From 0bc23f42ddf5b28e4bb89dc566df1cc070cbaac3 Mon Sep 17 00:00:00 2001 From: yanivblumWiz Date: Thu, 28 Sep 2023 18:33:33 +0300 Subject: [PATCH] allign formatting with master --- Workbooks/WorkbooksMetadata.json | 5321 ++++++++++++++---------------- 1 file changed, 2542 insertions(+), 2779 deletions(-) diff --git a/Workbooks/WorkbooksMetadata.json b/Workbooks/WorkbooksMetadata.json index 8c4f79fe706..9f7ff5b05a2 100644 --- a/Workbooks/WorkbooksMetadata.json +++ b/Workbooks/WorkbooksMetadata.json @@ -111,16 +111,9 @@ "workbookKey": "ConditionalAccessTrendsandChangesWorkbook", "logoFileName": "Microsoft_logo.svg", "description": "Gain insights into Conditional Access Trends and Changes.", - "dataTypesDependencies": [ - "SigninLogs" - ], - "dataConnectorsDependencies": [ - "AzureActiveDirectory" - ], - "previewImagesFileNames": [ - "catrendsWhite.png", - "catrendsBlack.png" - ], + "dataTypesDependencies": [ "SigninLogs" ], + "dataConnectorsDependencies": [ "AzureActiveDirectory" ], + "previewImagesFileNames": [ "catrendsWhite.png", "catrendsBlack.png" ], "version": "1.0.0", "title": "Conditional Access Trends and Changes", "templateRelativePath": "ConditionalAccessTrendsandChanges.json", @@ -136,9 +129,7 @@ "kind": "Community" }, "categories": { - "domains": [ - "Identity" - ] + "domains": [ "Identity" ] } }, { @@ -266,7 +257,7 @@ "templateRelativePath": "esetSMCWorkbook.json", "subtitle": "", "provider": "Community", - "support": { + "support": { "tier": "Community" }, "author": { @@ -276,9 +267,7 @@ "kind": "Community" }, "categories": { - "domains": [ - "Security - Others" - ] + "domains": [ "Security - Others" ] } }, { @@ -326,20 +315,20 @@ "workbookKey": "Office365Workbook", "logoFileName": "office365_logo.svg", "description": "Gain insights into Office 365 by tracing and analyzing all operations and activities. You can drill down into your SharePoint, OneDrive, and Exchange.\nThis workbook lets you find usage trends across users, files, folders, and mailboxes, making it easier to identify anomalies in your network.", - "dataTypesDependencies": [ - "OfficeActivity" + "dataTypesDependencies": [ + "OfficeActivity" ], - "dataConnectorsDependencies": [ - "Office365" + "dataConnectorsDependencies": [ + "Office365" ], "previewImagesFileNames": [ - "Office365White1.png", - "Office365Black1.png", - "Office365White2.png", - "Office365Black2.png", - "Office365White3.png", - "Office365Black3.png" - ], + "Office365White1.png", + "Office365Black1.png", + "Office365White2.png", + "Office365Black2.png", + "Office365White3.png", + "Office365Black3.png" + ], "version": "2.0.1", "title": "Office 365", "templateRelativePath": "Office365.json", @@ -580,35 +569,35 @@ "provider": "Microsoft" }, { - "workbookKey": "AzureFirewallWorkbook-StructuredLogs", - "logoFileName": "AzFirewalls.svg", - "description": "Gain insights into Azure Firewall events using the new Structured Logs for Azure Firewall. You can learn about your application and network rules, see metrics for firewall activities across URLs, ports, and addresses across multiple workspaces.", - "dataTypesDependencies": [ - "AZFWNetworkRule", - "AZFWApplicationRule", - "AZFWDnsQuery", - "AZFWThreatIntel" - ], - "dataConnectorsDependencies": [ - "AzureFirewall" - ], - "previewImagesFileNames": [ - "AzureFirewallWorkbookWhite1.PNG", - "AzureFirewallWorkbookBlack1.PNG", - "AzureFirewallWorkbookWhite2.PNG", - "AzureFirewallWorkbookBlack2.PNG", - "AzureFirewallWorkbookWhite3.PNG", - "AzureFirewallWorkbookBlack3.PNG", - "AzureFirewallWorkbookWhite4.PNG", - "AzureFirewallWorkbookBlack4.PNG", - "AzureFirewallWorkbookWhite5.PNG", - "AzureFirewallWorkbookBlack5.PNG" - ], - "version": "1.0.0", - "title": "Azure Firewall Structured Logs", - "templateRelativePath": "AzureFirewallWorkbook-StructuredLogs.json", - "subtitle": "", - "provider": "Microsoft" + "workbookKey": "AzureFirewallWorkbook-StructuredLogs", + "logoFileName": "AzFirewalls.svg", + "description": "Gain insights into Azure Firewall events using the new Structured Logs for Azure Firewall. You can learn about your application and network rules, see metrics for firewall activities across URLs, ports, and addresses across multiple workspaces.", + "dataTypesDependencies": [ + "AZFWNetworkRule", + "AZFWApplicationRule", + "AZFWDnsQuery", + "AZFWThreatIntel" + ], + "dataConnectorsDependencies": [ + "AzureFirewall" + ], + "previewImagesFileNames": [ + "AzureFirewallWorkbookWhite1.PNG", + "AzureFirewallWorkbookBlack1.PNG", + "AzureFirewallWorkbookWhite2.PNG", + "AzureFirewallWorkbookBlack2.PNG", + "AzureFirewallWorkbookWhite3.PNG", + "AzureFirewallWorkbookBlack3.PNG", + "AzureFirewallWorkbookWhite4.PNG", + "AzureFirewallWorkbookBlack4.PNG", + "AzureFirewallWorkbookWhite5.PNG", + "AzureFirewallWorkbookBlack5.PNG" + ], + "version": "1.0.0", + "title": "Azure Firewall Structured Logs", + "templateRelativePath": "AzureFirewallWorkbook-StructuredLogs.json", + "subtitle": "", + "provider": "Microsoft" }, { "workbookKey": "AzureDDoSStandardProtection", @@ -819,38 +808,38 @@ "SecurityEvent", "Event", "SigninLogs" - ], - "dataConnectorsDependencies": [ + ], + "dataConnectorsDependencies": [ "SecurityEvents", "AzureActiveDirectory", "WindowsSecurityEvents" - ], - "previewImagesFileNames": [ + ], + "previewImagesFileNames": [ "InsecureProtocolsWhite1.png", "InsecureProtocolsBlack1.png", "InsecureProtocolsWhite2.png", "InsecureProtocolsBlack2.png" - ], - "version": "2.1.0", - "title": "Insecure Protocols", - "templateRelativePath": "InsecureProtocols.json", - "subtitle": "", - "provider": "Microsoft", - "support": { - "tier": "Microsoft" - }, - "author": { - "name": "Microsoft Corporation" - }, - "source": { - "kind": "Community" - }, - "categories": { - "domains": [ - "Security - Others" - ] - } - }, + ], + "version": "2.1.0", + "title": "Insecure Protocols", + "templateRelativePath": "InsecureProtocols.json", + "subtitle": "", + "provider": "Microsoft", + "support": { + "tier": "Microsoft" + }, + "author": { + "name": "Microsoft Corporation" + }, + "source": { + "kind": "Community" + }, + "categories": { + "domains": [ + "Security - Others" + ] + } +}, { "workbookKey": "AzureInformationProtectionWorkbook", "logoFileName": "informationProtection.svg", @@ -859,38 +848,36 @@ "SecurityEvent", "Event", "SigninLogs" - ], - "dataConnectorsDependencies": [ + ], + "dataConnectorsDependencies": [ "SecurityEvents", "AzureActiveDirectory", "WindowsSecurityEvents" - ], - "previewImagesFileNames": [ + ], + "previewImagesFileNames": [ "InsecureProtocolsWhite1.png", "InsecureProtocolsBlack1.png", "InsecureProtocolsWhite2.png", "InsecureProtocolsBlack2.png" - ], - "version": "2.1.0", - "title": "Insecure Protocols", - "templateRelativePath": "InsecureProtocols.json", - "subtitle": "", - "provider": "Microsoft", - "support": { - "tier": "Microsoft" - }, - "author": { - "name": "Amit Bergman" - }, - "source": { - "kind": "Community" - }, - "categories": { - "domains": [ - "Security - Others" - ] - } - }, + ], + "version": "2.1.0", + "title": "Insecure Protocols", + "templateRelativePath": "InsecureProtocols.json", + "subtitle": "", + "provider": "Microsoft", + "support": { + "tier": "Microsoft" + }, + "author": { + "name": "Amit Bergman" + }, + "source": { + "kind": "Community" + }, + "categories": { + "domains": [ "Security - Others" ] + } +}, { "workbookKey": "AmazonWebServicesNetworkActivitiesWorkbook", "logoFileName": "amazon_web_services_Logo.svg", @@ -1025,14 +1012,14 @@ "CitrixAnalytics_riskScoreChange_CL", "CitrixAnalytics_indicatorSummary_CL", "CitrixAnalytics_indicatorEventDetails_CL" - ], - "dataConnectorsDependencies": [ + ], + "dataConnectorsDependencies": [ "Citrix" - ], - "previewImagesFileNames": [ + ], + "previewImagesFileNames": [ "CitrixWhite.png", "CitrixBlack.png" - ], + ], "version": "2.1.0", "title": "Citrix Analytics", "templateRelativePath": "Citrix.json", @@ -1058,7 +1045,7 @@ "templateRelativePath": "OneIdentity.json", "subtitle": "", "provider": "One Identity LLC.", - "support": { + "support": { "tier": "Community" }, "author": { @@ -1068,9 +1055,7 @@ "kind": "Community" }, "categories": { - "domains": [ - "Identity" - ] + "domains": [ "Identity" ] } }, { @@ -1211,8 +1196,8 @@ "domains": [ "Internet of Things (IoT)" ] - } - }, + } + }, { "workbookKey": "ForcepointCASBWorkbook", "logoFileName": "FP_Green_Emblem_RGB-01.svg", @@ -1331,7 +1316,7 @@ "Identity" ] } - }, + }, { "workbookKey": "WindowsFirewall", "logoFileName": "Microsoft_logo.svg", @@ -1417,7 +1402,7 @@ "domains": [ "Security - Cloud Security" ] - } + } }, { "workbookKey": "AIVectraDetectWorkbook", @@ -1998,7 +1983,7 @@ "description": "Workbook to showcase MITRE ATT&CK Coverage for Microsoft Sentinel", "dataTypesDependencies": [ "SecurityAlert" - ], + ], "dataConnectorsDependencies": [], "previewImagesFileNames": [ "MITREATTACKWhite1.PNG", @@ -2099,8 +2084,8 @@ "SecurityEvent", "SigninLogs", "ThreatIntelligenceIndicator" - ], - "dataConnectorsDependencies": [ + ], + "dataConnectorsDependencies": [ "AzureActivity", "SecurityEvents", "Office365", @@ -2108,32 +2093,30 @@ "ThreatIntelligence", "ThreatIntelligenceTaxii", "WindowsSecurityEvents" - ], - "previewImagesFileNames": [ + ], + "previewImagesFileNames": [ "InvestigationInsightsWhite1.png", "InvestigationInsightsBlack1.png", "InvestigationInsightsWhite2.png", "InvestigationInsightsBlack2.png" - ], - "version": "1.4.0", - "title": "Investigation Insights", - "templateRelativePath": "InvestigationInsights.json", - "subtitle": "", - "provider": "Microsoft Sentinel community", - "support": { - "tier": "Community" - }, - "author": { - "name": "Brian Delaney & Jon Shectman" - }, - "source": { - "kind": "Community" - }, - "categories": { - "domains": [ - "Security - Others" - ] - } + ], + "version": "1.4.0", + "title": "Investigation Insights", + "templateRelativePath": "InvestigationInsights.json", + "subtitle": "", + "provider": "Microsoft Sentinel community", + "support": { + "tier": "Community" + }, + "author": { + "name": "Brian Delaney & Jon Shectman" + }, + "source": { + "kind": "Community" + }, + "categories": { + "domains": [ "Security - Others" ] + } }, { "workbookKey": "AksSecurityWorkbook", @@ -2214,27 +2197,24 @@ "SecurityEfficiencyWhite2.png", "SecurityEfficiencyBlack1.png", "SecurityEfficiencyBlack2.png" - ], - "version": "1.5.0", - "title": "Security Operations Efficiency", - "templateRelativePath": "SecurityOperationsEfficiency.json", - "subtitle": "", - "provider": "Microsoft", - "support": { - "tier": "Microsoft" - }, - "author": { - "name": "Microsoft Corporation" - }, - "source": { - "kind": "Community" - }, - "categories": { - "domains": [ - "IT Operations", - "Security - Others" - ] - } + ], + "version": "1.5.0", + "title": "Security Operations Efficiency", + "templateRelativePath": "SecurityOperationsEfficiency.json", + "subtitle": "", + "provider": "Microsoft", + "support": { + "tier": "Microsoft" + }, + "author": { + "name": "Microsoft Corporation" + }, + "source": { + "kind": "Community" + }, + "categories": { + "domains": [ "IT Operations", "Security - Others" ] + } }, { "workbookKey": "DataCollectionHealthMonitoring", @@ -2243,33 +2223,22 @@ "dataTypesDependencies": [], "dataConnectorsDependencies": [], "previewImagesFileNames": [ - "HealthMonitoringWhite1.png", - "HealthMonitoringWhite2.png", - "HealthMonitoringWhite3.png", - "HealthMonitoringBlack1.png", - "HealthMonitoringBlack2.png", - "HealthMonitoringBlack3.png" + "HealthMonitoringWhite1.png", + "HealthMonitoringWhite2.png", + "HealthMonitoringWhite3.png", + "HealthMonitoringBlack1.png", + "HealthMonitoringBlack2.png", + "HealthMonitoringBlack3.png" ], "version": "1.0.0", "title": "Data collection health monitoring", "templateRelativePath": "DataCollectionHealthMonitoring.json", "subtitle": "", "provider": "Microsoft", - "support": { - "tier": "Community" - }, - "author": { - "name": "morshabi" - }, - "source": { - "kind": "Community" - }, - "categories": { - "domains": [ - "IT Operations", - "Platform" - ] - } + "support": { "tier": "Community" }, + "author": { "name": "morshabi" }, + "source": { "kind": "Community" }, + "categories": { "domains": [ "IT Operations", "Platform" ] } }, { "workbookKey": "OnapsisAlarmsWorkbook", @@ -2340,16 +2309,16 @@ "dataTypesDependencies": [ "ThreatIntelligenceIndicator", "SecurityAlert" - ], - "dataConnectorsDependencies": [ + ], + "dataConnectorsDependencies": [ "ThreatIntelligenceTaxii" - ], - "previewImagesFileNames": [ + ], + "previewImagesFileNames": [ "IntsightsIOCWhite.png", "IntsightsMatchedWhite.png", "IntsightsMatchedBlack.png", "IntsightsIOCBlack.png" - ], + ], "version": "2.0.0", "title": "IntSights IOC Workbook", "templateRelativePath": "IntsightsIOCWorkbook.json", @@ -2382,15 +2351,15 @@ "description": "Gain insights from Trend Vision One with this overview of the Alerts triggered.", "dataTypesDependencies": [ "TrendMicro_XDR_WORKBENCH_CL" - ], - "dataConnectorsDependencies": [ + ], + "dataConnectorsDependencies": [ "TrendMicroXDR" - ], - "previewImagesFileNames": [ + ], + "previewImagesFileNames": [ "TrendMicroXDROverviewWhite.png", "TrendMicroXDROverviewBlack.png" - ], - "version": "1.3.0", + ], + "version": "1.3.0", "title": "Trend Vision One Alert Overview", "templateRelativePath": "TrendMicroXDROverview.json", "subtitle": "", @@ -2449,7 +2418,7 @@ "templateRelativePath": "SolarWindsPostCompromiseHunting.json", "subtitle": "", "provider": "Microsoft", - "support": { + "support": { "tier": "Microsoft" }, "author": { @@ -2459,9 +2428,7 @@ "kind": "Community" }, "categories": { - "domains": [ - "Security - Others" - ] + "domains": [ "Security - Others" ] } }, { @@ -2581,7 +2548,7 @@ "description": "Use this report to view Incident (and Alert data) across many workspaces, this works with Azure Lighthouse and across any subscription you have access to.", "dataTypesDependencies": [ "SecurityIncident" - ], + ], "dataConnectorsDependencies": [], "previewImagesFileNames": [ "SentinelCentralBlack.png", @@ -2707,107 +2674,107 @@ "dataTypesDependencies": [], "dataConnectorsDependencies": [], "previewImagesFileNames": [ - "SOCProcessFrameworkCoverImage1White.png", - "SOCProcessFrameworkCoverImage1Black.png", - "SOCProcessFrameworkCoverImage2White.png", - "SOCProcessFrameworkCoverImage2Black.png" + "SOCProcessFrameworkCoverImage1White.png", + "SOCProcessFrameworkCoverImage1Black.png", + "SOCProcessFrameworkCoverImage2White.png", + "SOCProcessFrameworkCoverImage2Black.png" ], "version": "1.1.0", "title": "SOC Large Staff", "templateRelativePath": "Building_a_SOCLargeStaff.json", "subtitle": "", "provider": "Microsoft Sentinel Community" - }, - { +}, +{ "workbookKey": "Building_a_SOCMediumStaffWorkbook", "logoFileName": "Azure_Sentinel.svg", "description": "Built by Microsoft's Sentinel GBB's - This workbook contains years of SOC Best Practices and is intended to help SOCs mature and leverage industry standards in Operationalizing their SOC in using Microsoft Sentinel. It contains Processes and Procedures every SOC should consider and builds a high level of operational