STEP 2 - App Registration steps for the Application in Microsoft Entra ID**\n\n This integration requires an App registration in the Azure portal. Follow the steps in this section to create a new application in Microsoft Entra ID:\n 1. Sign in to the [Azure portal](https://portal.azure.com/).\n 2. Search for and select **Microsoft Entra ID**.\n 3. Under **Manage**, select **App registrations > New registration**.\n 4. Enter a display **Name** for your application.\n 5. Select **Register** to complete the initial app registration.\n 6. When registration finishes, the Azure portal displays the app registration's Overview pane. You see the **Application (client) ID** and **Tenant ID**. The client ID and Tenant ID is required as configuration parameters for the execution of BitSight Data Connector. \n\n> **Reference link:** [https://learn.microsoft.com/azure/active-directory/develop/quickstart-register-app](https://learn.microsoft.com/azure/active-directory/develop/quickstart-register-app)" + }, + { + "description": "**STEP 3 - Add a client secret for application in Microsoft Entra ID**\n\n Sometimes called an application password, a client secret is a string value required for the execution of BitSight Data Connector. Follow the steps in this section to create a new Client Secret:\n 1. In the Azure portal, in **App registrations**, select your application.\n 2. Select **Certificates & secrets > Client secrets > New client secret**.\n 3. Add a description for your client secret.\n 4. Select an expiration for the secret or specify a custom lifetime. Limit is 24 months.\n 5. Select **Add**. \n 6. *Record the secret's value for use in your client application code. This secret value is never displayed again after you leave this page.* The secret value is required as configuration parameter for the execution of BitSight Data Connector. \n\n> **Reference link:** [https://learn.microsoft.com/azure/active-directory/develop/quickstart-register-app#add-a-client-secret](https://learn.microsoft.com/azure/active-directory/develop/quickstart-register-app#add-a-client-secret)" + }, + { + "description": "**STEP 4 - Get Object ID of your application in Microsoft Entra ID**\n\n After creating your app registration, follow the steps in this section to get Object ID:\n 1. Go to **Microsoft Entra ID**.\n 2. Select **Enterprise applications** from the left menu.\n 3. Find your newly created application in the list (you can search by the name you provided).\n 4. Click on the application.\n 5. On the overview page, copy the **Object ID**. This is the **AzureEntraObjectId** needed for your ARM template role assignment.\n" + }, + { + "description": "**STEP 5 - Assign role of Contributor to application in Microsoft Entra ID**\n\n Follow the steps in this section to assign the role:\n 1. In the Azure portal, Go to **Resource Group** and select your resource group.\n 2. Go to **Access control (IAM)** from left panel.\n 3. Click on **Add**, and then select **Add role assignment**.\n 4. Select **Contributor** as role and click on next.\n 5. In **Assign access to**, select `User, group, or service principal`.\n 6. Click on **add members** and type **your app name** that you have created and select it.\n 7. Now click on **Review + assign** and then again click on **Review + assign**. \n\n> **Reference link:** [https://learn.microsoft.com/azure/role-based-access-control/role-assignments-portal](https://learn.microsoft.com/azure/role-based-access-control/role-assignments-portal)" + }, + { + "description": "**STEP 6 - Choose ONE from the following two deployment options to deploy the connector and the associated Azure Function**\n\n>**IMPORTANT:** Before deploying the BitSight data connector, have the BitSight API Token and Azure credentials (Client ID, Client Secret, Tenant ID, Object ID) readily available." + }, + { + "description": "Use this method for automated deployment of the BitSight connector.\n\n1. Click the **Deploy to Azure** button below. \n\n\t[![Deploy To Azure](https://aka.ms/deploytoazurebutton)](https://aka.ms/sentinel-BitSight-azuredeploy)\n2. Select the preferred **Subscription**, **Resource Group** and **Location**. \n3. Enter the below information : \n\n\t a. **FunctionName** - Name of the Azure Function App to be created. Default is BitSight. \n\n\t b. **API_token** - Enter API Token of your BitSight account. \n\n\t c. **Azure_Client_Id** - Enter Azure Client Id that you have created during app registration. \n\n\t d. **Azure_Client_Secret** - Enter Azure Client Secret that you have created during creating the client secret. \n\n\t e. **Azure_Tenant_Id** - Enter Azure Tenant Id of your Microsoft Entra ID. \n\n\t f. **Azure_Entra_Object_Id** - Enter Object id of your Microsoft Entra App. \n\n\t g. **Companies** - Please add valid company names separated by asterisk(*). For example: Actors Films*Goliath Investments LLC*HCL Group*Saperix, Inc. \n\n\t h. **Location** - The location in which the data collection rules and data collection endpoints should be deployed. \n\n\t i. **WorkspaceName** - Log analytics workspace name. Can be found under Log analytics \"Settings\". \n\n\t j. **Portfolio_Companies_Table_Name** - Name of the table to store portfolio companies. Default is BitsightPortfolio_Companies. Please do not keep this field as empty else you will get validation error. \n\n\t k. **Alerts_Table_Name** - Name of the table to store alerts. Default is BitsightAlerts_data. Please do not keep this field as empty else you will get validation error. \n\n\t l. **Breaches_Table_Name** - Name of the table to store breaches. Default is BitsightBreaches_data. Please do not keep this field as empty else you will get validation error. \n\n\t m. **Company_Table_Name** - Name of the table to store company details. Default is BitsightCompany_details. Please do not keep this field as empty else you will get validation error. \n\n\t n. **Company_Rating_Details_Table_Name** - Name of the table to store company rating details. Default is BitsightCompany_rating_details. Please do not keep this field as empty else you will get validation error. \n\n\t o. **Diligence_Historical_Statistics_Table_Name** - Name of the table to store diligence historical statistics. Default is BitsightDiligence_historical_statistics. Please do not keep this field as empty else you will get validation error. \n\n\t p. **Diligence_Statistics_Table_Name** - Name of the table to store diligence statistics. Default is BitsightDiligence_statistics. Please do not keep this field as empty else you will get validation error. \n\n\t q. **Findings_Summary_Table_Name** - Name of the table to store findings summary. Default is BitsightFindings_summary. Please do not keep this field as empty else you will get validation error. \n\n\t r. **Findings_Table_Name** - Name of the table to store findings data. Default is BitsightFindings_data. Please do not keep this field as empty else you will get validation error. \n\n\t s. **Graph_Table_Name** - Name of the table to store graph data. Default is BitsightGraph_data. Please do not keep this field as empty else you will get validation error. \n\n\t t. **Industrial_Statistics_Table_Name** - Name of the table to store industrial statistics. Default is BitsightIndustrial_statistics. Please do not keep this field as empty else you will get validation error. \n\n\t u. **Observation_Statistics_Table_Name** - Name of the table to store observation statistics. Default is BitsightObservation_statistics. Please do not keep this field as empty else you will get validation error. \n\n\t v. **LogLevel** - Select log level or log severity value from DEBUG, INFO, ERROR. By default it is set to INFO. \n\n\t w. **Schedule** - Please enter a valid Quartz cron-expression. (Example: 0 0 * * * *). \n\n\t x. **Schedule_Portfolio** - Please enter a valid Quartz cron-expression. (Example: 0 */30 * * * *). \n\n\t y. **AppInsightsWorkspaceResourceID** - Use 'Log Analytic Workspace-->Properties' blade having 'Resource ID' property value. This is a fully qualified resourceId which is in format '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}'. \n4. Mark the checkbox labeled **I agree to the terms and conditions stated above**. \n5. Click **Review + Create** and then **Create** to deploy.", + "title": "Option 1 - Azure Resource Manager (ARM) Template" + }, + { + "description": "Use the following step-by-step instructions to deploy the BitSight data connector manually with Azure Functions (Deployment via Visual Studio Code).", + "title": "Option 2 - Manual Deployment of Azure Functions" + }, + { + "description": "**1. Deploy a Function App**\n\n> **NOTE:** You will need to [prepare VS code](https://docs.microsoft.com/azure/azure-functions/functions-create-first-function-python#prerequisites) for Azure function development.\n\n1. Download the [Azure Function App](https://aka.ms/sentinel-BitSight310-functionapp) file. Extract archive to your local development computer.\n2. Start VS Code. Choose File in the main menu and select Open Folder.\n3. Select the top level folder from extracted files.\n4. Choose the Azure icon in the Activity bar, then in the **Azure: Functions** area, choose the **Deploy to function app** button.\nIf you aren't already signed in, choose the Azure icon in the Activity bar, then in the **Azure: Functions** area, choose **Sign in to Azure**\nIf you're already signed in, go to the next step.\n5. Provide the following information at the prompts:\n\n\ta. **Select folder:** Choose a folder from your workspace or browse to one that contains your function app.\n\n\tb. **Select Subscription:** Choose the subscription to use.\n\n\tc. Select **Create new Function App in Azure** (Don't choose the Advanced option)\n\n\td. **Enter a globally unique name for the function app:** Type a name that is valid in a URL path. The name you type is validated to make sure that it's unique in Azure Functions. (e.g. BitSightXXXXX).\n\n\te. **Select a runtime:** Choose Python 3.8 or above.\n\n\tf. Select a location for new resources. For better performance and lower costs choose the same [region](https://azure.microsoft.com/regions/) where Microsoft Sentinel is located.\n\n6. Deployment will begin. A notification is displayed after your function app is created and the deployment package is applied.\n7. Go to Azure Portal for the Function App configuration." + }, + { + "description": "**2. Configure the Function App**\n\n1. In the Function App, select the Function App Name and select **Configuration**.\n2. In the **Application settings** tab, select **+ New application setting**.\n3. Add each of the following application settings individually, with their respective values (case-sensitive): \n\n\t a. **FunctionName** - Name of the Azure Function App to be created. Default is BitSight. \n\n\t b. **API_token** - Enter API Token of your BitSight account. \n\n\t c. **Azure_Client_Id** - Enter Azure Client Id that you have created during app registration. \n\n\t d. **Azure_Client_Secret** - Enter Azure Client Secret that you have created during creating the client secret. \n\n\t e. **Azure_Tenant_Id** - Enter Azure Tenant Id of your Microsoft Entra ID. \n\n\t f. **Azure_Entra_Object_Id** - Enter Object id of your Microsoft Entra App. \n\n\t g. **Companies** - Please add valid company names separated by asterisk(*). For example: Actors Films*Goliath Investments LLC*HCL Group*Saperix, Inc. \n\n\t h. **Location** - The location in which the data collection rules and data collection endpoints should be deployed. \n\n\t i. **WorkspaceName** - Log analytics workspace name. Can be found under Log analytics \"Settings\". \n\n\t j. **Portfolio_Companies_Table_Name** - Name of the table to store portfolio companies. Default is BitsightPortfolio_Companies. Please do not keep this field as empty else you will get validation error. \n\n\t k. **Alerts_Table_Name** - Name of the table to store alerts. Default is BitsightAlerts_data. Please do not keep this field as empty else you will get validation error. \n\n\t l. **Breaches_Table_Name** - Name of the table to store breaches. Default is BitsightBreaches_data. Please do not keep this field as empty else you will get validation error. \n\n\t m. **Company_Table_Name** - Name of the table to store company details. Default is BitsightCompany_details. Please do not keep this field as empty else you will get validation error. \n\n\t n. **Company_Rating_Details_Table_Name** - Name of the table to store company rating details. Default is BitsightCompany_rating_details. Please do not keep this field as empty else you will get validation error. \n\n\t o. **Diligence_Historical_Statistics_Table_Name** - Name of the table to store diligence historical statistics. Default is BitsightDiligence_historical_statistics. Please do not keep this field as empty else you will get validation error. \n\n\t p. **Diligence_Statistics_Table_Name** - Name of the table to store diligence statistics. Default is BitsightDiligence_statistics. Please do not keep this field as empty else you will get validation error. \n\n\t q. **Findings_Summary_Table_Name** - Name of the table to store findings summary. Default is BitsightFindings_summary. Please do not keep this field as empty else you will get validation error. \n\n\t r. **Findings_Table_Name** - Name of the table to store findings data. Default is BitsightFindings_data. Please do not keep this field as empty else you will get validation error. \n\n\t s. **Graph_Table_Name** - Name of the table to store graph data. Default is BitsightGraph_data. Please do not keep this field as empty else you will get validation error. \n\n\t t. **Industrial_Statistics_Table_Name** - Name of the table to store industrial statistics. Default is BitsightIndustrial_statistics. Please do not keep this field as empty else you will get validation error. \n\n\t u. **Observation_Statistics_Table_Name** - Name of the table to store observation statistics. Default is BitsightObservation_statistics. Please do not keep this field as empty else you will get validation error. \n\n\t v. **LogLevel** - Select log level or log severity value from DEBUG, INFO, ERROR. By default it is set to INFO. \n\n\t w. **Schedule** - Please enter a valid Quartz cron-expression. (Example: 0 0 * * * *). \n\n\t x. **Schedule_Portfolio** - Please enter a valid Quartz cron-expression. (Example: 0 */30 * * * *). \n\n\t y. **AppInsightsWorkspaceResourceID** - Use 'Log Analytic Workspace-->Properties' blade having 'Resource ID' property value. This is a fully qualified resourceId which is in format '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}'. \n4. Once all application settings have been entered, click **Save**." + } + ] + } + } + }, + { + "type": "Microsoft.OperationalInsights/workspaces/providers/metadata", + "apiVersion": "2023-04-01-preview", + "name": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat('DataConnector-', last(split(variables('_dataConnectorId1'),'/'))))]", + "properties": { + "parentId": "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/dataConnectors', variables('_dataConnectorContentId1'))]", + "contentId": "[variables('_dataConnectorContentId1')]", + "kind": "DataConnector", + "version": "[variables('dataConnectorVersion1')]", + "source": { + "kind": "Solution", + "name": "BitSight", + "sourceId": "[variables('_solutionId')]" + }, + "author": { + "name": "Microsoft", + "email": "[variables('_email')]" + }, + "support": { + "name": "BitSight Support", + "email": "support@bitsight.com", + "tier": "Partner", + "link": "https://www.bitsight.com/customer-success-support" + } + } + } + ] + }, + "packageKind": "Solution", + "packageVersion": "[variables('_solutionVersion')]", + "packageName": "[variables('_solutionName')]", + "packageId": "[variables('_solutionId')]", + "contentSchemaVersion": "3.0.0", + "contentId": "[variables('_dataConnectorContentId1')]", + "contentKind": "DataConnector", + "displayName": "Bitsight data connector (using Azure Functions)", + "contentProductId": "[variables('_dataConnectorcontentProductId1')]", + "id": "[variables('_dataConnectorcontentProductId1')]", + "version": "[variables('dataConnectorVersion1')]" + } + }, + { + "type": "Microsoft.OperationalInsights/workspaces/providers/metadata", + "apiVersion": "2023-04-01-preview", + "name": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat('DataConnector-', last(split(variables('_dataConnectorId1'),'/'))))]", + "dependsOn": [ + "[variables('_dataConnectorId1')]" + ], + "location": "[parameters('workspace-location')]", + "properties": { + "parentId": "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/dataConnectors', variables('_dataConnectorContentId1'))]", + "contentId": "[variables('_dataConnectorContentId1')]", + "kind": "DataConnector", + "version": "[variables('dataConnectorVersion1')]", + "source": { + "kind": "Solution", + "name": "BitSight", + "sourceId": "[variables('_solutionId')]" + }, + "author": { + "name": "Microsoft", + "email": "[variables('_email')]" + }, + "support": { + "name": "BitSight Support", + "email": "support@bitsight.com", + "tier": "Partner", + "link": "https://www.bitsight.com/customer-success-support" + } + } + }, + { + "name": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',variables('_dataConnectorContentId1'))]", + "apiVersion": "2021-03-01-preview", + "type": "Microsoft.OperationalInsights/workspaces/providers/dataConnectors", + "location": "[parameters('workspace-location')]", + "kind": "GenericUI", + "properties": { + "connectorUiConfig": { + "title": "Bitsight data connector (using Azure Functions)", + "publisher": "BitSight Technologies, Inc.", + "descriptionMarkdown": "The [BitSight](https://www.BitSight.com/) Data Connector supports evidence-based cyber risk monitoring by bringing BitSight data into Microsoft Sentinel using the [Logs Ingestion API](https://learn.microsoft.com/azure/azure-monitor/logs/logs-ingestion-api-overview).", + "graphQueries": [ + { + "metricName": "Total Alerts data received", + "legend": "BitsightAlerts_data_CL", + "baseQuery": "BitsightAlerts_data_CL" + }, + { + "metricName": "Total Breaches data received", + "legend": "BitsightBreaches_data_CL", + "baseQuery": "BitsightBreaches_data_CL" + }, + { + "metricName": "Total Company Details received", + "legend": "BitsightCompany_details_CL", + "baseQuery": "BitsightCompany_details_CL" + }, + { + "metricName": "Total Company Ratings received", + "legend": "BitsightCompany_rating_details_CL", + "baseQuery": "BitsightCompany_rating_details_CL" + }, + { + "metricName": "Total Diligence Historical Statistics data received", + "legend": "BitsightDiligence_historical_statistics_CL", + "baseQuery": "BitsightDiligence_historical_statistics_CL" + }, + { + "metricName": "Total Diligence Statistics data received", + "legend": "BitsightDiligence_statistics_CL", + "baseQuery": "BitsightDiligence_statistics_CL" + }, + { + "metricName": "Total Findings data received", + "legend": "BitsightFindings_data_CL", + "baseQuery": "BitsightFindings_data_CL" + }, + { + "metricName": "Total Findings Summary data received", + "legend": "BitsightFindings_summary_CL", + "baseQuery": "BitsightFindings_summary_CL" + }, + { + "metricName": "Total Graph data received", + "legend": "BitsightGraph_data_CL", + "baseQuery": "BitsightGraph_data_CL" + }, + { + "metricName": "Total Industrial Statistics data received", + "legend": "BitsightIndustrial_statistics_CL", + "baseQuery": "BitsightIndustrial_statistics_CL" + }, + { + "metricName": "Total Observation Statistics data received", + "legend": "BitsightObservation_statistics_CL", + "baseQuery": "BitsightObservation_statistics_CL" + } + ], + "dataTypes": [ + { + "name": "BitsightAlerts_data_CL", + "lastDataReceivedQuery": "BitsightAlerts_data_CL\n | summarize Time = max(TimeGenerated)\n | where isnotempty(Time)" + }, + { + "name": "BitsightBreaches_data_CL", + "lastDataReceivedQuery": "BitsightBreaches_data_CL\n | summarize Time = max(TimeGenerated)\n | where isnotempty(Time)" + }, + { + "name": "BitsightCompany_details_CL", + "lastDataReceivedQuery": "BitsightCompany_details_CL\n | summarize Time = max(TimeGenerated)\n | where isnotempty(Time)" + }, + { + "name": "BitsightCompany_rating_details_CL", + "lastDataReceivedQuery": "BitsightCompany_rating_details_CL\n | summarize Time = max(TimeGenerated)\n | where isnotempty(Time)" + }, + { + "name": "BitsightDiligence_historical_statistics_CL", + "lastDataReceivedQuery": "BitsightDiligence_historical_statistics_CL\n | summarize Time = max(TimeGenerated)\n | where isnotempty(Time)" + }, + { + "name": "BitsightDiligence_statistics_CL", + "lastDataReceivedQuery": "BitsightDiligence_statistics_CL\n | summarize Time = max(TimeGenerated)\n | where isnotempty(Time)" + }, + { + "name": "BitsightFindings_data_CL", + "lastDataReceivedQuery": "BitsightFindings_data_CL\n | summarize Time = max(TimeGenerated)\n | where isnotempty(Time)" + }, + { + "name": "BitsightFindings_summary_CL", + "lastDataReceivedQuery": "BitsightFindings_summary_CL\n | summarize Time = max(TimeGenerated)\n | where isnotempty(Time)" + }, + { + "name": "BitsightGraph_data_CL", + "lastDataReceivedQuery": "BitsightGraph_data_CL\n | summarize Time = max(TimeGenerated)\n | where isnotempty(Time)" + }, + { + "name": "BitsightIndustrial_statistics_CL", + "lastDataReceivedQuery": "BitsightIndustrial_statistics_CL\n | summarize Time = max(TimeGenerated)\n | where isnotempty(Time)" + }, + { + "name": "BitsightObservation_statistics_CL", + "lastDataReceivedQuery": "BitsightObservation_statistics_CL\n | summarize Time = max(TimeGenerated)\n | where isnotempty(Time)" + } + ], + "connectivityCriterias": [ + { + "type": "IsConnectedQuery", + "value": [ + "BitsightAlerts_data_CL\n | summarize LastLogReceived = max(TimeGenerated)\n | project IsConnected = LastLogReceived > ago(30d)" + ] + }, + { + "type": "IsConnectedQuery", + "value": [ + "BitsightBreaches_data_CL\n | summarize LastLogReceived = max(TimeGenerated)\n | project IsConnected = LastLogReceived > ago(30d)" + ] + }, + { + "type": "IsConnectedQuery", + "value": [ + "BitsightCompany_details_CL\n | summarize LastLogReceived = max(TimeGenerated)\n | project IsConnected = LastLogReceived > ago(30d)" + ] + }, + { + "type": "IsConnectedQuery", + "value": [ + "BitsightCompany_rating_details_CL\n | summarize LastLogReceived = max(TimeGenerated)\n | project IsConnected = LastLogReceived > ago(30d)" + ] + }, + { + "type": "IsConnectedQuery", + "value": [ + "BitsightDiligence_historical_statistics_CL\n | summarize LastLogReceived = max(TimeGenerated)\n | project IsConnected = LastLogReceived > ago(30d)" + ] + }, + { + "type": "IsConnectedQuery", + "value": [ + "BitsightDiligence_statistics_CL\n | summarize LastLogReceived = max(TimeGenerated)\n | project IsConnected = LastLogReceived > ago(30d)" + ] + }, + { + "type": "IsConnectedQuery", + "value": [ + "BitsightFindings_data_CL\n | summarize LastLogReceived = max(TimeGenerated)\n | project IsConnected = LastLogReceived > ago(30d)" + ] + }, + { + "type": "IsConnectedQuery", + "value": [ + "BitsightFindings_summary_CL\n | summarize LastLogReceived = max(TimeGenerated)\n | project IsConnected = LastLogReceived > ago(30d)" + ] + }, + { + "type": "IsConnectedQuery", + "value": [ + "BitsightGraph_data_CL\n | summarize LastLogReceived = max(TimeGenerated)\n | project IsConnected = LastLogReceived > ago(30d)" + ] + }, + { + "type": "IsConnectedQuery", + "value": [ + "BitsightIndustrial_statistics_CL\n | summarize LastLogReceived = max(TimeGenerated)\n | project IsConnected = LastLogReceived > ago(30d)" + ] + }, + { + "type": "IsConnectedQuery", + "value": [ + "BitsightObservation_statistics_CL\n | summarize LastLogReceived = max(TimeGenerated)\n | project IsConnected = LastLogReceived > ago(30d)" + ] + } + ], + "sampleQueries": [ + { + "description": "BitSight Alert Events - Alerts Event for all Companies in portfolio.", + "query": "BitsightAlerts_data_CL\n | sort by TimeGenerated desc" + }, + { + "description": "BitSight Breaches Events - Breaches Event for all Companies in portfolio.", + "query": "BitsightBreaches_data_CL\n | sort by TimeGenerated desc" + }, + { + "description": "BitSight Company Details Events - Company Details Event for all Companies in portfolio.", + "query": "BitsightCompany_details_CL\n | sort by TimeGenerated desc" + }, + { + "description": "BitSight Company Ratings Events - Company Ratings Event for all Companies.", + "query": "BitsightCompany_rating_details_CL\n | sort by TimeGenerated desc" + }, + { + "description": "BitSight Diligence Historical Statistics Events - Diligence Historical Statistics Event for all Companies.", + "query": "BitsightDiligence_historical_statistics_CL\n | sort by TimeGenerated desc" + }, + { + "description": "BitSight Diligence Statistics Events - Diligence Statistics Event for all Companies.", + "query": "BitsightDiligence_statistics_CL\n | sort by TimeGenerated desc" + }, + { + "description": "BitSight Findings Events - Findings Event for all Companies.", + "query": "BitsightFindings_data_CL\n | sort by TimeGenerated desc" + }, + { + "description": "BitSight Findings Summary Events - Findings Summary Event for all Companies.", + "query": "BitsightFindings_summary_CL\n | sort by TimeGenerated desc" + }, + { + "description": "BitSight Graph Events - Graph Event for all Companies.", + "query": "BitsightGraph_data_CL\n | sort by TimeGenerated desc" + }, + { + "description": "BitSight Industrial Statistics Events - Industrial Statistics Event for all Companies.", + "query": "BitsightIndustrial_statistics_CL\n | sort by TimeGenerated desc" + }, + { + "description": "BitSight Observation Statistics Events - Observation Statistics Event for all Companies.", + "query": "BitsightObservation_statistics_CL\n | sort by TimeGenerated desc" + } + ], + "availability": { + "status": 1, + "isPreview": false + }, + "permissions": { + "resourceProvider": [ + { + "provider": "Microsoft.OperationalInsights/workspaces", + "permissionsDisplayText": "read and write permissions on the workspace are required.", + "providerDisplayName": "Workspace", + "scope": "Workspace", + "requiredPermissions": { + "write": true, + "read": true, + "delete": true + } + } + ], + "customs": [ + { + "name": "Microsoft.Web/sites permissions", + "description": "Read and write permissions to Azure Functions to create a Function App is required. [See the documentation to learn more about Azure Functions](https://docs.microsoft.com/azure/azure-functions/)." + }, + { + "name": "Permission to assign a role to the registered application", + "description": "Permission to assign a role to the registered application in Microsoft Entra ID is required." + }, + { + "name": "REST API Credentials/permissions", + "description": "BitSight API Token is required. See the documentation to [learn more](https://help.bitsighttech.com/hc/en-us/articles/115014888388-API-Token-Management) about API Token." + } + ] + }, + "instructionSteps": [ + { + "description": ">**NOTE:** This connector uses Azure Functions to connect to the BitSight API to pull its logs into Microsoft Sentinel using the Logs Ingestion API (DCR). This might result in additional data ingestion costs. Check the [Azure Functions pricing page](https://azure.microsoft.com/pricing/details/functions/) for details." + }, + { + "description": ">**(Optional Step)** Securely store workspace and API authorization key(s) or token(s) in Azure Key Vault. Azure Key Vault provides a secure mechanism to store and retrieve key values. [Follow these instructions](https://docs.microsoft.com/azure/app-service/app-service-key-vault-references) to use Azure Key Vault with an Azure Function App." + }, + { + "description": "**STEP 1 - Steps to Create/Get Bitsight API Token**\n\n Follow these instructions to get a BitSight API Token.