Merge pull request #11687 from Azure/v-prasadboke-ctera

Ctera Packaged and analytic rule count corrected
Azure · Jan 22, 2025 · db2fcb2 · db2fcb2
2 parents 266d8dd + 4778229
commit db2fcb2
Show file tree

Hide file tree

Showing 4 changed files with 612 additions and 915 deletions.
diff --git a/Solutions/CTERA/Data Connectors/CTERA_Data_Connector.json b/Solutions/CTERA/Data Connectors/CTERA_Data_Connector.json
@@ -37,16 +37,16 @@
         {
             "type": "IsConnectedQuery",
             "value": [
-                "Syslog\n   | where TimeGenerated > ago(3d)\n    |take 1\n     | project IsConnected = true"
+                "Syslog\n   | where TimeGenerated > ago(3d)\n   | where SyslogMessage contains \"gw-audit[-]:\" or SyslogMessage contains \"portal portal[-]:\"\n   | take 1\n   | project IsConnected = true"
             ]
         }
     ],
     "dataTypes": [
         {
-            "name": "Syslog",
-            "lastDataReceivedQuery": "Syslog\n   | summarize Time = max(TimeGenerated)\n    | where isnotempty(Time)"
+            "name": "Syslog (CTERA)",
+            "lastDataReceivedQuery": "Syslog\n   | where SyslogMessage contains \"gw-audit[-]:\" or SyslogMessage contains \"portal portal[-]:\"\n   | summarize Time = max(TimeGenerated)\n   | where isnotempty(Time)"
         }
-    ],
+    ], 
     "availability": {
         "status": 1,
         "isPreview": false

diff --git a/Solutions/CTERA/Package/3.0.1.zip b/Solutions/CTERA/Package/3.0.1.zip