excellence.", "dataTypesDependencies": [], "dataConnectorsDependencies": [], "previewImagesFileNames": [ - "SOCProcessFrameworkCoverImage1White.png", - "SOCProcessFrameworkCoverImage1Black.png", - "SOCProcessFrameworkCoverImage2White.png", - "SOCProcessFrameworkCoverImage2Black.png" + "SOCProcessFrameworkCoverImage1White.png", + "SOCProcessFrameworkCoverImage1Black.png", + "SOCProcessFrameworkCoverImage2White.png", + "SOCProcessFrameworkCoverImage2Black.png" ], "version": "1.1.0", "title": "SOC Medium Staff", "templateRelativePath": "Building_a_SOCMediumStaff.json", "subtitle": "", "provider": "Microsoft Sentinel Community" - }, - { +}, +{ "workbookKey": "Building_a_SOCPartTimeStaffWorkbook", "logoFileName": "Azure_Sentinel.svg", "description": "Built by Microsoft's Sentinel GBB's - This workbook contains years of SOC Best Practices and is intended to help SOCs mature and leverage industry standards in Operationalizing their SOC in using Microsoft Sentinel. It contains Processes and Procedures every SOC should consider and builds a high level of operational excellence.", "dataTypesDependencies": [], "dataConnectorsDependencies": [], "previewImagesFileNames": [ - "SOCProcessFrameworkCoverImage1White.png", - "SOCProcessFrameworkCoverImage1Black.png", - "SOCProcessFrameworkCoverImage2White.png", - "SOCProcessFrameworkCoverImage2Black.png" + "SOCProcessFrameworkCoverImage1White.png", + "SOCProcessFrameworkCoverImage1Black.png", + "SOCProcessFrameworkCoverImage2White.png", + "SOCProcessFrameworkCoverImage2Black.png" ], "version": "1.1.0", "title": "SOC Part Time Staff", "templateRelativePath": "Building_a_SOCPartTimeStaff.json", "subtitle": "", "provider": "Microsoft Sentinel Community" - }, - { +}, +{ "workbookKey": "Building_a_SOCSmallStaffWorkbook", "logoFileName": "Azure_Sentinel.svg", "description": "Built by Microsoft's Sentinel GBB's - This workbook contains years of SOC Best Practices and is intended to help SOCs mature and leverage industry standards in Operationalizing their SOC in using Microsoft Sentinel. It contains Processes and Procedures every SOC should consider and builds a high level of operational excellence.", "dataTypesDependencies": [], "dataConnectorsDependencies": [], "previewImagesFileNames": [ - "SOCProcessFrameworkCoverImage1White.png", - "SOCProcessFrameworkCoverImage1Black.png", - "SOCProcessFrameworkCoverImage2White.png", - "SOCProcessFrameworkCoverImage2Black.png" + "SOCProcessFrameworkCoverImage1White.png", + "SOCProcessFrameworkCoverImage1Black.png", + "SOCProcessFrameworkCoverImage2White.png", + "SOCProcessFrameworkCoverImage2Black.png" ], "version": "1.1.0", "title": "SOC Small Staff", "templateRelativePath": "Building_a_SOCSmallStaff.json", "subtitle": "", "provider": "Microsoft Sentinel Community" - }, - { +}, +{ "workbookKey": "SOCIRPlanningWorkbook", "logoFileName": "Azure_Sentinel.svg", "description": "Built by Microsoft's Sentinel GBB's - This workbook contains years of SOC Best Practices and is intended to help SOCs mature and leverage industry standards in Operationalizing their SOC in using Microsoft Sentinel. It contains Processes and Procedures every SOC should consider and builds a high level of operational excellence.", "dataTypesDependencies": [], "dataConnectorsDependencies": [], "previewImagesFileNames": [ - "SOCProcessFrameworkCoverImage1White.png", - "SOCProcessFrameworkCoverImage1Black.png", - "SOCProcessFrameworkCoverImage2White.png", - "SOCProcessFrameworkCoverImage2Black.png" + "SOCProcessFrameworkCoverImage1White.png", + "SOCProcessFrameworkCoverImage1Black.png", + "SOCProcessFrameworkCoverImage2White.png", + "SOCProcessFrameworkCoverImage2Black.png" ], "version": "1.1.0", "title": "SOC IR Planning", "templateRelativePath": "SOCIRPlanning.json", "subtitle": "", "provider": "Microsoft Sentinel Community" - }, - { +}, +{ "workbookKey": "UpdateSOCMaturityScoreWorkbook", "logoFileName": "Azure_Sentinel.svg", "description": "Built by Microsoft's Sentinel GBB's - This workbook contains years of SOC Best Practices and is intended to help SOCs mature and leverage industry standards in Operationalizing their SOC in using Microsoft Sentinel. It contains Processes and Procedures every SOC should consider and builds a high level of operational excellence.", "dataTypesDependencies": [], "dataConnectorsDependencies": [], "previewImagesFileNames": [ - "SOCProcessFrameworkCoverImage1White.png", - "SOCProcessFrameworkCoverImage1Black.png", - "SOCProcessFrameworkCoverImage2White.png", - "SOCProcessFrameworkCoverImage2Black.png" + "SOCProcessFrameworkCoverImage1White.png", + "SOCProcessFrameworkCoverImage1Black.png", + "SOCProcessFrameworkCoverImage2White.png", + "SOCProcessFrameworkCoverImage2Black.png" ], "version": "1.1.0", "title": "Update SOC Maturity Score", "templateRelativePath": "UpdateSOCMaturityScore.json", "subtitle": "", "provider": "Microsoft Sentinel Community" - }, +}, { "workbookKey": "Microsoft365SecurityPosture", "logoFileName": "M365securityposturelogo.svg", @@ -2851,13 +2818,13 @@ "description": "This workbook provides an estimated cost across the main billed items in Microsoft Sentinel: ingestion, retention and automation. It also provides insight about the possible impact of the Microsoft 365 E5 offer.", "dataTypesDependencies": [ "Usage" - ], - "dataConnectorsDependencies": [], - "previewImagesFileNames": [ + ], + "dataConnectorsDependencies": [], + "previewImagesFileNames": [ "AzureSentinelCostWhite.png", "AzureSentinelCostBlack.png" - ], - "version": "1.5.1", + ], + "version": "1.5.1", "title": "Microsoft Sentinel Cost", "templateRelativePath": "AzureSentinelCost.json", "subtitle": "", @@ -2915,19 +2882,17 @@ "subtitle": "", "provider": "Microsoft Sentinel Community", "support": { - "tier": "Community" - }, - "author": { - "name": "Brian Delaney" - }, - "source": { - "kind": "Community" - }, - "categories": { - "domains": [ - "Security - Others" - ] - } + "tier": "Community" + }, + "author": { + "name": "Brian Delaney" + }, + "source": { + "kind": "Community" + }, + "categories": { + "domains": [ "Security - Others" ] + } }, { "workbookKey": "ProofPointThreatDashboard", @@ -3103,7 +3068,7 @@ "templateRelativePath": "Log4jPostCompromiseHunting.json", "subtitle": "", "provider": "Microsoft Sentinel Community", - "support": { + "support": { "tier": "Microsoft" }, "author": { @@ -3113,16 +3078,14 @@ "kind": "Community" }, "categories": { - "domains": [ - "Security - Threat Protection" - ] + "domains": [ "Security - Threat Protection" ] } }, - { - "workbookKey": "Log4jImpactAssessmentWorkbook", - "logoFileName": "Log4j.svg", - "description": "This hunting workbook is intended to help identify activity related to the Log4j compromise discovered in December 2021.", - "dataTypesDependencies": [ +{ + "workbookKey": "Log4jImpactAssessmentWorkbook", + "logoFileName": "Log4j.svg", + "description": "This hunting workbook is intended to help identify activity related to the Log4j compromise discovered in December 2021.", + "dataTypesDependencies": [ "SecurityIncident", "SecurityAlert", "AzureSecurityCenter", @@ -3130,18 +3093,18 @@ "MDfEExposureScore_CL", "MDfERecommendations_CL", "MDfEVulnerabilitiesList_CL" - ], - "dataConnectorsDependencies": [], - "previewImagesFileNames": [ - "Log4jPostCompromiseHuntingBlack.png", - "Log4jPostCompromiseHuntingWhite.png" - ], - "version": "1.0.0", - "title": "Log4j Impact Assessment", - "templateRelativePath": "Log4jImpactAssessment.json", - "subtitle": "", - "provider": "Microsoft Sentinel Community" - }, + ], + "dataConnectorsDependencies": [], + "previewImagesFileNames": [ + "Log4jPostCompromiseHuntingBlack.png", + "Log4jPostCompromiseHuntingWhite.png" + ], + "version": "1.0.0", + "title": "Log4j Impact Assessment", + "templateRelativePath": "Log4jImpactAssessment.json", + "subtitle": "", + "provider": "Microsoft Sentinel Community" +}, { "workbookKey": "UserMap", "logoFileName": "Azure_Sentinel.svg", @@ -3331,358 +3294,358 @@ ] } }, - { - "workbookKey": "OktaSingleSignOnWorkbook", - "logoFileName": "okta_logo.svg", - "description": "Gain extensive insight into Okta Single Sign-On (SSO) by analyzing, collecting and correlating Audit and Event events.\nThis workbook provides visibility into message and click events that were permitted, delivered, or blocked", - "dataTypesDependencies": [ +{ + "workbookKey": "OktaSingleSignOnWorkbook", + "logoFileName": "okta_logo.svg", + "description": "Gain extensive insight into Okta Single Sign-On (SSO) by analyzing, collecting and correlating Audit and Event events.\nThis workbook provides visibility into message and click events that were permitted, delivered, or blocked", + "dataTypesDependencies": [ "Okta_CL" - ], - "dataConnectorsDependencies": [ + ], + "dataConnectorsDependencies": [ "OktaSSO" - ], - "previewImagesFileNames": [ + ], + "previewImagesFileNames": [ "OktaSingleSignOnWhite.png", "OktaSingleSignOnBlack.png" - ], - "version": "1.2", - "title": "Okta Single Sign-On", - "templateRelativePath": "OktaSingleSignOn.json", - "subtitle": "", - "provider": "Okta" - }, - { - "workbookKey": "CiscoMerakiWorkbook", - "logoFileName": "cisco-logo-72px.svg", - "description": "Gain insights into the Events from Cisco Meraki Solution and analyzing all the different types of Security Events. This workbook also helps in identifying the Events from affected devices, IPs and the nodes where malware was successfully detected.\nIP data received in Events is correlated with Threat Intelligence to identify if the reported IP address is known bad based on threat intelligence data.", - "dataTypesDependencies": [ + ], + "version": "1.2", + "title": "Okta Single Sign-On", + "templateRelativePath": "OktaSingleSignOn.json", + "subtitle": "", + "provider": "Okta" +}, +{ + "workbookKey": "CiscoMerakiWorkbook", + "logoFileName": "cisco-logo-72px.svg", + "description": "Gain insights into the Events from Cisco Meraki Solution and analyzing all the different types of Security Events. This workbook also helps in identifying the Events from affected devices, IPs and the nodes where malware was successfully detected.\nIP data received in Events is correlated with Threat Intelligence to identify if the reported IP address is known bad based on threat intelligence data.", + "dataTypesDependencies": [ "meraki_CL", "CiscoMerakiNativePoller", "ThreatIntelligenceIndicator" - ], - "dataConnectorsDependencies": [ + ], + "dataConnectorsDependencies": [ "CiscoMeraki", "CiscoMerakiNativePolling", "ThreatIntelligence" - ], - "previewImagesFileNames": [ + ], + "previewImagesFileNames": [ "CiscoMerakiWorkbookWhite.png", "CiscoMerakiWorkbookBlack.png" - ], - "version": "1.0.0", - "title": "CiscoMerakiWorkbook", - "templateRelativePath": "CiscoMerakiWorkbook.json", - "subtitle": "", - "provider": "Microsoft" - }, - { - "workbookKey": "SentinelOneWorkbook", - "logoFileName": "Azure_Sentinel.svg", - "description": "Sets the time name for analysis.", - "dataTypesDependencies": [ + ], + "version": "1.0.0", + "title": "CiscoMerakiWorkbook", + "templateRelativePath": "CiscoMerakiWorkbook.json", + "subtitle": "", + "provider": "Microsoft" +}, +{ + "workbookKey": "SentinelOneWorkbook", + "logoFileName": "Azure_Sentinel.svg", + "description": "Sets the time name for analysis.", + "dataTypesDependencies": [ "SentinelOne_CL" - ], - "dataConnectorsDependencies": [ + ], + "dataConnectorsDependencies": [ "SentinelOne" - ], - "previewImagesFileNames": [ + ], + "previewImagesFileNames": [ "SentinelOneBlack.png", "SentinelOneWhite.png" - ], - "version": "1.0.0", - "title": "SentinelOneWorkbook", - "templateRelativePath": "SentinelOne.json", - "subtitle": "", - "provider": "Microsoft" - }, - { - "workbookKey": "TrendMicroApexOneWorkbook", - "logoFileName": "trendmicro_logo.svg", - "description": "Sets the time name for analysis.", - "dataTypesDependencies": [ + ], + "version": "1.0.0", + "title": "SentinelOneWorkbook", + "templateRelativePath": "SentinelOne.json", + "subtitle": "", + "provider": "Microsoft" +}, +{ + "workbookKey": "TrendMicroApexOneWorkbook", + "logoFileName": "trendmicro_logo.svg", + "description": "Sets the time name for analysis.", + "dataTypesDependencies": [ "CommonSecurityLog" - ], - "dataConnectorsDependencies": [ + ], + "dataConnectorsDependencies": [ "TrendMicroApexOne" - ], - "previewImagesFileNames": [ + ], + "previewImagesFileNames": [ "TrendMicroApexOneBlack.png", "TrendMicroApexOneWhite.png" - ], - "version": "1.0.0", - "title": "Trend Micro Apex One", - "templateRelativePath": "TrendMicroApexOne.json", - "subtitle": "", - "provider": "TrendMicro" - }, - { - "workbookKey": "ContrastProtect", - "logoFileName": "contrastsecurity_logo.svg", - "description": "Select the time range for this Overview.", - "dataTypesDependencies": [ + ], + "version": "1.0.0", + "title": "Trend Micro Apex One", + "templateRelativePath": "TrendMicroApexOne.json", + "subtitle": "", + "provider": "TrendMicro" +}, +{ + "workbookKey": "ContrastProtect", + "logoFileName": "contrastsecurity_logo.svg", + "description": "Select the time range for this Overview.", + "dataTypesDependencies": [ "CommonSecurityLog" - ], - "dataConnectorsDependencies": [ + ], + "dataConnectorsDependencies": [ "ContrastProtect" - ], - "previewImagesFileNames": [ + ], + "previewImagesFileNames": [ "ContrastProtectAllBlack.png", "ContrastProtectAllWhite.png", "ContrastProtectEffectiveBlack.png", "ContrastProtectEffectiveWhite.png", "ContrastProtectSummaryBlack.png", "ContrastProtectSummaryWhite.png" - ], - "version": "1.0.0", - "title": "Contrast Protect", - "templateRelativePath": "ContrastProtect.json", - "subtitle": "", - "provider": "contrast security" - }, - { - "workbookKey": "ArmorbloxOverview", - "logoFileName": "armorblox.svg", - "description": "INCIDENTS FROM SELECTED TIME RANGE", - "dataTypesDependencies": [ + ], + "version": "1.0.0", + "title": "Contrast Protect", + "templateRelativePath": "ContrastProtect.json", + "subtitle": "", + "provider": "contrast security" +}, +{ + "workbookKey": "ArmorbloxOverview", + "logoFileName": "armorblox.svg", + "description": "INCIDENTS FROM SELECTED TIME RANGE", + "dataTypesDependencies": [ "Armorblox_CL" - ], - "dataConnectorsDependencies": [ + ], + "dataConnectorsDependencies": [ "Armorblox" - ], - "previewImagesFileNames": [ + ], + "previewImagesFileNames": [ "ArmorbloxOverviewBlack01.png", "ArmorbloxOverviewBlack02.png", "ArmorbloxOverviewWhite01.png", "ArmorbloxOverviewWhite02.png" - ], - "version": "1.0.0", - "title": "Armorblox", - "templateRelativePath": "ArmorbloxOverview.json", - "subtitle": "", - "provider": "Armorblox" - }, - { - "workbookKey": "PaloAltoCDL", - "logoFileName": "paloalto_logo.svg", - "description": "Sets the time name for analysis", - "dataTypesDependencies": [ + ], + "version": "1.0.0", + "title": "Armorblox", + "templateRelativePath": "ArmorbloxOverview.json", + "subtitle": "", + "provider": "Armorblox" +}, +{ + "workbookKey": "PaloAltoCDL", + "logoFileName": "paloalto_logo.svg", + "description": "Sets the time name for analysis", + "dataTypesDependencies": [ "CommonSecurityLog" - ], - "dataConnectorsDependencies": [ + ], + "dataConnectorsDependencies": [ "PaloAltoCDL" - ], - "previewImagesFileNames": [ + ], + "previewImagesFileNames": [ "PaloAltoBlack.png", "PaloAltoWhite.png" - ], - "version": "1.0.0", - "title": "Palo Alto Networks Cortex Data Lake", - "templateRelativePath": "PaloAltoCDL.json", - "subtitle": "", - "provider": "Palo Alto Networks" - }, - { - "workbookKey": "VMwareCarbonBlack", - "logoFileName": "Azure_Sentinel.svg", - "description": "Sets the time name for analysis", - "dataTypesDependencies": [ + ], + "version": "1.0.0", + "title": "Palo Alto Networks Cortex Data Lake", + "templateRelativePath": "PaloAltoCDL.json", + "subtitle": "", + "provider": "Palo Alto Networks" +}, +{ + "workbookKey": "VMwareCarbonBlack", + "logoFileName": "Azure_Sentinel.svg", + "description": "Sets the time name for analysis", + "dataTypesDependencies": [ "CarbonBlackEvents_CL", "CarbonBlackAuditLogs_CL", "CarbonBlackNotifications_CL" - ], - "dataConnectorsDependencies": [ + ], + "dataConnectorsDependencies": [ "VMwareCarbonBlack" - ], - "previewImagesFileNames": [ + ], + "previewImagesFileNames": [ "VMwareCarbonBlack.png", "VMwareCarbonWhite.png" - ], - "version": "1.0.0", - "title": "VMware Carbon Black Cloud", - "templateRelativePath": "VMwareCarbonBlack.json", - "subtitle": "", - "provider": "Microsoft" - }, - { - "workbookKey": "arista-networks", - "logoFileName": "AristaAwakeSecurity.svg", - "description": "Sets the time name for analysis", - "dataTypesDependencies": [ + ], + "version": "1.0.0", + "title": "VMware Carbon Black Cloud", + "templateRelativePath": "VMwareCarbonBlack.json", + "subtitle": "", + "provider": "Microsoft" +}, +{ + "workbookKey": "arista-networks", + "logoFileName": "AristaAwakeSecurity.svg", + "description": "Sets the time name for analysis", + "dataTypesDependencies": [ "CommonSecurityLog" - ], - "dataConnectorsDependencies": [ + ], + "dataConnectorsDependencies": [ "AristaAwakeSecurity" - ], - "previewImagesFileNames": [ + ], + "previewImagesFileNames": [ "AristaAwakeSecurityDevicesBlack.png", "AristaAwakeSecurityDevicesWhite.png", "AristaAwakeSecurityModelsBlack.png", "AristaAwakeSecurityModelsWhite.png", "AristaAwakeSecurityOverviewBlack.png", "AristaAwakeSecurityOverviewWhite.png" - ], - "version": "1.0.0", - "title": "Arista Awake", - "templateRelativePath": "AristaAwakeSecurityWorkbook.json", - "subtitle": "", - "provider": "Arista Networks" - }, - { - "workbookKey": "TomcatWorkbook", - "logoFileName": "Azure_Sentinel.svg", - "description": "Sets the time name for analysis", - "dataTypesDependencies": [ + ], + "version": "1.0.0", + "title": "Arista Awake", + "templateRelativePath": "AristaAwakeSecurityWorkbook.json", + "subtitle": "", + "provider": "Arista Networks" +}, +{ + "workbookKey": "TomcatWorkbook", + "logoFileName": "Azure_Sentinel.svg", + "description": "Sets the time name for analysis", + "dataTypesDependencies": [ "Tomcat_CL" - ], - "dataConnectorsDependencies": [ + ], + "dataConnectorsDependencies": [ "ApacheTomcat" - ], - "previewImagesFileNames": [ + ], + "previewImagesFileNames": [ "TomcatBlack.png", "TomcatWhite.png" - ], - "version": "1.0.0", - "title": "ApacheTomcat", - "templateRelativePath": "Tomcat.json", - "subtitle": "", - "provider": "Apache" - }, - { - "workbookKey": "ClarotyWorkbook", - "logoFileName": "Azure_Sentinel.svg", - "description": "Sets the time name for analysis", - "dataTypesDependencies": [ + ], + "version": "1.0.0", + "title": "ApacheTomcat", + "templateRelativePath": "Tomcat.json", + "subtitle": "", + "provider": "Apache" +}, +{ + "workbookKey": "ClarotyWorkbook", + "logoFileName": "Azure_Sentinel.svg", + "description": "Sets the time name for analysis", + "dataTypesDependencies": [ "CommonSecurityLog" - ], - "dataConnectorsDependencies": [ + ], + "dataConnectorsDependencies": [ "Claroty" - ], - "previewImagesFileNames": [ + ], + "previewImagesFileNames": [ "ClarotyBlack.png", "ClarotyWhite.png" - ], - "version": "1.0.0", - "title": "Claroty", - "templateRelativePath": "ClarotyOverview.json", - "subtitle": "", - "provider": "Claroty" - }, - { - "workbookKey": "ApacheHTTPServerWorkbook", - "logoFileName": "apache.svg", - "description": "Sets the time name for analysis", - "dataTypesDependencies": [ + ], + "version": "1.0.0", + "title": "Claroty", + "templateRelativePath": "ClarotyOverview.json", + "subtitle": "", + "provider": "Claroty" +}, +{ + "workbookKey": "ApacheHTTPServerWorkbook", + "logoFileName": "apache.svg", + "description": "Sets the time name for analysis", + "dataTypesDependencies": [ "ApacheHTTPServer_CL" - ], - "dataConnectorsDependencies": [ + ], + "dataConnectorsDependencies": [ "ApacheHTTPServer" - ], - "previewImagesFileNames": [ + ], + "previewImagesFileNames": [ "ApacheHTTPServerOverviewBlack01.png", "ApacheHTTPServerOverviewBlack02.png", "ApacheHTTPServerOverviewWhite01.png", "ApacheHTTPServerOverviewWhite02.png" - ], - "version": "1.0.0", - "title": "Apache HTTP Server", - "templateRelativePath": "ApacheHTTPServer.json", - "subtitle": "", - "provider": "Apache Software Foundation" - }, - { - "workbookKey": "OCIWorkbook", - "logoFileName": "Azure_Sentinel.svg", - "description": "Sets the time name for analysis", - "dataTypesDependencies": [ + ], + "version": "1.0.0", + "title": "Apache HTTP Server", + "templateRelativePath": "ApacheHTTPServer.json", + "subtitle": "", + "provider": "Apache Software Foundation" +}, +{ + "workbookKey": "OCIWorkbook", + "logoFileName": "Azure_Sentinel.svg", + "description": "Sets the time name for analysis", + "dataTypesDependencies": [ "OCI_Logs_CL" - ], - "dataConnectorsDependencies": [ + ], + "dataConnectorsDependencies": [ "OracleCloudInfrastructureLogsConnector" - ], - "previewImagesFileNames": [ + ], + "previewImagesFileNames": [ "OCIBlack.png", "OCIWhite.png" - ], - "version": "1.0.0", - "title": "Oracle Cloud Infrastructure", - "templateRelativePath": "OracleCloudInfrastructureOCI.json", - "subtitle": "", - "provider": "Microsoft" - }, - { - "workbookKey": "OracleWeblogicServerWorkbook", - "logoFileName": "Azure_Sentinel.svg", - "description": "Sets the time name for analysis", - "dataTypesDependencies": [ + ], + "version": "1.0.0", + "title": "Oracle Cloud Infrastructure", + "templateRelativePath": "OracleCloudInfrastructureOCI.json", + "subtitle": "", + "provider": "Microsoft" +}, +{ + "workbookKey": "OracleWeblogicServerWorkbook", + "logoFileName": "Azure_Sentinel.svg", + "description": "Sets the time name for analysis", + "dataTypesDependencies": [ "OracleWebLogicServer_CL" - ], - "dataConnectorsDependencies": [ + ], + "dataConnectorsDependencies": [ "OracleWebLogicServer" - ], - "previewImagesFileNames": [ + ], + "previewImagesFileNames": [ "OracleWeblogicServerBlack.png", "OracleWeblogicServerWhite.png" - ], - "version": "1.0.0", - "title": "Oracle WebLogic Server", - "templateRelativePath": "OracleWorkbook.json", - "subtitle": "", - "provider": "Oracle" - }, - { - "workbookKey": "BitglassWorkbook", - "logoFileName": "Azure_Sentinel.svg", - "description": "Sets the time name for analysis", - "dataTypesDependencies": [ + ], + "version": "1.0.0", + "title": "Oracle WebLogic Server", + "templateRelativePath": "OracleWorkbook.json", + "subtitle": "", + "provider": "Oracle" +}, +{ + "workbookKey": "BitglassWorkbook", + "logoFileName": "Azure_Sentinel.svg", + "description": "Sets the time name for analysis", + "dataTypesDependencies": [ "BitglassLogs_CL" - ], - "dataConnectorsDependencies": [ + ], + "dataConnectorsDependencies": [ "Bitglass" - ], - "previewImagesFileNames": [ + ], + "previewImagesFileNames": [ "BitglassBlack.png", "BitglassWhite.png" - ], - "version": "1.0.0", - "title": "Bitglass", - "templateRelativePath": "Bitglass.json", - "subtitle": "", - "provider": "Bitglass" - }, - { - "workbookKey": "NGINXWorkbook", - "logoFileName": "Azure_Sentinel.svg", - "description": "Sets the time name for analysis", - "dataTypesDependencies": [ + ], + "version": "1.0.0", + "title": "Bitglass", + "templateRelativePath": "Bitglass.json", + "subtitle": "", + "provider": "Bitglass" +}, +{ + "workbookKey": "NGINXWorkbook", + "logoFileName": "Azure_Sentinel.svg", + "description": "Sets the time name for analysis", + "dataTypesDependencies": [ "NGINX_CL" - ], - "dataConnectorsDependencies": [ + ], + "dataConnectorsDependencies": [ "NGINXHTTPServer" - ], - "previewImagesFileNames": [ + ], + "previewImagesFileNames": [ "NGINXOverviewBlack01.png", "NGINXOverviewBlack02.png", "NGINXOverviewWhite01.png", "NGINXOverviewWhite02.png" - ], - "version": "1.0.0", - "title": "NGINX HTTP Server", - "templateRelativePath": "NGINX.json", - "subtitle": "", - "provider": "Microsoft" - }, - { - "workbookKey": "vArmourAppContollerWorkbook", - "logoFileName": "varmour-logo.svg", - "description": "Sets the time name for analysis", - "dataTypesDependencies": [ + ], + "version": "1.0.0", + "title": "NGINX HTTP Server", + "templateRelativePath": "NGINX.json", + "subtitle": "", + "provider": "Microsoft" +}, +{ + "workbookKey": "vArmourAppContollerWorkbook", + "logoFileName": "varmour-logo.svg", + "description": "Sets the time name for analysis", + "dataTypesDependencies": [ "CommonSecurityLog" - ], - "dataConnectorsDependencies": [ + ], + "dataConnectorsDependencies": [ "vArmourAC", "vArmourACAma" - ], - "previewImagesFileNames": [ + ], + "previewImagesFileNames": [ "vArmourAppControllerAppBlack.png", "vArmourAppControllerAppBlack-1.png", "vArmourAppControllerAppBlack-2.png", @@ -3699,24 +3662,24 @@ "vArmourAppControllerAppWhite-5.png", "vArmourAppControllerAppWhite-6.png", "vArmourAppControllerAppWhite-7.png" - ], - "version": "1.0.0", - "title": "vArmour Application Controller", - "templateRelativePath": "vArmour_AppContoller_Workbook.json", - "subtitle": "", - "provider": "vArmour" - }, - { - "workbookKey": "CorelightWorkbook", - "logoFileName": "corelight.svg", - "description": "Sets the time name for analysis", - "dataTypesDependencies": [ + ], + "version": "1.0.0", + "title": "vArmour Application Controller", + "templateRelativePath": "vArmour_AppContoller_Workbook.json", + "subtitle": "", + "provider": "vArmour" +}, +{ + "workbookKey": "CorelightWorkbook", + "logoFileName": "corelight.svg", + "description": "Sets the time name for analysis", + "dataTypesDependencies": [ "Corelight_CL" - ], - "dataConnectorsDependencies": [ + ], + "dataConnectorsDependencies": [ "Corelight" - ], - "previewImagesFileNames": [ + ], + "previewImagesFileNames": [ "CorelightConnectionsBlack1.png", "CorelightConnectionsBlack2.png", "CorelightConnectionsWhite1.png", @@ -3731,596 +3694,594 @@ "CorelightMainWhite1.png", "CorelightSoftwareBlack1.png", "CorelightSoftwareWhite1.png" - ], - "version": "1.0.0", - "title": "Corelight", - "templateRelativePath": "Corelight.json", - "subtitle": "", - "provider": "Corelight" - }, - { - "workbookKey": "LookoutEvents", - "logoFileName": "lookout.svg", - "description": "Sets the time name for analysis", - "dataTypesDependencies": [ + ], + "version": "1.0.0", + "title": "Corelight", + "templateRelativePath": "Corelight.json", + "subtitle": "", + "provider": "Corelight" +}, +{ + "workbookKey": "LookoutEvents", + "logoFileName": "lookout.svg", + "description": "Sets the time name for analysis", + "dataTypesDependencies": [ "Lookout_CL" - ], - "dataConnectorsDependencies": [ + ], + "dataConnectorsDependencies": [ "LookoutAPI" - ], - "previewImagesFileNames": [ + ], + "previewImagesFileNames": [ "SampleLookoutWorkBookBlack.png", "SampleLookoutWorkBookWhite.png" - ], - "version": "1.0.0", - "title": "Lookout", - "templateRelativePath": "LookoutEvents.json", - "subtitle": "", - "provider": "Lookout" - }, - { - "workbookKey": "sentinel-MicrosoftPurview", - "logoFileName": "MicrosoftPurview.svg", - "description": "Sets the time name for analysis", - "dataTypesDependencies": [ + ], + "version": "1.0.0", + "title": "Lookout", + "templateRelativePath": "LookoutEvents.json", + "subtitle": "", + "provider": "Lookout" +}, +{ + "workbookKey": "sentinel-MicrosoftPurview", + "logoFileName": "MicrosoftPurview.svg", + "description": "Sets the time name for analysis", + "dataTypesDependencies": [ "AzureDiagnostics" - ], - "dataConnectorsDependencies": [ + ], + "dataConnectorsDependencies": [ "MicrosoftAzurePurview" - ], - "previewImagesFileNames": [ + ], + "previewImagesFileNames": [ "" - ], - "version": "1.0.0", - "title": "Microsoft Purview", - "templateRelativePath": "MicrosoftPurview.json", - "subtitle": "", - "provider": "Microsoft" - }, - { - "workbookKey": "InfobloxCDCB1TDWorkbook", - "logoFileName": "infoblox_logo.svg", - "description": "Sets the time name for analysis", - "dataTypesDependencies": [ + ], + "version": "1.0.0", + "title": "Microsoft Purview", + "templateRelativePath": "MicrosoftPurview.json", + "subtitle": "", + "provider": "Microsoft" +}, +{ + "workbookKey": "InfobloxCDCB1TDWorkbook", + "logoFileName": "infoblox_logo.svg", + "description": "Sets the time name for analysis", + "dataTypesDependencies": [ "CommonSecurityLog" - ], - "dataConnectorsDependencies": [ + ], + "dataConnectorsDependencies": [ "InfobloxCloudDataConnector" - ], - "previewImagesFileNames": [ + ], + "previewImagesFileNames": [ "InfobloxCDCB1TDBlack.png", "InfobloxCDCB1TDWhite.png" - ], - "version": "1.0.0", - "title": "Infoblox Cloud Data Connector", - "templateRelativePath": "InfobloxCDCB1TDWorkbook.json", - "subtitle": "", - "provider": "InfoBlox" - }, - { - "workbookKey": "UbiquitiUniFiWorkbook", - "logoFileName": "ubiquiti.svg", - "description": "Sets the time name for analysis", - "dataTypesDependencies": [ + ], + "version": "1.0.0", + "title": "Infoblox Cloud Data Connector", + "templateRelativePath": "InfobloxCDCB1TDWorkbook.json", + "subtitle": "", + "provider": "InfoBlox" +}, +{ + "workbookKey": "UbiquitiUniFiWorkbook", + "logoFileName": "ubiquiti.svg", + "description": "Sets the time name for analysis", + "dataTypesDependencies": [ "Ubiquiti_CL" - ], - "dataConnectorsDependencies": [ + ], + "dataConnectorsDependencies": [ "UbiquitiUnifi" - ], - "previewImagesFileNames": [ + ], + "previewImagesFileNames": [ "UbiquitiOverviewBlack01.png", "UbiquitiOverviewBlack02.png", "UbiquitiOverviewWhite01.png", "UbiquitiOverviewWhite02.png" - ], - "version": "1.0.0", - "title": "Ubiquiti UniFi", - "templateRelativePath": "Ubiquiti.json", - "subtitle": "", - "provider": "Microsoft" - }, - { - "workbookKey": "VMwareESXiWorkbook", - "logoFileName": "Azure_Sentinel.svg", - "description": "Sets the time name for analysis", - "dataTypesDependencies": [ + ], + "version": "1.0.0", + "title": "Ubiquiti UniFi", + "templateRelativePath": "Ubiquiti.json", + "subtitle": "", + "provider": "Microsoft" +}, +{ + "workbookKey": "VMwareESXiWorkbook", + "logoFileName": "Azure_Sentinel.svg", + "description": "Sets the time name for analysis", + "dataTypesDependencies": [ "Syslog" - ], - "dataConnectorsDependencies": [ + ], + "dataConnectorsDependencies": [ "VMwareESXi" - ], - "previewImagesFileNames": [ + ], + "previewImagesFileNames": [ "VMWareESXiBlack.png", "VMWareESXiWhite.png" - ], - "version": "1.0.0", - "title": "VMware