\n 1. For SPM App: Refer to the [User Preference](https://service.bitsight.com/app/spm/account) tab of your Account page, \n\t\tGo to Settings > Account > User Preferences > API Token.\n 2. For TPRM App: Refer to the [User Preference](https://service.bitsight.com/app/tprm/account) tab of your Account page, \n\t\tGo to Settings > Account > User Preferences > API Token.\n 3. For Classic BitSight: Go to your [Account](https://service.bitsight.com/settings) page, \n\t\tGo to Settings > Account > API Token." + }, + { + "description": "**STEP 2 - App Registration steps for the Application in Microsoft Entra ID**\n\n This integration requires an App registration in the Azure portal. Follow the steps in this section to create a new application in Microsoft Entra ID:\n 1. Sign in to the [Azure portal](https://portal.azure.com/).\n 2. Search for and select **Microsoft Entra ID**.\n 3. Under **Manage**, select **App registrations > New registration**.\n 4. Enter a display **Name** for your application.\n 5. Select **Register** to complete the initial app registration.\n 6. When registration finishes, the Azure portal displays the app registration's Overview pane. You see the **Application (client) ID** and **Tenant ID**. The client ID and Tenant ID is required as configuration parameters for the execution of BitSight Data Connector. \n\n> **Reference link:** [https://learn.microsoft.com/azure/active-directory/develop/quickstart-register-app](https://learn.microsoft.com/azure/active-directory/develop/quickstart-register-app)" + }, + { + "description": "**STEP 3 - Add a client secret for application in Microsoft Entra ID**\n\n Sometimes called an application password, a client secret is a string value required for the execution of BitSight Data Connector. Follow the steps in this section to create a new Client Secret:\n 1. In the Azure portal, in **App registrations**, select your application.\n 2. Select **Certificates & secrets > Client secrets > New client secret**.\n 3. Add a description for your client secret.\n 4. Select an expiration for the secret or specify a custom lifetime. Limit is 24 months.\n 5. Select **Add**. \n 6. *Record the secret's value for use in your client application code. This secret value is never displayed again after you leave this page.* The secret value is required as configuration parameter for the execution of BitSight Data Connector. \n\n> **Reference link:** [https://learn.microsoft.com/azure/active-directory/develop/quickstart-register-app#add-a-client-secret](https://learn.microsoft.com/azure/active-directory/develop/quickstart-register-app#add-a-client-secret)" + }, + { + "description": "**STEP 4 - Get Object ID of your application in Microsoft Entra ID**\n\n After creating your app registration, follow the steps in this section to get Object ID:\n 1. Go to **Microsoft Entra ID**.\n 2. Select **Enterprise applications** from the left menu.\n 3. Find your newly created application in the list (you can search by the name you provided).\n 4. Click on the application.\n 5. On the overview page, copy the **Object ID**. This is the **AzureEntraObjectId** needed for your ARM template role assignment.\n" + }, + { + "description": "**STEP 5 - Assign role of Contributor to application in Microsoft Entra ID**\n\n Follow the steps in this section to assign the role:\n 1. In the Azure portal, Go to **Resource Group** and select your resource group.\n 2. Go to **Access control (IAM)** from left panel.\n 3. Click on **Add**, and then select **Add role assignment**.\n 4. Select **Contributor** as role and click on next.\n 5. In **Assign access to**, select `User, group, or service principal`.\n 6. Click on **add members** and type **your app name** that you have created and select it.\n 7. Now click on **Review + assign** and then again click on **Review + assign**. \n\n> **Reference link:** [https://learn.microsoft.com/azure/role-based-access-control/role-assignments-portal](https://learn.microsoft.com/azure/role-based-access-control/role-assignments-portal)" + }, + { + "description": "**STEP 6 - Choose ONE from the following two deployment options to deploy the connector and the associated Azure Function**\n\n>**IMPORTANT:** Before deploying the BitSight data connector, have the BitSight API Token and Azure credentials (Client ID, Client Secret, Tenant ID, Object ID) readily available." + }, + { + "description": "Use this method for automated deployment of the BitSight connector.\n\n1. Click the **Deploy to Azure** button below. \n\n\t[![Deploy To Azure](https://aka.ms/deploytoazurebutton)](https://aka.ms/sentinel-BitSight-azuredeploy)\n2. Select the preferred **Subscription**, **Resource Group** and **Location**. \n3. Enter the below information : \n\n\t a. **FunctionName** - Name of the Azure Function App to be created. Default is BitSight. \n\n\t b. **API_token** - Enter API Token of your BitSight account. \n\n\t c. **Azure_Client_Id** - Enter Azure Client Id that you have created during app registration. \n\n\t d. **Azure_Client_Secret** - Enter Azure Client Secret that you have created during creating the client secret. \n\n\t e. **Azure_Tenant_Id** - Enter Azure Tenant Id of your Microsoft Entra ID. \n\n\t f. **Azure_Entra_Object_Id** - Enter Object id of your Microsoft Entra App. \n\n\t g. **Companies** - Please add valid company names separated by asterisk(*). For example: Actors Films*Goliath Investments LLC*HCL Group*Saperix, Inc. \n\n\t h. **Location** - The location in which the data collection rules and data collection endpoints should be deployed. \n\n\t i. **WorkspaceName** - Log analytics workspace name. Can be found under Log analytics \"Settings\". \n\n\t j. **Portfolio_Companies_Table_Name** - Name of the table to store portfolio companies. Default is BitsightPortfolio_Companies. Please do not keep this field as empty else you will get validation error. \n\n\t k. **Alerts_Table_Name** - Name of the table to store alerts. Default is BitsightAlerts_data. Please do not keep this field as empty else you will get validation error. \n\n\t l. **Breaches_Table_Name** - Name of the table to store breaches. Default is BitsightBreaches_data. Please do not keep this field as empty else you will get validation error. \n\n\t m. **Company_Table_Name** - Name of the table to store company details. Default is BitsightCompany_details. Please do not keep this field as empty else you will get validation error. \n\n\t n. **Company_Rating_Details_Table_Name** - Name of the table to store company rating details. Default is BitsightCompany_rating_details. Please do not keep this field as empty else you will get validation error. \n\n\t o. **Diligence_Historical_Statistics_Table_Name** - Name of the table to store diligence historical statistics. Default is BitsightDiligence_historical_statistics. Please do not keep this field as empty else you will get validation error. \n\n\t p. **Diligence_Statistics_Table_Name** - Name of the table to store diligence statistics. Default is BitsightDiligence_statistics. Please do not keep this field as empty else you will get validation error. \n\n\t q. **Findings_Summary_Table_Name** - Name of the table to store findings summary. Default is BitsightFindings_summary. Please do not keep this field as empty else you will get validation error. \n\n\t r. **Findings_Table_Name** - Name of the table to store findings data. Default is BitsightFindings_data. Please do not keep this field as empty else you will get validation error. \n\n\t s. **Graph_Table_Name** - Name of the table to store graph data. Default is BitsightGraph_data. Please do not keep this field as empty else you will get validation error. \n\n\t t. **Industrial_Statistics_Table_Name** - Name of the table to store industrial statistics. Default is BitsightIndustrial_statistics. Please do not keep this field as empty else you will get validation error. \n\n\t u. **Observation_Statistics_Table_Name** - Name of the table to store observation statistics. Default is BitsightObservation_statistics. Please do not keep this field as empty else you will get validation error. \n\n\t v. **LogLevel** - Select log level or log severity value from DEBUG, INFO, ERROR. By default it is set to INFO. \n\n\t w. **Schedule** - Please enter a valid Quartz cron-expression. (Example: 0 0 * * * *). \n\n\t x. **Schedule_Portfolio** - Please enter a valid Quartz cron-expression. (Example: 0 */30 * * * *). \n\n\t y. **AppInsightsWorkspaceResourceID** - Use 'Log Analytic Workspace-->Properties' blade having 'Resource ID' property value. This is a fully qualified resourceId which is in format '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}'. \n4. Mark the checkbox labeled **I agree to the terms and conditions stated above**. \n5. Click **Review + Create** and then **Create** to deploy.", + "title": "Option 1 - Azure Resource Manager (ARM) Template" + }, + { + "description": "Use the following step-by-step instructions to deploy the BitSight data connector manually with Azure Functions (Deployment via Visual Studio Code).", + "title": "Option 2 - Manual Deployment of Azure Functions" + }, + { + "description": "**1. Deploy a Function App**\n\n> **NOTE:** You will need to [prepare VS code](https://docs.microsoft.com/azure/azure-functions/functions-create-first-function-python#prerequisites) for Azure function development.\n\n1. Download the [Azure Function App](https://aka.ms/sentinel-BitSight310-functionapp) file. Extract archive to your local development computer.\n2. Start VS Code. Choose File in the main menu and select Open Folder.\n3. Select the top level folder from extracted files.\n4. Choose the Azure icon in the Activity bar, then in the **Azure: Functions** area, choose the **Deploy to function app** button.\nIf you aren't already signed in, choose the Azure icon in the Activity bar, then in the **Azure: Functions** area, choose **Sign in to Azure**\nIf you're already signed in, go to the next step.\n5. Provide the following information at the prompts:\n\n\ta. **Select folder:** Choose a folder from your workspace or browse to one that contains your function app.\n\n\tb. **Select Subscription:** Choose the subscription to use.\n\n\tc. Select **Create new Function App in Azure** (Don't choose the Advanced option)\n\n\td. **Enter a globally unique name for the function app:** Type a name that is valid in a URL path. The name you type is validated to make sure that it's unique in Azure Functions. (e.g. BitSightXXXXX).\n\n\te. **Select a runtime:** Choose Python 3.8 or above.\n\n\tf. Select a location for new resources. For better performance and lower costs choose the same [region](https://azure.microsoft.com/regions/) where Microsoft Sentinel is located.\n\n6. Deployment will begin. A notification is displayed after your function app is created and the deployment package is applied.\n7. Go to Azure Portal for the Function App configuration." + }, + { + "description": "**2. Configure the Function App**\n\n1. In the Function App, select the Function App Name and select **Configuration**.\n2. In the **Application settings** tab, select **+ New application setting**.\n3. Add each of the following application settings individually, with their respective values (case-sensitive): \n\n\t a. **FunctionName** - Name of the Azure Function App to be created. Default is BitSight. \n\n\t b. **API_token** - Enter API Token of your BitSight account. \n\n\t c. **Azure_Client_Id** - Enter Azure Client Id that you have created during app registration. \n\n\t d. **Azure_Client_Secret** - Enter Azure Client Secret that you have created during creating the client secret. \n\n\t e. **Azure_Tenant_Id** - Enter Azure Tenant Id of your Microsoft Entra ID. \n\n\t f. **Azure_Entra_Object_Id** - Enter Object id of your Microsoft Entra App. \n\n\t g. **Companies** - Please add valid company names separated by asterisk(*). For example: Actors Films*Goliath Investments LLC*HCL Group*Saperix, Inc. \n\n\t h. **Location** - The location in which the data collection rules and data collection endpoints should be deployed. \n\n\t i. **WorkspaceName** - Log analytics workspace name. Can be found under Log analytics \"Settings\". \n\n\t j. **Portfolio_Companies_Table_Name** - Name of the table to store portfolio companies. Default is BitsightPortfolio_Companies. Please do not keep this field as empty else you will get validation error. \n\n\t k. **Alerts_Table_Name** - Name of the table to store alerts. Default is BitsightAlerts_data. Please do not keep this field as empty else you will get validation error. \n\n\t l. **Breaches_Table_Name** - Name of the table to store breaches. Default is BitsightBreaches_data. Please do not keep this field as empty else you will get validation error. \n\n\t m. **Company_Table_Name** - Name of the table to store company details. Default is BitsightCompany_details. Please do not keep this field as empty else you will get validation error. \n\n\t n. **Company_Rating_Details_Table_Name** - Name of the table to store company rating details. Default is BitsightCompany_rating_details. Please do not keep this field as empty else you will get validation error. \n\n\t o. **Diligence_Historical_Statistics_Table_Name** - Name of the table to store diligence historical statistics. Default is BitsightDiligence_historical_statistics. Please do not keep this field as empty else you will get validation error. \n\n\t p. **Diligence_Statistics_Table_Name** - Name of the table to store diligence statistics. Default is BitsightDiligence_statistics. Please do not keep this field as empty else you will get validation error. \n\n\t q. **Findings_Summary_Table_Name** - Name of the table to store findings summary. Default is BitsightFindings_summary. Please do not keep this field as empty else you will get validation error. \n\n\t r. **Findings_Table_Name** - Name of the table to store findings data. Default is BitsightFindings_data. Please do not keep this field as empty else you will get validation error. \n\n\t s. **Graph_Table_Name** - Name of the table to store graph data. Default is BitsightGraph_data. Please do not keep this field as empty else you will get validation error. \n\n\t t. **Industrial_Statistics_Table_Name** - Name of the table to store industrial statistics. Default is BitsightIndustrial_statistics. Please do not keep this field as empty else you will get validation error. \n\n\t u. **Observation_Statistics_Table_Name** - Name of the table to store observation statistics. Default is BitsightObservation_statistics. Please do not keep this field as empty else you will get validation error. \n\n\t v. **LogLevel** - Select log level or log severity value from DEBUG, INFO, ERROR. By default it is set to INFO. \n\n\t w. **Schedule** - Please enter a valid Quartz cron-expression. (Example: 0 0 * * * *). \n\n\t x. **Schedule_Portfolio** - Please enter a valid Quartz cron-expression. (Example: 0 */30 * * * *). \n\n\t y. **AppInsightsWorkspaceResourceID** - Use 'Log Analytic Workspace-->Properties' blade having 'Resource ID' property value. This is a fully qualified resourceId which is in format '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}'. \n4. Once all application settings have been entered, click **Save**." + } + ], + "id": "[variables('_uiConfigId1')]" + } + } + }, + { + "type": "Microsoft.OperationalInsights/workspaces/providers/contentTemplates", + "apiVersion": "2023-04-01-preview", + "name": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/', variables('dataConnectorTemplateNameConnectorDefinition2'), variables('dataConnectorCCPVersion'))]", + "location": "[parameters('workspace-location')]", + "dependsOn": [ + "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]" + ], + "properties": { + "contentId": "[variables('_dataConnectorContentIdConnectorDefinition2')]", + "displayName": "BitSight Security Events (via Codeless Connector Framework)", + "contentKind": "DataConnector", + "mainTemplate": { + "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", + "contentVersion": "[variables('dataConnectorCCPVersion')]", + "parameters": {}, + "variables": {}, + "resources": [ + { + "name": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',variables('_dataConnectorContentIdConnectorDefinition2'))]", + "apiVersion": "2022-09-01-preview", + "type": "Microsoft.OperationalInsights/workspaces/providers/dataConnectorDefinitions", + "location": "[parameters('workspace-location')]", + "kind": "Customizable", + "properties": { + "connectorUiConfig": { + "id": "BitSightEventsConnector", + "title": "BitSight Security Events (via Codeless Connector Framework)", + "publisher": "Microsoft", + "descriptionMarkdown": "The [BitSight](https://www.bitsight.com/) data connector provides the capability to ingest security alerts, breaches, and findings from your BitSight portfolio into Microsoft Sentinel through the BitSight REST API. The connector monitors portfolio companies for rating changes, news alerts, data breaches, and detailed security findings across Diligence, Compromised Systems, and User Behavior risk categories. Refer to the [BitSight API documentation](https://help.bitsighttech.com/hc/en-us/articles/115014888388-API-Token-Management) for more information.", + "graphQueriesTableName": "BitSightAlerts", + "graphQueries": [ + { + "metricName": "Total Alerts received", + "legend": "BitSight Alerts", + "baseQuery": "{{graphQueriesTableName}}" + }, + { + "metricName": "Total Breaches received", + "legend": "BitSight Breaches", + "baseQuery": "BitSightBreaches" + }, + { + "metricName": "Total Findings received", + "legend": "BitSight Findings", + "baseQuery": "BitSightFindings" + } + ], + "sampleQueries": [ + { + "description": "Get sample of BitSight Alerts", + "query": "BitSightAlerts\n | take 10" + }, + { + "description": "Get recent high-severity alerts", + "query": "BitSightAlerts\n | where severity in ('WARN', 'CRITICAL') and TimeGenerated > ago(7d)\n | project TimeGenerated, company_name, alert_type, severity\n | order by TimeGenerated desc" + }, + { + "description": "Get sample of BitSight Findings", + "query": "BitSightFindings\n | take 10" + }, + { + "description": "Get active severe findings", + "query": "BitSightFindings\n | where currently_active == true and severity_category in ('MATERIAL', 'SEVERE')\n | project TimeGenerated, company_name, risk_vector_label, severity_category, severity, first_seen\n | order by severity desc" + }, + { + "description": "Get sample of BitSight Breaches", + "query": "BitSightBreaches\n | take 10" + } + ], + "dataTypes": [ + { + "name": "{{graphQueriesTableName}}", + "lastDataReceivedQuery": "{{graphQueriesTableName}}\n | where TimeGenerated > ago(12h)\n | summarize Time = max(TimeGenerated)\n | where isnotempty(Time)" + }, + { + "name": "BitSightBreaches", + "lastDataReceivedQuery": "BitSightBreaches\n | where TimeGenerated > ago(12h)\n | summarize Time = max(TimeGenerated)\n | where isnotempty(Time)" + }, + { + "name": "BitSightFindings", + "lastDataReceivedQuery": "BitSightFindings\n | where TimeGenerated > ago(12h)\n | summarize Time = max(TimeGenerated)\n | where isnotempty(Time)" + } + ], + "connectivityCriteria": [ + { + "type": "HasDataConnectors" + } + ], + "availability": { + "isPreview": true, + "status": 1 + }, + "permissions": { + "resourceProvider": [ + { + "provider": "Microsoft.OperationalInsights/workspaces", + "permissionsDisplayText": "Read and Write permissions are required.", + "providerDisplayName": "Workspace", + "scope": "Workspace", + "requiredPermissions": { + "write": true, + "read": true, + "delete": true, + "action": false + } + } + ], + "customs": [ + { + "name": "BitSight API Token", + "description": "A BitSight API Token is required to authenticate requests to the BitSight REST API. [See the documentation](https://help.bitsighttech.com/hc/en-us/articles/115014888388-API-Token-Management) to learn more about API Token management." + } + ] + }, + "instructionSteps": [ + { + "title": "1. Connection Management", + "description": "Manage your BitSight data stream connections", + "instructions": [ + { + "type": "Markdown", + "parameters": { + "content": "## BitSight Connections\n\nManage multiple BitSight data stream connections. Each connection selects a specific data type - **Alerts**, **Breaches**, or **Findings** - and assigns a **Connection Name** that is stored in the `ConnectorName` column of every ingested record.