Create a CSV containing Microsoft Sentinel Solution information

Introduction

UPDATE: Modified the code to show Required Data Connectors information and the workbook to use this information.

With Microsoft Sentinel moving everything into the Content Hub it may be hard to find the solution you need. You can currently search in the Content Hub, but it will only search the Title and description for the search term. If you are looking for a resource, you cannot use the Content Hub.

To help with this, I wrote a PowerShell script that, using the new “contentProductPackages” REST API, will create a CSV that will have a row for each resource listing :

  • Solution Name
  • Solution Type
  • Solution Description
  • Resource Type
  • Resource Name

All the files can be downloaded from garybushey/SolutionData: Create a CSV to show solution information. Includes PowerBI and Workbook to show data (github.com)

PowerShell program

There really isn’t anything too special about this program. The only trick, other than finding the needed data way down the tree, was that Standalone content store their information slightly differently than Solutions.

What to do with the output

The first thing that came to mind was to ingest this CSV file into a Watchlist so I could use it inside of Microsoft Sentinel. One issue I did run into, and I still have no idea why this is happening, is that the watchlist would say my headers had some characters that were not allowed. All I had to do was open the file in Excel and save it again.

Also, keep in mind that the CSV file has to be uploaded into an Azure Storage Account so it can be loaded into a Watchlist since it is over 3.1MB

Extra files

I have included the following files in addition to the PowerShell script:

File NameDescription
SolutionView.workbookA MS Sentinel workbook that will show you all the resources when you click on a solution name or to search for a resource
solutionexport.csvThe sample CSV output file
solutionexport.pbixA sample PowerBI file showing a simple way to use the data
solutionexport.xlsxThe sample file saved as an Excel file. This was used for the basis of the PowerBI file to avoid issues with the commas

Summary

In this post I showed how to generate a basic CSV file that can be used to search for information within solutions. Hope it helps.

Leave a Reply

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.