Merge pull request #12 from Samsung/feature-fix-validation

fix package version validation and branding validation
Samsung · Jan 29, 2025 · 12d3a3c · 12d3a3c
2 parents 56539cb + 97af258
commit 12d3a3c
Show file tree

Hide file tree

Showing 13 changed files with 87 additions and 87 deletions.
diff --git a/... Asset Intelligence/Analytic Rules/SamsungKnoxApplicationPrivilegeEscalationOrChange.yaml b/... Asset Intelligence/Analytic Rules/SamsungKnoxApplicationPrivilegeEscalationOrChange.yaml
@@ -1,6 +1,6 @@
 id: 215e89ca-cdbc-4661-b8b2-7041f6ecc7fb
 name: Samsung Knox Application Privilege Escalation or Change
-version: 1.0.0
+version: 1.0.1
 kind: NRT
 description: |
   When a Knox mobile app has transitioned from an acceptable uid/esuid/fsuid to a different, non-App id.

diff --git a/...Samsung Knox Asset Intelligence/Analytic Rules/SamsungKnoxKeyguardDisabledFeatureSet.yaml b/...Samsung Knox Asset Intelligence/Analytic Rules/SamsungKnoxKeyguardDisabledFeatureSet.yaml
@@ -1,6 +1,6 @@
 id: fb4853c9-28c1-4dab-830c-e086cb975170
 name: Samsung Knox Keyguard Disabled Feature Set
-version: 1.0.0
+version: 1.0.1
 kind: NRT
 description: Indicates that an admin has set disabled keyguard features on a Knox device.
 severity: High

diff --git a/...Samsung Knox Asset Intelligence/Analytic Rules/SamsungKnoxMobileDeviceBootCompromise.yaml b/...Samsung Knox Asset Intelligence/Analytic Rules/SamsungKnoxMobileDeviceBootCompromise.yaml
@@ -1,6 +1,6 @@
 id: fae7e371-aee8-4d3f-8311-2255a45a30b3
 name: Samsung Knox Mobile Device Boot Compromise
-version: 1.0.0
+version: 1.0.1
 kind: NRT
 description: |
   'When Knox device boot binary is at risk of compromise.'

diff --git a/Solutions/Samsung Knox Asset Intelligence/Analytic Rules/SamsungKnoxPasswordLockout.yaml b/Solutions/Samsung Knox Asset Intelligence/Analytic Rules/SamsungKnoxPasswordLockout.yaml
@@ -1,6 +1,6 @@
 id: fbff0a97-1972-4df8-a78c-254ccb9879ef
 name: Samsung Knox Password Lockout
-version: 1.0.0
+version: 1.0.1
 kind: NRT
 description: |
   'When maximum password attempts have reached and the Knox device is locked out. This is based on the threshold set by the MDM policy.'

diff --git a/...nox Asset Intelligence/Analytic Rules/SamsungKnoxPeripheralAccessDetectionWithCamera.yaml b/...nox Asset Intelligence/Analytic Rules/SamsungKnoxPeripheralAccessDetectionWithCamera.yaml
@@ -1,6 +1,6 @@
 id: cd526f4d-dbe9-4149-8a0a-9ec43c3abb16
 name: Samsung Knox Peripheral Access  Detection with Camera
-version: 1.0.0
+version: 1.0.1
 kind: NRT
 description: |
   'When Knox device camera access has been detected through system policy when such access is disabled.'

diff --git a/...g Knox Asset Intelligence/Analytic Rules/SamsungKnoxPeripheralAccessDetectionWithMic.yaml b/...g Knox Asset Intelligence/Analytic Rules/SamsungKnoxPeripheralAccessDetectionWithMic.yaml
@@ -1,6 +1,6 @@
 id: e4032fd2-4d05-4302-b7c0-f3f0380e2313
 name: Samsung Knox Peripheral Access Detection with Mic
-version: 1.0.0
+version: 1.0.1
 kind: NRT
 description: |
   'When Knox device microphone access has been detected through system policy when such access is disabled.'

diff --git a/Solutions/Samsung Knox Asset Intelligence/Analytic Rules/SamsungKnoxSecurityLogFull.yaml b/Solutions/Samsung Knox Asset Intelligence/Analytic Rules/SamsungKnoxSecurityLogFull.yaml
@@ -1,6 +1,6 @@
 id: bf9be360-7f08-48b2-8e9d-ca240c48b404
 name: Samsung Knox Security Log Full
-version: 1.0.0
+version: 1.0.1
 kind: NRT
 description: |
   'When Security Log is full on a Knox device.'