\n\n> **Authentication**: BitSight uses HTTP Basic Authentication where the API token is used as **both** the username and password." + } + }, + { + "type": "DataConnectorsGrid", + "parameters": { + "mapping": [ + { + "columnName": "Connection Name", + "columnValue": "properties.addOnAttributes.friendlyName" + }, + { + "columnName": "Data Stream", + "columnValue": "properties.addOnAttributes.userStream" + }, + { + "columnName": "API URL", + "columnValue": "properties.request.apiEndpoint" + } + ], + "menuItems": [ + "DeleteConnector" + ] + } + }, + { + "type": "ContextPane", + "parameters": { + "isPrimary": true, + "label": "Add Connection", + "title": "Add BitSight Connection", + "subtitle": "Configure a new BitSight data stream connection", + "contextPaneType": "DataConnectorsContextPane", + "instructionSteps": [ + { + "instructions": [ + { + "type": "Markdown", + "parameters": { + "content": "## 1. Select Data Stream\n\nChoose which BitSight data type to collect for this connection. Create separate connections for each stream you want to ingest." + } + }, + { + "type": "Dropdown", + "parameters": { + "label": "Data Stream", + "name": "dataStream", + "options": [ + { + "key": "ALERTS", + "text": "Alerts - Rating changes and news events (BitSightAlerts)" + }, + { + "key": "BREACHES", + "text": "Breaches - Data breach events for portfolio companies (BitSightBreaches)" + }, + { + "key": "DILIGENCE", + "text": "Diligence Findings - Web, app, and network risk factors (BitSightFindings)" + }, + { + "key": "COMPROMISED_SYSTEMS", + "text": "Compromised Systems Findings - Botnet and malware activity (BitSightFindings)" + }, + { + "key": "USER_BEHAVIOR", + "text": "User Behavior Findings - Credential and employee risk activity (BitSightFindings)" + } + ], + "required": true + } + }, + { + "type": "Markdown", + "parameters": { + "content": "## 2. API Configuration" + } + }, + { + "type": "Textbox", + "parameters": { + "label": "BitSight API Base URL", + "placeholder": "https://api.bitsighttech.com", + "type": "text", + "name": "bitSightApiUrl", + "validations": { + "required": true + } + } + }, + { + "type": "Markdown", + "parameters": { + "content": "## 3. Authentication\n\nBitSight uses your API token as **both** the username and password for HTTP Basic Authentication." + } + }, + { + "type": "Textbox", + "parameters": { + "label": "BitSight API Token (Username)", + "placeholder": "Paste your BitSight API Token", + "type": "text", + "name": "username", + "validations": { + "required": true + } + } + }, + { + "type": "Textbox", + "parameters": { + "label": "BitSight API Token (Password)", + "placeholder": "Paste your BitSight API Token again", + "type": "password", + "name": "password", + "validations": { + "required": true + } + } + }, + { + "type": "InfoMessage", + "parameters": { + "text": "Both fields must contain the **same API token value**. Entering different values will cause authentication to fail.", + "visible": true, + "inline": false + } + }, + { + "type": "InfoMessage", + "parameters": { + "text": "Obtain your API Token from **Settings > Account > User Preferences > API Token** in the BitSight portal.", + "visible": true, + "inline": false + } + }, + { + "type": "Markdown", + "parameters": { + "content": "## 4. Connection Name\n\nAssign a unique name to identify this connection in the grid and in every ingested log record." + } + }, + { + "type": "Textbox", + "parameters": { + "label": "Connection Name", + "placeholder": "e.g. BitSight-Alerts-Prod", + "type": "text", + "name": "friendlyName", + "validations": { + "required": true + } + } + }, + { + "type": "InfoMessage", + "parameters": { + "text": "The connection name is stored in the `ConnectorName` column of every ingested record, enabling you to trace data back to this specific connection.", + "visible": true, + "inline": true + } + } + ] + } + ] + } + } + ] + } + ] + } + } + }, + { + "name": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat('DataConnector-', variables('_dataConnectorContentIdConnectorDefinition2')))]", + "apiVersion": "2022-01-01-preview", + "type": "Microsoft.OperationalInsights/workspaces/providers/metadata", + "properties": { + "parentId": "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/dataConnectorDefinitions', variables('_dataConnectorContentIdConnectorDefinition2'))]", + "contentId": "[variables('_dataConnectorContentIdConnectorDefinition2')]", + "kind": "DataConnector", + "version": "[variables('dataConnectorCCPVersion')]", + "source": { + "sourceId": "[variables('_solutionId')]", + "name": "[variables('_solutionName')]", + "kind": "Solution" + }, + "author": { + "name": "Microsoft", + "email": "[variables('_email')]" + }, + "support": { + "name": "BitSight Support", + "email": "support@bitsight.com", + "tier": "Partner", + "link": "https://www.bitsight.com/customer-success-support" + }, + "dependencies": { + "criteria": [ + { + "version": "[variables('dataConnectorCCPVersion')]", + "contentId": "[variables('_dataConnectorContentIdConnections2')]", + "kind": "ResourcesDataConnector" + } + ] + } + } + }, + { + "name": "BitSightEventsDCR", + "apiVersion": "2022-06-01", + "type": "Microsoft.Insights/dataCollectionRules", + "location": "[parameters('workspace-location')]", + "kind": "[variables('blanks')]", + "properties": { + "dataCollectionEndpointId": "[variables('dataCollectionEndpointId2')]", + "streamDeclarations": { + "Custom-BitSightAlerts_CL": { + "columns": [ + { + "name": "guid", + "type": "string" + }, + { + "name": "alert_type", + "type": "string" + }, + { + "name": "alert_date", + "type": "string" + }, + { + "name": "start_date", + "type": "string" + }, + { + "name": "company_name", + "type": "string" + }, + { + "name": "company_guid", + "type": "string" + }, + { + "name": "company_url", + "type": "string" + }, + { + "name": "folder_guid", + "type": "string" + }, + { + "name": "folder_name", + "type": "string" + }, + { + "name": "severity", + "type": "string" + }, + { + "name": "trigger", + "type": "string" + }, + { + "name": "alert_set_name", + "type": "string" + }, + { + "name": "alert_set_guid", + "type": "string" + }, + { + "name": "friendlyName", + "type": "string" + } + ] + }, + "Custom-BitSightBreaches_CL": { + "columns": [ + { + "name": "company_guid", + "type": "string" + }, + { + "name": "company_name", + "type": "string" + }, + { + "name": "guid", + "type": "string" + }, + { + "name": "date", + "type": "string" + }, + { + "name": "date_created", + "type": "string" + }, + { + "name": "text", + "type": "string" + }, + { + "name": "preview_url", + "type": "string" + }, + { + "name": "event_type", + "type": "string" + }, + { + "name": "event_type_description", + "type": "string" + }, + { + "name": "severity", + "type": "int" + }, + { + "name": "breached_companies", + "type": "dynamic" + }, + { + "name": "dependent_companies", + "type": "dynamic" + }, + { + "name": "friendlyName", + "type": "string" + } + ] + }, + "Custom-BitSightFindings_CL": { + "columns": [ + { + "name": "temporary_id", + "type": "string" + }, + { + "name": "company_name", + "type": "string" + }, + { + "name": "company_guid", + "type": "string" + }, + { + "name": "risk_category", + "type": "string" + }, + { + "name": "risk_vector", + "type": "string" + }, + { + "name": "risk_vector_label", + "type": "string" + }, + { + "name": "severity_category", + "type": "string" + }, + { + "name": "severity", + "type": "real" + }, + { + "name": "first_seen", + "type": "string" + }, + { + "name": "last_seen", + "type": "string" + }, + { + "name": "currently_active", + "type": "boolean" + }, + { + "name": "asset_category", + "type": "string" + }, + { + "name": "assets", + "type": "dynamic" + }, + { + "name": "details", + "type": "dynamic" + }, + { + "name": "evidence_key", + "type": "string" + }, + { + "name": "attributed_companies", + "type": "dynamic" + }, + { + "name": "remediation_history", + "type": "dynamic" + }, + { + "name": "affects_rating", + "type": "boolean" + }, + { + "name": "comments", + "type": "dynamic" + }, + { + "name": "duration", + "type": "int" + }, + { + "name": "grace_period_end_date", + "type": "string" + }, + { + "name": "guest_network_end_date", + "type": "string" + }, + { + "name": "impacts_risk_vector_details", + "type": "dynamic" + }, + { + "name": "no_rv_grade_impact_end_date", + "type": "string" + }, + { + "name": "related_findings", + "type": "dynamic" + }, + { + "name": "remaining_decay", + "type": "int" + }, + { + "name": "remediated", + "type": "boolean" + }, + { + "name": "rolledup_observation_id", + "type": "string" + }, + { + "name": "tags", + "type": "dynamic" + }, + { + "name": "friendlyName", + "type": "string" + } + ] + } + }, + "destinations": { + "logAnalytics": [ + { + "workspaceResourceId": "[variables('workspaceResourceId')]", + "name": "clv2ws1" + } + ] + }, + "dataFlows": [ + { + "streams": [ + "Custom-BitSightAlerts_CL" + ], + "destinations": [ + "clv2ws1" + ], + "outputStream": "Custom-BitSightAlerts_CL", + "transformKql": "source | extend TimeGenerated = iff(isnull(['alert_date']) or todatetime(['alert_date']) < ago(2d), now(), todatetime(['alert_date'])) , Guid = ['guid'] , AlertType = ['alert_type'] , AlertDate = ['alert_date'] , StartDate = ['start_date'] , CompanyName = ['company_name'] , CompanyGuid = ['company_guid'] , CompanyUrl = ['company_url'] , FolderGuid = ['folder_guid'] , FolderName = ['folder_name'] , Severity = ['severity'] , Trigger = ['trigger'] , AlertSetName = ['alert_set_name'] , AlertSetGuid = ['alert_set_guid'] , ConnectorName = ['friendlyName'] | project TimeGenerated , Guid , AlertType , AlertDate , StartDate , CompanyName , CompanyGuid , CompanyUrl , FolderGuid , FolderName , Severity , Trigger , AlertSetName , AlertSetGuid , ConnectorName" + }, + { + "streams": [ + "Custom-BitSightBreaches_CL" + ], + "destinations": [ + "clv2ws1" + ], + "outputStream": "Custom-BitSightBreaches_CL", + "transformKql": "source | extend TimeGenerated = iff(isnull(['date']) or todatetime(['date']) < ago(2d), now(), todatetime(['date'])) , CompanyGuid = ['company_guid'] , CompanyName = ['company_name'] , Guid = ['guid'] , BreachDate = ['date'] , DateCreated = ['date_created'] , Text = ['text'] , PreviewUrl = ['preview_url'] , EventType = ['event_type'] , EventTypeDescription = ['event_type_description'] , Severity = ['severity'] , BreachedCompanies = ['breached_companies'] , DependentCompanies = ['dependent_companies'] , ConnectorName = ['friendlyName'] | project TimeGenerated , CompanyGuid , CompanyName , Guid , BreachDate , DateCreated , Text , PreviewUrl , EventType , EventTypeDescription , Severity , BreachedCompanies , DependentCompanies , ConnectorName" + }, + { + "streams": [ + "Custom-BitSightFindings_CL" + ], + "destinations": [ + "clv2ws1" + ], + "outputStream": "Custom-BitSightFindings_CL", + "transformKql": "source | extend TimeGenerated = iff(isnull(['last_seen']) or todatetime(['last_seen']) < ago(2d), now(), todatetime(['last_seen'])) , TemporaryId = ['temporary_id'] , CompanyName = ['company_name'] , CompanyGuid = ['company_guid'] , RiskCategory = ['risk_category'] , RiskVector = ['risk_vector'] , RiskVectorLabel = ['risk_vector_label'] , SeverityCategory = ['severity_category'] , Severity = ['severity'] , FirstSeen = ['first_seen'] , LastSeen = ['last_seen'] , CurrentlyActive = ['currently_active'] , AssetCategory = ['asset_category'] , Assets = ['assets'] , Details = ['details'] , EvidenceKey = ['evidence_key'] , AttributedCompanies = ['attributed_companies'] , RemediationHistory = ['remediation_history'] , AffectsRating = ['affects_rating'] , Comments = ['comments'] , Duration = ['duration'] , GracePeriodEndDate = ['grace_period_end_date'] , GuestNetworkEndDate = ['guest_network_end_date'] , ImpactsRiskVectorDetails = ['impacts_risk_vector_details'] , NoRvGradeImpactEndDate = ['no_rv_grade_impact_end_date'] , RelatedFindings = ['related_findings'] , RemainingDecay = ['remaining_decay'] , Remediated = ['remediated'] , RolledupObservationId = ['rolledup_observation_id'] , Tags = ['tags'] , ConnectorName = ['friendlyName'] | project TimeGenerated , TemporaryId , CompanyName , CompanyGuid , RiskCategory , RiskVector , RiskVectorLabel , SeverityCategory , Severity , FirstSeen , LastSeen , CurrentlyActive , AssetCategory , Assets , Details , EvidenceKey , AttributedCompanies , RemediationHistory , AffectsRating , Comments , Duration , GracePeriodEndDate , GuestNetworkEndDate , ImpactsRiskVectorDetails , NoRvGradeImpactEndDate , RelatedFindings , RemainingDecay , Remediated , RolledupObservationId , Tags , ConnectorName" + } + ] + } + }, + { + "name": "BitSightFindings_CL", + "apiVersion": "2022-10-01", + "type": "Microsoft.OperationalInsights/workspaces/tables", + "location": "[parameters('workspace-location')]", + "kind": null, + "properties": { + "retentionInDays": 180, + "schema": { + "name": "BitSightFindings_CL", + "description": "The BitSightFindings table contains security findings from the BitSight API including Diligence, Compromised Systems, and User Behavior findings for portfolio companies ingested into Microsoft Sentinel.", + "columns": [ + { + "name": "TimeGenerated", + "type": "datetime", + "isDefaultDisplay": true + }, + { + "name": "TemporaryId", + "type": "string", + "description": "The temporary identifier for a finding." + }, + { + "name": "CompanyName", + "type": "string", + "description": "Name of the company associated with the finding." + }, + { + "name": "CompanyGuid", + "type": "string", + "description": "GUID of the company associated with the finding." + }, + { + "name": "RiskCategory", + "type": "string", + "description": "The risk category (e.g., Diligence, Compromised Systems, User Behavior)." + }, + { + "name": "RiskVector", + "type": "string", + "description": "The risk vector slug for this finding." + }, + { + "name": "RiskVectorLabel", + "type": "string", + "description": "Human-readable label for the risk vector." + }, + { + "name": "SeverityCategory", + "type": "string", + "description": "Severity category (MINOR, MODERATE, MATERIAL, SEVERE)." + }, + { + "name": "Severity", + "type": "real", + "description": "Numeric severity score." + }, + { + "name": "FirstSeen", + "type": "string", + "description": "Date the finding was first observed (YYYY-MM-DD)." + }, + { + "name": "LastSeen", + "type": "string", + "description": "Date the finding was most recently observed (YYYY-MM-DD)." + }, + { + "name": "CurrentlyActive", + "type": "boolean", + "description": "Indicates if the finding is currently active." + }, + { + "name": "AssetCategory", + "type": "string", + "description": "Category of the affected asset." + }, + { + "name": "Assets", + "type": "dynamic", + "description": "Array of assets associated with this finding." + }, + { + "name": "Details", + "type": "dynamic", + "description": "Detailed finding data object (CVE info, diligence annotations, remediations, etc.)." + }, + { + "name": "EvidenceKey", + "type": "string", + "description": "Key identifying the source of evidence for the finding." + }, + { + "name": "AttributedCompanies", + "type": "dynamic", + "description": "Array of companies to which this finding has been attributed." + }, + { + "name": "RemediationHistory", + "type": "dynamic", + "description": "Remediation history object (last_requested_refresh_date, last_refresh_status, etc.)." + }, + { + "name": "AffectsRating", + "type": "boolean", + "description": "Indicates whether this finding contributes to the company's overall rating." + }, + { + "name": "Comments", + "type": "dynamic", + "description": "Array of analyst comments attached to this finding." + }, + { + "name": "Duration", + "type": "int", + "description": "Number of days the finding has been active." + }, + { + "name": "GracePeriodEndDate", + "type": "string", + "description": "Date until which the finding is in a grace period and does not affect the rating (YYYY-MM-DD)." + }, + { + "name": "GuestNetworkEndDate", + "type": "string", + "description": "Date until which the finding is suppressed as a guest network (YYYY-MM-DD)." + }, + { + "name": "ImpactsRiskVectorDetails", + "type": "dynamic", + "description": "Object describing which risk vectors are impacted by this finding." + }, + { + "name": "NoRvGradeImpactEndDate", + "type": "string", + "description": "Date until which the finding has no risk vector grade impact (YYYY-MM-DD)." + }, + { + "name": "RelatedFindings", + "type": "dynamic", + "description": "Array of finding identifiers related to this finding." + }, + { + "name": "RemainingDecay", + "type": "int", + "description": "Number of days remaining in the finding's decay window." + }, + { + "name": "Remediated", + "type": "boolean", + "description": "Indicates whether this finding has been remediated." + }, + { + "name": "RolledupObservationId", + "type": "string", + "description": "Identifier of the rolled-up observation this finding belongs to." + }, + { + "name": "Tags", + "type": "dynamic", + "description": "Array of tags applied to this finding." + }, + { + "name": "ConnectorName", + "type": "string", + "description": "Connection name assigned during connector setup." + } + ] + } + } + }, + { + "name": "BitSightCompanyDetails_CL", + "apiVersion": "2022-10-01", + "type": "Microsoft.OperationalInsights/workspaces/tables", + "location": "[parameters('workspace-location')]", + "kind": null, + "properties": { + "retentionInDays": 180, + "schema": { + "name": "BitSightCompanyDetails_CL", + "description": "The BitSightCompanyDetails table contains full company snapshots from the BitSight API per company GUID ingested into Microsoft Sentinel.", + "columns": [ + { + "name": "TimeGenerated", + "type": "datetime", + "isDefaultDisplay": true + }, + { + "name": "Guid", + "type": "string", + "description": "Unique identifier (GUID) for the company in BitSight." + }, + { + "name": "Name", + "type": "string", + "description": "Name of the company." + }, + { + "name": "Shortname", + "type": "string", + "description": "Short name of the company." + }, + { + "name": "CompanyType", + "type": "string", + "description": "The type of entity (e.g., CURATED,PRIVATE)." + }, + { + "name": "Description", + "type": "string", + "description": "Description of the company." + }, + { + "name": "PrimaryDomain", + "type": "string", + "description": "Primary internet domain of the company." + }, + { + "name": "Homepage", + "type": "string", + "description": "URL of the company homepage." + }, + { + "name": "DisplayUrl", + "type": "string", + "description": "URL to the company overview page in BitSight portal." + }, + { + "name": "Sparkline", + "type": "string", + "description": "URL to the company rating sparkline image." + }, + { + "name": "Industry", + "type": "string", + "description": "Industry sector name." + }, + { + "name": "IndustrySlug", + "type": "string", + "description": "URL-friendly identifier for the industry." + }, + { + "name": "SubIndustry", + "type": "string", + "description": "Sub-industry name." + }, + { + "name": "SubIndustrySlug", + "type": "string", + "description": "URL-friendly identifier for the sub-industry." + }, + { + "name": "Ipv4Count", + "type": "int", + "description": "Number of IPv4 addresses attributed to the company." + }, + { + "name": "PeopleCount", + "type": "int", + "description": "Number of people associated with the company." + }, + { + "name": "SearchCount", + "type": "int", + "description": "Number of searches for the company." + }, + { + "name": "CustomerMonitoringCount", + "type": "int", + "description": "Number of customers monitoring this company." + }, + { + "name": "CurrentRating", + "type": "int", + "description": "Current overall BitSight security rating." + }, + { + "name": "RatingIndustryMedian", + "type": "string", + "description": "Comparison of company rating to industry median (e.g., above, below)." + }, + { + "name": "Ratings", + "type": "dynamic", + "description": "Array of historical rating snapshots, each with rating_date, rating, range, and rating_color." + }, + { + "name": "SubscriptionType", + "type": "string", + "description": "Type of BitSight subscription (e.g., Continuous Monitoring)." + }, + { + "name": "SubscriptionTypeKey", + "type": "string", + "description": "Machine-readable subscription type key." + }, + { + "name": "SubscriptionEndDate", + "type": "string", + "description": "Date the subscription ends (YYYY-MM-DD), or null." + }, + { + "name": "BulkEmailSenderStatus", + "type": "string", + "description": "Bulk email sender classification (e.g., NONE)." + }, + { + "name": "SecurityGrade", + "type": "string", + "description": "Security grade, if available." + }, + { + "name": "ServiceProvider", + "type": "boolean", + "description": "Indicates whether this company is a service provider." + }, + { + "name": "HasCompanyTree", + "type": "boolean", + "description": "Indicates whether the company has a company tree." + }, + { + "name": "HasPreferredContact", + "type": "boolean", + "description": "Indicates whether the company has a preferred contact." + }, + { + "name": "IsBundle", + "type": "boolean", + "description": "Indicates whether this is a bundle entry." + }, + { + "name": "IsPrimary", + "type": "boolean", + "description": "Indicates whether this is the primary company record." + }, + { + "name": "InSpmPortfolio", + "type": "boolean", + "description": "Indicates whether the company is in the SPM portfolio." + }, + { + "name": "IsMycompMysubsBundle", + "type": "boolean", + "description": "Indicates whether this is a my-company/my-subsidiaries bundle." + }, + { + "name": "IsCsp", + "type": "boolean", + "description": "Indicates whether the company is a cloud service provider." + }, + { + "name": "HasDelegatedSecurityControls", + "type": "boolean", + "description": "Indicates whether security controls have been delegated." + }, + { + "name": "CustomId", + "type": "dynamic", + "description": "Customer-assigned identifier for the company." + }, + { + "name": "AvailableUpgradeTypes", + "type": "dynamic", + "description": "Array of available upgrade types for this company." + }, + { + "name": "CompanyFeatures", + "type": "dynamic", + "description": "Array of feature flags enabled for the company." + }, + { + "name": "RelatedCompanies", + "type": "dynamic", + "description": "Array of related company references." + }, + { + "name": "PrimaryCompany", + "type": "dynamic", + "description": "Primary company object (guid, name), or null." + }, + { + "name": "ComplianceClaim", + "type": "dynamic", + "description": "Compliance claim object, or null." + }, + { + "name": "Permissions", + "type": "dynamic", + "description": "Object of permission flags for this company (can_annotate, can_view_forensics, etc.)." + }, + { + "name": "ConnectorName", + "type": "string", + "description": "Connection name identifier for multi-instance tracking." + } + ] + } + } + }, + { + "name": "BitSightCompanyRatingDetails_CL", + "apiVersion": "2022-10-01", + "type": "Microsoft.OperationalInsights/workspaces/tables", + "location": "[parameters('workspace-location')]", + "kind": null, + "properties": { + "retentionInDays": 180, + "schema": { + "name": "BitSightCompanyRatingDetails_CL", + "description": "The BitSightCompanyRatingDetails table contains per-risk-vector rating breakdowns for each portfolio company from the BitSight API ingested into Microsoft Sentinel.", + "columns": [ + { + "name": "TimeGenerated", + "type": "datetime", + "isDefaultDisplay": true + }, + { + "name": "CompanyName", + "type": "string", + "description": "Name of the company." + }, + { + "name": "CompanyGuid", + "type": "string", + "description": "GUID of the company." + }, + { + "name": "RiskVectorSlug", + "type": "string", + "description": "URL-friendly identifier for the risk vector (dict key — always null due to CCF JSONPath limitation; use RiskVectorLabel)." + }, + { + "name": "RiskVectorLabel", + "type": "string", + "description": "Human-readable name of the risk vector (API field: name)." + }, + { + "name": "RiskCategory", + "type": "string", + "description": "Parent risk category for the risk vector (API field: category)." + }, + { + "name": "CategoryOrder", + "type": "int", + "description": "Display order of the category." + }, + { + "name": "Rating", + "type": "int", + "description": "Numeric score for this risk vector." + }, + { + "name": "Grade", + "type": "string", + "description": "Letter grade for this risk vector." + }, + { + "name": "Percentile", + "type": "int", + "description": "Percentile rank compared to peers for this risk vector (0-100)." + }, + { + "name": "GradeColor", + "type": "string", + "description": "Hex color code associated with the grade for UI display (e.g., '#239563')." + }, + { + "name": "RiskVectorOrder", + "type": "int", + "description": "Display order of the risk vector within its category." + }, + { + "name": "DisplayUrl", + "type": "string", + "description": "URL to the risk vector detail page in BitSight portal." + }, + { + "name": "Beta", + "type": "boolean", + "description": "Indicates if this risk vector is in beta status." + }, + { + "name": "ConnectorName", + "type": "string", + "description": "Connection name identifier for multi-instance tracking." + } + ] + } + } + }, + { + "name": "BitSightDiligenceHistoricalStatistics_CL", + "apiVersion": "2022-10-01", + "type": "Microsoft.OperationalInsights/workspaces/tables", + "location": "[parameters('workspace-location')]", + "kind": null, + "properties": { + "retentionInDays": 180, + "schema": { + "name": "BitSightDiligenceHistoricalStatistics_CL", + "description": "The BitSightDiligenceHistoricalStatistics table contains historical diligence statistics per company over time from the BitSight API ingested into Microsoft Sentinel.", + "columns": [ + { + "name": "TimeGenerated", + "type": "datetime", + "isDefaultDisplay": true + }, + { + "name": "CompanyName", + "type": "string", + "description": "Name of the company." + }, + { + "name": "CompanyGuid", + "type": "string", + "description": "GUID of the company." + }, + { + "name": "RecordDate", + "type": "string", + "description": "The date of the historical record (YYYY-MM-DD)." + }, + { + "name": "Grade", + "type": "string", + "description": "Letter grade for this record period." + }, + { + "name": "Counts", + "type": "dynamic", + "description": "Array of per-category count objects ({ count, category }). Expanded row-per-category at query time by the KQL parser via mv-expand." + }, + { + "name": "ConnectorName", + "type": "string", + "description": "Connection name identifier for multi-instance tracking." + } + ] + } + } + }, + { + "name": "BitSightDiligenceStatistics_CL", + "apiVersion": "2022-10-01", + "type": "Microsoft.OperationalInsights/workspaces/tables", + "location": "[parameters('workspace-location')]", + "kind": null, + "properties": { + "retentionInDays": 180, + "schema": { + "name": "BitSightDiligenceStatistics_CL", + "description": "The BitSightDiligenceStatistics table contains diligence statistics per risk vector for each portfolio company from the BitSight API ingested into Microsoft Sentinel.", + "columns": [ + { + "name": "TimeGenerated", + "type": "datetime", + "isDefaultDisplay": true + }, + { + "name": "CompanyName", + "type": "string", + "description": "Name of the company." + }, + { + "name": "CompanyGuid", + "type": "string", + "description": "GUID of the company." + }, + { + "name": "RiskVector", + "type": "string", + "description": "Risk vector slug (dict key — always null due to CCF JSONPath limitation)." + }, + { + "name": "Unknown", + "type": "int", + "description": "Count of findings with unknown severity." + }, + { + "name": "Bad", + "type": "int", + "description": "Count of bad findings." + }, + { + "name": "Warn", + "type": "int", + "description": "Count of warn findings." + }, + { + "name": "Neutral", + "type": "int", + "description": "Count of neutral findings." + }, + { + "name": "Fair", + "type": "int", + "description": "Count of fair