ESXi", - "templateRelativePath": "VMWareESXi.json", - "subtitle": "", - "provider": "Microsoft" - }, - { - "workbookKey": "SnowflakeWorkbook", - "logoFileName": "Azure_Sentinel.svg", - "description": "Sets the time name for analysis", - "dataTypesDependencies": [ + ], + "version": "1.0.0", + "title": "VMware ESXi", + "templateRelativePath": "VMWareESXi.json", + "subtitle": "", + "provider": "Microsoft" +}, +{ + "workbookKey": "SnowflakeWorkbook", + "logoFileName": "Azure_Sentinel.svg", + "description": "Sets the time name for analysis", + "dataTypesDependencies": [ "Snowflake_CL" - ], - "dataConnectorsDependencies": [ + ], + "dataConnectorsDependencies": [ "SnowflakeDataConnector" - ], - "previewImagesFileNames": [ + ], + "previewImagesFileNames": [ "SnowflakeBlack.png", "SnowflakeWhite.png" - ], - "version": "1.0.0", - "title": "Snowflake", - "templateRelativePath": "Snowflake.json", - "subtitle": "", - "provider": "Snowflake" - }, - { - "workbookKey": "LastPassWorkbook", - "logoFileName": "LastPass.svg", - "description": "Sets the time name for analysis", - "dataTypesDependencies": [ + ], + "version": "1.0.0", + "title": "Snowflake", + "templateRelativePath": "Snowflake.json", + "subtitle": "", + "provider": "Snowflake" +}, +{ + "workbookKey": "LastPassWorkbook", + "logoFileName": "LastPass.svg", + "description": "Sets the time name for analysis", + "dataTypesDependencies": [ "LastPassNativePoller_CL" - ], - "dataConnectorsDependencies": [ + ], + "dataConnectorsDependencies": [ "LastPassAPIConnector" - ], - "previewImagesFileNames": [ + ], + "previewImagesFileNames": [ "LastPassBlack.png", "LastPassWhite.png" - ], - "version": "1.0.0", - "title": "Lastpass Enterprise Activity Monitoring", - "templateRelativePath": "LastPassWorkbook.json", - "subtitle": "", - "provider": "LastPass" - }, - { - "workbookKey": "SecurityBridgeWorkbook", - "logoFileName": "SecurityBridgeLogo-Vector-TM_75x75.svg", - "description": "Sets the time name for analysis", - "dataTypesDependencies": [ + ], + "version": "1.0.0", + "title": "Lastpass Enterprise Activity Monitoring", + "templateRelativePath": "LastPassWorkbook.json", + "subtitle": "", + "provider": "LastPass" +}, +{ + "workbookKey": "SecurityBridgeWorkbook", + "logoFileName": "SecurityBridgeLogo-Vector-TM_75x75.svg", + "description": "Sets the time name for analysis", + "dataTypesDependencies": [ "SecurityBridgeLogs" - ], - "dataConnectorsDependencies": [ + ], + "dataConnectorsDependencies": [ "SecurityBridgeSAP" - ], - "previewImagesFileNames": [ - "" - ], - "version": "1.0.0", - "title": "SecurityBridge App", - "templateRelativePath": "SecurityBridgeThreatDetectionforSAP.json", - "subtitle": "", - "provider": "SecurityBridge" - }, - { - "workbookKey": "PaloAltoPrismaCloudWorkbook", - "logoFileName": "paloalto_logo.svg", - "description": "Sets the time name for analysis.", - "dataTypesDependencies": [ + ], + "previewImagesFileNames": [""], + "version": "1.0.0", + "title": "SecurityBridge App", + "templateRelativePath": "SecurityBridgeThreatDetectionforSAP.json", + "subtitle": "", + "provider": "SecurityBridge" +}, +{ + "workbookKey": "PaloAltoPrismaCloudWorkbook", + "logoFileName": "paloalto_logo.svg", + "description": "Sets the time name for analysis.", + "dataTypesDependencies": [ "PaloAltoPrismaCloudAlert_CL", "PaloAltoPrismaCloudAudit_CL" - ], - "dataConnectorsDependencies": [ + ], + "dataConnectorsDependencies": [ "PaloAltoPrismaCloud" - ], - "previewImagesFileNames": [ + ], + "previewImagesFileNames": [ "PaloAltoPrismaCloudBlack01.png", "PaloAltoPrismaCloudBlack02.png", "PaloAltoPrismaCloudWhite01.png", "PaloAltoPrismaCloudWhite02.png" - ], - "version": "1.0.0", - "title": "Palo Alto Prisma", - "templateRelativePath": "PaloAltoPrismaCloudOverview.json", - "subtitle": "", - "provider": "Microsoft" - }, - { - "workbookKey": "PingFederateWorkbook", - "logoFileName": "PingIdentity.svg", - "description": "Sets the time name for analysis", - "dataTypesDependencies": [ + ], + "version": "1.0.0", + "title": "Palo Alto Prisma", + "templateRelativePath": "PaloAltoPrismaCloudOverview.json", + "subtitle": "", + "provider": "Microsoft" +}, +{ + "workbookKey": "PingFederateWorkbook", + "logoFileName": "PingIdentity.svg", + "description": "Sets the time name for analysis", + "dataTypesDependencies": [ "PingFederateEvent" - ], - "dataConnectorsDependencies": [ + ], + "dataConnectorsDependencies": [ "PingFederate" - ], - "previewImagesFileNames": [ + ], + "previewImagesFileNames": [ "PingFederateBlack1.png", "PingFederateWhite1.png" - ], - "version": "1.0.0", - "title": "PingFederate", - "templateRelativePath": "PingFederate.json", - "subtitle": "", - "provider": "Microsoft" - }, - { - "workbookKey": "McAfeeePOWorkbook", - "logoFileName": "mcafee_logo.svg", - "description": "Sets the time name for analysis", - "dataTypesDependencies": [ + ], + "version": "1.0.0", + "title": "PingFederate", + "templateRelativePath": "PingFederate.json", + "subtitle": "", + "provider": "Microsoft" +}, +{ + "workbookKey": "McAfeeePOWorkbook", + "logoFileName": "mcafee_logo.svg", + "description": "Sets the time name for analysis", + "dataTypesDependencies": [ "McAfeeEPOEvent" - ], - "dataConnectorsDependencies": [ + ], + "dataConnectorsDependencies": [ "McAfeeePO" - ], - "previewImagesFileNames": [ + ], + "previewImagesFileNames": [ "McAfeeePOBlack1.png", "McAfeeePOBlack2.png", "McAfeeePOWhite1.png", "McAfeeePOWhite2.png" - ], - "version": "1.0.0", - "title": "McAfee ePolicy Orchestrator", - "templateRelativePath": "McAfeeePOOverview.json", - "subtitle": "", - "provider": "Microsoft" - }, - { - "workbookKey": "OracleDatabaseAudit", - "logoFileName": "oracle_logo.svg", - "description": "Sets the time name for analysis", - "dataTypesDependencies": [ + ], + "version": "1.0.0", + "title": "McAfee ePolicy Orchestrator", + "templateRelativePath": "McAfeeePOOverview.json", + "subtitle": "", + "provider": "Microsoft" +}, +{ + "workbookKey": "OracleDatabaseAudit", + "logoFileName": "oracle_logo.svg", + "description": "Sets the time name for analysis", + "dataTypesDependencies": [ "Syslog" - ], - "dataConnectorsDependencies": [ + ], + "dataConnectorsDependencies": [ "OracleDatabaseAudit" - ], - "previewImagesFileNames": [ + ], + "previewImagesFileNames": [ "OracleDatabaseAuditBlack1.png", "OracleDatabaseAuditBlack2.png", "OracleDatabaseAuditWhite1.png", "OracleDatabaseAuditWhite2.png" - ], - "version": "1.0.0", - "title": "Oracle Database Audit", - "templateRelativePath": "OracleDatabaseAudit.json", - "subtitle": "", - "provider": "Oracle" - }, - { - "workbookKey": "SenservaProAnalyticsWorkbook", - "logoFileName": "SenservaPro_logo.svg", - "description": "Sets the time name for analysis", - "dataTypesDependencies": [ + ], + "version": "1.0.0", + "title": "Oracle Database Audit", + "templateRelativePath": "OracleDatabaseAudit.json", + "subtitle": "", + "provider": "Oracle" +}, +{ + "workbookKey": "SenservaProAnalyticsWorkbook", + "logoFileName": "SenservaPro_logo.svg", + "description": "Sets the time name for analysis", + "dataTypesDependencies": [ "SenservaPro_CL" - ], - "dataConnectorsDependencies": [ + ], + "dataConnectorsDependencies": [ "SenservaPro" - ], - "previewImagesFileNames": [ + ], + "previewImagesFileNames": [ "SenservaProAnalyticsBlack.png", "SenservaProAnalyticsWhite.png" - ], - "version": "1.0.0", - "title": "SenservaProAnalytics", - "templateRelativePath": "SenservaProAnalyticsWorkbook.json", - "subtitle": "", - "provider": "Senserva Pro" - }, - { - "workbookKey": "SenservaProMultipleWorkspaceWorkbook", - "logoFileName": "SenservaPro_logo.svg", - "description": "Sets the time name for analysis", - "dataTypesDependencies": [ + ], + "version": "1.0.0", + "title": "SenservaProAnalytics", + "templateRelativePath": "SenservaProAnalyticsWorkbook.json", + "subtitle": "", + "provider": "Senserva Pro" +}, +{ + "workbookKey": "SenservaProMultipleWorkspaceWorkbook", + "logoFileName": "SenservaPro_logo.svg", + "description": "Sets the time name for analysis", + "dataTypesDependencies": [ "SenservaPro_CL" - ], - "dataConnectorsDependencies": [ + ], + "dataConnectorsDependencies": [ "SenservaPro" - ], - "previewImagesFileNames": [ + ], + "previewImagesFileNames": [ "SenservaProMultipleWorkspaceWorkbookBlack.png", "SenservaProMultipleWorkspaceWorkbookWhite.png" - ], - "version": "1.0.0", - "title": "SenservaProMultipleWorkspace", - "templateRelativePath": "SenservaProMultipleWorkspaceWorkbook.json", - "subtitle": "", - "provider": "Senserva Pro" - }, - { - "workbookKey": "SenservaProSecureScoreMultiTenantWorkbook", - "logoFileName": "SenservaPro_logo.svg", - "description": "Sets the time name for analysis", - "dataTypesDependencies": [ + ], + "version": "1.0.0", + "title": "SenservaProMultipleWorkspace", + "templateRelativePath": "SenservaProMultipleWorkspaceWorkbook.json", + "subtitle": "", + "provider": "Senserva Pro" +}, +{ + "workbookKey": "SenservaProSecureScoreMultiTenantWorkbook", + "logoFileName": "SenservaPro_logo.svg", + "description": "Sets the time name for analysis", + "dataTypesDependencies": [ "SenservaPro_CL" - ], - "dataConnectorsDependencies": [ + ], + "dataConnectorsDependencies": [ "SenservaPro" - ], - "previewImagesFileNames": [ + ], + "previewImagesFileNames": [ "SenservaProSecureScoreMultiTenantBlack.png", "SenservaProSecureScoreMultiTenantWhite.png" - ], - "version": "1.0.0", - "title": "SenservaProSecureScoreMultiTenant", - "templateRelativePath": "SenservaProSecureScoreMultiTenantWorkbook.json", - "subtitle": "", - "provider": "Senserva Pro" - }, - { - "workbookKey": "CiscoSecureEndpointOverviewWorkbook", - "logoFileName": "cisco-logo-72px.svg", - "description": "Sets the time name for analysis", - "dataTypesDependencies": [ + ], + "version": "1.0.0", + "title": "SenservaProSecureScoreMultiTenant", + "templateRelativePath": "SenservaProSecureScoreMultiTenantWorkbook.json", + "subtitle": "", + "provider": "Senserva Pro" +}, +{ + "workbookKey": "CiscoSecureEndpointOverviewWorkbook", + "logoFileName": "cisco-logo-72px.svg", + "description": "Sets the time name for analysis", + "dataTypesDependencies": [ "CiscoSecureEndpoint" - ], - "dataConnectorsDependencies": [ + ], + "dataConnectorsDependencies": [ "CiscoSecureEndpoint" - ], - "previewImagesFileNames": [ + ], + "previewImagesFileNames": [ "CiscoSecureEndpointBlack.png", "CiscoSecureEndpointWhite.png" - ], - "version": "1.0.0", - "title": "Cisco Secure Endpoint", - "templateRelativePath": "Cisco Secure Endpoint Overview.json", - "subtitle": "", - "provider": "Cisco" - }, - { - "workbookKey": "InfoSecGlobalWorkbook", - "logoFileName": "infosecglobal.svg", - "description": "Sets the time name for analysis.", - "dataTypesDependencies": [ + ], + "version": "1.0.0", + "title": "Cisco Secure Endpoint", + "templateRelativePath": "Cisco Secure Endpoint Overview.json", + "subtitle": "", + "provider": "Cisco" +}, +{ + "workbookKey": "InfoSecGlobalWorkbook", + "logoFileName": "infosecglobal.svg", + "description": "Sets the time name for analysis.", + "dataTypesDependencies": [ "InfoSecAnalytics_CL" - ], - "dataConnectorsDependencies": [ + ], + "dataConnectorsDependencies": [ "InfoSecDataConnector" - ], - "previewImagesFileNames": [ + ], + "previewImagesFileNames": [ "InfoSecGlobalWorkbookBlack.png", "InfoSecGlobalWorkbookWhite.png" - ], - "version": "1.0.0", - "title": "AgileSec Analytics Connector", - "templateRelativePath": "InfoSecGlobal.json", - "subtitle": "", - "provider": "InfoSecGlobal" - }, - { - "workbookKey": "CrowdStrikeFalconEndpointProtectionWorkbook", - "logoFileName": "crowdstrike.svg", - "description": "Sets the time name for analysis", - "dataTypesDependencies": [ + ], + "version": "1.0.0", + "title": "AgileSec Analytics Connector", + "templateRelativePath": "InfoSecGlobal.json", + "subtitle": "", + "provider": "InfoSecGlobal" +}, +{ + "workbookKey": "CrowdStrikeFalconEndpointProtectionWorkbook", + "logoFileName": "crowdstrike.svg", + "description": "Sets the time name for analysis", + "dataTypesDependencies": [ "CrowdstrikeReplicatorLogs_CL" - ], - "dataConnectorsDependencies": [ + ], + "dataConnectorsDependencies": [ "CrowdstrikeReplicator" - ], - "previewImagesFileNames": [ + ], + "previewImagesFileNames": [ "CrowdStrikeFalconEndpointProtectionBlack.png", "CrowdStrikeFalconEndpointProtectionWhite.png" - ], - "version": "1.0.0", - "title": "CrowdStrike Falcon Endpoint Protection", - "templateRelativePath": "CrowdStrikeFalconEndpointProtection.json", - "subtitle": "", - "provider": "Microsoft" - }, - { - "workbookKey": "IronDefenseAlertDashboard", - "logoFileName": "IronNet.svg", - "description": "Sets the time name for analysis", - "dataTypesDependencies": [ + ], + "version": "1.0.0", + "title": "CrowdStrike Falcon Endpoint Protection", + "templateRelativePath": "CrowdStrikeFalconEndpointProtection.json", + "subtitle": "", + "provider": "Microsoft" +}, +{ + "workbookKey": "IronDefenseAlertDashboard", + "logoFileName": "IronNet.svg", + "description": "Sets the time name for analysis", + "dataTypesDependencies": [ "CommonSecurityLog" - ], - "dataConnectorsDependencies": [ + ], + "dataConnectorsDependencies": [ "IronNetIronDefense" - ], - "previewImagesFileNames": [ + ], + "previewImagesFileNames": [ "IronDefenseDashboardBlack.png", "IronDefenseDashboardWhite.png" - ], - "version": "1.0.0", - "title": "IronDefenseAlertDashboard", - "templateRelativePath": "IronDefenseAlertDashboard.json", - "subtitle": "", - "provider": "Microsoft" - }, - { - "workbookKey": "IronDefenseAlertDetails", - "logoFileName": "IronNet.svg", - "description": "Sets the time name for analysis", - "dataTypesDependencies": [ + ], + "version": "1.0.0", + "title": "IronDefenseAlertDashboard", + "templateRelativePath": "IronDefenseAlertDashboard.json", + "subtitle": "", + "provider": "Microsoft" +}, +{ + "workbookKey": "IronDefenseAlertDetails", + "logoFileName": "IronNet.svg", + "description": "Sets the time name for analysis", + "dataTypesDependencies": [ "CommonSecurityLog" - ], - "dataConnectorsDependencies": [ + ], + "dataConnectorsDependencies": [ "IronNetIronDefense" - ], - "previewImagesFileNames": [ + ], + "previewImagesFileNames": [ "IronDefenseAlertsBlack.png", "IronDefenseAlertsWhite.png" - ], - "version": "1.0.0", - "title": "IronDefenseAlertDetails", - "templateRelativePath": "IronDefenseAlertDetails.json", - "subtitle": "", - "provider": "Microsoft" - }, - { - "workbookKey": "CiscoSEGWorkbook", - "logoFileName": "cisco-logo-72px.svg", - "description": "Sets the time name for analysis", - "dataTypesDependencies": [ + ], + "version": "1.0.0", + "title": "IronDefenseAlertDetails", + "templateRelativePath": "IronDefenseAlertDetails.json", + "subtitle": "", + "provider": "Microsoft" +}, +{ + "workbookKey": "CiscoSEGWorkbook", + "logoFileName": "cisco-logo-72px.svg", + "description": "Sets the time name for analysis", + "dataTypesDependencies": [ "CommonSecurityLog" - ], - "dataConnectorsDependencies": [ + ], + "dataConnectorsDependencies": [ "CiscoSEG" - ], - "previewImagesFileNames": [ + ], + "previewImagesFileNames": [ "CiscoSEGBlack.png", "CiscoSEGWhite.png" - ], - "version": "1.0.0", - "title": "Cisco Secure Email Gateway", - "templateRelativePath": "CiscoSEG.json", - "subtitle": "", - "provider": "Cisco" - }, - { - "workbookKey": "EatonForeseerHealthAndAccess", - "logoFileName": "Azure_Sentinel.svg", - "description": "This workbook gives an insight into the health of all the Windows VMs in this subscription running Eaton Foreseer and the unauthorized access into the Eaton Foreseer application running on these VMs.", - "dataTypesDependencies": [ + ], + "version": "1.0.0", + "title": "Cisco Secure Email Gateway", + "templateRelativePath": "CiscoSEG.json", + "subtitle": "", + "provider": "Cisco" +}, +{ + "workbookKey": "EatonForeseerHealthAndAccess", + "logoFileName": "Azure_Sentinel.svg", + "description": "This workbook gives an insight into the health of all the Windows VMs in this subscription running Eaton Foreseer and the unauthorized access into the Eaton Foreseer application running on these VMs.", + "dataTypesDependencies": [ "SecurityEvent" - ], - "dataConnectorsDependencies": [], - "previewImagesFileNames": [ + ], + "dataConnectorsDependencies": [], + "previewImagesFileNames": [ "EatonForeseerHealthAndAccessBlack.png", "EatonForeseerHealthAndAccessWhite.png" - ], - "version": "1.0.0", - "title": "EatonForeseerHealthAndAccess", - "templateRelativePath": "EatonForeseerHealthAndAccess.json", - "subtitle": "", - "provider": "Eaton" - }, - { - "workbookKey": "PCIDSSComplianceWorkbook", - "logoFileName": "Azure_Sentinel.svg", - "description": "Choose your subscription and workspace in which PCI assets are deployed", - "dataTypesDependencies": [ + ], + "version": "1.0.0", + "title": "EatonForeseerHealthAndAccess", + "templateRelativePath": "EatonForeseerHealthAndAccess.json", + "subtitle": "", + "provider": "Eaton" +}, +{ + "workbookKey": "PCIDSSComplianceWorkbook", + "logoFileName": "Azure_Sentinel.svg", + "description": "Choose your subscription and workspace in which PCI assets are deployed", + "dataTypesDependencies": [ "AzureDaignostics", "SecurityEvent", "SecurityAlert", "OracleDatabaseAuditEvent", "Syslog", "Anomalies" - ], - "dataConnectorsDependencies": [], - "previewImagesFileNames": [ + ], + "dataConnectorsDependencies": [], + "previewImagesFileNames": [ "PCIDSSComplianceBlack01.PNG", "PCIDSSComplianceBlack02.PNG", "PCIDSSComplianceWhite01.PNG", "PCIDSSComplianceWhite02.PNG" - ], - "version": "1.0.0", - "title": "PCI DSS Compliance", - "templateRelativePath": "PCIDSSCompliance.json", - "subtitle": "", - "provider": "Microsoft" - }, - { - "workbookKey": "SonraiSecurityWorkbook", - "logoFileName": "Sonrai.svg", - "description": "Sets the time name for analysis", - "dataTypesDependencies": [ + ], + "version": "1.0.0", + "title": "PCI DSS Compliance", + "templateRelativePath": "PCIDSSCompliance.json", + "subtitle": "", + "provider": "Microsoft" +}, +{ + "workbookKey": "SonraiSecurityWorkbook", + "logoFileName": "Sonrai.svg", + "description": "Sets the time name for analysis", + "dataTypesDependencies": [ "Sonrai_Tickets_CL" - ], - "dataConnectorsDependencies": [ + ], + "dataConnectorsDependencies": [ "SonraiDataConnector" - ], - "previewImagesFileNames": [ + ], + "previewImagesFileNames": [ "SonraiWorkbookBlack.png", "SonraiWorkbookWhite.png" - ], - "version": "1.0.0", - "title": "Sonrai", - "templateRelativePath": "Sonrai.json", - "subtitle": "", - "provider": "Sonrai" - }, - { - "workbookKey": "SemperisDSPWorkbook", - "logoFileName": "Semperis.svg", - "description": "Specify the time range on which to query the data", - "dataTypesDependencies": [ + ], + "version": "1.0.0", + "title": "Sonrai", + "templateRelativePath": "Sonrai.json", + "subtitle": "", + "provider": "Sonrai" +}, +{ + "workbookKey": "SemperisDSPWorkbook", + "logoFileName": "Semperis.svg", + "description": "Specify the time range on which to query the data", + "dataTypesDependencies": [ "dsp_parser" - ], - "dataConnectorsDependencies": [ + ], + "dataConnectorsDependencies": [ "SemperisDSP" - ], - "previewImagesFileNames": [ + ], + "previewImagesFileNames": [ "SemperisDSPOverview1Black.png", "SemperisDSPOverview1White.png", "SemperisDSPOverview2Black.png", "SemperisDSPOverview2White.png", "SemperisDSPOverview3Black.png", "SemperisDSPOverview3White.png" - ], - "version": "1.0.0", - "title": "Semperis Directory Services Protector", - "templateRelativePath": "SemperisDSPWorkbook.json", - "subtitle": "", - "provider": "Semperis" - }, - { - "workbookKey": "BoxWorkbook", - "logoFileName": "box.svg", - "description": "Sets the time name for analysis", - "dataTypesDependencies": [ + ], + "version": "1.0.0", + "title": "Semperis Directory Services Protector", + "templateRelativePath": "SemperisDSPWorkbook.json", + "subtitle": "", + "provider": "Semperis" +}, +{ + "workbookKey": "BoxWorkbook", + "logoFileName": "box.svg", + "description": "Sets the time name for analysis", + "dataTypesDependencies": [ "BoxEvents_CL" - ], - "dataConnectorsDependencies": [ + ], + "dataConnectorsDependencies": [ "BoxDataConnector" - ], - "previewImagesFileNames": [ + ], + "previewImagesFileNames": [ "BoxBlack1.png", "BoxWhite1.png", "BoxBlack2.png", "BoxWhite2.png" - ], - "version": "1.0.0", - "title": "Box", - "templateRelativePath": "Box.json", - "subtitle": "", - "provider": "Box" - }, - { - "workbookKey": "SymantecEndpointProtection", - "logoFileName": "symantec_logo.svg", - "description": "Sets the time name for analysis", - "dataTypesDependencies": [ + ], + "version": "1.0.0", + "title": "Box", + "templateRelativePath": "Box.json", + "subtitle": "", + "provider": "Box" +}, +{ + "workbookKey": "SymantecEndpointProtection", + "logoFileName": "symantec_logo.svg", + "description": "Sets the time name for analysis", + "dataTypesDependencies": [ "SymantecEndpointProtection" - ], - "dataConnectorsDependencies": [ + ], + "dataConnectorsDependencies": [ "SymantecEndpointProtection" - ], - "previewImagesFileNames": [ + ], + "previewImagesFileNames": [ "SymantecEndpointProtectionBlack.png", "SymantecEndpointProtectionWhite.png" - ], - "version": "1.0.0", - "title": "Symantec Endpoint Protection", - "templateRelativePath": "SymantecEndpointProtection.json", - "subtitle": "", - "provider": "Symantec" - }, - { - "workbookKey": "DynamicThreatModeling&Response", - "logoFileName": "Azure_Sentinel.svg", - "description": "Sets the time name for analysis", - "dataTypesDependencies": [ + ], + "version": "1.0.0", + "title": "Symantec Endpoint Protection", + "templateRelativePath": "SymantecEndpointProtection.json", + "subtitle": "", + "provider": "Symantec" +}, +{ + "workbookKey": "DynamicThreatModeling&Response", + "logoFileName": "Azure_Sentinel.svg", + "description": "Sets the time name for analysis", + "dataTypesDependencies": [ "SecurityAlert" - ], - "dataConnectorsDependencies": [], - "previewImagesFileNames": [ + ], + "dataConnectorsDependencies": [], + "previewImagesFileNames": [ "DynamicThreatModeling&ResponseWhite.png", "DynamicThreatModeling&ResponseBlack.png" - ], - "version": "1.0.0", - "title": "Dynamic Threat Modeling Response", - "templateRelativePath": "DynamicThreatModeling&Response.json", - "subtitle": "", - "provider": "Microsoft" - }, - { - "workbookKey": "ThreatAnalysis&Response", - "logoFileName": "Azure_Sentinel.svg", - "description": "The Defenders for IoT workbook provide guided investigations for OT entities based on open incidents, alert notifications, and activities for OT assets. They also provide a hunting experience across the MITRE ATT&CK® framework for ICS, and are designed to enable analysts, security engineers, and MSSPs to gain situational awareness of OT security posture.", - "dataTypesDependencies": [ + ], + "version": "1.0.0", + "title": "Dynamic Threat Modeling Response", + "templateRelativePath": "DynamicThreatModeling&Response.json", + "subtitle": "", + "provider": "Microsoft" +}, +{ + "workbookKey": "ThreatAnalysis&Response", + "logoFileName": "Azure_Sentinel.svg", + "description": "The Defenders for IoT workbook provide guided investigations for OT entities based on open incidents, alert notifications, and activities for OT assets. They also provide a hunting experience across the MITRE ATT&CK® framework for ICS, and are designed to enable analysts, security engineers, and MSSPs to gain situational awareness of OT security posture.", + "dataTypesDependencies": [ "SecurityAlert" - ], - "dataConnectorsDependencies": [], - "previewImagesFileNames": [ + ], + "dataConnectorsDependencies": [], + "previewImagesFileNames": [ "ThreatAnalysis&ResponseWhite1.png", "ThreatAnalysis&ResponseWhite2.png", "ThreatAnalysis&ResponseWhite3.png", @@ -4328,368 +4289,366 @@ "ThreatAnalysis&ResponseBlack1.png", "ThreatAnalysis&ResponseBlack2.png", "ThreatAnalysis&ResponseBlack3.png", - "ThreatAnalysis&ResponseBlack4.png" - ], - "version": "1.0.1", - "title": "Threat Analysis Response", - "templateRelativePath": "ThreatAnalysis&Response.json", - "subtitle": "", - "provider": "Microsoft" - }, - { - "workbookKey": "TrendMicroCAS", - "logoFileName": "Trend_Micro_Logo.svg", - "description": "Sets the time name for analysis", - "dataTypesDependencies": [ + "ThreatAnalysis&ResponseBlack4.png" + ], + "version": "1.0.1", + "title": "Threat Analysis Response", + "templateRelativePath": "ThreatAnalysis&Response.json", + "subtitle": "", + "provider": "Microsoft" +}, +{ + "workbookKey": "TrendMicroCAS", + "logoFileName": "Trend_Micro_Logo.svg", + "description": "Sets the time name for analysis", + "dataTypesDependencies": [ "TrendMicroCAS_CL" - ], - "dataConnectorsDependencies": [ + ], + "dataConnectorsDependencies": [ "TrendMicroCAS" - ], - "previewImagesFileNames": [ + ], + "previewImagesFileNames": [ "TrendMicroCASBlack.png", "TrendMicroCASWhite.png" - ], - "version": "1.0.0", - "title": "TrendMicroCAS", - "templateRelativePath": "TrendMicroCAS.json", - "subtitle": "", - "provider": "TrendMicro" - }, - { - "workbookKey": "GitHubSecurityWorkbook", - "logoFileName": "GitHub.svg", - "description": "Gain insights to GitHub activities that may be interesting for security.", - "dataTypesDependencies": [ + ], + "version": "1.0.0", + "title": "TrendMicroCAS", + "templateRelativePath": "TrendMicroCAS.json", + "subtitle": "", + "provider": "TrendMicro" +}, +{ + "workbookKey": "GitHubSecurityWorkbook", + "logoFileName": "GitHub.svg", + "description": "Gain insights to GitHub activities that may be interesting for security.", + "dataTypesDependencies": [ "GitHubAuditLogPolling_CL" - ], - "dataConnectorsDependencies": [ + ], + "dataConnectorsDependencies": [ "GitHubEcAuditLogPolling" - ], - "previewImagesFileNames": [ - "GitHubSecurityBlack.png", - "GitHubSecurityWhite.png" - ], - "version": "1.0.0", - "title": "GithubWorkbook", - "templateRelativePath": "GitHubWorkbook.json", - "subtitle": "", - "provider": "Microsoft" - }, - { - "workbookKey": "GCPDNSWorkbook", - "logoFileName": "google_logo.svg", - "description": "Sets the time name for analysis", - "dataTypesDependencies": [ + ], + "previewImagesFileNames": [ + "GitHubSecurityBlack.png", + "GitHubSecurityWhite.png" + ], + "version": "1.0.0", + "title": "GithubWorkbook", + "templateRelativePath": "GitHubWorkbook.json", + "subtitle": "", + "provider": "Microsoft" +}, +{ + "workbookKey": "GCPDNSWorkbook", + "logoFileName": "google_logo.svg", + "description": "Sets the time name for analysis", + "dataTypesDependencies": [ "GCPCloudDNS" - ], - "dataConnectorsDependencies": [ + ], + "dataConnectorsDependencies": [ "GCPDNSDataConnector" - ], - "previewImagesFileNames": [ + ], + "previewImagesFileNames": [ "GCPDNSBlack.png", "GCPDNSWhite.png" - ], - "version": "1.0.0", - "title": "Google Cloud Platform DNS", - "templateRelativePath": "GCPDNS.json", - "subtitle": "", - "provider": "Microsoft" - }, - { - "workbookKey": "AtlassianJiraAuditWorkbook", + ], + "version": "1.0.0", + "title": "Google Cloud Platform DNS", + "templateRelativePath": "GCPDNS.json", + "subtitle": "", + "provider": "Microsoft" +}, +{ + "workbookKey": "AtlassianJiraAuditWorkbook", "logoFileName": "atlassian.svg", - "description": "Sets the time name for analysis", - "dataTypesDependencies": [ + "description": "Sets the time name for analysis", + "dataTypesDependencies": [ "AtlassianJiraNativePoller_CL" - ], - "dataConnectorsDependencies": [ + ], + "dataConnectorsDependencies": [ "AtlassianJira" - ], - "previewImagesFileNames": [ + ], + "previewImagesFileNames": [ "AtlassianJiraAuditWhite.png", "AtlassianJiraAuditBlack.png" - ], - "version": "1.0.0", - "title": "AtlassianJiraAudit", - "templateRelativePath": "AtlassianJiraAudit.json", - "subtitle": "", - "provider": "Atlassian" - }, - { - "workbookKey": "DigitalGuardianWorkbook", - "logoFileName": "Azure_Sentinel.svg", - "description": "Sets the time name for analysis", - "dataTypesDependencies": [ + ], + "version": "1.0.0", + "title": "AtlassianJiraAudit", + "templateRelativePath": "AtlassianJiraAudit.json", + "subtitle": "", + "provider": "Atlassian" +}, +{ + "workbookKey": "DigitalGuardianWorkbook", + "logoFileName": "Azure_Sentinel.svg", + "description": "Sets the time name for analysis", + "dataTypesDependencies": [ "DigitalGuardianDLPEvent" - ], - "dataConnectorsDependencies": [ + ], + "dataConnectorsDependencies": [ "DigitalGuardianDLP" - ], - "previewImagesFileNames": [ + ], + "previewImagesFileNames": [ "DigitalGuardianBlack.png", "DigitalGuardianWhite.png" - ], - "version": "1.0.0", - "title": "DigitalGuardianDLP", - "templateRelativePath": "DigitalGuardian.json", - "subtitle": "", - "provider": "Digital Guardian" - }, - { - "workbookKey": "CiscoDuoWorkbook", - "logoFileName": "cisco-logo-72px.svg", - "description": "Sets the time name for analysis", - "dataTypesDependencies": [ + ], + "version": "1.0.0", + "title": "DigitalGuardianDLP", + "templateRelativePath": "DigitalGuardian.json", + "subtitle": "", + "provider": "Digital Guardian" +}, +{ + "workbookKey": "CiscoDuoWorkbook", + "logoFileName": "cisco-logo-72px.svg", + "description": "Sets the time name for analysis", + "dataTypesDependencies": [ "CiscoDuo_CL" - ], - "dataConnectorsDependencies": [ + ], + "dataConnectorsDependencies": [ "CiscoDuoSecurity" - ], - "previewImagesFileNames": [ + ], + "previewImagesFileNames": [ "CiscoDuoWhite.png", "CiscoDuoBlack.png" - ], - "version": "1.0.0", - "title": "CiscoDuoSecurity", - "templateRelativePath": "CiscoDuo.json", - "subtitle": "", - "provider": "Cisco" - }, - { - "workbookKey": "SlackAudit", - "logoFileName": "slacklogo.svg", - "description": "Sets the time name for analysis", - "dataTypesDependencies": [ + ], + "version": "1.0.0", + "title": "CiscoDuoSecurity", + "templateRelativePath": "CiscoDuo.json", + "subtitle": "", + "provider": "Cisco" +}, +{ + "workbookKey": "SlackAudit", + "logoFileName": "slacklogo.svg", + "description": "Sets the time name for analysis", + "dataTypesDependencies": [ "SlackAudit_CL" - ], - "dataConnectorsDependencies": [ + ], + "dataConnectorsDependencies": [ "SlackAuditAPI" - ], - "previewImagesFileNames": [ + ], + "previewImagesFileNames": [ "SlackAuditApplicationActivityBlack1.png", "SlackAuditApplicationActivityWhite1.png" - ], - "version": "1.0.0", - "title": "SlackAudit", - "templateRelativePath": "SlackAudit.json", - "subtitle": "", - "provider": "Slack" - }, - { - "workbookKey": "CiscoWSAWorkbook", - "logoFileName": "cisco-logo-72px.svg", - "description": "Sets the time name for analysis", - "dataTypesDependencies": [ + ], + "version": "1.0.0", + "title": "SlackAudit", + "templateRelativePath": "SlackAudit.json", + "subtitle": "", + "provider": "Slack" +}, +{ + "workbookKey": "CiscoWSAWorkbook", + "logoFileName": "cisco-logo-72px.svg", + "description": "Sets the time name for analysis", + "dataTypesDependencies": [ "Syslog" - ], - "dataConnectorsDependencies": [ + ], + "dataConnectorsDependencies": [ "CiscoWSA" - ], - "previewImagesFileNames": [ + ], + "previewImagesFileNames": [ "CiscoWSAWhite.png", "CiscoWSABlack.png" - ], - "version": "1.0.0", - "title": "CiscoWSA", - "templateRelativePath": "CiscoWSA.json", - "subtitle": "", - "provider": "Cisco" - }, - { - "workbookKey": "GCP-IAM-Workbook", - "logoFileName": "google_logo.svg", - "description": "Sets the time name for analysis", - "dataTypesDependencies": [ + ], + "version": "1.0.0", + "title": "CiscoWSA", + "templateRelativePath": "CiscoWSA.json", + "subtitle": "", + "provider": "Cisco" +}, +{ + "workbookKey": "GCP-IAM-Workbook", + "logoFileName": "google_logo.svg", + "description": "Sets the time name for analysis", + "dataTypesDependencies": [ "GCP_IAM_CL" - ], - "dataConnectorsDependencies": [ + ], + "dataConnectorsDependencies": [ "GCPIAMDataConnector" - ], - "previewImagesFileNames": [ + ], + "previewImagesFileNames": [ "GCPIAMBlack01.png", "GCPIAMBlack02.png", "GCPIAMWhite01.png", "GCPIAMWhite02.png" - ], - "version": "1.0.0", - "title": "Google Cloud Platform IAM", - "templateRelativePath": "GCP_IAM.json", - "subtitle": "", - "provider": "Google" - }, - { - "workbookKey": "ImpervaWAFCloudWorkbook", - "logoFileName": "Imperva_DarkGrey_final_75x75.svg", - "description": "Sets the time name for analysis.", - "dataTypesDependencies": [ + ], + "version": "1.0.0", + "title": "Google Cloud Platform IAM", + "templateRelativePath": "GCP_IAM.json", + "subtitle": "", + "provider": "Google" +}, +{ + "workbookKey": "ImpervaWAFCloudWorkbook", + "logoFileName": "Imperva_DarkGrey_final_75x75.svg", + "description": "Sets the time name for analysis.", + "dataTypesDependencies": [ "ImpervaWAFCloud_CL" - ], - "dataConnectorsDependencies": [ + ], + "dataConnectorsDependencies": [ "ImpervaWAFCloudAPI" - ], - "previewImagesFileNames": [ + ], + "previewImagesFileNames": [ "ImpervaWAFCloudBlack01.png", "ImpervaWAFCloudBlack02.png", "ImpervaWAFCloudWhite01.png", "ImpervaWAFCloudWhite02.png" - ], - "version": "1.0.0", - "title": "Imperva WAF Cloud Overview", - "templateRelativePath": "Imperva WAF Cloud Overview.json", - "subtitle": "", - "provider": "Microsoft" - }, - { - "workbookKey": "ZscalerZPAWorkbook", - "logoFileName": "ZscalerLogo.svg", - "description": "Select the time range for this Overview.", - "dataTypesDependencies": [ + ], + "version": "1.0.0", + "title": "Imperva WAF Cloud Overview", + "templateRelativePath": "Imperva WAF Cloud Overview.json", + "subtitle": "", + "provider": "Microsoft" +}, +{ + "workbookKey": "ZscalerZPAWorkbook", + "logoFileName": "ZscalerLogo.svg", + "description": "Select the time range for this Overview.", + "dataTypesDependencies": [ "ZPA_CL" - ], - "dataConnectorsDependencies": [ + ], + "dataConnectorsDependencies": [ "ZscalerPrivateAccess" - ], - "previewImagesFileNames": [ + ], + "previewImagesFileNames": [ "ZscalerZPABlack.png", "ZscalerZPAWhite.png" - ], - "version": "1.0.0", - "title": "Zscaler Private Access (ZPA)", - "templateRelativePath": "ZscalerZPA.json", - "subtitle": "", - "provider": "Zscaler" - }, - { - "workbookKey": "GoogleWorkspaceWorkbook", - "logoFileName": "google_logo.svg", - "description": "Sets the time name for analysis", - "dataTypesDependencies": [ + ], + "version": "1.0.0", + "title": "Zscaler Private Access (ZPA)", + "templateRelativePath": "ZscalerZPA.json", + "subtitle": "", + "provider": "Zscaler" +}, +{ + "workbookKey": "GoogleWorkspaceWorkbook", + "logoFileName": "google_logo.svg", + "description": "Sets the time name for analysis", + "dataTypesDependencies": [ "GWorkspace_ReportsAPI_admin_CL", "GWorkspace_ReportsAPI_calendar_CL", "GWorkspace_ReportsAPI_drive_CL", "GWorkspace_ReportsAPI_login_CL", "GWorkspace_ReportsAPI_login_CL", "GWorkspace_ReportsAPI_mobile_CL" - ], - "dataConnectorsDependencies": [ + ], + "dataConnectorsDependencies": [ "GoogleWorkspaceReportsAPI" - ], - "previewImagesFileNames": [ + ], + "previewImagesFileNames": [ "GoogleWorkspaceBlack.png", "GoogleWorkspaceWhite.png" - ], - "version": "1.0.0", - "title": "GoogleWorkspaceReports", - "templateRelativePath": "GoogleWorkspace.json", - "subtitle": "", - "provider": "Microsoft" - }, - { - "workbookKey": "NCProtectWorkbook", - "logoFileName": "NCProtectIcon.svg", - "description": "Sets the time name for analysis", - "dataTypesDependencies": [ + ], + "version": "1.0.0", + "title": "GoogleWorkspaceReports", + "templateRelativePath": "GoogleWorkspace.json", + "subtitle": "", + "provider": "Microsoft" +}, +{ + "workbookKey": "NCProtectWorkbook", + "logoFileName": "NCProtectIcon.svg", + "description": "Sets the time name for analysis", + "dataTypesDependencies": [ "NCProtectUAL_CL" - ], - "dataConnectorsDependencies": [ + ], + "dataConnectorsDependencies": [ "NucleusCyberNCProtect" - ], - "previewImagesFileNames": [ - "" - ], - "version": "1.0.0", - "title": "NucleusCyberProtect", - "templateRelativePath": "NucleusCyber_NCProtect_Workbook.json", - "subtitle": "", - "provider": "archTIS" - }, - { - "workbookKey": "CiscoISEWorkbook", - "logoFileName": "cisco-logo-72px.svg", - "description": "Sets the time name for analysis", - "dataTypesDependencies": [ + ], + "previewImagesFileNames": [""], + "version": "1.0.0", + "title": "NucleusCyberProtect", + "templateRelativePath": "NucleusCyber_NCProtect_Workbook.json", + "subtitle": "", + "provider": "archTIS" +}, +{ + "workbookKey": "CiscoISEWorkbook", + "logoFileName": "cisco-logo-72px.svg", + "description": "Sets the time name for analysis", + "dataTypesDependencies": [ "Syslog" - ], - "dataConnectorsDependencies": [ + ], + "dataConnectorsDependencies": [ "CiscoISE" - ], - "previewImagesFileNames": [ - "CiscoISEBlack1.png", - "CiscoISEBlack2.png", - "CiscoISEWhite1.png", - "CiscoISEWhite2.png" - ], - "version": "1.0.0", - "title": "Cisco ISE", - "templateRelativePath": "CiscoISE.json", - "subtitle": "", - "provider": "Cisco" - }, - { - "workbookKey": "IoTOTThreatMonitoringwithDefenderforIoTWorkbook", - "logoFileName": "Azure_Sentinel.svg", - "description": "The OT Threat Monitoring with Defender for IoT Workbook features OT filtering for Security Alerts, Incidents, Vulnerabilities and Asset Inventory. The workbook features a dynamic assessment of the MITRE ATT&CK for ICS matrix across your environment to analyze and respond to OT-based threats. This workbook is designed to enable SecOps Analysts, Security Engineers, and MSSPs to gain situational awareness for IT/OT security posture.", - "dataTypesDependencies": [ + ], + "previewImagesFileNames": [ + "CiscoISEBlack1.png", + "CiscoISEBlack2.png", + "CiscoISEWhite1.png", + "CiscoISEWhite2.png" + ], + "version": "1.0.0", + "title": "Cisco ISE", + "templateRelativePath": "CiscoISE.json", + "subtitle": "", + "provider": "Cisco" +}, +{ + "workbookKey": "IoTOTThreatMonitoringwithDefenderforIoTWorkbook", + "logoFileName": "Azure_Sentinel.svg", + "description": "The OT Threat Monitoring with Defender for IoT Workbook features OT filtering for Security Alerts, Incidents, Vulnerabilities and Asset Inventory. The workbook features a dynamic assessment of the MITRE ATT&CK for ICS matrix across your environment to analyze and respond to OT-based threats. This workbook is designed to enable SecOps Analysts, Security Engineers, and MSSPs to gain situational awareness for IT/OT security posture.", + "dataTypesDependencies": [ "SecurityAlert", "SecurityIncident" - ], - "dataConnectorsDependencies": [], - "previewImagesFileNames": [ - "IoTOTThreatMonitoringwithDefenderforIoTBlack.png", - "IoTOTThreatMonitoringwithDefenderforIoTWhite.png" - ], - "version": "1.0.0", - "title": "Microsoft Defender for IoT", - "templateRelativePath": "IoTOTThreatMonitoringwithDefenderforIoT.json", - "subtitle": "", - "provider": "Microsoft" - }, - { - "workbookKey": "ZeroTrust(TIC3.0)Workbook", - "logoFileName": "Azure_Sentinel.svg", - "description": "Sets the time name for analysis", - "dataTypesDependencies": [ + ], + "dataConnectorsDependencies": [], + "previewImagesFileNames": [ + "IoTOTThreatMonitoringwithDefenderforIoTBlack.png", + "IoTOTThreatMonitoringwithDefenderforIoTWhite.png" + ], + "version": "1.0.0", + "title": "Microsoft Defender for IoT", + "templateRelativePath": "IoTOTThreatMonitoringwithDefenderforIoT.json", + "subtitle": "", + "provider": "Microsoft" +}, +{ + "workbookKey": "ZeroTrust(TIC3.0)Workbook", + "logoFileName": "Azure_Sentinel.svg", + "description": "Sets the time name for analysis", + "dataTypesDependencies": [ "SecurityRecommendation" - ], - "dataConnectorsDependencies": [], - "previewImagesFileNames": [ + ], + "dataConnectorsDependencies": [], + "previewImagesFileNames": [ "ZeroTrust(TIC3.0)Black1.PNG", "ZeroTrust(TIC3.0)White1.PNG" - ], - "version": "1.0.0", - "title": "ZeroTrust(TIC3.0)", - "templateRelativePath": "ZeroTrustTIC3.json", - "subtitle": "", - "provider": "Microsoft" - }, - { - "workbookKey": "CybersecurityMaturityModelCertification(CMMC)2.0Workbook", - "logoFileName": "Azure_Sentinel.svg", - "description": "Sets the time name for analysis.", - "dataTypesDependencies": [ + ], + "version": "1.0.0", + "title": "ZeroTrust(TIC3.0)", + "templateRelativePath": "ZeroTrustTIC3.json", + "subtitle": "", + "provider": "Microsoft" +}, +{ + "workbookKey": "CybersecurityMaturityModelCertification(CMMC)2.0Workbook", + "logoFileName": "Azure_Sentinel.svg", + "description": "Sets the time name for analysis.", + "dataTypesDependencies": [ "InformationProtectionLogs_CL", "AuditLogs", "SecurityIncident", "SigninLogs", "AzureActivity" - ], - "dataConnectorsDependencies": [], - "previewImagesFileNames": [ - "CybersecurityMaturityModelCertificationBlack.png", - "CybersecurityMaturityModelCertificationWhite.png" - ], - "version": "1.0.0", - "title": "CybersecurityMaturityModelCertification(CMMC)2.0", - "templateRelativePath": "CybersecurityMaturityModelCertification_CMMCV2.json", - "subtitle": "", - "provider": "Microsoft" - }, - { - "workbookKey": "NISTSP80053Workbook", - "logoFileName": "Azure_Sentinel.svg", - "description": "Sets the time name for analysis.", - "dataTypesDependencies": [ + ], + "dataConnectorsDependencies": [], + "previewImagesFileNames": [ + "CybersecurityMaturityModelCertificationBlack.png", + "CybersecurityMaturityModelCertificationWhite.png" + ], + "version": "1.0.0", + "title": "CybersecurityMaturityModelCertification(CMMC)2.0", + "templateRelativePath": "CybersecurityMaturityModelCertification_CMMCV2.json", + "subtitle": "", + "provider": "Microsoft" +}, +{ + "workbookKey": "NISTSP80053Workbook", + "logoFileName": "Azure_Sentinel.svg", + "description": "Sets the time name for analysis.", + "dataTypesDependencies": [ "SigninLogs", "AuditLogs", "AzureActivity", @@ -4698,219 +4657,211 @@ "CommonSecurityLog", "SecurityIncident", "SecurityRecommendation" - ], - "dataConnectorsDependencies": [ + ], + "dataConnectorsDependencies": [ "SecurityEvents" - ], - "previewImagesFileNames": [ - "NISTSP80053Black.png", - "NISTSP80053White.png" - ], - "version": "1.0.0", - "title": "NISTSP80053workbook", - "templateRelativePath": "NISTSP80053.json", - "subtitle": "", - "provider": "Microsoft" - }, - { - "workbookKey": "DarktraceWorkbook", - "logoFileName": "Darktrace.svg", - "description": "The Darktrace Workbook visualises Model Breach and AI Analyst data received by the Darktrace Data Connector and visualises events across the network, SaaS, IaaS and Email.", - "dataTypesDependencies": [ + ], + "previewImagesFileNames": [ + "NISTSP80053Black.png", + "NISTSP80053White.png" + ], + "version": "1.0.0", + "title": "NISTSP80053workbook", + "templateRelativePath": "NISTSP80053.json", + "subtitle": "", + "provider": "Microsoft" +}, +{ + "workbookKey": "DarktraceWorkbook", + "logoFileName": "Darktrace.svg", + "description": "The Darktrace Workbook visualises Model Breach and AI Analyst data received by the Darktrace Data Connector and visualises events across the network, SaaS, IaaS and Email.", + "dataTypesDependencies": [ "darktrace_model_alerts_CL" - ], - "dataConnectorsDependencies": [ + ], + "dataConnectorsDependencies": [ "DarktraceRESTConnector" - ], - "previewImagesFileNames": [ + ], + "previewImagesFileNames": [ "DarktraceWorkbookBlack01.png", "DarktraceWorkbookBlack02.png", "DarktraceWorkbookWhite01.png", "DarktraceWorkbookWhite02.png" - ], - "version": "1.0.1", - "title": "Darktrace", - "templateRelativePath": "DarktraceWorkbook.json", - "subtitle": "", - "provider": "Darktrace" - }, - { - "workbookKey": "RecordedFutureDomainC2DNSWorkbook", - "logoFileName": "RecordedFuture.svg", - "description": "Sets the time name for DNS Events and Threat Intelligence Time Range", - "dataTypesDependencies": [ + ], + "version": "1.0.1", + "title": "Darktrace", + "templateRelativePath": "DarktraceWorkbook.json", + "subtitle": "", + "provider": "Darktrace" +}, +{ + "workbookKey": "RecordedFutureDomainC2DNSWorkbook", + "logoFileName": "RecordedFuture.svg", + "description": "Sets the time name for DNS Events and Threat Intelligence Time Range", + "dataTypesDependencies": [ "ThreatIntelligenceIndicator" - ], - "dataConnectorsDependencies": [], - "previewImagesFileNames": [ - "" - ], - "version": "1.0.0", - "title": "Recorded Future - C&C DNS Name to DNS Events - Correlation&Threat Hunting", - "templateRelativePath": "Recorded Future - C&C DNS Name to DNS Events - Correlation&Threat Hunting.json", - "subtitle": "", - "provider": "Recorded Future" - }, - { - "workbookKey": "RecordedFutureIPActiveC2Workbook", - "logoFileName": "RecordedFuture.svg", - "description": "Sets the time name for DNS Events and Threat Intelligence Time Range", - "dataTypesDependencies": [ + ], + "dataConnectorsDependencies": [], + "previewImagesFileNames": [""], + "version": "1.0.0", + "title": "Recorded Future - C&C DNS Name to DNS Events - Correlation&Threat Hunting", + "templateRelativePath": "Recorded Future - C&C DNS Name to DNS Events - Correlation&Threat Hunting.json", + "subtitle": "", + "provider": "Recorded Future" +}, +{ + "workbookKey": "RecordedFutureIPActiveC2Workbook", + "logoFileName": "RecordedFuture.svg", + "description": "Sets the time name for DNS Events and Threat Intelligence Time Range", + "dataTypesDependencies": [ "ThreatIntelligenceIndicator" - ], - "dataConnectorsDependencies": [], - "previewImagesFileNames": [ - "" - ], - "version": "1.0.0", - "title": "Recorded Future - Actively Communicating C&C IPs to DNS Events - Correlation&Threat Hunting", - "templateRelativePath": "Recorded Future - Actively Communicating C&C IPs to DNS Events - Correlation&Threat Hunting.json", - "subtitle": "", - "provider": "Recorded Future" - }, - { - "workbookKey": "MaturityModelForEventLogManagement_M2131", - "logoFileName": "contrastsecurity_logo.svg", - "description": "Select the time range for this Overview.", - "dataTypesDependencies": [], - "dataConnectorsDependencies": [], - "previewImagesFileNames": [ + ], + "dataConnectorsDependencies": [], + "previewImagesFileNames": [""], + "version": "1.0.0", + "title": "Recorded Future - Actively Communicating C&C IPs to DNS Events - Correlation&Threat Hunting", + "templateRelativePath": "Recorded Future - Actively Communicating C&C IPs to DNS Events - Correlation&Threat Hunting.json", + "subtitle": "", + "provider": "Recorded Future" +}, +{ + "workbookKey": "MaturityModelForEventLogManagement_M2131", + "logoFileName": "contrastsecurity_logo.svg", + "description": "Select the time range for this Overview.", + "dataTypesDependencies": [], + "dataConnectorsDependencies": [], + "previewImagesFileNames": [ "MaturityModelForEventLogManagement_M2131Black.png", "MaturityModelForEventLogManagement_M2131White.png" - ], - "version": "1.0.0", - "title": "MaturityModelForEventLogManagementM2131", - "templateRelativePath": "MaturityModelForEventLogManagement_M2131.json", - "subtitle": "", - "provider": "Microsoft" - }, - { - "workbookKey": "AzureSQLSecurityWorkbook", - "logoFileName": "AzureSQL.svg", - "description": "Sets the time window in days to search around the alert", - "dataTypesDependencies": [ + ], + "version": "1.0.0", + "title": "MaturityModelForEventLogManagementM2131", + "templateRelativePath": "MaturityModelForEventLogManagement_M2131.json", + "subtitle": "", + "provider": "Microsoft" +}, +{ + "workbookKey": "AzureSQLSecurityWorkbook", + "logoFileName": "AzureSQL.svg", + "description": "Sets the time window in days to search around the alert", + "dataTypesDependencies": [ "AzureDiagnostics", "SecurityAlert", "SecurityIncident" - ], - "dataConnectorsDependencies": [ + ], + "dataConnectorsDependencies": [ "AzureSql" - ], - "previewImagesFileNames": [ - "" - ], - "version": "1.0.0", - "title": "Azure SQL Database Workbook", - "templateRelativePath": "Workbook-AzureSQLSecurity.json", - "subtitle": "", - "provider": "Microsoft" - }, - { - "workbookKey": "ContinuousDiagnostics&Mitigation", - "logoFileName": "Azure_Sentinel.svg", - "description": "Select the time range for this Overview.", - "dataTypesDependencies": [], - "dataConnectorsDependencies": [], - "previewImagesFileNames": [ + ], + "previewImagesFileNames": [""], + "version": "1.0.0", + "title": "Azure SQL Database Workbook", + "templateRelativePath": "Workbook-AzureSQLSecurity.json", + "subtitle": "", + "provider": "Microsoft" +}, +{ + "workbookKey": "ContinuousDiagnostics&Mitigation", + "logoFileName": "Azure_Sentinel.svg", + "description": "Select the time range for this Overview.", + "dataTypesDependencies": [], + "dataConnectorsDependencies": [], + "previewImagesFileNames": [ "ContinuousDiagnostics&MitigationBlack.png", "ContinuousDiagnostics&MitigationWhite.png" - ], - "version": "1.0.0", - "title": "ContinuousDiagnostics&Mitigation", - "templateRelativePath": "ContinuousDiagnostics&Mitigation.json", - "subtitle": "", - "provider": "Microsoft" - }, - { - "workbookKey": "AtlasianJiraAuditWorkbook", - "logoFileName": "atlassian.svg", - "description": "Select the time range for this Overview.", - "dataTypesDependencies": [ + ], + "version": "1.0.0", + "title": "ContinuousDiagnostics&Mitigation", + "templateRelativePath": "ContinuousDiagnostics&Mitigation.json", + "subtitle": "", + "provider": "Microsoft" +}, +{ + "workbookKey": "AtlasianJiraAuditWorkbook", + "logoFileName": "atlassian.svg", + "description": "Select the time range for this Overview.", + "dataTypesDependencies": [ "AtlassianJiraNativePoller_CL" - ], - "dataConnectorsDependencies": [ + ], + "dataConnectorsDependencies": [ "AtlassianJira" - ], - "previewImagesFileNames": [ + ], + "previewImagesFileNames": [ "AtlassianJiraAuditBlack.png", "AtlassianJiraAuditWhite.png" - ], - "version": "1.0.0", - "title": "AtlasianJiraAuditWorkbook", - "templateRelativePath": "AtlasianJiraAuditWorkbook.json", - "subtitle": "", - "provider": "Microsoft" - }, - { - "workbookKey": "AzureSecurityBenchmark", - "logoFileName": "Azure_Sentinel.svg", - "description": "Azure Security Benchmark v3 Workbook provides a mechanism for viewing log queries, azure resource graph, and policies aligned to ASB controls across Microsoft security offerings, Azure, Microsoft 365, 3rd Party, On-Premises, and Multi-cloud workloads. This workbook enables Security Architects, Engineers, SecOps Analysts, Managers, and IT Pros to gain situational awareness visibility for the security posture of cloud workloads. There are also recommendations for selecting, designing, deploying, and configuring Microsoft offerings for alignment with respective ASB requirements and practices.", - "dataTypesDependencies": [ + ], + "version": "1.0.0", + "title": "AtlasianJiraAuditWorkbook", + "templateRelativePath": "AtlasianJiraAuditWorkbook.json", + "subtitle": "", + "provider": "Microsoft" +}, +{ + "workbookKey": "AzureSecurityBenchmark", + "logoFileName": "Azure_Sentinel.svg", + "description": "Azure Security Benchmark v3 Workbook provides a mechanism for viewing log queries, azure resource graph, and policies aligned to ASB controls across Microsoft security offerings, Azure, Microsoft 365, 3rd Party, On-Premises, and Multi-cloud workloads. This workbook enables Security Architects, Engineers, SecOps Analysts, Managers, and IT Pros to gain situational awareness visibility for the security posture of cloud workloads. There are also recommendations for selecting, designing, deploying, and configuring Microsoft offerings for alignment with respective ASB requirements and practices.", + "dataTypesDependencies": [ "SecurityRegulatoryCompliance", "AzureDiagnostics", "SecurityIncident", "SigninLogs", "SecurityAlert" - ], - "dataConnectorsDependencies": [], - "previewImagesFileNames": [ + ], + "dataConnectorsDependencies": [], + "previewImagesFileNames": [ "AzureSecurityBenchmarkBlack.png", "AzureSecurityBenchmarkWhite.png" - ], - "version": "1.0.0", - "title": "Azure Security Benchmark", - "templateRelativePath": "AzureSecurityBenchmark.json", - "subtitle": "", - "provider": "Microsoft" - }, - { - "workbookKey": "ZNAccessOrchestratorAudit", - "logoFileName": "ZeroNetworks.svg", - "description": "This workbook provides a summary of ZeroNetworks data.", - "dataTypesDependencies": [ + ], + "version": "1.0.0", + "title": "Azure Security Benchmark", + "templateRelativePath": "AzureSecurityBenchmark.json", + "subtitle": "", + "provider": "Microsoft" +}, +{ + "workbookKey": "ZNAccessOrchestratorAudit", + "logoFileName": "ZeroNetworks.svg", + "description": "This workbook provides a summary of ZeroNetworks data.", + "dataTypesDependencies": [ "ZNAccessOrchestratorAudit_CL", "ZNAccessOrchestratorAuditNativePoller_CL" - ], - "dataConnectorsDependencies": [ + ], + "dataConnectorsDependencies": [ "ZeroNetworksAccessOrchestratorAuditFunction", "ZeroNetworksAccessOrchestratorAuditNativePoller" - ], - "previewImagesFileNames": [ - "" - ], - "version": "1.0.0", - "title": "Zero NetWork", - "templateRelativePath": "ZNSegmentAudit.json", - "subtitle": "", - "provider": "Zero Networks" - }, - { - "workbookKey": "FireworkWorkbook", - "logoFileName": "Flare.svg", - "description": "Select the time range for this Overview.", - "dataTypesDependencies": [ + ], + "previewImagesFileNames": [""], + "version": "1.0.0", + "title": "Zero NetWork", + "templateRelativePath": "ZNSegmentAudit.json", + "subtitle": "", + "provider": "Zero Networks" +}, +{ + "workbookKey": "FireworkWorkbook", + "logoFileName": "Flare.svg", + "description": "Select the time range for this Overview.", + "dataTypesDependencies": [ "Firework_CL" - ], - "dataConnectorsDependencies": [ + ], + "dataConnectorsDependencies": [ "FlareSystemsFirework" - ], - "previewImagesFileNames": [ + ], + "previewImagesFileNames": [ "FireworkOverviewBlack01.png", "FireworkOverviewBlack02.png", "FireworkOverviewWhite01.png", "FireworkOverviewWhite02.png" - ], - "version": "1.0.0", - "title": "FlareSystemsFirework", - "templateRelativePath": "FlareSystemsFireworkOverview.json", - "subtitle": "", - "provider": "Flare Systems" - }, - { - "workbookKey": "TaniumWorkbook", - "logoFileName": "Tanium.svg", - "description": "Visualize Tanium endpoint and module data", - "dataTypesDependencies": [ + ], + "version": "1.0.0", + "title": "FlareSystemsFirework", + "templateRelativePath": "FlareSystemsFireworkOverview.json", + "subtitle": "", + "provider": "Flare Systems" +}, +{ + "workbookKey": "TaniumWorkbook", + "logoFileName": "Tanium.svg", + "description": "Visualize Tanium endpoint and module data", + "dataTypesDependencies": [ "TaniumComplyCompliance_CL", "TaniumComplyVulnerabilities_CL", "TaniumDefenderHealth_CL", @@ -4921,9 +4872,9 @@ "TaniumPatchListCompliance_CL", "TaniumSCCMClientHealth_CL", "TaniumThreatResponse_CL" - ], - "dataConnectorsDependencies": [], - "previewImagesFileNames": [ + ], + "dataConnectorsDependencies": [], + "previewImagesFileNames": [ "TaniumComplyBlack.png", "TaniumComplyWhite.png", "TaniumDiscoverBlack.png", @@ -4936,126 +4887,125 @@ "TaniumThreatResponseAlertsWhite.png", "TaniumThreatResponseBlack.png", "TaniumThreatResponseWhite.png" - ], - "version": "1.0", - "title": "Tanium Workbook", - "templateRelativePath": "TaniumWorkbook.json", - "subtitle": "", - "provider": "Tanium" - }, - { - "workbookKey": "ActionableAlertsDashboard", - "logoFileName": "Cybersixgill.svg", - "description": "None.", - "dataTypesDependencies": [ + ], + "version": "1.0", + "title": "Tanium Workbook", + "templateRelativePath": "TaniumWorkbook.json", + "subtitle": "", + "provider": "Tanium" +}, +{ + "workbookKey": "ActionableAlertsDashboard", + "logoFileName": "Cybersixgill.svg", + "description": "None.", + "dataTypesDependencies": [ "CyberSixgill_Alerts_CL" - ], - "dataConnectorsDependencies": [ + ], + "dataConnectorsDependencies": [ "CybersixgillActionableAlerts" - ], - "previewImagesFileNames": [ - "ActionableAlertsDashboardWhite.PNG", - "ActionableAlertsDashboardBlack.PNG" - ], - "version": "1.0.0", - "title": "Cybersixgill Actionable Alerts Dashboard", - "templateRelativePath": "ActionableAlertsDashboard.json", - "subtitle": "", - "provider": "Cybersixgill" - }, - { - "workbookKey": "ActionableAlertsList", - "logoFileName": "Cybersixgill.svg", - "description": "None.", - "dataTypesDependencies": [ + ], + "previewImagesFileNames": [ + "ActionableAlertsDashboardWhite.PNG", + "ActionableAlertsDashboardBlack.PNG" + ], + "version": "1.0.0", + "title": "Cybersixgill Actionable Alerts Dashboard", + "templateRelativePath": "ActionableAlertsDashboard.json", + "subtitle": "", + "provider": "Cybersixgill" +}, +{ + "workbookKey": "ActionableAlertsList", + "logoFileName": "Cybersixgill.svg", + "description": "None.", + "dataTypesDependencies": [ "CyberSixgill_Alerts_CL" - ], - "dataConnectorsDependencies": [ + ], + "dataConnectorsDependencies": [ "CybersixgillActionableAlerts" - ], - "previewImagesFileNames": [ - "ActionableAlertsListBlack.PNG", - "ActionableAlertsListWhite.PNG" - ], - "version": "1.0.0", - "title": "Cybersixgill Actionable Alerts List", - "templateRelativePath": "ActionableAlertsList.json", - "subtitle": "", - "provider": "Cybersixgill" - }, - { - "workbookKey": "ArgosCloudSecurityWorkbook", - "logoFileName": "argos-logo.svg", - "description": "The ARGOS Cloud Security integration for Microsoft Sentinel allows you to have all your important cloud security events in one place.", - "dataTypesDependencies": [ + ], + "previewImagesFileNames": [ + "ActionableAlertsListBlack.PNG", + "ActionableAlertsListWhite.PNG"], + "version": "1.0.0", + "title": "Cybersixgill Actionable Alerts List", + "templateRelativePath": "ActionableAlertsList.json", + "subtitle": "", + "provider": "Cybersixgill" +}, +{ + "workbookKey": "ArgosCloudSecurityWorkbook", + "logoFileName": "argos-logo.svg", + "description": "The ARGOS Cloud Security integration for Microsoft Sentinel allows you to have all your important cloud security events in one place.", + "dataTypesDependencies": [ "ARGOS_CL" - ], - "dataConnectorsDependencies": [ + ], + "dataConnectorsDependencies": [ "ARGOSCloudSecurity" - ], - "previewImagesFileNames": [ + ], + "previewImagesFileNames": [ "ARGOSCloudSecurityWorkbookBlack.png", "ARGOSCloudSecurityWorkbookWhite.png" - ], - "version": "1.0.0", - "title": "ARGOS Cloud Security", - "templateRelativePath": "ARGOSCloudSecurityWorkbook.json", - "subtitle": "", - "provider": "ARGOS Cloud Security" - }, - { - "workbookKey": "JamfProtectWorkbook", - "logoFileName": "jamf_logo.svg", - "description": "This Jamf Protect Workbook for Microsoft Sentinel enables you to ingest Jamf Protect events forwarded into Microsoft Sentinel.\n Providing reports into all alerts, device controls and Unfied Logs.", - "dataTypesDependencies": [ + ], + "version": "1.0.0", + "title": "ARGOS Cloud Security", + "templateRelativePath": "ARGOSCloudSecurityWorkbook.json", + "subtitle": "", + "provider": "ARGOS Cloud Security" +}, +{ + "workbookKey": "JamfProtectWorkbook", + "logoFileName": "jamf_logo.svg", + "description": "This Jamf Protect Workbook for Microsoft Sentinel enables you to ingest Jamf Protect events forwarded into Microsoft Sentinel.