tanium
diff --git a/‎Solutions/Palo Alto Cortex XDR CCP/Data Connectors/CortexXDR_ccp/DataConnectorDefinition.json‎
Lines changed: 1 addition & 1 deletion b/‎Solutions/Palo Alto Cortex XDR CCP/Data Connectors/CortexXDR_ccp/DataConnectorDefinition.json‎
Lines changed: 1 addition & 1 deletion
diff --git a/‎Solutions/Palo Alto Cortex Xpanse CCF/Data Connectors/CortexXpanse_ccp/CortexXpanse_ConnectorDefinition.json‎
Lines changed: 127 additions & 0 deletions b/‎Solutions/Palo Alto Cortex Xpanse CCF/Data Connectors/CortexXpanse_ccp/CortexXpanse_ConnectorDefinition.json‎
Lines changed: 127 additions & 0 deletions
@@ -2,7 +2,7 @@
     "name": "CortexXDRDataConnector",
     "apiVersion": "2022-09-01-preview",
     "type": "Microsoft.SecurityInsights/dataConnectorDefinitions",
-    "location": "[parameters('workspace-location')]",
+    "location": "{{location}}",
     "kind": "Customizable",
     "properties": {
         "connectorUiConfig": {
 
@@ -0,0 +1,127 @@
+{
+  "type": "Microsoft.SecurityInsights/dataConnectorDefinitions",
+  "apiVersion": "2023-02-01",
+  "name": "PaloAltoExpanseCCPDefinition",
+  "location": "{{location}}",
+  "kind": "Customizable",
+  "properties": {
+    "connectorUiConfig": {
+      "id": "PaloAltoExpanseCCPDefinition",
+      "title": "Palo Alto Cortex Xpanse (via Codeless Connector Framework) (Preview)",
+      "publisher": "Microsoft",
+      "descriptionMarkdown": "The Palo Alto Cortex Xpanse data connector ingests alerts data into Microsoft Sentinel.",
+      "graphQueries": [
+        {
+          "metricName": "Total alerts received",
+          "legend": "Xpanse alerts Logs",
+          "baseQuery": "CortexXpanseAlerts_CL"
+        }
+      ],
+      "sampleQueries": [
+        {
+          "description": "Get Sample of Xpanse alerts",
+          "query": "CortexXpanseAlerts_CL\n | take 10"
+        }
+      ],
+      "dataTypes": [
+        {
+          "name": "CortexXpanseAlerts_CL",
+          "lastDataReceivedQuery": "CortexXpanseAlerts_CL\n | summarize Time = max(TimeGenerated)\n | where isnotempty(Time)"
+        }
+      ],
+      "connectivityCriteria": [
+        {
+          "type": "HasDataConnectors"
+        }
+      ],
+      "availability": {
+        "status": 1,
+        "isPreview": false
+      },
+      "permissions": {
+        "resourceProvider": [
+          {
+            "provider": "Microsoft.OperationalInsights/workspaces",
+            "permissionsDisplayText": "Read and Write permissions are required.",
+            "providerDisplayName": "Workspace",
+            "scope": "Workspace",
+            "requiredPermissions": {
+              "read": true,
+              "write": true,
+              "delete": true
+            }
+          }
+        ]
+      },
+      "instructionSteps": [
+        {
+          "description": "To ingest data from Palo Alto Cortex Xpanse to Microsoft Sentinel, click on **Add Domain**. Fill in the required details in the pop-up and click Connect. You will see connected domain endpoints in the grid below. To get the Auth ID and API Key, go to **Settings → Configuration → Integrations → API Keys** in the Cortex Xpanse portal and generate new credentials.",
+          "instructions": [
+            {
+              "type": "DataConnectorsGrid",
+              "parameters": {
+                "mapping": [
+                  {
+                    "columnName": "Endpoint",
+                    "columnValue": "properties.request.apiEndpoint"
+                  }
+                ],
+                "menuItems": [
+                  "DeleteConnector"
+                ]
+              }
+            },
+            {
+              "type": "ContextPane",
+              "parameters": {
+                "isPrimary": true,
+                "label": "Add domain",
+                "title": "Add domain",
+                "subtitle": "Add domain",
+                "contextPaneType": "DataConnectorsContextPane",
+                "instructionSteps": [
+                  {
+                    "instructions": [
+                      {
+                        "type": "Textbox",
+                        "parameters": {
+                          "label": "Domain Name",
+                          "placeholder": "e.g., example.crtx.us.paloaltonetworks.com",
+                          "type": "text",
+                          "name": "domainName",
+                          "required": true,
+                          "description": "Enter the domain suffix to be used in the API endpoint, e.g., `example.crtx.us.paloaltonetworks.com`"
+                        }
+                      },
+                      {
+                        "type": "Textbox",
+                        "parameters": {
+                          "label": "API Key",
+                          "placeholder": "Enter your Palo Alto Xpanse API Key",
+                          "type": "password",
+                          "name": "apiKey",
+                          "required": true
+                        }
+                      },
+                      {
+                        "type": "Textbox",
+                        "parameters": {
+                          "label": "Xpanse Auth ID",
+                          "placeholder": "Enter your Xpanse Auth ID",
+                          "type": "text",
+                          "name": "xpanseAuthId",
+                          "required": true
+                        }
+                      }
+                    ]
+                  }
+                ]
+              }
+            }
+          ],
+          "title": "Connect Palo Alto Xpanse to Microsoft Sentinel"
+        }
+      ]
+    }
+  }
+}