findings." + }, + { + "name": "Good", + "type": "int", + "description": "Count of good findings." + }, + { + "name": "SpearPhishing", + "type": "int", + "description": "[domain_squatting] Count of spear-phishing lookalike domains." + }, + { + "name": "BitFlip", + "type": "int", + "description": "[domain_squatting] Count of bit-flip lookalike domains." + }, + { + "name": "TypographicalErrors", + "type": "int", + "description": "[domain_squatting] Count of typographical-error lookalike domains." + }, + { + "name": "TldVariant", + "type": "int", + "description": "[domain_squatting] Count of TLD-variant lookalike domains." + }, + { + "name": "TotalCount", + "type": "int", + "description": "[domain_squatting] Total count of all lookalike domain types." + }, + { + "name": "ConnectorName", + "type": "string", + "description": "Connection name identifier for multi-instance tracking." + } + ] + } + } + }, + { + "name": "BitSightFindingsSummary_CL", + "apiVersion": "2022-10-01", + "type": "Microsoft.OperationalInsights/workspaces/tables", + "location": "[parameters('workspace-location')]", + "kind": null, + "properties": { + "retentionInDays": 180, + "schema": { + "name": "BitSightFindingsSummary_CL", + "description": "The BitSightFindingsSummary table contains findings summary statistics per risk vector for each monitored company. Severity and description enrichment is resolved at query time by joining with BitsightVulnerabilitiesFindingsSummary on Name == DisplayName.", + "columns": [ + { + "name": "TimeGenerated", + "type": "datetime", + "isDefaultDisplay": true + }, + { + "name": "CompanyName", + "type": "string", + "description": "Name of the company associated with the findings summary." + }, + { + "name": "CompanyGuid", + "type": "string", + "description": "GUID of the company associated with the findings summary." + }, + { + "name": "StartDate", + "type": "string", + "description": "Start date of the reporting period (YYYY-MM-DD)." + }, + { + "name": "EndDate", + "type": "string", + "description": "End date of the reporting period (YYYY-MM-DD)." + }, + { + "name": "Stats", + "type": "dynamic", + "description": "Array of per-stat objects. Expanded row-per-stat at query time by the KQL parser via mv-expand into Name, StatId, Confidence, EventCount, HostCount, FirstSeen columns." + }, + { + "name": "ConnectorName", + "type": "string", + "description": "Connection name identifier for multi-instance tracking." + } + ] + } + } + }, + { + "name": "BitsightIndustrialStatistics_CL", + "apiVersion": "2022-10-01", + "type": "Microsoft.OperationalInsights/workspaces/tables", + "location": "[parameters('workspace-location')]", + "kind": null, + "properties": { + "retentionInDays": 180, + "schema": { + "name": "BitsightIndustrialStatistics_CL", + "description": "The BitsightIndustrialStatistics table contains industry peer comparison statistics per risk vector for each portfolio company from the BitSight API ingested into Microsoft Sentinel.", + "columns": [ + { + "name": "TimeGenerated", + "type": "datetime", + "isDefaultDisplay": true + }, + { + "name": "CompanyName", + "type": "string", + "description": "Name of the company." + }, + { + "name": "CompanyGuid", + "type": "string", + "description": "GUID of the company." + }, + { + "name": "RiskVector", + "type": "string", + "description": "Risk vector slug (dict key — always null due to CCF JSONPath limitation)." + }, + { + "name": "IncidentCount", + "type": "int", + "description": "Number of incidents for this risk vector in the industry over the measured period." + }, + { + "name": "CountPeriod", + "type": "string", + "description": "Measurement period (e.g., 'year')." + }, + { + "name": "AverageDurationDays", + "type": "real", + "description": "Average duration in days for incidents of this risk vector in the industry." + }, + { + "name": "ConnectorName", + "type": "string", + "description": "Connection name identifier for multi-instance tracking." + } + ] + } + } + }, + { + "name": "BitSightObservationStatistics_CL", + "apiVersion": "2022-10-01", + "type": "Microsoft.OperationalInsights/workspaces/tables", + "location": "[parameters('workspace-location')]", + "kind": null, + "properties": { + "retentionInDays": 180, + "schema": { + "name": "BitSightObservationStatistics_CL", + "description": "The BitSightObservationStatistics table contains observations statistics per risk vector for each portfolio company from the BitSight API ingested into Microsoft Sentinel.", + "columns": [ + { + "name": "TimeGenerated", + "type": "datetime", + "isDefaultDisplay": true + }, + { + "name": "CompanyName", + "type": "string", + "description": "Name of the company." + }, + { + "name": "CompanyGuid", + "type": "string", + "description": "GUID of the company." + }, + { + "name": "RiskVector", + "type": "string", + "description": "Risk vector slug (dict key — always null due to CCF JSONPath limitation)." + }, + { + "name": "ObservationCount", + "type": "int", + "description": "Total number of observations for this risk vector in the measurement period." + }, + { + "name": "CountPeriod", + "type": "string", + "description": "Measurement period (e.g., 'year')." + }, + { + "name": "AverageDurationDays", + "type": "real", + "description": "Average duration in days for observations." + }, + { + "name": "ConnectorName", + "type": "string", + "description": "Connection name identifier for multi-instance tracking." + } + ] + } + } + }, + { + "name": "BitsightVulnerabilitiesFindingsSummary_CL", + "apiVersion": "2022-10-01", + "type": "Microsoft.OperationalInsights/workspaces/tables", + "location": "[parameters('workspace-location')]", + "kind": null, + "properties": { + "retentionInDays": 180, + "schema": { + "name": "BitsightVulnerabilitiesFindingsSummary_CL", + "description": "The BitsightVulnerabilitiesFindingsSummary table contains vulnerability reference data from the BitSight defaults API. Used at query time to enrich BitSightFindingsSummary with Severity and Description via the KQL parser.", + "columns": [ + { + "name": "TimeGenerated", + "type": "datetime", + "isDefaultDisplay": true + }, + { + "name": "Name", + "type": "string", + "description": "Slug identifier for the vulnerability type (e.g., 'patching_cadence')." + }, + { + "name": "DisplayName", + "type": "string", + "description": "Human-readable name of the vulnerability type." + }, + { + "name": "Description", + "type": "string", + "description": "Description of what the vulnerability type measures." + }, + { + "name": "Severity", + "type": "string", + "description": "Severity level of the vulnerability type (e.g., 'high', 'medium', 'low')." + }, + { + "name": "ConnectorName", + "type": "string", + "description": "Connection name identifier for multi-instance tracking." + } + ] + } + } + }, + { + "name": "BitSightAlerts_CL", + "apiVersion": "2022-10-01", + "type": "Microsoft.OperationalInsights/workspaces/tables", + "location": "[parameters('workspace-location')]", + "kind": null, + "properties": { + "retentionInDays": 180, + "schema": { + "name": "BitSightAlerts_CL", + "description": "The BitSightAlerts table contains alert records from the BitSight API representing changes and news triggers for monitored portfolio companies ingested into Microsoft Sentinel.", + "columns": [ + { + "name": "TimeGenerated", + "type": "datetime", + "isDefaultDisplay": true + }, + { + "name": "Guid", + "type": "string", + "description": "Unique identifier of the alert." + }, + { + "name": "AlertType", + "type": "string", + "description": "The type of alert (e.g., THIRD_PARTY_INTEL)." + }, + { + "name": "AlertDate", + "type": "string", + "description": "The date the alert was triggered (YYYY-MM-DD)." + }, + { + "name": "StartDate", + "type": "string", + "description": "The start date of the alert (YYYY-MM-DD)." + }, + { + "name": "CompanyName", + "type": "string", + "description": "Name of the company associated with the alert." + }, + { + "name": "CompanyGuid", + "type": "string", + "description": "GUID of the company associated with the alert." + }, + { + "name": "CompanyUrl", + "type": "string", + "description": "URL of the company associated with the alert." + }, + { + "name": "FolderGuid", + "type": "string", + "description": "Folder GUID associated with the alert." + }, + { + "name": "FolderName", + "type": "string", + "description": "Folder name associated with the alert." + }, + { + "name": "Severity", + "type": "string", + "description": "Alert severity level (e.g., INFORMATIONAL)." + }, + { + "name": "Trigger", + "type": "string", + "description": "What triggered the alert." + }, + { + "name": "AlertSetName", + "type": "string", + "description": "Name of the alert set." + }, + { + "name": "AlertSetGuid", + "type": "string", + "description": "GUID of the alert set." + }, + { + "name": "ConnectorName", + "type": "string", + "description": "Connection name assigned during connector setup." + } + ] + } + } + }, + { + "name": "BitSightBreaches_CL", + "apiVersion": "2022-10-01", + "type": "Microsoft.OperationalInsights/workspaces/tables", + "location": "[parameters('workspace-location')]", + "kind": null, + "properties": { + "retentionInDays": 180, + "schema": { + "name": "BitSightBreaches_CL", + "description": "The BitSightBreaches table contains data breach records from the BitSight API for monitored portfolio companies ingested into Microsoft Sentinel.", + "columns": [ + { + "name": "TimeGenerated", + "type": "datetime", + "isDefaultDisplay": true + }, + { + "name": "CompanyGuid", + "type": "string", + "description": "GUID of the company that experienced the breach (enriched)." + }, + { + "name": "CompanyName", + "type": "string", + "description": "Name of the company that experienced the breach (enriched)." + }, + { + "name": "Guid", + "type": "string", + "description": "Unique identifier of the breach event." + }, + { + "name": "BreachDate", + "type": "string", + "description": "Date the breach event was recorded (YYYY-MM-DD)." + }, + { + "name": "DateCreated", + "type": "string", + "description": "Date this breach record was created in BitSight." + }, + { + "name": "Text", + "type": "string", + "description": "Description of the breach event." + }, + { + "name": "PreviewUrl", + "type": "string", + "description": "URL to a preview article about the breach." + }, + { + "name": "EventType", + "type": "string", + "description": "Breach event category (e.g., Human Error, Hacking)." + }, + { + "name": "EventTypeDescription", + "type": "string", + "description": "Detailed description of the breach event type." + }, + { + "name": "Severity", + "type": "int", + "description": "Numeric severity level of the breach." + }, + { + "name": "BreachedCompanies", + "type": "dynamic", + "description": "Array of companies directly affected by the breach." + }, + { + "name": "DependentCompanies", + "type": "dynamic", + "description": "Array of dependent companies impacted by this breach." + }, + { + "name": "ConnectorName", + "type": "string", + "description": "Connection name assigned during connector setup." + } + ] + } + } + } + ] + }, + "packageKind": "Solution", + "packageVersion": "[variables('_solutionVersion')]", + "packageName": "[variables('_solutionName')]", + "contentProductId": "[concat(take(variables('_solutionId'), 50),'-','dc','-', uniqueString(concat(variables('_solutionId'),'-','DataConnector','-',variables('_dataConnectorContentIdConnectorDefinition2'),'-', variables('dataConnectorCCPVersion'))))]", + "packageId": "[variables('_solutionId')]", + "contentSchemaVersion": "3.0.0", + "version": "[variables('dataConnectorCCPVersion')]" + } + }, + { + "name": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',variables('_dataConnectorContentIdConnectorDefinition2'))]", + "apiVersion": "2022-09-01-preview", + "type": "Microsoft.OperationalInsights/workspaces/providers/dataConnectorDefinitions", + "location": "[parameters('workspace-location')]", + "kind": "Customizable", + "properties": { + "connectorUiConfig": { + "id": "BitSightEventsConnector", + "title": "BitSight Security Events (via Codeless Connector Framework)", + "publisher": "Microsoft", + "descriptionMarkdown": "The [BitSight](https://www.bitsight.com/) data connector provides the capability to ingest security alerts, breaches, and findings from your BitSight portfolio into Microsoft Sentinel through the BitSight REST API. The connector monitors portfolio companies for rating changes, news alerts, data breaches, and detailed security findings across Diligence, Compromised Systems, and User Behavior risk categories. Refer to the [BitSight API documentation](https://help.bitsighttech.com/hc/en-us/articles/115014888388-API-Token-Management) for more information.", + "graphQueriesTableName": "BitSightAlerts", + "graphQueries": [ + { + "metricName": "Total Alerts received", + "legend": "BitSight Alerts", + "baseQuery": "{{graphQueriesTableName}}" + }, + { + "metricName": "Total Breaches received", + "legend": "BitSight Breaches", + "baseQuery": "BitSightBreaches" + }, + { + "metricName": "Total Findings received", + "legend": "BitSight Findings", + "baseQuery": "BitSightFindings" + } + ], + "sampleQueries": [ + { + "description": "Get sample of BitSight Alerts", + "query": "BitSightAlerts\n | take 10" + }, + { + "description": "Get recent high-severity alerts", + "query": "BitSightAlerts\n | where severity in ('WARN', 'CRITICAL') and TimeGenerated > ago(7d)\n | project TimeGenerated, company_name, alert_type, severity\n | order by TimeGenerated desc" + }, + { + "description": "Get sample of BitSight Findings", + "query": "BitSightFindings\n | take 10" + }, + { + "description": "Get active severe findings", + "query": "BitSightFindings\n | where currently_active == true and severity_category in ('MATERIAL', 'SEVERE')\n | project TimeGenerated, company_name, risk_vector_label, severity_category, severity, first_seen\n | order by severity desc" + }, + { + "description": "Get sample of BitSight Breaches", + "query": "BitSightBreaches\n | take 10" + } + ], + "dataTypes": [ + { + "name": "{{graphQueriesTableName}}", + "lastDataReceivedQuery": "{{graphQueriesTableName}}\n | where TimeGenerated > ago(12h)\n | summarize Time = max(TimeGenerated)\n | where isnotempty(Time)" + }, + { + "name": "BitSightBreaches", + "lastDataReceivedQuery": "BitSightBreaches\n | where TimeGenerated > ago(12h)\n | summarize Time = max(TimeGenerated)\n | where isnotempty(Time)" + }, + { + "name": "BitSightFindings", + "lastDataReceivedQuery": "BitSightFindings\n | where TimeGenerated > ago(12h)\n | summarize Time = max(TimeGenerated)\n | where isnotempty(Time)" + } + ], + "connectivityCriteria": [ + { + "type": "HasDataConnectors" + } + ], + "availability": { + "isPreview": true, + "status": 1 + }, + "permissions": { + "resourceProvider": [ + { + "provider": "Microsoft.OperationalInsights/workspaces", + "permissionsDisplayText": "Read and Write permissions are required.", + "providerDisplayName": "Workspace", + "scope": "Workspace", + "requiredPermissions": { + "write": true, + "read": true, + "delete": true, + "action": false + } + } + ], + "customs": [ + { + "name": "BitSight API Token", + "description": "A BitSight API Token is required to authenticate requests to the BitSight REST API. [See the documentation](https://help.bitsighttech.com/hc/en-us/articles/115014888388-API-Token-Management) to learn more about API Token management." + } + ] + }, + "instructionSteps": [ + { + "title": "1. Connection Management", + "description": "Manage your BitSight data stream connections", + "instructions": [ + { + "type": "Markdown", + "parameters": { + "content": "## BitSight Connections\n\nManage multiple BitSight data stream connections. Each connection selects a specific data type - **Alerts**, **Breaches**, or **Findings** - and assigns a **Connection Name** that is stored in the `ConnectorName` column of every ingested record.\n\n> **Authentication**: BitSight uses HTTP Basic Authentication where the API token is used as **both** the username and password." + } + }, + { + "type": "DataConnectorsGrid", + "parameters": { + "mapping": [ + { + "columnName": "Connection Name", + "columnValue": "properties.addOnAttributes.friendlyName" + }, + { + "columnName": "Data Stream", + "columnValue": "properties.addOnAttributes.userStream" + }, + { + "columnName": "API URL", + "columnValue": "properties.request.apiEndpoint" + } + ], + "menuItems": [ + "DeleteConnector" + ] + } + }, + { + "type": "ContextPane", + "parameters": { + "isPrimary": true, + "label": "Add Connection", + "title": "Add BitSight Connection", + "subtitle": "Configure a new BitSight data stream connection", + "contextPaneType": "DataConnectorsContextPane", + "instructionSteps": [ + { + "instructions": [ + { + "type": "Markdown", + "parameters": { + "content": "## 1. Select Data Stream\n\nChoose which BitSight data type to collect for this connection. Create separate connections for each stream you want to ingest." + } + }, + { + "type": "Dropdown", + "parameters": { + "label": "Data Stream", + "name": "dataStream", + "options": [ + { + "key": "ALERTS", + "text": "Alerts - Rating changes and news events (BitSightAlerts)" + }, + { + "key": "BREACHES", + "text": "Breaches - Data breach events for portfolio companies (BitSightBreaches)" + }, + { + "key": "DILIGENCE", + "text": "Diligence Findings - Web, app, and network risk factors (BitSightFindings)" + }, + { + "key": "COMPROMISED_SYSTEMS", + "text": "Compromised Systems Findings - Botnet and malware activity (BitSightFindings)" + }, + { + "key": "USER_BEHAVIOR", + "text": "User Behavior Findings - Credential and employee risk activity (BitSightFindings)" + } + ], + "required": true + } + }, + { + "type": "Markdown", + "parameters": { + "content": "## 2. API Configuration" + } + }, + { + "type": "Textbox", + "parameters": { + "label": "BitSight API Base URL", + "placeholder": "https://api.bitsighttech.com", + "type": "text", + "name": "bitSightApiUrl", + "validations": { + "required": true + } + } + }, + { + "type": "Markdown", + "parameters": { + "content": "## 3. Authentication\n\nBitSight uses your API token as **both** the username and password for HTTP Basic Authentication." + } + }, + { + "type": "Textbox", + "parameters": { + "label": "BitSight API Token (Username)", + "placeholder": "Paste your BitSight API Token", + "type": "text", + "name": "username", + "validations": { + "required": true + } + } + }, + { + "type": "Textbox", + "parameters": { + "label": "BitSight API Token (Password)", + "placeholder": "Paste your BitSight API Token again", + "type": "password", + "name": "password", + "validations": { + "required": true + } + } + }, + { + "type": "InfoMessage", + "parameters": { + "text": "Both fields must contain the **same API token value**. Entering different values will cause authentication to fail.", + "visible": true, + "inline": false + } + }, + { + "type": "InfoMessage", + "parameters": { + "text": "Obtain your API Token from **Settings > Account > User Preferences > API Token** in the BitSight portal.", + "visible": true, + "inline": false + } + }, + { + "type": "Markdown", + "parameters": { + "content": "## 4. Connection Name\n\nAssign a unique name to identify this connection in the grid and in every ingested log record." + } + }, + { + "type": "Textbox", + "parameters": { + "label": "Connection Name", + "placeholder": "e.g. BitSight-Alerts-Prod", + "type": "text", + "name": "friendlyName", + "validations": { + "required": true + } + } + }, + { + "type": "InfoMessage", + "parameters": { + "text": "The connection name is stored in the `ConnectorName` column of every ingested record, enabling you to trace data back to this specific connection.", + "visible": true, + "inline": true + } + } + ] + } + ] + } + } + ] + } + ] + } + } + }, + { + "name": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat('DataConnector-', variables('_dataConnectorContentIdConnectorDefinition2')))]", + "apiVersion": "2022-01-01-preview", + "type": "Microsoft.OperationalInsights/workspaces/providers/metadata", + "properties": { + "parentId": "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/dataConnectorDefinitions', variables('_dataConnectorContentIdConnectorDefinition2'))]", + "contentId": "[variables('_dataConnectorContentIdConnectorDefinition2')]", + "kind": "DataConnector", + "version": "[variables('dataConnectorCCPVersion')]", + "source": { + "sourceId": "[variables('_solutionId')]", + "name": "[variables('_solutionName')]", + "kind": "Solution" + }, + "author": { + "name": "Microsoft", + "email": "[variables('_email')]" + }, + "support": { + "name": "BitSight Support", + "email": "support@bitsight.com", + "tier": "Partner", + "link": "https://www.bitsight.com/customer-success-support" + }, + "dependencies": { + "criteria": [ + { + "version": "[variables('dataConnectorCCPVersion')]", + "contentId": "[variables('_dataConnectorContentIdConnections2')]", + "kind": "ResourcesDataConnector" + } + ] + } + } + }, + { + "type": "Microsoft.OperationalInsights/workspaces/providers/contentTemplates", + "apiVersion": "2023-04-01-preview", + "name": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/', variables('dataConnectorTemplateNameConnections2'), variables('dataConnectorCCPVersion'))]", + "location": "[parameters('workspace-location')]", + "dependsOn": [ + "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]" + ], + "properties": { + "contentId": "[variables('_dataConnectorContentIdConnections2')]", + "displayName": "BitSight Security Events (via Codeless Connector Framework)", + "contentKind": "ResourcesDataConnector", + "mainTemplate": { + "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", + "contentVersion": "[variables('dataConnectorCCPVersion')]", + "parameters": { + "guidValue": { + "defaultValue": "[[newGuid()]", + "type": "securestring" + }, + "innerWorkspace": { + "defaultValue": "[parameters('workspace')]", + "type": "securestring" + }, + "connectorDefinitionName": { + "defaultValue": "BitSight Security Events (via Codeless Connector Framework)", + "type": "securestring", + "minLength": 1 + }, + "workspace": { + "defaultValue": "[parameters('workspace')]", + "type": "securestring" + }, + "dcrConfig": { + "defaultValue": { + "dataCollectionEndpoint": "data collection Endpoint", + "dataCollectionRuleImmutableId": "data collection rule immutableId" + }, + "type": "object" + }, + "dataStream": { + "defaultValue": "dataStream", + "type": "array" + }, + "bitSightApiUrl": { + "defaultValue": "bitSightApiUrl", + "type": "securestring", + "minLength": 1 + }, + "username": { + "defaultValue": "username", + "type": "securestring", + "minLength": 1 + }, + "password": { + "defaultValue": "password", + "type": "securestring", + "minLength": 1 + }, + "friendlyName": { + "defaultValue": "friendlyName", + "type": "securestring", + "minLength": 1 + } + }, + "variables": { + "_dataConnectorContentIdConnections2": "[variables('_dataConnectorContentIdConnections2')]" + }, + "resources": [ + { + "name": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat('DataConnector-', variables('_dataConnectorContentIdConnections2')))]", + "apiVersion": "2022-01-01-preview", + "type": "Microsoft.OperationalInsights/workspaces/providers/metadata", + "properties": { + "parentId": "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/dataConnectors', variables('_dataConnectorContentIdConnections2'))]", + "contentId": "[variables('_dataConnectorContentIdConnections2')]", + "kind": "ResourcesDataConnector", + "version": "[variables('dataConnectorCCPVersion')]", + "source": { + "sourceId": "[variables('_solutionId')]", + "name": "[variables('_solutionName')]", + "kind": "Solution" + }, + "author": { + "name": "Microsoft", + "email": "[variables('_email')]" + }, + "support": { + "name": "BitSight Support", + "email": "support@bitsight.com", + "tier": "Partner", + "link": "https://www.bitsight.com/customer-success-support" + } + } + }, + { + "name": "[[concat('parameters('workspace')', '/Microsoft.SecurityInsights/','BitSightAlerts' , uniqueString(parameters('friendlyName')) )]", + "apiVersion": "2023-02-01-preview", + "type": "Microsoft.OperationalInsights/workspaces/providers/dataConnectors", + "location": "[parameters('workspace-location')]", + "kind": "RestApiPoller", + "properties": { + "auth": { + "type": "Basic", + "UserName": "[[parameters('username')]", + "Password": "[[parameters('password')]" + }, + "request": { + "apiEndpoint": "[[concat(parameters('bitSightApiUrl'), '/v2/alerts/')]", + "httpMethod": "GET", + "rateLimitQPS": 1, + "paginatedCallsPerSecond": 1.0, + "queryWindowInMin": 1440, + "queryWindowDelayInMin": 30, + "queryTimeFormat": "yyyy-MM-dd", + "retryCount": 3, + "timeoutInSeconds": 30, + "headers": { + "Accept": "application/json", + "X-BITSIGHT-CALLING-PLATFORM-VERSION": "Microsoft-Sentinel", + "X-BITSIGHT-CONNECTOR-NAME-VERSION": "3.0.2" + }, + "queryParameters": { + "sort": "alert_date", + "alert_date_gte": "{_QueryWindowStartTime}", + "alert_date_lte": "{_QueryWindowEndTime}" + } + }, + "response": { + "eventsJsonPaths": [ + "$.results[*]" + ], + "format": "json" + }, + "paging": { + "pagingType": "Offset", + "offsetParaName": "offset", + "pageSize": 