diff --git a/Solutions/Samsung Knox Asset Intelligence/Analytic Rules/SamsungKnoxSuspiciousURLs.yaml b/Solutions/Samsung Knox Asset Intelligence/Analytic Rules/SamsungKnoxSuspiciousURLs.yaml
@@ -1,6 +1,6 @@
 id: 18d4d4f3-6605-4fd2-968c-82c171409c1c
 name: Samsung Knox Suspicious URL Accessed Events
-version: 1.0.0
+version: 1.0.1
 kind: NRT
 description: |
   'When a Knox device user clicks on URLs or links detected as suspicious (potentially phishing or malicious) with a high degree of confidence.'

diff --git a/Solutions/Samsung Knox Asset Intelligence/Data Connectors/SamsungDCDefinition.json b/Solutions/Samsung Knox Asset Intelligence/Data Connectors/SamsungDCDefinition.json
@@ -86,7 +86,7 @@
         },
         {
             "title": "",
-            "description": "**STEP 2 - To automate the deployment of this data connector, you can follow the instructions listed below to use the Azure Resource Manager (ARM) template.**\n\n>**IMPORTANT:** Before deploying the data connector, copy the below Workspace name associated with your Sentinel (also your Log Analytics) instance.",
+            "description": "**STEP 2 - To automate the deployment of this data connector, you can follow the instructions listed below to use the Azure Resource Manager (ARM) template.**\n\n>**IMPORTANT:** Before deploying the data connector, copy the below Workspace name associated with your Microsoft Sentinel (also your Log Analytics) instance.",
             "instructions": [
                 {
                     "parameters": {
@@ -101,7 +101,7 @@
         },
         {
             "title": "",
-            "description": "1. Click the **Deploy to Azure** button below. \n\n\t[![Deploy To Azure](https://aka.ms/deploytoazurebutton)](https://aka.ms/sentinel-SamsungDCDefinition-azuredeploy)\\n2. Provide the following fields: Log Analytics Workspace Name, Log Analytics Workspace Location, Log Analytics Workspace Subscription (ID) and Log Analytics Workspace Resource Group. \n\n>IMPORTANT: To enable end-to-end integration, additional information related to Sentinel DCE and DCR are required for configuration in Samsung Knox Asset Intelligence portal (STEP 4).\n\nOnce the ARM template is deployed, navigate to Data Collection Rules https://portal.azure.com/#browse/microsoft.insights%2Fdatacollectionrules and save values associated with the Immutable ID (DCR) and Data Collection Endpoint (DCE)."
+            "description": "1. Click the **Deploy to Azure** button below. \n\n\t[![Deploy To Azure](https://aka.ms/deploytoazurebutton)](https://aka.ms/sentinel-SamsungDCDefinition-azuredeploy)\\n2. Provide the following fields: Log Analytics Workspace Name, Log Analytics Workspace Location, Log Analytics Workspace Subscription (ID) and Log Analytics Workspace Resource Group. \n\n>IMPORTANT: To enable end-to-end integration, additional information related to Microsoft Sentinel DCE and DCR are required for configuration in Samsung Knox Asset Intelligence portal (STEP 4).\n\nOnce the ARM template is deployed, navigate to Data Collection Rules https://portal.azure.com/#browse/microsoft.insights%2Fdatacollectionrules and save values associated with the Immutable ID (DCR) and Data Collection Endpoint (DCE)."
         },
         {
             "title": "STEP 3 - Ensure the Entra Application created in STEP 1 has permissions to use the DCR created in order to send data to the DCE.",

diff --git a/Solutions/Samsung Knox Asset Intelligence/Data/Solution_Samsung.json b/Solutions/Samsung Knox Asset Intelligence/Data/Solution_Samsung.json
@@ -20,7 +20,7 @@
       "Solutions/Samsung Knox Asset Intelligence/Analytic Rules/SamsungKnoxSecurityLogFull.yaml"
     ],
     "BasePath": "C:\\GitHub\\Azure-Sentinel\\Solutions\\Samsung Knox Asset Intelligence",
-    "Version": "3.0.0",
+    "Version": "3.0.1",
     "Metadata": "SolutionMetadata.json",
     "TemplateSpec": true, 
     "Is1PConnector": false

diff --git a/Solutions/Samsung Knox Asset Intelligence/Package/3.0.1.zip b/Solutions/Samsung Knox Asset Intelligence/Package/3.0.1.zip