1000, + "pageSizeParameterName": "limit" + }, + "connectorDefinitionName": "BitSightEventsConnector", + "dataType": "BitSightAlerts", + "dcrConfig": { + "streamName": "Custom-BitSightAlerts_CL", + "dataCollectionEndpoint": "[[parameters('dcrConfig').dataCollectionEndpoint]", + "dataCollectionRuleImmutableId": "[[parameters('dcrConfig').dataCollectionRuleImmutableId]" + }, + "addOnAttributes": { + "friendlyName": "[[parameters('friendlyName')]", + "userStream": "ALERTS" + } + }, + "condition": "[[equals(parameters('dataStream')[0], 'ALERTS')]" + }, + { + "name": "[[concat('parameters('workspace')', '/Microsoft.SecurityInsights/','BitSightBreaches' , uniqueString(parameters('friendlyName')) )]", + "apiVersion": "2023-02-01-preview", + "type": "Microsoft.OperationalInsights/workspaces/providers/dataConnectors", + "location": "[parameters('workspace-location')]", + "kind": "RestApiPoller", + "properties": { + "auth": { + "type": "Basic", + "UserName": "[[parameters('username')]", + "Password": "[[parameters('password')]" + }, + "request": { + "apiEndpoint": "[[concat(parameters('bitSightApiUrl'), '/ratings/v2/portfolio')]", + "httpMethod": "GET", + "rateLimitQPS": 1, + "paginatedCallsPerSecond": 1.0, + "queryWindowInMin": 1440, + "queryWindowDelayInMin": 60, + "retryCount": 3, + "timeoutInSeconds": 30, + "headers": { + "Accept": "application/json", + "X-BITSIGHT-CALLING-PLATFORM-VERSION": "Microsoft-Sentinel", + "X-BITSIGHT-CONNECTOR-NAME-VERSION": "3.0.2" + }, + "queryParameters": { + "fields": "name,guid" + } + }, + "response": { + "eventsJsonPaths": [ + "$.results[*]" + ], + "format": "json" + }, + "paging": { + "pagingType": "Offset", + "offsetParaName": "offset", + "pageSize": 500, + "pageSizeParameterName": "limit" + }, + "stepInfo": { + "stepType": "Nested", + "nextSteps": [ + { + "stepId": "fetch_company_breaches", + "stepPlaceholdersParsingKql": "source | project res = parse_json(data) | project company_guid_PlaceHolder = tostring(res['guid']), company_name_PlaceHolder = tostring(res['name'])" + } + ] + }, + "stepCollectorConfigs": { + "fetch_company_breaches": { + "shouldJoinNestedData": false, + "request": { + "apiEndpoint": "[[concat(parameters('bitSightApiUrl'), '/v1/companies/$company_guid_PlaceHolder$/providers/breaches')]", + "httpMethod": "GET", + "queryWindowInMin": 1440, + "queryTimeFormat": "yyyy-MM-dd", + "retryCount": 3, + "timeoutInSeconds": 30, + "headers": { + "Accept": "application/json", + "X-BITSIGHT-CALLING-PLATFORM-VERSION": "Microsoft-Sentinel", + "X-BITSIGHT-CONNECTOR-NAME-VERSION": "3.0.2" + }, + "queryParameters": { + "date_created_gte": "{_QueryWindowStartTime}", + "date_created_lte": "{_QueryWindowEndTime}" + } + }, + "response": { + "eventsJsonPaths": [ + "$.results[*]" + ], + "format": "json" + }, + "paging": { + "pagingType": "Offset", + "offsetParaName": "offset", + "pageSize": 500, + "pageSizeParaName": "limit" + } + } + }, + "connectorDefinitionName": "BitSightEventsConnector", + "dataType": "BitSightBreaches", + "dcrConfig": { + "streamName": "Custom-BitSightBreaches_CL", + "dataCollectionEndpoint": "[[parameters('dcrConfig').dataCollectionEndpoint]", + "dataCollectionRuleImmutableId": "[[parameters('dcrConfig').dataCollectionRuleImmutableId]" + }, + "addOnAttributes": { + "company_guid": "$company_guid_PlaceHolder$", + "company_name": "$company_name_PlaceHolder$", + "friendlyName": "[[parameters('friendlyName')]", + "userStream": "BREACHES" + } + }, + "condition": "[[equals(parameters('dataStream')[0], 'BREACHES')]" + }, + { + "name": "[[concat('parameters('workspace')', '/Microsoft.SecurityInsights/','BitSightFindings' , uniqueString(parameters('friendlyName')), uniqueString('Diligence') )]", + "apiVersion": "2023-02-01-preview", + "type": "Microsoft.OperationalInsights/workspaces/providers/dataConnectors", + "location": "[parameters('workspace-location')]", + "kind": "RestApiPoller", + "properties": { + "auth": { + "type": "Basic", + "UserName": "[[parameters('username')]", + "Password": "[[parameters('password')]" + }, + "request": { + "apiEndpoint": "[[concat(parameters('bitSightApiUrl'), '/ratings/v2/portfolio')]", + "httpMethod": "GET", + "rateLimitQPS": 1, + "paginatedCallsPerSecond": 1.0, + "queryWindowInMin": 1, + "queryWindowDelayInMin": 60, + "retryCount": 3, + "timeoutInSeconds": 30, + "headers": { + "Accept": "application/json", + "X-BITSIGHT-CALLING-PLATFORM-VERSION": "Microsoft-Sentinel", + "X-BITSIGHT-CONNECTOR-NAME-VERSION": "3.0.2" + }, + "queryParameters": { + "fields": "name,guid" + } + }, + "response": { + "eventsJsonPaths": [ + "$.results[*]" + ], + "format": "json" + }, + "paging": { + "pagingType": "Offset", + "offsetParaName": "offset", + "pageSize": 500, + "pageSizeParameterName": "limit" + }, + "stepInfo": { + "stepType": "Nested", + "nextSteps": [ + { + "stepId": "fetch_company_findings", + "stepPlaceholdersParsingKql": "source | project res = parse_json(data) | project company_guid_PlaceHolder = tostring(res['guid']), company_name_PlaceHolder = tostring(res['name'])" + } + ] + }, + "stepCollectorConfigs": { + "fetch_company_findings": { + "shouldJoinNestedData": false, + "request": { + "apiEndpoint": "[[concat(parameters('bitSightApiUrl'), '/ratings/v1/companies/$company_guid_PlaceHolder$/findings')]", + "httpMethod": "GET", + "queryWindowInMin": 1440, + "queryTimeFormat": "yyyy-MM-dd", + "retryCount": 3, + "timeoutInSeconds": 30, + "headers": { + "Accept": "application/json", + "X-BITSIGHT-CALLING-PLATFORM-VERSION": "Microsoft-Sentinel", + "X-BITSIGHT-CONNECTOR-NAME-VERSION": "3.0.2" + }, + "queryParameters": { + "sort": "last_seen", + "expand": "attributed_companies", + "risk_category": "Diligence", + "last_seen_gte": "{_QueryWindowStartTime}", + "last_seen_lte": "{_QueryWindowEndTime}" + } + }, + "response": { + "eventsJsonPaths": [ + "$.results[*]" + ], + "format": "json" + }, + "paging": { + "pagingType": "Offset", + "offsetParaName": "offset", + "pageSize": 1000, + "pageSizeParaName": "limit" + } + } + }, + "connectorDefinitionName": "BitSightEventsConnector", + "dataType": "BitSightFindings", + "dcrConfig": { + "streamName": "Custom-BitSightFindings_CL", + "dataCollectionEndpoint": "[[parameters('dcrConfig').dataCollectionEndpoint]", + "dataCollectionRuleImmutableId": "[[parameters('dcrConfig').dataCollectionRuleImmutableId]" + }, + "addOnAttributes": { + "company_guid": "$company_guid_PlaceHolder$", + "company_name": "$company_name_PlaceHolder$", + "userStream": "DILIGENCE", + "friendlyName": "[[parameters('friendlyName')]" + } + }, + "condition": "[[equals(parameters('dataStream')[0], 'DILIGENCE')]" + }, + { + "name": "[[concat('parameters('workspace')', '/Microsoft.SecurityInsights/','BitSightFindings' , uniqueString(parameters('friendlyName')), uniqueString('Compromised Systems') )]", + "apiVersion": "2023-02-01-preview", + "type": "Microsoft.OperationalInsights/workspaces/providers/dataConnectors", + "location": "[parameters('workspace-location')]", + "kind": "RestApiPoller", + "properties": { + "auth": { + "type": "Basic", + "UserName": "[[parameters('username')]", + "Password": "[[parameters('password')]" + }, + "request": { + "apiEndpoint": "[[concat(parameters('bitSightApiUrl'), '/ratings/v2/portfolio')]", + "httpMethod": "GET", + "rateLimitQPS": 1, + "paginatedCallsPerSecond": 1.0, + "queryWindowInMin": 1, + "queryWindowDelayInMin": 60, + "retryCount": 3, + "timeoutInSeconds": 30, + "headers": { + "Accept": "application/json", + "X-BITSIGHT-CALLING-PLATFORM-VERSION": "Microsoft-Sentinel", + "X-BITSIGHT-CONNECTOR-NAME-VERSION": "3.0.2" + }, + "queryParameters": { + "fields": "name,guid" + } + }, + "response": { + "eventsJsonPaths": [ + "$.results[*]" + ], + "format": "json" + }, + "paging": { + "pagingType": "Offset", + "offsetParaName": "offset", + "pageSize": 500, + "pageSizeParameterName": "limit" + }, + "stepInfo": { + "stepType": "Nested", + "nextSteps": [ + { + "stepId": "fetch_company_findings", + "stepPlaceholdersParsingKql": "source | project res = parse_json(data) | project company_guid_PlaceHolder = tostring(res['guid']), company_name_PlaceHolder = tostring(res['name'])" + } + ] + }, + "stepCollectorConfigs": { + "fetch_company_findings": { + "shouldJoinNestedData": false, + "request": { + "apiEndpoint": "[[concat(parameters('bitSightApiUrl'), '/ratings/v1/companies/$company_guid_PlaceHolder$/findings')]", + "httpMethod": "GET", + "queryWindowInMin": 1440, + "queryTimeFormat": "yyyy-MM-dd", + "retryCount": 3, + "timeoutInSeconds": 30, + "headers": { + "Accept": "application/json", + "X-BITSIGHT-CALLING-PLATFORM-VERSION": "Microsoft-Sentinel", + "X-BITSIGHT-CONNECTOR-NAME-VERSION": "3.0.2" + }, + "queryParameters": { + "sort": "last_seen", + "expand": "attributed_companies", + "risk_category": "Compromised Systems", + "last_seen_gte": "{_QueryWindowStartTime}", + "last_seen_lte": "{_QueryWindowEndTime}" + } + }, + "response": { + "eventsJsonPaths": [ + "$.results[*]" + ], + "format": "json" + }, + "paging": { + "pagingType": "Offset", + "offsetParaName": "offset", + "pageSize": 1000, + "pageSizeParaName": "limit" + } + } + }, + "connectorDefinitionName": "BitSightEventsConnector", + "dataType": "BitSightFindings", + "dcrConfig": { + "streamName": "Custom-BitSightFindings_CL", + "dataCollectionEndpoint": "[[parameters('dcrConfig').dataCollectionEndpoint]", + "dataCollectionRuleImmutableId": "[[parameters('dcrConfig').dataCollectionRuleImmutableId]" + }, + "addOnAttributes": { + "company_guid": "$company_guid_PlaceHolder$", + "company_name": "$company_name_PlaceHolder$", + "userStream": "COMPROMISED_SYSTEMS", + "friendlyName": "[[parameters('friendlyName')]" + } + }, + "condition": "[[equals(parameters('dataStream')[0], 'COMPROMISED_SYSTEMS')]" + }, + { + "name": "[[concat('parameters('workspace')', '/Microsoft.SecurityInsights/','BitSightFindings' , uniqueString(parameters('friendlyName')), uniqueString('User Behavior') )]", + "apiVersion": "2023-02-01-preview", + "type": "Microsoft.OperationalInsights/workspaces/providers/dataConnectors", + "location": "[parameters('workspace-location')]", + "kind": "RestApiPoller", + "properties": { + "auth": { + "type": "Basic", + "UserName": "[[parameters('username')]", + "Password": "[[parameters('password')]" + }, + "request": { + "apiEndpoint": "[[concat(parameters('bitSightApiUrl'), '/ratings/v2/portfolio')]", + "httpMethod": "GET", + "rateLimitQPS": 1, + "paginatedCallsPerSecond": 1.0, + "queryWindowInMin": 1, + "queryWindowDelayInMin": 60, + "retryCount": 3, + "timeoutInSeconds": 30, + "headers": { + "Accept": "application/json", + "X-BITSIGHT-CALLING-PLATFORM-VERSION": "Microsoft-Sentinel", + "X-BITSIGHT-CONNECTOR-NAME-VERSION": "3.0.2" + }, + "queryParameters": { + "fields": "name,guid" + } + }, + "response": { + "eventsJsonPaths": [ + "$.results[*]" + ], + "format": "json" + }, + "paging": { + "pagingType": "Offset", + "offsetParaName": "offset", + "pageSize": 500, + "pageSizeParameterName": "limit" + }, + "stepInfo": { + "stepType": "Nested", + "nextSteps": [ + { + "stepId": "fetch_company_findings", + "stepPlaceholdersParsingKql": "source | project res = parse_json(data) | project company_guid_PlaceHolder = tostring(res['guid']), company_name_PlaceHolder = tostring(res['name'])" + } + ] + }, + "stepCollectorConfigs": { + "fetch_company_findings": { + "shouldJoinNestedData": false, + "request": { + "apiEndpoint": "[[concat(parameters('bitSightApiUrl'), '/ratings/v1/companies/$company_guid_PlaceHolder$/findings')]", + "httpMethod": "GET", + "queryWindowInMin": 1440, + "queryTimeFormat": "yyyy-MM-dd", + "retryCount": 3, + "timeoutInSeconds": 30, + "headers": { + "Accept": "application/json", + "X-BITSIGHT-CALLING-PLATFORM-VERSION": "Microsoft-Sentinel", + "X-BITSIGHT-CONNECTOR-NAME-VERSION": "3.0.2" + }, + "queryParameters": { + "sort": "last_seen", + "expand": "attributed_companies", + "risk_category": "User Behavior", + "last_seen_gte": "{_QueryWindowStartTime}", + "last_seen_lte": "{_QueryWindowEndTime}" + } + }, + "response": { + "eventsJsonPaths": [ + "$.results[*]" + ], + "format": "json" + }, + "paging": { + "pagingType": "Offset", + "offsetParaName": "offset", + "pageSize": 1000, + "pageSizeParaName": "limit" + } + } + }, + "connectorDefinitionName": "BitSightEventsConnector", + "dataType": "BitSightFindings", + "dcrConfig": { + "streamName": "Custom-BitSightFindings_CL", + "dataCollectionEndpoint": "[[parameters('dcrConfig').dataCollectionEndpoint]", + "dataCollectionRuleImmutableId": "[[parameters('dcrConfig').dataCollectionRuleImmutableId]" + }, + "addOnAttributes": { + "company_guid": "$company_guid_PlaceHolder$", + "company_name": "$company_name_PlaceHolder$", + "userStream": "USER_BEHAVIOR", + "friendlyName": "[[parameters('friendlyName')]" + } + }, + "condition": "[[equals(parameters('dataStream')[0], 'USER_BEHAVIOR')]" + } + ] + }, + "packageKind": "Solution", + "packageVersion": "[variables('_solutionVersion')]", + "packageName": "[variables('_solutionName')]", + "contentProductId": "[concat(take(variables('_solutionId'), 50),'-','rdc','-', uniqueString(concat(variables('_solutionId'),'-','ResourcesDataConnector','-',variables('_dataConnectorContentIdConnections2'),'-', variables('dataConnectorCCPVersion'))))]", + "packageId": "[variables('_solutionId')]", + "contentSchemaVersion": "3.0.0", + "version": "[variables('dataConnectorCCPVersion')]" + } + }, + { + "type": "Microsoft.OperationalInsights/workspaces/providers/contentTemplates", + "apiVersion": "2023-04-01-preview", + "name": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/', variables('dataConnectorTemplateNameConnectorDefinition3'), variables('dataConnectorCCPVersion'))]", + "location": "[parameters('workspace-location')]", + "dependsOn": [ + "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]" + ], + "properties": { + "contentId": "[variables('_dataConnectorContentIdConnectorDefinition3')]", + "displayName": "BitSight Security Statistics (via Codeless Connector Framework)", + "contentKind": "DataConnector", + "mainTemplate": { + "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", + "contentVersion": "[variables('dataConnectorCCPVersion')]", + "parameters": {}, + "variables": {}, + "resources": [ + { + "name": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',variables('_dataConnectorContentIdConnectorDefinition3'))]", + "apiVersion": "2022-09-01-preview", + "type": "Microsoft.OperationalInsights/workspaces/providers/dataConnectorDefinitions", + "location": "[parameters('workspace-location')]", + "kind": "Customizable", + "properties": { + "connectorUiConfig": { + "id": "BitSightStatisticsConnector", + "title": "BitSight Security Statistics (via Codeless Connector Framework)", + "publisher": "Microsoft", + "descriptionMarkdown": "The [BitSight](https://www.bitsight.com/) data connector provides the capability to ingest security statistics, company profiles, rating details, diligence history, risk vector statistics, and vulnerability data from your BitSight portfolio into Microsoft Sentinel through the BitSight REST API. Refer to the [BitSight API documentation](https://help.bitsighttech.com/hc/en-us/articles/115014888388-API-Token-Management) for more information.", + "graphQueriesTableName": "BitSightCompanyDetails", + "graphQueries": [ + { + "metricName": "Total Company Detail records received", + "legend": "BitSight Company Details", + "baseQuery": "{{graphQueriesTableName}}" + }, + { + "metricName": "Total Company Rating Details received", + "legend": "BitSight Company Rating Details", + "baseQuery": "BitSightCompanyRatingDetails" + }, + { + "metricName": "Total Diligence Historical Statistics received", + "legend": "BitSight Diligence Historical Statistics", + "baseQuery": "BitSightDiligenceHistoricalStatistics" + }, + { + "metricName": "Total Diligence Statistics received", + "legend": "BitSight Diligence Statistics", + "baseQuery": "BitSightDiligenceStatistics" + }, + { + "metricName": "Total Observations Statistics received", + "legend": "BitSight Observations Statistics", + "baseQuery": "BitSightObservationStatistics" + }, + { + "metricName": "Total Industries Statistics received", + "legend": "BitSight Industries Statistics", + "baseQuery": "BitsightIndustrialStatistics" + }, + { + "metricName": "Total Findings Summary records received", + "legend": "BitSight Findings Summary", + "baseQuery": "BitSightFindingsSummary" + }, + { + "metricName": "Total Vulnerabilities received", + "legend": "BitSight Vulnerabilities", + "baseQuery": "BitsightVulnerabilitiesFindingsSummary" + } + ], + "sampleQueries": [ + { + "description": "Get sample of BitSight Company Details", + "query": "{{graphQueriesTableName}}\n | take 10" + }, + { + "description": "Get company security ratings over time", + "query": "{{graphQueriesTableName}}\n | where TimeGenerated > ago(90d)\n | summarize LatestRating = arg_max(TimeGenerated, CurrentRating) by Name\n | order by LatestRating asc" + }, + { + "description": "Get sample of BitSight Company Rating Details", + "query": "BitSightCompanyRatingDetails\n | take 10" + }, + { + "description": "Get findings summary with latest data per company/stat", + "query": "BitSightFindingsSummary\n | where TimeGenerated > ago(1d)\n | take 10" + }, + { + "description": "Get sample of BitSight Vulnerabilities", + "query": "BitsightVulnerabilitiesFindingsSummary\n | take 10" + } + ], + "dataTypes": [ + { + "name": "{{graphQueriesTableName}}", + "lastDataReceivedQuery": "{{graphQueriesTableName}}\n | where TimeGenerated > ago(12h)\n | summarize Time = max(TimeGenerated)\n | where isnotempty(Time)" + }, + { + "name": "BitSightCompanyRatingDetails", + "lastDataReceivedQuery": "BitSightCompanyRatingDetails\n | where TimeGenerated > ago(12h)\n | summarize Time = max(TimeGenerated)\n | where isnotempty(Time)" + }, + { + "name": "BitSightFindingsSummary", + "lastDataReceivedQuery": "BitSightFindingsSummary\n | where TimeGenerated > ago(12h)\n | summarize Time = max(TimeGenerated)\n | where isnotempty(Time)" + }, + { + "name": "BitSightDiligenceHistoricalStatistics", + "lastDataReceivedQuery": "BitSightDiligenceHistoricalStatistics\n| where TimeGenerated > ago(12h)\n| summarize Time = max(TimeGenerated)\n| where isnotempty(Time)" + }, + { + "name": "BitSightDiligenceStatistics", + "lastDataReceivedQuery": "BitSightDiligenceStatistics\n| where TimeGenerated > ago(12h)\n| summarize Time = max(TimeGenerated)\n| where isnotempty(Time)" + }, + { + "name": "BitSightObservationStatistics", + "lastDataReceivedQuery": "BitSightObservationStatistics\n| where TimeGenerated > ago(12h)\n| summarize Time = max(TimeGenerated)\n| where isnotempty(Time)" + }, + { + "name": "BitsightIndustrialStatistics", + "lastDataReceivedQuery": "BitsightIndustrialStatistics\n| where TimeGenerated > ago(12h)\n| summarize Time = max(TimeGenerated)\n| where isnotempty(Time)" + }, + { + "name": "BitsightVulnerabilitiesFindingsSummary", + "lastDataReceivedQuery": "BitsightVulnerabilitiesFindingsSummary\n| where TimeGenerated > ago(12h)\n| summarize Time = max(TimeGenerated)\n| where isnotempty(Time)" + } + ], + "connectivityCriteria": [ + { + "type": "HasDataConnectors" + } + ], + "availability": { + "isPreview": true, + "status": 1 + }, + "permissions": { + "resourceProvider": [ + { + "provider": "Microsoft.OperationalInsights/workspaces", + "permissionsDisplayText": "Read and Write permissions are required.", + "providerDisplayName": "Workspace", + "scope": "Workspace", + "requiredPermissions": { + "write": true, + "read": true, + "delete": true, + "action": false + } + } + ], + "customs": [ + { + "name": "BitSight API Token", + "description": "A BitSight API Token is required to authenticate requests to the BitSight REST API. [See the documentation](https://help.bitsighttech.com/hc/en-us/articles/115014888388-API-Token-Management) to learn more about API Token management." + } + ] + }, + "instructionSteps": [ + { + "title": "1. Connection Management", + "description": "Manage your BitSight statistics data stream connections", + "instructions": [ + { + "type": "Markdown", + "parameters": { + "content": "## BitSight Statistics Connections\n\nManage multiple BitSight statistics connections. Each connection selects one or more **data streams** to ingest and assigns a **Connection Name** stored in the `connectionName` column of every ingested record.\n\n> **Authentication**: BitSight uses HTTP Basic Authentication where the API token is used as **both** the username and password." + } + }, + { + "type": "DataConnectorsGrid", + "parameters": { + "mapping": [ + { + "columnName": "Connection Name", + "columnValue": "properties.addOnAttributes.connectionName" + }, + { + "columnName": "Active Streams", + "columnValue": "properties.addOnAttributes.streams" + }, + { + "columnName": "API URL", + "columnValue": "properties.request.apiEndpoint" + } + ], + "menuItems": [ + "DeleteConnector" + ] + } + }, + { + "type": "ContextPane", + "parameters": { + "isPrimary": true, + "label": "Add Connection", + "title": "Add BitSight Statistics Connection", + "subtitle": "Configure a new BitSight statistics connection", + "contextPaneType": "DataConnectorsContextPane", + "instructionSteps": [ + { + "instructions": [ + { + "type": "Markdown", + "parameters": { + "content": "## 1. Select Data Streams\n\nChoose which BitSight statistics data types to collect for this connection. You can select multiple streams." + } + }, + { + "type": "Dropdown", + "parameters": { + "label": "Data Streams", + "name": "streams", + "options": [ + { + "key": "FindingsSummary", + "text": "FindingsSummary" + }, + { + "key": "CompanyDetails", + "text": "CompanyDetails" + }, + { + "key": "CompanyRatingDetails", + "text": "CompanyRatingDetails" + }, + { + "key": "DiligenceHistoricalStatistics", + "text": "DiligenceHistoricalStatistics" + }, + { + "key": "RiskVectorStatistics", + "text": "RiskVectorStatistics" + }, + { + "key": "IndustriesStatistics", + "text": "IndustriesStatistics" + }, + { + "key": "Vulnerabilities", + "text": "Vulnerabilities" + }, + { + "key": "ObservationsStatistics", + "text": "ObservationsStatistics" + } + ], + "isMultiSelect": true, + "defaultAllSelected": false, + "required": true + } + }, + { + "type": "Markdown", + "parameters": { + "content": "## 2. API Configuration" + } + }, + { + "type": "Textbox", + "parameters": { + "label": "BitSight API Base URL", + "placeholder": "https://api.bitsighttech.com", + "type": "text", + "name": "bitSightApiUrl", + "validations": { + "required": true + } + } + }, + { + "type": "Markdown", + "parameters": { + "content": "## 3. Authentication\n\nBitSight uses your API token as **both** the username and password for HTTP Basic Authentication." + } + }, + { + "type": "Textbox", + "parameters": { + "label": "BitSight API Token (Username)", + "placeholder": "Paste your BitSight API Token", + "type": "text", + "name": "username", + "validations": { + "required": true + } + } + }, + { + "type": "Textbox", + "parameters": { + "label": "BitSight API Token (Password)", + "placeholder": "Paste your BitSight API Token again", + "type": "password", + "name": "password", + "validations": { + "required": true + } + } + }, + { + "type": "InfoMessage", + "parameters": { + "text": "Obtain your API Token from **Settings > Account > User Preferences > API Token** in the BitSight portal.", + "visible": true, + "inline": false + } + }, + { + "type": "Markdown", + "parameters": { + "content": "## 4. Connection Name\n\nAssign a unique name to identify this connection in the grid and in every ingested log record." + } + }, + { + "type": "Textbox", + "parameters": { + "label": "Connection Name", + "placeholder": "e.g. BitSight-Statistics-Prod", + "type": "text", + "name": "connectionName", + "validations": { + "required": true + } + } + }, + { + "type": "InfoMessage", + "parameters": { + "text": "The connection name is stored in the `connectionName` column of every ingested record, enabling you to trace data back to this specific connection.", + "visible": true, + "inline": true + } + } + ] + } + ] + } + } + ] + } + ] + } + } + }, + { + "name": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat('DataConnector-', variables('_dataConnectorContentIdConnectorDefinition3')))]", + "apiVersion": "2022-01-01-preview", + "type": "Microsoft.OperationalInsights/workspaces/providers/metadata", + "properties": { + "parentId": "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/dataConnectorDefinitions', variables('_dataConnectorContentIdConnectorDefinition3'))]", + "contentId": "[variables('_dataConnectorContentIdConnectorDefinition3')]", + "kind": "DataConnector", + "version": "[variables('dataConnectorCCPVersion')]", + "source": { + "sourceId": "[variables('_solutionId')]", + "name": "[variables('_solutionName')]", + "kind": "Solution" + }, + "author": { + "name": "Microsoft", + "email": "[variables('_email')]" + }, + "support": { + "name": "BitSight Support", + "email": "support@bitsight.com", + "tier": "Partner", + "link": "https://www.bitsight.com/customer-success-support" + }, + "dependencies": { + "criteria": [ + { + "version": "[variables('dataConnectorCCPVersion')]", + "contentId": "[variables('_dataConnectorContentIdConnections3')]", + "kind": "ResourcesDataConnector" + } + ] + } + } + }, + { + "name": "BitSightStatisticsDCR", + "apiVersion": "2022-06-01", + "type": "Microsoft.Insights/dataCollectionRules", + "location": "[parameters('workspace-location')]", + "kind": "[variables('blanks')]", + "properties": { + "dataCollectionEndpointId": "[variables('dataCollectionEndpointId3')]", + "streamDeclarations": { + "Custom-BitSightFindingsSummary_CL": { + "columns": [ + { + "name": "company_name", + "type": "string" + }, + { + "name": "company_guid", + "type": "string" + }, + { + "name": "start_date", + "type": "string" + }, + { + "name": "end_date", + "type": "string" + }, + { + "name": "stats", + "type": "dynamic" + }, + { + "name": "connectionName", + "type": "string" + } + ] + }, + "Custom-BitSightCompanyDetails_CL": { + "columns": [ + { + "name": "guid", + "type": "string" + }, + { + "name": "name", + "type": "string" + }, + { + "name": "shortname", + "type": "string" + }, + { + "name": "type", + "type": "string" + }, + { + "name": "description", + "type": "string" + }, + { + "name": "primary_domain", + "type": "string" + }, + { + "name": "homepage", + "type": "string" + }, + { + "name": "display_url", + "type": "string" + }, + { + "name": "sparkline", + "type": "string" + }, + { + "name": "industry", + "type": "string" + }, + { + "name": "industry_slug", + "type": "string" + }, + { + "name": "sub_industry", + "type": "string" + }, + { + "name": "sub_industry_slug", + "type": "string" + }, + { + "name": "ipv4_count", + "type": "int" + }, + { + "name": "people_count", + "type": "int" + }, + { + "name": "search_count", + "type": "int" + }, + { + "name": "customer_monitoring_count", + "type": "int" + }, + { + "name": "current_rating", + "type": "int" + }, + { + "name": "rating_industry_median", + "type": "string" + }, + { + "name": "ratings", + "type": "dynamic" + }, + { + "name": "subscription_type", + "type": "string" + }, + { + "name": "subscription_type_key", + "type": "string" + }, + { + "name": "subscription_end_date", + "type": "string" + }, + { + "name": "bulk_email_sender_status", + "type": "string" + }, + { + "name": "security_grade", + "type": "string" + }, + { + "name": "service_provider", + "type": "boolean" + }, + { + "name": "has_company_tree", + "type": "boolean" + }, + { + "name": "has_preferred_contact", + "type": "boolean" + }, + { + "name": "is_bundle", + "type": "boolean" + }, + { + "name": "is_primary", + "type": "boolean" + }, + { + "name": "in_spm_portfolio", + "type": "boolean" + }, + { + "name": "is_mycomp_mysubs_bundle", + "type": "boolean" + }, + { + "name": "is_csp", + "type": "boolean" + }, + { + "name": "has_delegated_security_controls", + "type": "boolean" + }, + { + "name": "custom_id", + "type": "dynamic" + }, + { + "name": "available_upgrade_types", + "type": "dynamic" + }, + { + "name": "company_features", + "type": "dynamic" + }, + { + "name": "related_companies", + "type": "dynamic" + }, + { + "name": "primary_company", + "type": "dynamic" + }, + { + "name": "compliance_claim", + "type": "dynamic" + }, + { + "name": "permissions", + "type": "dynamic" + }, + { + "name": "connectionName", + "type": "string" + } + ] + }, + "Custom-BitSightCompanyRatingDetails_CL": { + "columns": [ + { + "name": "company_name", + "type": "string" + }, + { + "name": "company_guid", + "type": "string" + }, + { + "name": "risk_vector_slug", + "type": "string" + }, + { + "name": "name", + "type": "string" + }, + { + "name": "category", + "type": "string" + }, + { + "name": "category_order", + "type": "int" + }, + { + "name": "rating", + "type": "int" + }, + { + "name": "grade", + "type": "string" + }, + { + "name": "percentile", + "type": "int" + }, + { + "name": "grade_color", + "type": "string" + }, + { + "name": "order", + "type": "int" + }, + { + "name": "display_url", + "type": "string" + }, + { + "name": "beta", + "type": "boolean" + }, + { + "name": "connectionName", + "type": "string" + } + ] + }, + "Custom-BitSightDiligenceHistoricalStatistics_CL": { + "columns": [ + { + "name": "company_name", + "type": "string" + }, + { + "name": "company_guid", + "type": "string" + }, + { + "name": "date", + "type": "string" + }, + { + "name": "grade", + "type": "string" + }, + { + "name": "counts", + "type": "dynamic" + }, + { + "name": "connectionName", + "type": "string" + } + ] + }, + "Custom-BitSightDiligenceStatistics_CL": { + "columns": [ + { + "name": "company_name", + "type": "string" + }, + { + "name": "company_guid", + "type": "string" + }, + { + "name": "risk_vector", + "type": "string" + }, + { + "name": "unknown", + "type": "int" + }, + { + "name": "bad", + "type": "int" + }, + { + "name": "warn", + "type": "int" + }, + { + "name": "neutral", + "type": "int" + }, + { + "name": "fair", + "type": "int" + }, + { + "name": "good", + "type": "int" + }, + { + "name": "spear_phishing", + "type": "int" + }, + { + "name": "bit_flip", + "type": "int" + }, + { + "name": "typographical_errors", + "type": "int" + }, + { + "name": "tld_variant", + "type": "int" + }, + { + "name": "total_count", + "type": "int" + }, + { + "name": "connectionName", + "type": "string" + } + ] + }, + "Custom-BitSightObservationStatistics_CL": { + "columns": [ + { + "name": "company_name", + "type": "string" + }, + { + "name": "company_guid", + "type": "string" + }, + { + "name": "risk_vector", + "type": "string" + }, + { + "name": "count", + "type": "int" + }, + { + "name": "count_period", + "type": "string" + }, + { + "name": "average_duration_days", + "type": "real" + }, + { + "name": "connectionName", + "type": "string" + } + ] + }, + "Custom-BitsightVulnerabilitiesFindingsSummary_CL": { + "columns": [ + { + "name": "name", + "type": "string" + }, + { + "name": "display_name", + "type": "string" + }, + { + "name": "description", + "type": "string" + }, + { + "name": "severity", + "type": "string" + }, + { + "name": "connectionName", + "type": "string" + } + ] + }, + "Custom-BitsightIndustrialStatistics_CL": { + "columns": [ + { + "name": "company_name", + "type": "string" + }, + { + "name": "company_guid", + "type": "string" + }, + { + "name": "risk_vector", + "type": "string" + }, + { + "name": "count", + "type": "int" + }, + { + "name": "count_period", + "type": "string" + }, + { + "name": "average_duration_days", + "type": "real" + }, + { + "name": "connectionName", + "type": "string" + } + ] + } + }, + "destinations": { + "logAnalytics": [ + { + "workspaceResourceId": "[variables('workspaceResourceId')]", + "name": "clv2ws1" + } + ] + }, + "dataFlows": [ + { + "streams": [ + "Custom-BitSightFindingsSummary_CL" + ], + "destinations": [ + "clv2ws1" + ], + "outputStream": "Custom-BitSightFindingsSummary_CL", + "transformKql": "source | extend TimeGenerated = iff(isnull(['end_date']) or todatetime(['end_date']) < ago(2d), now(), todatetime(['end_date'])) , CompanyName = ['company_name'] , CompanyGuid = ['company_guid'] , StartDate = ['start_date'] , EndDate = ['end_date'] , Stats = ['stats'] , ConnectorName = ['connectionName'] | project TimeGenerated , CompanyName , CompanyGuid , StartDate , EndDate , Stats , ConnectorName" + }, + { + "streams": [ + "Custom-BitSightCompanyDetails_CL" + ], + "destinations": [ + "clv2ws1" + ], + "outputStream": "Custom-BitSightCompanyDetails_CL", + "transformKql": "source | extend TimeGenerated = now() , Guid = ['guid'] , Name = ['name'] , Shortname = ['shortname'] , CompanyType = ['type'] , Description = ['description'] , PrimaryDomain = ['primary_domain'] , Homepage = ['homepage'] , DisplayUrl = ['display_url'] , Sparkline = ['sparkline'] , Industry = ['industry'] , IndustrySlug = ['industry_slug'] , SubIndustry = ['sub_industry'] , SubIndustrySlug = ['sub_industry_slug'] , Ipv4Count = ['ipv4_count'] , PeopleCount = ['people_count'] , SearchCount = ['search_count'] , CustomerMonitoringCount = ['customer_monitoring_count'] , CurrentRating = ['current_rating'] , RatingIndustryMedian = ['rating_industry_median'] , Ratings = ['ratings'] , SubscriptionType = ['subscription_type'] , SubscriptionTypeKey = ['subscription_type_key'] , SubscriptionEndDate = ['subscription_end_date'] , BulkEmailSenderStatus = ['bulk_email_sender_status'] , SecurityGrade = ['security_grade'] , ServiceProvider = ['service_provider'] , HasCompanyTree = ['has_company_tree'] , HasPreferredContact = ['has_preferred_contact'] , IsBundle = ['is_bundle'] , IsPrimary = ['is_primary'] , InSpmPortfolio = ['in_spm_portfolio'] , IsMycompMysubsBundle = ['is_mycomp_mysubs_bundle'] , IsCsp = ['is_csp'] , HasDelegatedSecurityControls = ['has_delegated_security_controls'] , CustomId = ['custom_id'] , AvailableUpgradeTypes = ['available_upgrade_types'] , CompanyFeatures = ['company_features'] , RelatedCompanies = ['related_companies'] , PrimaryCompany = ['primary_company'] , ComplianceClaim = ['compliance_claim'] , Permissions = ['permissions'] , ConnectorName = ['connectionName'] | project TimeGenerated , Guid , Name , Shortname , CompanyType , Description , PrimaryDomain , Homepage , DisplayUrl , Sparkline , Industry , IndustrySlug , SubIndustry , SubIndustrySlug , Ipv4Count , PeopleCount , SearchCount , CustomerMonitoringCount , CurrentRating , RatingIndustryMedian , Ratings , SubscriptionType , SubscriptionTypeKey , SubscriptionEndDate , BulkEmailSenderStatus , SecurityGrade , ServiceProvider , HasCompanyTree , HasPreferredContact , IsBundle , IsPrimary , InSpmPortfolio , IsMycompMysubsBundle , IsCsp , HasDelegatedSecurityControls , CustomId , AvailableUpgradeTypes , CompanyFeatures , RelatedCompanies , PrimaryCompany , ComplianceClaim , Permissions , ConnectorName" + }, + { + "streams": [ + "Custom-BitSightCompanyRatingDetails_CL" + ], + "destinations": [ + "clv2ws1" + ], + "outputStream": "Custom-BitSightCompanyRatingDetails_CL", + "transformKql": "source | extend TimeGenerated = now() , CompanyName = ['company_name'] , CompanyGuid = ['company_guid'] , RiskVectorSlug = ['risk_vector_slug'] , RiskVectorLabel = ['name'] , RiskCategory = ['category'] , CategoryOrder = ['category_order'] , Rating = ['rating'] , Grade = ['grade'] , Percentile = ['percentile'] , GradeColor = ['grade_color'] , RiskVectorOrder = ['order'] , DisplayUrl = ['display_url'] , Beta = ['beta'] , ConnectorName = ['connectionName'] | project TimeGenerated , CompanyName , CompanyGuid , RiskVectorSlug , RiskVectorLabel , RiskCategory , CategoryOrder , Rating , Grade , Percentile , GradeColor , RiskVectorOrder , DisplayUrl , Beta , ConnectorName" + }, + { + "streams": [ + "Custom-BitSightDiligenceHistoricalStatistics_CL" + ], + "destinations": [ + "clv2ws1" + ], + "outputStream": "Custom-BitSightDiligenceHistoricalStatistics_CL", + "transformKql": "source | extend TimeGenerated = now() , CompanyName = ['company_name'] , CompanyGuid = ['company_guid'] , RecordDate = ['date'] , Grade = ['grade'] , Counts = ['counts'] , ConnectorName = ['connectionName'] | project TimeGenerated , CompanyName , CompanyGuid , RecordDate , Grade , Counts , ConnectorName" + }, + { + "streams": [ + "Custom-BitSightDiligenceStatistics_CL" + ], + "destinations": [ + "clv2ws1" + ], + "outputStream": "Custom-BitSightDiligenceStatistics_CL", + "transformKql": "source | extend TimeGenerated = now() , CompanyName = ['company_name'] , CompanyGuid = ['company_guid'] , RiskVector = ['risk_vector'] , Unknown = ['unknown'] , Bad = ['bad'] , Warn = ['warn'] , Neutral = ['neutral'] , Fair = ['fair'] , Good = ['good'] , SpearPhishing = ['spear_phishing'] , BitFlip = ['bit_flip'] , TypographicalErrors = ['typographical_errors'] , TldVariant = ['tld_variant'] , TotalCount = ['total_count'] , ConnectorName = ['connectionName'] | project TimeGenerated , CompanyName , CompanyGuid , RiskVector , Unknown , Bad , Warn , Neutral , Fair , Good , SpearPhishing , BitFlip , TypographicalErrors , TldVariant , TotalCount , ConnectorName" + }, + { + "streams": [ + "Custom-BitSightObservationStatistics_CL" + ], + "destinations": [ + "clv2ws1" + ], + "outputStream": "Custom-BitSightObservationStatistics_CL", + "transformKql": "source | extend TimeGenerated = now() , CompanyName = ['company_name'] , CompanyGuid = ['company_guid'] , RiskVector = ['risk_vector'] , ObservationCount = ['count'] , CountPeriod = ['count_period'] , AverageDurationDays = ['average_duration_days'] , ConnectorName = ['connectionName'] | project TimeGenerated , CompanyName , CompanyGuid , RiskVector , ObservationCount , CountPeriod , AverageDurationDays , ConnectorName" + }, + { + "streams": [ + "Custom-BitsightIndustrialStatistics_CL" + ], + "destinations": [ + "clv2ws1" + ], + "outputStream": "Custom-BitsightIndustrialStatistics_CL", + "transformKql": "source | extend TimeGenerated = now() , CompanyName = ['company_name'] , CompanyGuid = ['company_guid'] , RiskVector = ['risk_vector'] , IncidentCount = ['count'] , CountPeriod = ['count_period'] , AverageDurationDays = ['average_duration_days'] , ConnectorName = ['connectionName'] | project TimeGenerated , CompanyName , CompanyGuid , RiskVector , IncidentCount , CountPeriod , AverageDurationDays , ConnectorName" + }, + { + "streams": [ + "Custom-BitsightVulnerabilitiesFindingsSummary_CL" + ], + "destinations": [ + "clv2ws1" + ], + "outputStream": "Custom-BitsightVulnerabilitiesFindingsSummary_CL", + "transformKql": "source | extend TimeGenerated = now() , Name = ['name'] , DisplayName = ['display_name'] , Description = ['description'] , Severity = ['severity'] , ConnectorName = ['connectionName'] | project TimeGenerated , Name , DisplayName , Description , Severity , ConnectorName" + } + ] + } + }, + { + "name": "BitsightVulnerabilitiesFindingsSummary_CL", + "apiVersion": "2022-10-01", + "type": "Microsoft.OperationalInsights/workspaces/tables", + "location": "[parameters('workspace-location')]", + "kind": null, + "properties": { + "retentionInDays": 180, + "schema": { + "name": "BitsightVulnerabilitiesFindingsSummary_CL", + "description": "The BitsightVulnerabilitiesFindingsSummary table contains vulnerability reference data from the BitSight defaults API. Used at query time to enrich BitSightFindingsSummary with Severity and Description via the KQL parser.", + "columns": [ + { + "name": "TimeGenerated", + "type": "datetime", + "isDefaultDisplay": true + }, + { + "name": "Name", + "type": "string", + "description": "Slug identifier for the vulnerability type (e.g., 'patching_cadence')." + }, + { + "name": "DisplayName", + "type": "string", + "description": "Human-readable name of the vulnerability type." + }, + { + "name": "Description", + "type": "string", + "description": "Description of what the vulnerability type measures." + }, + { + "name": "Severity", + "type": "string", + "description": "Severity level of the vulnerability type (e.g., 'high', 'medium', 'low')." + }, + { + "name": "ConnectorName", + "type": "string", + "description": "Connection name identifier for multi-instance tracking." + } + ] + } + } + } + ] + }, + "packageKind": "Solution", + "packageVersion": "[variables('_solutionVersion')]", + "packageName": "[variables('_solutionName')]", + "contentProductId": "[concat(take(variables('_solutionId'), 50),'-','dc','-', uniqueString(concat(variables('_solutionId'),'-','DataConnector','-',variables('_dataConnectorContentIdConnectorDefinition3'),'-', variables('dataConnectorCCPVersion'))))]", + "packageId": "[variables('_solutionId')]", + "contentSchemaVersion": "3.0.0", + "version": "[variables('dataConnectorCCPVersion')]" + } + }, + { + "name": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',variables('_dataConnectorContentIdConnectorDefinition3'))]", + "apiVersion": "2022-09-01-preview", + "type": "Microsoft.OperationalInsights/workspaces/providers/dataConnectorDefinitions", + "location": "[parameters('workspace-location')]", + "kind": "Customizable", + "properties": { + "connectorUiConfig": { + "id": "BitSightStatisticsConnector", + "title": "BitSight Security Statistics (via Codeless Connector Framework)", + "publisher": "Microsoft", + "descriptionMarkdown": "The [BitSight](https://www.bitsight.com/) data connector provides the capability to ingest security statistics, company profiles, rating details, diligence history, risk vector statistics, and vulnerability data from your BitSight portfolio into Microsoft Sentinel through the BitSight REST API. Refer to the [BitSight API documentation](https://help.bitsighttech.com/hc/en-us/articles/115014888388-API-Token-Management) for more information.", + "graphQueriesTableName": "BitSightCompanyDetails", + "graphQueries": [ + { + "metricName": "Total Company Detail records received", + "legend": "BitSight Company Details", + "baseQuery": "{{graphQueriesTableName}}" + }, + { + "metricName": "Total Company Rating Details received", + "legend": "BitSight Company Rating Details", + "baseQuery": "BitSightCompanyRatingDetails" + }, + { + "metricName": "Total Diligence Historical Statistics received", + "legend": "BitSight Diligence Historical Statistics", + "baseQuery": "BitSightDiligenceHistoricalStatistics" + }, + { + "metricName": "Total Diligence Statistics received", + "legend": "BitSight Diligence Statistics", + "baseQuery": "BitSightDiligenceStatistics" + }, + { + "metricName": "Total Observations Statistics received", + "legend": "BitSight Observations Statistics", + "baseQuery": "BitSightObservationStatistics" + }, + { + "metricName": "Total Industries Statistics received", + "legend": "BitSight Industries Statistics", + "baseQuery": "BitsightIndustrialStatistics" + }, + { + "metricName": "Total Findings Summary records received", + "legend": "BitSight Findings Summary", + "baseQuery": "BitSightFindingsSummary" + }, + { + "metricName": "Total Vulnerabilities received", + "legend": "BitSight Vulnerabilities", + "baseQuery": "BitsightVulnerabilitiesFindingsSummary" + } + ], + "sampleQueries": [ + { + "description": "Get sample of BitSight Company Details", + "query": "{{graphQueriesTableName}}\n | take 10" + }, + { + "description": "Get company security ratings over time", + "query": "{{graphQueriesTableName}}\n | where TimeGenerated > ago(90d)\n | summarize LatestRating = arg_max(TimeGenerated, CurrentRating) by Name\n | order by LatestRating asc" + }, + { + "description": "Get sample of BitSight Company Rating Details", + "query": "BitSightCompanyRatingDetails\n | take 10" + }, + { + "description": "Get findings summary with latest data per company/stat", + "query": "BitSightFindingsSummary\n | where TimeGenerated > ago(1d)\n | take 10" + }, + { + "description": "Get sample of BitSight Vulnerabilities", + "query": "BitsightVulnerabilitiesFindingsSummary\n | take 10" + } + ], + "dataTypes": [ + { + "name": "{{graphQueriesTableName}}", + "lastDataReceivedQuery": "{{graphQueriesTableName}}\n | where TimeGenerated > ago(12h)\n | summarize Time = max(TimeGenerated)\n | where isnotempty(Time)" + }, + { + "name": "BitSightCompanyRatingDetails", + "lastDataReceivedQuery": "BitSightCompanyRatingDetails\n | where TimeGenerated > ago(12h)\n | summarize Time = max(TimeGenerated)\n | where isnotempty(Time)" + }, + { + "name": "BitSightFindingsSummary", + "lastDataReceivedQuery": "BitSightFindingsSummary\n | where TimeGenerated > ago(12h)\n | summarize Time = max(TimeGenerated)\n | where isnotempty(Time)" + }, + { + "name": "BitSightDiligenceHistoricalStatistics", + "lastDataReceivedQuery": "BitSightDiligenceHistoricalStatistics\n| where TimeGenerated > ago(12h)\n| summarize Time = max(TimeGenerated)\n| where isnotempty(Time)" + }, + { + "name": "BitSightDiligenceStatistics", + "lastDataReceivedQuery": "BitSightDiligenceStatistics\n| where TimeGenerated > ago(12h)\n| summarize Time = max(TimeGenerated)\n| where isnotempty(Time)" + }, + { + "name": "BitSightObservationStatistics", + "lastDataReceivedQuery": "BitSightObservationStatistics\n| where TimeGenerated > ago(12h)\n| summarize Time = max(TimeGenerated)\n| where isnotempty(Time)" + }, + { + "name": "BitsightIndustrialStatistics", + "lastDataReceivedQuery": "BitsightIndustrialStatistics\n| where TimeGenerated > ago(12h)\n| summarize Time = max(TimeGenerated)\n| where isnotempty(Time)" + }, + { + "name": "BitsightVulnerabilitiesFindingsSummary", + "lastDataReceivedQuery": "BitsightVulnerabilitiesFindingsSummary\n| where TimeGenerated > ago(12h)\n| summarize Time = max(TimeGenerated)\n| where isnotempty(Time)" + } + ], + "connectivityCriteria": [ + { + "type": "HasDataConnectors" + } + ], + "availability": { + "isPreview": true, + "status": 1 + }, + "permissions": { + "resourceProvider": [ + { + "provider": "Microsoft.OperationalInsights/workspaces", + "permissionsDisplayText": "Read and Write permissions are required.", + "providerDisplayName": "Workspace", + "scope": "Workspace", + "requiredPermissions": { + "write": true, + "read": true, + "delete": true, + "action": false + } + } + ], + "customs": [ + { + "name": "BitSight API Token", + "description": "A BitSight API Token is required to authenticate requests to the BitSight REST API. [See the documentation](https://help.bitsighttech.com/hc/en-us/articles/115014888388-API-Token-Management) to learn more about API Token management." + } + ] + }, + "instructionSteps": [ + { + "title": "1. Connection Management", + "description": "Manage your BitSight statistics data stream connections", + "instructions": [ + { + "type": "Markdown", + "parameters": { + "content": "## BitSight Statistics Connections\n\nManage multiple BitSight statistics connections. Each connection selects one or more **data streams** to ingest and assigns a **Connection Name** stored in the `connectionName` column of every ingested record.\n\n> **Authentication**: BitSight uses HTTP Basic Authentication where the API token is used as **both** the username and password." + } + }, + { + "type": "DataConnectorsGrid", + "parameters": { + "mapping": [ + { + "columnName": "Connection Name", + "columnValue": "properties.addOnAttributes.connectionName" + }, + { + "columnName": "Active Streams", + "columnValue": "properties.addOnAttributes.streams" + }, + { + "columnName": "API URL", + "columnValue": "properties.request.apiEndpoint" + } + ], + "menuItems": [ + "DeleteConnector" + ] + } + }, + { + "type": "ContextPane", + "parameters": { + "isPrimary": true, + "label": "Add Connection", + "title": "Add BitSight Statistics Connection", + "subtitle": "Configure a new BitSight statistics connection", + "contextPaneType": "DataConnectorsContextPane", + "instructionSteps": [ + { + "instructions": [ + { + "type": "Markdown", + "parameters": { + "content": "## 1. Select Data Streams\n\nChoose which BitSight statistics data types to collect for this connection. You can select multiple streams." + } + }, + { + "type": "Dropdown", + "parameters": { + "label": "Data Streams", + "name": "streams", + "options": [ + { + "key": "FindingsSummary", + "text": "FindingsSummary" + }, + { + "key": "CompanyDetails", + "text": "CompanyDetails" + }, + { + "key": "CompanyRatingDetails", + "text": "CompanyRatingDetails" + }, + { + "key": "DiligenceHistoricalStatistics", + "text": "DiligenceHistoricalStatistics" + }, + { + "key": "RiskVectorStatistics", + "text": "RiskVectorStatistics" + }, + { + "key": "IndustriesStatistics", + "text": "IndustriesStatistics" + }, + { + "key": "Vulnerabilities", + "text": "Vulnerabilities" + }, + { + "key": "ObservationsStatistics", + "text": "ObservationsStatistics" + } + ], + "isMultiSelect": true, + "defaultAllSelected": false, + "required": true + } + }, + { + "type": "Markdown", + "parameters": { + "content": "## 2. API Configuration" + } + }, + { + "type": "Textbox", + "parameters": { + "label": "BitSight API Base URL", + "placeholder": "https://api.bitsighttech.com", + "type": "text", + "name": "bitSightApiUrl", + "validations": { + "required": true + } + } + }, + { + "type": "Markdown", + "parameters": { + "content": "## 3. Authentication\n\nBitSight uses your API token as **both** the username and password for HTTP Basic Authentication." + } + }, + { + "type": "Textbox", + "parameters": { + "label": "BitSight API Token (Username)", + "placeholder": "Paste your BitSight API Token", + "type": "text", + "name": "username", + "validations": { + "required": true + } + } + }, + { + "type": "Textbox", + "parameters": { + "label": "BitSight API Token (Password)", + "placeholder": "Paste your BitSight API Token again", + "type": "password", + "name": "password", + "validations": { + "required": true + } + } + }, + { + "type": "InfoMessage", + "parameters": { + "text": "Obtain your API Token from **Settings > Account > User Preferences > API Token** in the BitSight portal.", + "visible": true, + "inline": false + } + }, + { + "type": "Markdown", + "parameters": { + "content": "## 4. Connection Name\n\nAssign a unique name to identify this connection in the grid and in every ingested log record." + } + }, + { + "type": "Textbox", + "parameters": { + "label": "Connection Name", + "placeholder": "e.g. BitSight-Statistics-Prod", + "type": "text", + "name": "connectionName", + "validations": { + "required": true + } + } + }, + { + "type": "InfoMessage", + "parameters": { + "text": "The connection name is stored in the `connectionName` column of every ingested record, enabling you to trace data back to this specific connection.", + "visible": true, + "inline": true + } + } + ] + } + ] + } + } + ] + } + ] + } + } + }, + { + "name": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat('DataConnector-', variables('_dataConnectorContentIdConnectorDefinition3')))]", + "apiVersion": "2022-01-01-preview", + "type": "Microsoft.OperationalInsights/workspaces/providers/metadata", + "properties": { + "parentId": "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/dataConnectorDefinitions', variables('_dataConnectorContentIdConnectorDefinition3'))]", + "contentId": "[variables('_dataConnectorContentIdConnectorDefinition3')]", + "kind": "DataConnector", + "version": "[variables('dataConnectorCCPVersion')]", + "source": { + "sourceId": "[variables('_solutionId')]", + "name": "[variables('_solutionName')]", + "kind": "Solution" + }, + "author": { + "name": "Microsoft", + "email": "[variables('_email')]" + }, + "support": { + "name": "BitSight Support", + "email": "support@bitsight.com", + "tier": "Partner", + "link": "https://www.bitsight.com/customer-success-support" + }, + "dependencies": { + "criteria": [ + { + "version": "[variables('dataConnectorCCPVersion')]", + "contentId": "[variables('_dataConnectorContentIdConnections3')]", + "kind": "ResourcesDataConnector" + } + ] + } + } + }, + { + "type": "Microsoft.OperationalInsights/workspaces/providers/contentTemplates", + "apiVersion": "2023-04-01-preview", + "name": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/', variables('dataConnectorTemplateNameConnections3'), variables('dataConnectorCCPVersion'))]", + "location": "[parameters('workspace-location')]", + "dependsOn": [ + "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]" + ], + "properties": { + "contentId": "[variables('_dataConnectorContentIdConnections3')]", + "displayName": "BitSight Security Statistics (via Codeless Connector Framework)", + "contentKind": "ResourcesDataConnector", + "mainTemplate": { + "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", + "contentVersion": "[variables('dataConnectorCCPVersion')]", + "parameters": { + "guidValue": { + "defaultValue": "[[newGuid()]", + "type": "securestring" + }, + "innerWorkspace": { + "defaultValue": "[parameters('workspace')]", + "type": "securestring" + }, + "connectorDefinitionName": { + "defaultValue": "BitSight Security Statistics (via Codeless Connector Framework)", + "type": "securestring", + "minLength": 1 + }, + "workspace": { + "defaultValue": "[parameters('workspace')]", + "type": "securestring" + }, + "dcrConfig": { + "defaultValue": { + "dataCollectionEndpoint": "data collection Endpoint", + "dataCollectionRuleImmutableId": "data collection rule immutableId" + }, + "type": "object" + }, + "streams": { + "defaultValue": "streams", + "type": "array" + }, + "bitSightApiUrl": { + "defaultValue": "bitSightApiUrl", + "type": "securestring", + "minLength": 1 + }, + "username": { + "defaultValue": "username", + "type": "securestring", + "minLength": 1 + }, + "password": { + "defaultValue": "password", + "type": "securestring", + "minLength": 1 + }, + "connectionName": { + "defaultValue": "connectionName", + "type": "securestring", + "minLength": 1 + } + }, + "variables": { + "_dataConnectorContentIdConnections3": "[variables('_dataConnectorContentIdConnections3')]" + }, + "resources": [ + { + "name": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat('DataConnector-', variables('_dataConnectorContentIdConnections3')))]", + "apiVersion": "2022-01-01-preview", + "type": "Microsoft.OperationalInsights/workspaces/providers/metadata", + "properties": { + "parentId": "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/dataConnectors', variables('_dataConnectorContentIdConnections3'))]", + "contentId": "[variables('_dataConnectorContentIdConnections3')]", + "kind": "ResourcesDataConnector", + "version": "[variables('dataConnectorCCPVersion')]", + "source": { + "sourceId": "[variables('_solutionId')]", + "name": "[variables('_solutionName')]", + "kind": "Solution" + }, + "author": { + "name": "Microsoft", + "email": "[variables('_email')]" + }, + "support": { + "name": "BitSight Support", + "email": "support@bitsight.com", + "tier": "Partner", + "link": "https://www.bitsight.com/customer-success-support" + } + } + }, + { + "name": "[[concat('parameters('workspace')', '/Microsoft.SecurityInsights/','BitSightFindingsSummary' , uniqueString(parameters('connectionName')) )]", + "apiVersion": "2023-02-01-preview", + "type": "Microsoft.OperationalInsights/workspaces/providers/dataConnectors", + "location": "[parameters('workspace-location')]", + "kind": "RestApiPoller", + "properties": { + "auth": { + "type": "Basic", + "UserName": "[[parameters('username')]", + "Password": "[[parameters('password')]" + }, + "request": { + "apiEndpoint": "[[concat(parameters('bitSightApiUrl'), '/ratings/v2/portfolio')]", + "httpMethod": "GET", + "rateLimitQPS": 1, + "paginatedCallsPerSecond": 1.0, + "queryWindowInMin": 1440, + "queryWindowDelayInMin": 60, + "retryCount": 3, + "timeoutInSeconds": 30, + "headers": { + "Accept": "application/json", + "X-BITSIGHT-CALLING-PLATFORM-VERSION": "Microsoft-Sentinel", + "X-BITSIGHT-CONNECTOR-NAME-VERSION": "3.0.2" + }, + "queryParameters": { + "fields": "name,guid" + } + }, + "response": { + "eventsJsonPaths": [ + "$.results[*]" + ], + "format": "json" + }, + "paging": { + "pagingType": "Offset", + "offsetParaName": "offset", + "pageSize": 500, + "pageSizeParameterName": "limit" + }, + "stepInfo": { + "stepType": "Nested", + "nextSteps": [ + { + "stepId": "fetch_findings_summary", + "stepPlaceholdersParsingKql": "source | project res = parse_json(data) | project company_guid_PlaceHolder = tostring(res['guid']), company_name_PlaceHolder = tostring(res['name'])" + } + ] + }, + "stepCollectorConfigs": { + "fetch_findings_summary": { + "shouldJoinNestedData": false, + "request": { + "apiEndpoint": "[[concat(parameters('bitSightApiUrl'), '/ratings/v1/companies/$company_guid_PlaceHolder$/findings/summary')]", + "httpMethod": "GET", + "queryWindowInMin": 1440, + "retryCount": 3, + "timeoutInSeconds": 30, + "headers": { + "Accept": "application/json", + "X-BITSIGHT-CALLING-PLATFORM-VERSION": "Microsoft-Sentinel", + "X-BITSIGHT-CONNECTOR-NAME-VERSION": "3.0.2" + } + }, + "response": { + "eventsJsonPaths": [ + "$[*]" + ], + "format": "json" + } + } + }, + "connectorDefinitionName": "BitSightStatisticsConnector", + "dataType": "BitSightFindingsSummary", + "dcrConfig": { + "streamName": "Custom-BitSightFindingsSummary_CL", + "dataCollectionEndpoint": "[[parameters('dcrConfig').dataCollectionEndpoint]", + "dataCollectionRuleImmutableId": "[[parameters('dcrConfig').dataCollectionRuleImmutableId]" + }, + "addOnAttributes": { + "company_guid": "$company_guid_PlaceHolder$", + "company_name": "$company_name_PlaceHolder$", + "connectionName": "[[parameters('connectionName')]", + "streams": "[[string(parameters('streams'))]" + } + }, + "condition": "[[contains(parameters('streams'), 'FindingsSummary')]" + }, + { + "name": "[[concat('parameters('workspace')', '/Microsoft.SecurityInsights/','BitSightCompanyDetails' , uniqueString(parameters('connectionName')) )]", + "apiVersion": "2023-02-01-preview", + "type": "Microsoft.OperationalInsights/workspaces/providers/dataConnectors", + "location": "[parameters('workspace-location')]", + "kind": "RestApiPoller", + "properties": { + "auth": { + "type": "Basic", + "UserName": "[[parameters('username')]", + "Password": "[[parameters('password')]" + }, + "request": { + "apiEndpoint": "[[concat(parameters('bitSightApiUrl'), '/ratings/v2/portfolio')]", + "httpMethod": "GET", + "rateLimitQPS": 1, + "paginatedCallsPerSecond": 1.0, + "queryWindowInMin": 1440, + "queryWindowDelayInMin": 60, + "retryCount": 3, + "timeoutInSeconds": 30, + "headers": { + "Accept": "application/json", + "X-BITSIGHT-CALLING-PLATFORM-VERSION": "Microsoft-Sentinel", + "X-BITSIGHT-CONNECTOR-NAME-VERSION": "3.0.2" + }, + "queryParameters": { + "fields": "name,guid" + } + }, + "response": { + "eventsJsonPaths": [ + "$.results[*]" + ], + "format": "json" + }, + "paging": { + "pagingType": "Offset", + "offsetParaName": "offset", + "pageSize": 500, + "pageSizeParameterName": "limit" + }, + "stepInfo": { + "stepType": "Nested", + "nextSteps": [ + { + "stepId": "fetch_company_detail", + "stepPlaceholdersParsingKql": "source | project res = parse_json(data) | project company_guid_PlaceHolder = tostring(res['guid'])" + } + ] + }, + "stepCollectorConfigs": { + "fetch_company_detail": { + "shouldJoinNestedData": false, + "request": { + "apiEndpoint": "[[concat(parameters('bitSightApiUrl'), '/ratings/v1/companies/$company_guid_PlaceHolder$')]", + "httpMethod": "GET", + "queryWindowInMin": 1440, + "retryCount": 3, + "timeoutInSeconds": 30, + "headers": { + "Accept": "application/json", + "X-BITSIGHT-CALLING-PLATFORM-VERSION": "Microsoft-Sentinel", + "X-BITSIGHT-CONNECTOR-NAME-VERSION": "3.0.2" + } + }, + "response": { + "eventsJsonPaths": [ + "$" + ], + "format": "json" + } + } + }, + "connectorDefinitionName": "BitSightStatisticsConnector", + "dataType": "BitSightCompanyDetails", + "dcrConfig": { + "streamName": "Custom-BitSightCompanyDetails_CL", + "dataCollectionEndpoint": "[[parameters('dcrConfig').dataCollectionEndpoint]", + "dataCollectionRuleImmutableId": "[[parameters('dcrConfig').dataCollectionRuleImmutableId]" + }, + "addOnAttributes": { + "connectionName": "[[parameters('connectionName')]", + "streams": "[[string(parameters('streams'))]" + } + }, + "condition": "[[contains(parameters('streams'), 'CompanyDetails')]" + }, + { + "name": "[[concat('parameters('workspace')', '/Microsoft.SecurityInsights/','BitSightCompanyRatingDetails' , uniqueString(parameters('connectionName')) )]", + "apiVersion": "2023-02-01-preview", + "type": "Microsoft.OperationalInsights/workspaces/providers/dataConnectors", + "location": "[parameters('workspace-location')]", + "kind": "RestApiPoller", + "properties": { + "auth": { + "type": "Basic", + "UserName": "[[parameters('username')]", + "Password": "[[parameters('password')]" + }, + "request": { + "apiEndpoint": "[[concat(parameters('bitSightApiUrl'), '/ratings/v2/portfolio')]", + "httpMethod": "GET", + "rateLimitQPS": 1, + "paginatedCallsPerSecond": 1.0, + "queryWindowInMin": 1440, + "queryWindowDelayInMin": 60, + "retryCount": 3, + "timeoutInSeconds": 30, + "headers": { + "Accept": "application/json", + "X-BITSIGHT-CALLING-PLATFORM-VERSION": "Microsoft-Sentinel", + "X-BITSIGHT-CONNECTOR-NAME-VERSION": "3.0.2" + }, + "queryParameters": { + "fields": "name,guid" + } + }, + "response": { + "eventsJsonPaths": [ + "$.results[*]" + ], + "format": "json" + }, + "paging": { + "pagingType": "Offset", + "offsetParaName": "offset", + "pageSize": 500, + "pageSizeParameterName": "limit" + }, + "stepInfo": { + "stepType": "Nested", + "nextSteps": [ + { + "stepId": "fetch_rating_details", + "stepPlaceholdersParsingKql": "source | project res = parse_json(data) | project company_guid_PlaceHolder = tostring(res['guid']), company_name_PlaceHolder = tostring(res['name'])" + } + ] + }, + "stepCollectorConfigs": { + "fetch_rating_details": { + "shouldJoinNestedData": false, + "request": { + "apiEndpoint": "[[concat(parameters('bitSightApiUrl'), '/ratings/v1/companies/$company_guid_PlaceHolder$')]", + "httpMethod": "GET", + "queryWindowInMin": 1440, + "retryCount": 3, + "timeoutInSeconds": 30, + "headers": { + "Accept": "application/json", + "X-BITSIGHT-CALLING-PLATFORM-VERSION": "Microsoft-Sentinel", + "X-BITSIGHT-CONNECTOR-NAME-VERSION": "3.0.2" + } + }, + "response": { + "eventsJsonPaths": [ + "$.rating_details.*" + ], + "format": "json" + } + } + }, + "connectorDefinitionName": "BitSightStatisticsConnector", + "dataType": "BitSightCompanyRatingDetails", + "dcrConfig": { + "streamName": "Custom-BitSightCompanyRatingDetails_CL", + "dataCollectionEndpoint": "[[parameters('dcrConfig').dataCollectionEndpoint]", + "dataCollectionRuleImmutableId": "[[parameters('dcrConfig').dataCollectionRuleImmutableId]" + }, + "addOnAttributes": { + "company_guid": "$company_guid_PlaceHolder$", + "company_name": "$company_name_PlaceHolder$", + "connectionName": "[[parameters('connectionName')]", + "streams": "[[string(parameters('streams'))]" + } + }, + "condition": "[[contains(parameters('streams'), 'CompanyRatingDetails')]" + }, + { + "name": "[[concat('parameters('workspace')', '/Microsoft.SecurityInsights/','BitSightDiligenceHistoricalStatistics' , uniqueString(parameters('connectionName')) )]", + "apiVersion": "2023-02-01-preview", + "type": "Microsoft.OperationalInsights/workspaces/providers/dataConnectors", + "location": "[parameters('workspace-location')]", + "kind": "RestApiPoller", + "properties": { + "auth": { + "type": "Basic", + "UserName": "[[parameters('username')]", + "Password": "[[parameters('password')]" + }, + "request": { + "apiEndpoint": "[[concat(parameters('bitSightApiUrl'), '/ratings/v2/portfolio')]", + "httpMethod": "GET", + "rateLimitQPS": 1, + "paginatedCallsPerSecond": 1.0, + "queryWindowInMin": 1440, + "queryWindowDelayInMin": 60, + "retryCount": 3, + "timeoutInSeconds": 30, + "headers": { + "Accept": "application/json", + "X-BITSIGHT-CALLING-PLATFORM-VERSION": "Microsoft-Sentinel", + "X-BITSIGHT-CONNECTOR-NAME-VERSION": "3.0.2" + }, + "queryParameters": { + "fields": "name,guid" + } + }, + "response": { + "eventsJsonPaths": [ + "$.results[*]" + ], + "format": "json" + }, + "paging": { + "pagingType": "Offset", + "offsetParaName": "offset", + "pageSize": 500, + "pageSizeParameterName": "limit" + }, + "stepInfo": { + "stepType": "Nested", + "nextSteps": [ + { + "stepId": "fetch_diligence_historical", + "stepPlaceholdersParsingKql": "source | project res = parse_json(data) | project company_guid_PlaceHolder = tostring(res['guid']), company_name_PlaceHolder = tostring(res['name'])" + } + ] + }, + "stepCollectorConfigs": { + "fetch_diligence_historical": { + "shouldJoinNestedData": false, + "request": { + "apiEndpoint": "[[concat(parameters('bitSightApiUrl'), '/ratings/v1/companies/$company_guid_PlaceHolder$/diligence/historical-statistics')]", + "httpMethod": "GET", + "queryWindowInMin": 1440, + "retryCount": 3, + "timeoutInSeconds": 30, + "headers": { + "Accept": "application/json", + "X-BITSIGHT-CALLING-PLATFORM-VERSION": "Microsoft-Sentinel", + "X-BITSIGHT-CONNECTOR-NAME-VERSION": "3.0.2" + } + }, + "response": { + "eventsJsonPaths": [ + "$.results[*]" + ], + "format": "json" + } + } + }, + "connectorDefinitionName": "BitSightStatisticsConnector", + "dataType": "BitSightDiligenceHistoricalStatistics", + "dcrConfig": { + "streamName": "Custom-BitSightDiligenceHistoricalStatistics_CL", + "dataCollectionEndpoint": "[[parameters('dcrConfig').dataCollectionEndpoint]", + "dataCollectionRuleImmutableId": "[[parameters('dcrConfig').dataCollectionRuleImmutableId]" + }, + "addOnAttributes": { + "company_guid": "$company_guid_PlaceHolder$", + "company_name": "$company_name_PlaceHolder$", + "connectionName": "[[parameters('connectionName')]", + "streams": "[[string(parameters('streams'))]" + } + }, + "condition": "[[contains(parameters('streams'), 'DiligenceHistoricalStatistics')]" + }, + { + "name": "[[concat('parameters('workspace')', '/Microsoft.SecurityInsights/','BitSightDiligenceStatistics' , uniqueString(parameters('connectionName')) )]", + "apiVersion": "2023-02-01-preview", + "type": "Microsoft.OperationalInsights/workspaces/providers/dataConnectors", + "location": "[parameters('workspace-location')]", + "kind": "RestApiPoller", + "properties": { + "auth": { + "type": "Basic", + "UserName": "[[parameters('username')]", + "Password": "[[parameters('password')]" + }, + "request": { + "apiEndpoint": "[[concat(parameters('bitSightApiUrl'), '/ratings/v2/portfolio')]", + "httpMethod": "GET", + "rateLimitQPS": 1, + "paginatedCallsPerSecond": 1.0, + "queryWindowInMin": 1440, + "queryWindowDelayInMin": 60, + "retryCount": 3, + "timeoutInSeconds": 30, + "headers": { + "Accept": "application/json", + "X-BITSIGHT-CALLING-PLATFORM-VERSION": "Microsoft-Sentinel", + "X-BITSIGHT-CONNECTOR-NAME-VERSION": "3.0.2" + }, + "queryParameters": { + "fields": "name,guid" + } + }, + "response": { + "eventsJsonPaths": [ + "$.results[*]" + ], + "format": "json" + }, + "paging": { + "pagingType": "Offset", + "offsetParaName": "offset", + "pageSize": 500, + "pageSizeParameterName": "limit" + }, + "stepInfo": { + "stepType": "Nested", + "nextSteps": [ + { + "stepId": "fetch_diligence_statistics", + "stepPlaceholdersParsingKql": "source | project res = parse_json(data) | project company_guid_PlaceHolder = tostring(res['guid']), company_name_PlaceHolder = tostring(res['name'])" + } + ] + }, + "stepCollectorConfigs": { + "fetch_diligence_statistics": { + "shouldJoinNestedData": false, + "request": { + "apiEndpoint": "[[concat(parameters('bitSightApiUrl'), '/ratings/v1/companies/$company_guid_PlaceHolder$/diligence/statistics')]", + "httpMethod": "GET", + "queryWindowInMin": 1440, + "retryCount": 3, + "timeoutInSeconds": 30, + "headers": { + "Accept": "application/json", + "X-BITSIGHT-CALLING-PLATFORM-VERSION": "Microsoft-Sentinel", + "X-BITSIGHT-CONNECTOR-NAME-VERSION": "3.0.2" + } + }, + "response": { + "eventsJsonPaths": [ + "$.risk_vectors.*" + ], + "format": "json" + } + } + }, + "connectorDefinitionName": "BitSightStatisticsConnector", + "dataType": "BitSightDiligenceStatistics", + "dcrConfig": { + "streamName": "Custom-BitSightDiligenceStatistics_CL", + "dataCollectionEndpoint": "[[parameters('dcrConfig').dataCollectionEndpoint]", + "dataCollectionRuleImmutableId": "[[parameters('dcrConfig').dataCollectionRuleImmutableId]" + }, + "addOnAttributes": { + "company_guid": "$company_guid_PlaceHolder$", + "company_name": "$company_name_PlaceHolder$", + "connectionName": "[[parameters('connectionName')]", + "streams": "[[string(parameters('streams'))]" + } + }, + "condition": "[[contains(parameters('streams'), 'RiskVectorStatistics')]" + }, + { + "name": "[[concat('parameters('workspace')', '/Microsoft.SecurityInsights/','BitSightObservationStatistics' , uniqueString(parameters('connectionName')), uniqueString('Obs') )]", + "apiVersion": "2023-02-01-preview", + "type": "Microsoft.OperationalInsights/workspaces/providers/dataConnectors", + "location": "[parameters('workspace-location')]", + "kind": "RestApiPoller", + "properties": { + "auth": { + "type": "Basic", + "UserName": "[[parameters('username')]", + "Password": "[[parameters('password')]" + }, + "request": { + "apiEndpoint": "[[concat(parameters('bitSightApiUrl'), '/ratings/v2/portfolio')]", + "httpMethod": "GET", + "rateLimitQPS": 1, + "paginatedCallsPerSecond": 1.0, + "queryWindowInMin": 1440, + "queryWindowDelayInMin": 60, + "retryCount": 3, + "timeoutInSeconds": 30, + "headers": { + "Accept": "application/json", + "X-BITSIGHT-CALLING-PLATFORM-VERSION": "Microsoft-Sentinel", + "X-BITSIGHT-CONNECTOR-NAME-VERSION": "3.0.2" + }, + "queryParameters": { + "fields": "name,guid" + } + }, + "response": { + "eventsJsonPaths": [ + "$.results[*]" + ], + "format": "json" + }, + "paging": { + "pagingType": "Offset", + "offsetParaName": "offset", + "pageSize": 500, + "pageSizeParameterName": "limit" + }, + "stepInfo": { + "stepType": "Nested", + "nextSteps": [ + { + "stepId": "fetch_observations_statistics", + "stepPlaceholdersParsingKql": "source | project res = parse_json(data) | project company_guid_PlaceHolder = tostring(res['guid']), company_name_PlaceHolder = tostring(res['name'])" + } + ] + }, + "stepCollectorConfigs": { + "fetch_observations_statistics": { + "shouldJoinNestedData": false, + "request": { + "apiEndpoint": "[[concat(parameters('bitSightApiUrl'), '/ratings/v1/companies/$company_guid_PlaceHolder$/observations/statistics')]", + "httpMethod": "GET", + "queryWindowInMin": 1440, + "retryCount": 3, + "timeoutInSeconds": 30, + "headers": { + "Accept": "application/json", + "X-BITSIGHT-CALLING-PLATFORM-VERSION": "Microsoft-Sentinel", + "X-BITSIGHT-CONNECTOR-NAME-VERSION": "3.0.2" + } + }, + "response": { + "eventsJsonPaths": [ + "$.risk_vectors.*" + ], + "format": "json" + } + } + }, + "connectorDefinitionName": "BitSightStatisticsConnector", + "dataType": "BitSightObservationStatistics", + "dcrConfig": { + "streamName": "Custom-BitSightObservationStatistics_CL", + "dataCollectionEndpoint": "[[parameters('dcrConfig').dataCollectionEndpoint]", + "dataCollectionRuleImmutableId": "[[parameters('dcrConfig').dataCollectionRuleImmutableId]" + }, + "addOnAttributes": { + "company_guid": "$company_guid_PlaceHolder$", + "company_name": "$company_name_PlaceHolder$", + "connectionName": "[[parameters('connectionName')]", + "streams": "[[string(parameters('streams'))]" + } + }, + "condition": "[[contains(parameters('streams'), 'ObservationsStatistics')]" + }, + { + "name": "[[concat('parameters('workspace')', '/Microsoft.SecurityInsights/','BitsightIndustrialStatistics' , uniqueString(parameters('connectionName')) )]", + "apiVersion": "2023-02-01-preview", + "type": "Microsoft.OperationalInsights/workspaces/providers/dataConnectors", + "location": "[parameters('workspace-location')]", + "kind": "RestApiPoller", + "properties": { + "auth": { + "type": "Basic", + "UserName": "[[parameters('username')]", + "Password": "[[parameters('password')]" + }, + "request": { + "apiEndpoint": "[[concat(parameters('bitSightApiUrl'), '/ratings/v2/portfolio')]", + "httpMethod": "GET", + "rateLimitQPS": 1, + "paginatedCallsPerSecond": 1.0, + "queryWindowInMin": 1440, + "queryWindowDelayInMin": 60, + "retryCount": 3, + "timeoutInSeconds": 30, + "headers": { + "Accept": "application/json", + "X-BITSIGHT-CALLING-PLATFORM-VERSION": "Microsoft-Sentinel", + "X-BITSIGHT-CONNECTOR-NAME-VERSION": "3.0.2" + }, + "queryParameters": { + "fields": "name,guid" + } + }, + "response": { + "eventsJsonPaths": [ + "$.results[*]" + ], + "format": "json" + }, + "paging": { + "pagingType": "Offset", + "offsetParaName": "offset", + "pageSize": 500, + "pageSizeParameterName": "limit" + }, + "stepInfo": { + "stepType": "Nested", + "nextSteps": [ + { + "stepId": "fetch_industries_statistics", + "stepPlaceholdersParsingKql": "source | project res = parse_json(data) | project company_guid_PlaceHolder = tostring(res['guid']), company_name_PlaceHolder = tostring(res['name'])" + } + ] + }, + "stepCollectorConfigs": { + "fetch_industries_statistics": { + "shouldJoinNestedData": false, + "request": { + "apiEndpoint": "[[concat(parameters('bitSightApiUrl'), '/ratings/v1/companies/$company_guid_PlaceHolder$/industries/statistics')]", + "httpMethod": "GET", + "queryWindowInMin": 1440, + "retryCount": 3, + "timeoutInSeconds": 30, + "headers": { + "Accept": "application/json", + "X-BITSIGHT-CALLING-PLATFORM-VERSION": "Microsoft-Sentinel", + "X-BITSIGHT-CONNECTOR-NAME-VERSION": "3.0.2" + } + }, + "response": { + "eventsJsonPaths": [ + "$.risk_vectors.*" + ], + "format": "json" + } + } + }, + "connectorDefinitionName": "BitSightStatisticsConnector", + "dataType": "BitsightIndustrialStatistics", + "dcrConfig": { + "streamName": "Custom-BitsightIndustrialStatistics_CL", + "dataCollectionEndpoint": "[[parameters('dcrConfig').dataCollectionEndpoint]", + "dataCollectionRuleImmutableId": "[[parameters('dcrConfig').dataCollectionRuleImmutableId]" + }, + "addOnAttributes": { + "company_guid": "$company_guid_PlaceHolder$", + "company_name": "$company_name_PlaceHolder$", + "connectionName": "[[parameters('connectionName')]", + "streams": "[[string(parameters('streams'))]" + } + }, + "condition": "[[contains(parameters('streams'), 'IndustriesStatistics')]" + }, + { + "name": "[[concat('parameters('workspace')', '/Microsoft.SecurityInsights/','BitsightVulnerabilitiesFindingsSummary' , uniqueString(parameters('connectionName')) )]", + "apiVersion": "2023-02-01-preview", + "type": "Microsoft.OperationalInsights/workspaces/providers/dataConnectors", + "location": "[parameters('workspace-location')]", + "kind": "RestApiPoller", + "properties": { + "auth": { + "type": "Basic", + "UserName": "[[parameters('username')]", + "Password": "[[parameters('password')]" + }, + "request": { + "apiEndpoint": "https://service.bitsighttech.com/customer-api/v1/defaults/vulnerabilities", + "httpMethod": "GET", + "rateLimitQPS": 1, + "paginatedCallsPerSecond": 1.0, + "queryWindowInMin": 1440, + "queryWindowDelayInMin": 60, + "retryCount": 3, + "timeoutInSeconds": 30, + "headers": { + "Accept": "application/json" + }, + "queryParameters": { + "fields": "name,display_name,description,severity" + } + }, + "response": { + "eventsJsonPaths": [ + "$[*]" + ], + "format": "json" + }, + "paging": { + "pagingType": "Offset", + "offsetParaName": "offset", + "pageSize": 500, + "pageSizeParameterName": "limit" + }, + "connectorDefinitionName": "BitSightStatisticsConnector", + "dataType": "BitsightVulnerabilitiesFindingsSummary", + "dcrConfig": { + "streamName": "Custom-BitsightVulnerabilitiesFindingsSummary_CL", + "dataCollectionEndpoint": "[[parameters('dcrConfig').dataCollectionEndpoint]", + "dataCollectionRuleImmutableId": "[[parameters('dcrConfig').dataCollectionRuleImmutableId]" + }, + "addOnAttributes": { + "connectionName": "[[parameters('connectionName')]", + "streams": "[[string(parameters('streams'))]" + } + }, + "condition": "[[contains(parameters('streams'), 'Vulnerabilities')]" + } + ] + }, + "packageKind": "Solution", + "packageVersion": "[variables('_solutionVersion')]", + "packageName": "[variables('_solutionName')]", + "contentProductId": "[concat(take(variables('_solutionId'), 50),'-','rdc','-', uniqueString(concat(variables('_solutionId'),'-','ResourcesDataConnector','-',variables('_dataConnectorContentIdConnections3'),'-', variables('dataConnectorCCPVersion'))))]", + "packageId": "[variables('_solutionId')]", + "contentSchemaVersion": "3.0.0", + "version": "[variables('dataConnectorCCPVersion')]" + } + }, + { + "type": "Microsoft.OperationalInsights/workspaces/providers/contentPackages", + "apiVersion": "2023-04-01-preview", + "location": "[parameters('workspace-location')]", + "properties": { + "version": "3.2.0", + "kind": "Solution", + "contentSchemaVersion": "3.0.0", + "displayName": "BitSight", + "publisherDisplayName": "BitSight Support", + "descriptionHtml": "

Note: Please refer to the following before installing the solution:

\n

• Review the solution Release Notes

\n

• There may be known issues pertaining to this Solution, please refer to them before installing.

\n

The BitSight solution enables security operations teams to integrate insights from BitSight's Security Ratings platform into Microsoft Sentinel via the Codeless Connector Framework (CCF). The connector ingests Security Ratings, Company Profiles, Risk Vector breakdowns, Diligence Historical Statistics, Findings Summaries, Industry peer comparisons, and Vulnerability reference data for companies in your BitSight portfolio.

\n

Underlying Microsoft Technologies used:

\n

This solution takes a dependency on the following technologies, and some of these dependencies either may be in Preview state or might result in additional ingestion or operational costs:

\n
    \n
  1. Codeless Connector Framework (CCF)
    2. \n
\n

Data Connectors: 3, Parsers: 13, Workbooks: 1, Analytic Rules: 6

\n

Learn more about Microsoft Sentinel | Learn more about Solutions

\n", + "contentKind": "Solution", + "contentProductId": "[variables('_solutioncontentProductId')]", + "id": "[variables('_solutioncontentProductId')]", + "icon": "", + "contentId": "[variables('_solutionId')]", + "parentId": "[variables('_solutionId')]", + "source": { + "kind": "Solution", + "name": "BitSight", + "sourceId": "[variables('_solutionId')]" + }, + "author": { + "name": "Microsoft", + "email": "[variables('_email')]" + }, + "support": { + "name": "BitSight Support", + "email": "support@bitsight.com", + "tier": "Partner", + "link": "https://www.bitsight.com/customer-success-support" + }, + "dependencies": { + "operator": "AND", + "criteria": [ + { + "kind": "Workbook", + "contentId": "[variables('_workbookContentId1')]", + "version": "[variables('workbookVersion1')]" + }, + { + "kind": "AnalyticsRule", + "contentId": "[variables('analyticRuleObject1')._analyticRulecontentId1]", + "version": "[variables('analyticRuleObject1').analyticRuleVersion1]" + }, + { + "kind": "AnalyticsRule", + "contentId": "[variables('analyticRuleObject2')._analyticRulecontentId2]", + "version": "[variables('analyticRuleObject2').analyticRuleVersion2]" + }, + { + "kind": "AnalyticsRule", + "contentId": "[variables('analyticRuleObject3')._analyticRulecontentId3]", + "version": "[variables('analyticRuleObject3').analyticRuleVersion3]" + }, + { + "kind": "AnalyticsRule", + "contentId": "[variables('analyticRuleObject4')._analyticRulecontentId4]", + "version": "[variables('analyticRuleObject4').analyticRuleVersion4]" + }, + { + "kind": "AnalyticsRule", + "contentId": "[variables('analyticRuleObject5')._analyticRulecontentId5]", + "version": "[variables('analyticRuleObject5').analyticRuleVersion5]" + }, + { + "kind": "AnalyticsRule", + "contentId": "[variables('analyticRuleObject6')._analyticRulecontentId6]", + "version": "[variables('analyticRuleObject6').analyticRuleVersion6]" + }, + { + "kind": "Parser", + "contentId": "[variables('parserObject1').parserContentId1]", + "version": "[variables('parserObject1').parserVersion1]" + }, + { + "kind": "Parser", + "contentId": "[variables('parserObject2').parserContentId2]", + "version": "[variables('parserObject2').parserVersion2]" + }, + { + "kind": "Parser", + "contentId": "[variables('parserObject3').parserContentId3]", + "version": "[variables('parserObject3').parserVersion3]" + }, + { + "kind": "Parser", + "contentId": "[variables('parserObject4').parserContentId4]", + "version": "[variables('parserObject4').parserVersion4]" + }, + { + "kind": "Parser", + "contentId": "[variables('parserObject5').parserContentId5]", + "version": "[variables('parserObject5').parserVersion5]" + }, + { + "kind": "Parser", + "contentId": "[variables('parserObject6').parserContentId6]", + "version": "[variables('parserObject6').parserVersion6]" + }, + { + "kind": "Parser", + "contentId": "[variables('parserObject7').parserContentId7]", + "version": "[variables('parserObject7').parserVersion7]" + }, + { + "kind": "Parser", + "contentId": "[variables('parserObject8').parserContentId8]", + "version": "[variables('parserObject8').parserVersion8]" + }, + { + "kind": "Parser", + "contentId": "[variables('parserObject9').parserContentId9]", + "version": "[variables('parserObject9').parserVersion9]" + }, + { + "kind": "Parser", + "contentId": "[variables('parserObject10').parserContentId10]", + "version": "[variables('parserObject10').parserVersion10]" + }, + { + "kind": "Parser", + "contentId": "[variables('parserObject11').parserContentId11]", + "version": "[variables('parserObject11').parserVersion11]" + }, + { + "kind": "Parser", + "contentId": "[variables('parserObject12').parserContentId12]", + "version": "[variables('parserObject12').parserVersion12]" + }, + { + "kind": "Parser", + "contentId": "[variables('parserObject13').parserContentId13]", + "version": "[variables('parserObject13').parserVersion13]" + }, + { + "kind": "DataConnector", + "contentId": "[variables('_dataConnectorContentId1')]", + "version": "[variables('dataConnectorVersion1')]" + }, + { + "kind": "DataConnector", + "contentId": "[variables('_dataConnectorContentIdConnections2')]", + "version": "[variables('dataConnectorCCPVersion')]" + }, + { + "kind": "DataConnector", + "contentId": "[variables('_dataConnectorContentIdConnections3')]", + "version": "[variables('dataConnectorCCPVersion')]" + } + ] + }, + "firstPublishDate": "2023-02-20", + "lastPublishDate": "2024-02-20", + "providers": [ + "Bitsight" + ], + "categories": { + "domains": [ + "Security - Others" + ] + } + }, + "name": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/', variables('_solutionId'))]" + } + ], + "outputs": {} +} diff --git a/Solutions/BitSight/ReleaseNotes.md b/Solutions/BitSight/ReleaseNotes.md index ce96cb6e882..1d5d3462872 100644 --- a/Solutions/BitSight/ReleaseNotes.md +++ b/Solutions/BitSight/ReleaseNotes.md @@ -1,6 +1,6 @@ | **Version** | **Date Modified (DD-MM-YYYY)** | **Change History** | |-------------|--------------------------------|--------------------------------------------------------------------| -| 3.2.0 | 04-06-2026 | Replaced legacy Function App connector with two **Codeless Connector Framework (CCF)** connectors: **BitSight Security Events** (Alerts, Breaches, Findings) and **BitSight Security Statistics** (CompanyDetails, CompanyRatingDetails, DiligenceHistoricalStatistics, DiligenceStatistics, ObservationStatistics, IndustrialStatistics, VulnerabilitiesFindingsSummary, FindingsSummary). Added parsers for **BitSightCompanyRatingDetails** and **BitSightVulnerabilitiesFindingsSummary**. | +| 3.2.0 | 04-06-2026 | Replaced legacy Function App connector with two **Codeless Connector Framework (CCF)** connectors: **BitSight Security Events** (Alerts, Breaches, Findings) and **BitSight Security Statistics** (CompanyDetails, CompanyRatingDetails, DiligenceHistoricalStatistics, DiligenceStatistics, ObservationStatistics, IndustrialStatistics, VulnerabilitiesFindingsSummary, FindingsSummary). Added parsers for **BitSightCompanyRatingDetails** and **BitSightVulnerabilitiesFindingsSummary**. Updated Function App UI page for Log Ingestion API. | | 3.1.1 | 22-04-2026 | Updated **Solution Package** with the fix of solutionId | | 3.1.0 | 31-03-2026 | Updated the python runtime version to 3.12. Added support for Log Ingestion API and updated parsers accordingly.
Reverted the solution id to fix the BitSight Solution publishing issue. | | 3.0.2 | 26-07-2024 | Update **Analytic rules** for missing TTP | From c06915593acd27a1ba24c8ff09cba838b4d9e998 Mon Sep 17 00:00:00 2001 From: Fenil Savani Date: Tue, 16 Jun 2026 15:23:42 +0530 Subject: [PATCH 2/2] Change in release note --- Solutions/BitSight/ReleaseNotes.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Solutions/BitSight/ReleaseNotes.md b/Solutions/BitSight/ReleaseNotes.md index 1d5d3462872..f85801603ea 100644 --- a/Solutions/BitSight/ReleaseNotes.md +++ b/Solutions/BitSight/ReleaseNotes.md @@ -1,6 +1,6 @@ | **Version** | **Date Modified (DD-MM-YYYY)** | **Change History** | |-------------|--------------------------------|--------------------------------------------------------------------| -| 3.2.0 | 04-06-2026 | Replaced legacy Function App connector with two **Codeless Connector Framework (CCF)** connectors: **BitSight Security Events** (Alerts, Breaches, Findings) and **BitSight Security Statistics** (CompanyDetails, CompanyRatingDetails, DiligenceHistoricalStatistics, DiligenceStatistics, ObservationStatistics, IndustrialStatistics, VulnerabilitiesFindingsSummary, FindingsSummary). Added parsers for **BitSightCompanyRatingDetails** and **BitSightVulnerabilitiesFindingsSummary**. Updated Function App UI page for Log Ingestion API. | +| 3.2.0 | 15-06-2026 | Replaced legacy Function App connector with two **Codeless Connector Framework (CCF)** connectors: **BitSight Security Events** (Alerts, Breaches, Findings) and **BitSight Security Statistics** (CompanyDetails, CompanyRatingDetails, DiligenceHistoricalStatistics, DiligenceStatistics, ObservationStatistics, IndustrialStatistics, VulnerabilitiesFindingsSummary, FindingsSummary). Added parsers for **BitSightCompanyRatingDetails** and **BitSightVulnerabilitiesFindingsSummary**. Updated Function App UI page for Log Ingestion API. | | 3.1.1 | 22-04-2026 | Updated **Solution Package** with the fix of solutionId | | 3.1.0 | 31-03-2026 | Updated the python runtime version to 3.12. Added support for Log Ingestion API and updated parsers accordingly.
Reverted the solution id to fix the BitSight Solution publishing issue. | | 3.0.2 | 26-07-2024 | Update **Analytic rules** for missing TTP |