\n Providing reports into all alerts, device controls and Unfied Logs.", + "dataTypesDependencies": [ "jamfprotect_CL" - ], - "dataConnectorsDependencies": [], - "previewImagesFileNames": [ + ], + "dataConnectorsDependencies": [], + "previewImagesFileNames": [ "JamfProtectDashboardBlack.png", "JamfProtectDashboardWhite.png" - ], - "version": "2.0.0", - "title": "Jamf Protect Workbook", - "templateRelativePath": "JamfProtectDashboard.json", - "subtitle": "", - "provider": "Jamf Software, LLC" - }, - { - "workbookKey": "AIVectraStream", - "logoFileName": "AIVectraDetect.svg", - "description": "", - "dataTypesDependencies": [ + ], + "version": "2.0.0", + "title": "Jamf Protect Workbook", + "templateRelativePath": "JamfProtectDashboard.json", + "subtitle": "", + "provider": "Jamf Software, LLC" +}, +{ + "workbookKey": "AIVectraStream", + "logoFileName": "AIVectraDetect.svg", + "description": "", + "dataTypesDependencies": [ "VectraStream_CL" - ], - "dataConnectorsDependencies": [ + ], + "dataConnectorsDependencies": [ "AIVectraStream" - ], - "previewImagesFileNames": [ - "AIVectraDetectBlack1.png", - "AIVectraDetectWhite1.png" - ], - "version": "1.0.0", - "title": "AIVectraStreamWorkbook", - "templateRelativePath": "AIVectraStreamWorkbook.json", - "subtitle": "", - "provider": "Vectra AI" - }, - { - "workbookKey": "SecurityScorecardWorkbook", - "logoFileName": "SecurityScorecard-Cybersecurity-Ratings.svg", - "description": "This Workbook provides immediate insight into the data coming from SecurityScorecard's three Sentinel data connectors: SecurityScorecard Cybersecurity Ratings, SecurityScorecard Cybersecurity Ratings - Factors, and SecurityScorecard Cybersecurity Ratings - Issues.", - "dataTypesDependencies": [ + ], + "previewImagesFileNames": [ + "AIVectraDetectBlack1.png", + "AIVectraDetectWhite1.png" + ], + "version": "1.0.0", + "title": "AIVectraStreamWorkbook", + "templateRelativePath": "AIVectraStreamWorkbook.json", + "subtitle": "", + "provider": "Vectra AI" +}, +{ + "workbookKey": "SecurityScorecardWorkbook", + "logoFileName": "SecurityScorecard-Cybersecurity-Ratings.svg", + "description": "This Workbook provides immediate insight into the data coming from SecurityScorecard's three Sentinel data connectors: SecurityScorecard Cybersecurity Ratings, SecurityScorecard Cybersecurity Ratings - Factors, and SecurityScorecard Cybersecurity Ratings - Issues.", + "dataTypesDependencies": [ "SecurityScorecardFactor_CL", "SecurityScorecardIssues_CL", "SecurityScorecardRatings_CL" - ], - "dataConnectorsDependencies": [ + ], + "dataConnectorsDependencies": [ "SecurityScorecardFactorAzureFunctions", "SecurityScorecardIssueAzureFunctions", "SecurityScorecardRatingsAzureFunctions" - ], - "previewImagesFileNames": [ + ], + "previewImagesFileNames": [ "SecurityScorecardBlack1.png", "SecurityScorecardBlack2.png", "SecurityScorecardBlack3.png", @@ -5068,61 +5018,59 @@ "SecurityScorecardWhite4.png", "SecurityScorecardWhite5.png", "SecurityScorecardWhite6.png" - ], - "version": "1.0.0", - "title": "SecurityScorecard", - "templateRelativePath": "SecurityScorecardWorkbook.json", - "subtitle": "", - "provider": "SecurityScorecard" - }, - { - "workbookKey": "DigitalShadowsWorkbook", - "logoFileName": "DigitalShadowsLogo.svg", - "description": "For gaining insights into Digital Shadows logs.", - "dataTypesDependencies": [ + ], + "version": "1.0.0", + "title": "SecurityScorecard", + "templateRelativePath": "SecurityScorecardWorkbook.json", + "subtitle": "", + "provider": "SecurityScorecard" +}, +{ + "workbookKey": "DigitalShadowsWorkbook", + "logoFileName": "DigitalShadowsLogo.svg", + "description": "For gaining insights into Digital Shadows logs.", + "dataTypesDependencies": [ "DigitalShadows_CL" - ], - "dataConnectorsDependencies": [ + ], + "dataConnectorsDependencies": [ "DigitalShadowsSearchlightAzureFunctions" - ], - "previewImagesFileNames": [ + ], + "previewImagesFileNames": [ "DigitalShadowsBlack1.png", "DigitalShadowsBlack2.png", "DigitalShadowsBlack3.png", "DigitalShadowsWhite1.png", "DigitalShadowsWhite2.png", "DigitalShadowsWhite3.png" - ], - "version": "1.0.0", - "title": "Digital Shadows", - "templateRelativePath": "DigitalShadows.json", - "subtitle": "", - "provider": "Digital Shadows" - }, - { - "workbookKey": "SalesforceServiceCloudWorkbook", - "logoFileName": "salesforce_logo.svg", - "description": "Sets the time name for analysis.", - "dataTypesDependencies": [ + ], + "version": "1.0.0", + "title": "Digital Shadows", + "templateRelativePath": "DigitalShadows.json", + "subtitle": "", + "provider": "Digital Shadows" +}, +{ + "workbookKey": "SalesforceServiceCloudWorkbook", + "logoFileName": "salesforce_logo.svg", + "description": "Sets the time name for analysis.", + "dataTypesDependencies": [ "SalesforceServiceCloud" - ], - "dataConnectorsDependencies": [ + ], + "dataConnectorsDependencies": [ "SalesforceServiceCloud_CL" - ], - "previewImagesFileNames": [ - "" - ], - "version": "1.0.0", - "title": "Salesforce Service Cloud", - "templateRelativePath": "SalesforceServiceCloud.json", - "subtitle": "", - "provider": "Salesforce" - }, - { - "workbookKey": "NetworkSessionSolution", - "logoFileName": "Azure_Sentinel.svg", - "description": "This workbook is included as part of Network Session Essentials solution and gives a summary of analyzed traffic, helps with threat analysis and investigating suspicious IP's and traffic analysis. Network Session Essentials Solution also includes playbooks to periodically summarize the logs thus enhancing user experience and improving data search. For the effective usage of workbook, we highly recommend to enable the summarization playbooks that are provided with this solution.", - "dataTypesDependencies": [ + ], + "previewImagesFileNames": [""], + "version": "1.0.0", + "title": "Salesforce Service Cloud", + "templateRelativePath": "SalesforceServiceCloud.json", + "subtitle": "", + "provider": "Salesforce" +}, +{ + "workbookKey": "NetworkSessionSolution", + "logoFileName": "Azure_Sentinel.svg", + "description": "This workbook is included as part of Network Session Essentials solution and gives a summary of analyzed traffic, helps with threat analysis and investigating suspicious IP's and traffic analysis. Network Session Essentials Solution also includes playbooks to periodically summarize the logs thus enhancing user experience and improving data search. For the effective usage of workbook, we highly recommend to enable the summarization playbooks that are provided with this solution.", + "dataTypesDependencies": [ "AWSVPCFlow", "DeviceNetworkEvents", "SecurityEvent", @@ -5140,8 +5088,8 @@ "CommonSecurityLog", "Syslog", "CiscoMerakiNativePoller" - ], - "dataConnectorsDependencies": [ + ], + "dataConnectorsDependencies": [ "AWSS3", "MicrosoftThreatProtection", "SecurityEvents", @@ -5158,427 +5106,396 @@ "CheckPoint", "Fortinet", "CiscoMeraki" - ], - "previewImagesFileNames": [ - "" - ], - "version": "1.0.0", - "title": "Network Session Essentials", - "templateRelativePath": "NetworkSessionEssentials.json", - "subtitle": "", - "provider": "Microsoft" - }, - { - "workbookKey": "SAPSODAnalysis", - "logoFileName": "SAPVMIcon.svg", - "description": "SAP SOD Analysis", - "dataTypesDependencies": [ + ], + "previewImagesFileNames": [""], + "version": "1.0.0", + "title": "Network Session Essentials", + "templateRelativePath": "NetworkSessionEssentials.json", + "subtitle": "", + "provider": "Microsoft" +}, +{ + "workbookKey": "SAPSODAnalysis", + "logoFileName": "SAPVMIcon.svg", + "description": "SAP SOD Analysis", + "dataTypesDependencies": [ "SAPAuditLog" - ], - "dataConnectorsDependencies": [ + ], + "dataConnectorsDependencies": [ "SAP" - ], - "previewImagesFileNames": [ - "" - ], - "version": "2.0.0", - "title": "SAP SOD Analysis", - "templateRelativePath": "SAP - Segregation of Duties v2.0 (by Aliter Consulting).json", - "subtitle": "", - "provider": "Aliter Consulting" - }, - { - "workbookKey": "TheomWorkbook", - "logoFileName": "theom-logo.svg", - "description": "Theom Alert Statistics", - "dataTypesDependencies": [ + ], + "previewImagesFileNames": [""], + "version": "2.0.0", + "title": "SAP SOD Analysis", + "templateRelativePath": "SAP - Segregation of Duties v2.0 (by Aliter Consulting).json", + "subtitle": "", + "provider": "Aliter Consulting" +}, +{ + "workbookKey": "TheomWorkbook", + "logoFileName": "theom-logo.svg", + "description": "Theom Alert Statistics", + "dataTypesDependencies": [ "TheomAlerts_CL" - ], - "dataConnectorsDependencies": [ + ], + "dataConnectorsDependencies": [ "Theom" - ], - "previewImagesFileNames": [ + ], + "previewImagesFileNames": [ "TheomWorkbook-black.png", "TheomWorkbook-white.png" - ], - "version": "1.0.0", - "title": "Theom", - "templateRelativePath": "Theom.json", - "subtitle": "", - "provider": "Theom" - }, - { - "workbookKey": "DynatraceWorkbooks", - "logoFileName": "dynatrace.svg", - "description": "This workbook brings together queries and visualizations to assist you in identifying potential threats surfaced by Dynatrace.", - "dataTypesDependencies": [ + ], + "version": "1.0.0", + "title": "Theom", + "templateRelativePath": "Theom.json", + "subtitle": "", + "provider": "Theom" +}, +{ + "workbookKey": "DynatraceWorkbooks", + "logoFileName": "dynatrace.svg", + "description": "This workbook brings together queries and visualizations to assist you in identifying potential threats surfaced by Dynatrace.", + "dataTypesDependencies": [ "DynatraceAttacks_CL", "DynatraceAuditLogs_CL", "DynatraceProblems_CL", "DynatraceSecurityProblems_CL" - ], - "dataConnectorsDependencies": [ + ], + "dataConnectorsDependencies": [ "DynatraceAttacks", "DynatraceAuditLogs", "DynatraceProblems", "DynatraceRuntimeVulnerabilities" - ], - "previewImagesFileNames": [ + ], + "previewImagesFileNames": [ "DynatraceWorkbookBlack.png", "DynatraceWorkbookWhite.png" - ], - "version": "2.0.0", - "title": "Dynatrace", - "templateRelativePath": "Dynatrace.json", - "subtitle": "", - "provider": "Dynatrace" - }, - { - "workbookKey": "MDOWorkbook", - "logoFileName": "Azure_Sentinel.svg", - "description": "Gain extensive insight into your organization's Microsoft Defender for Office Activity by analyzing, and correlating events.\nYou can track malware and phishing detection over time.", - "dataTypesDependencies": [ + ], + "version": "2.0.0", + "title": "Dynatrace", + "templateRelativePath": "Dynatrace.json", + "subtitle": "", + "provider": "Dynatrace" +}, +{ + "workbookKey": "MDOWorkbook", + "logoFileName": "Azure_Sentinel.svg", + "description": "Gain extensive insight into your organization's Microsoft Defender for Office Activity by analyzing, and correlating events.\nYou can track malware and phishing detection over time.", + "dataTypesDependencies": [ "SecurityAlert" - ], - "dataConnectorsDependencies": [ + ], + "dataConnectorsDependencies": [ "MicrosoftThreatProtection" - ], - "previewImagesFileNames": [ - "MDOBlack1.png", - "MDOBlack2.png", - "MDOWhite1.png", - "MDOWhite2.png" - ], - "version": "1.0.0", - "title": "Microsoft 365 Defender MDOWorkbook", - "templateRelativePath": "MDO Insights.json", - "subtitle": "", - "provider": "Microsoft" - }, - { - "workbookKey": "AnomaliesVisualizationWorkbook", - "logoFileName": "Azure_Sentinel.svg", - "description": "A workbook that provides contextual information to a user for better insight on Anomalies and their impact. The workbook will help with investigation of anomalies as well as identify patterns that can lead to a threat.", - "dataTypesDependencies": [ + ], + "previewImagesFileNames": [ + "MDOBlack1.png", + "MDOBlack2.png", + "MDOWhite1.png", + "MDOWhite2.png" + ], + "version": "1.0.0", + "title": "Microsoft 365 Defender MDOWorkbook", + "templateRelativePath": "MDO Insights.json", + "subtitle": "", + "provider": "Microsoft" +}, +{ + "workbookKey": "AnomaliesVisualizationWorkbook", + "logoFileName": "Azure_Sentinel.svg", + "description": "A workbook that provides contextual information to a user for better insight on Anomalies and their impact. The workbook will help with investigation of anomalies as well as identify patterns that can lead to a threat.", + "dataTypesDependencies": [ "Anomalies" - ], - "dataConnectorsDependencies": [], - "previewImagesFileNames": [ + ], + "dataConnectorsDependencies": [], + "previewImagesFileNames": [ "AnomaliesVisualizationWorkbookWhite.png", "AnomaliesVisualizationWorkbookBlack.png" - ], - "version": "1.0.0", - "title": "AnomaliesVisulization", - "templateRelativePath": "AnomaliesVisualization.json", - "subtitle": "", - "provider": "Microsoft Sentinel Community" - }, - { - "workbookKey": "AnomalyDataWorkbook", - "logoFileName": "Azure_Sentinel.svg", - "description": "A workbook providing details, related Incident, and related Hunting Workbook for a specific Anomaly.", - "dataTypesDependencies": [ + ], + "version": "1.0.0", + "title": "AnomaliesVisulization", + "templateRelativePath": "AnomaliesVisualization.json", + "subtitle": "", + "provider": "Microsoft Sentinel Community" +}, +{ + "workbookKey": "AnomalyDataWorkbook", + "logoFileName": "Azure_Sentinel.svg", + "description": "A workbook providing details, related Incident, and related Hunting Workbook for a specific Anomaly.", + "dataTypesDependencies": [ "Anomalies" - ], - "dataConnectorsDependencies": [], - "previewImagesFileNames": [ + ], + "dataConnectorsDependencies": [], + "previewImagesFileNames": [ "AnomalyDataWorkbookWhite.png", "AnomalyDataWorkbookBlack.png" - ], - "version": "1.0.0", - "title": "AnomalyData", - "templateRelativePath": "AnomalyData.json", - "subtitle": "", - "provider": "Microsoft Sentinel Community" - }, - { - "workbookKey": "MicrosoftExchangeLeastPrivilegewithRBAC-Online", - "logoFileName": "Azure_Sentinel.svg", - "description": "This Workbook, dedicated to Exchange Online environments is built to have a simple view of non-standard RBAC delegations on an Exchange Online tenant. This Workbook allow you to go deep dive on custom delegation and roles and also members of each delegation, including the nested level and the group imbrication on your environment.", - "dataTypesDependencies": [ + ], + "version": "1.0.0", + "title": "AnomalyData", + "templateRelativePath": "AnomalyData.json", + "subtitle": "", + "provider": "Microsoft Sentinel Community" +}, +{ + "workbookKey": "MicrosoftExchangeLeastPrivilegewithRBAC-Online", + "logoFileName": "Azure_Sentinel.svg", + "description": "This Workbook, dedicated to Exchange Online environments is built to have a simple view of non-standard RBAC delegations on an Exchange Online tenant. This Workbook allow you to go deep dive on custom delegation and roles and also members of each delegation, including the nested level and the group imbrication on your environment.", + "dataTypesDependencies": [ "ESIExchangeOnlineConfig_CL" - ], - "dataConnectorsDependencies": [ + ], + "dataConnectorsDependencies": [ "ESI-ExchangeOnPremisesCollector", "ESI-ExchangeAdminAuditLogEvents", "ESI-ExchangeOnlineCollector" - ], - "previewImagesFileNames": [ - "" - ], - "version": "1.0.0", - "title": "Microsoft Exchange Least Privilege with RBAC - Online", - "templateRelativePath": "Microsoft Exchange Least Privilege with RBAC - Online.json", - "subtitle": "", - "provider": "Microsoft" - }, - { - "workbookKey": "MicrosoftExchangeSearchAdminAuditLog", - "logoFileName": "Azure_Sentinel.svg", - "description": "This workbook is dedicated to On-Premises Exchange organizations. It uses the MSExchange Management event logs to give you a simple way to view administrators' activities in your Exchange environment with Cmdlets usage statistics and multiple pivots to understand who and/or what is affected to modifications on your environment.", - "dataTypesDependencies": [ + ], + "previewImagesFileNames": [""], + "version": "1.0.0", + "title": "Microsoft Exchange Least Privilege with RBAC - Online", + "templateRelativePath": "Microsoft Exchange Least Privilege with RBAC - Online.json", + "subtitle": "", + "provider": "Microsoft" +}, +{ + "workbookKey": "MicrosoftExchangeSearchAdminAuditLog", + "logoFileName": "Azure_Sentinel.svg", + "description": "This workbook is dedicated to On-Premises Exchange organizations. It uses the MSExchange Management event logs to give you a simple way to view administrators' activities in your Exchange environment with Cmdlets usage statistics and multiple pivots to understand who and/or what is affected to modifications on your environment.", + "dataTypesDependencies": [ "ESIExchangeOnlineConfig_CL" - ], - "dataConnectorsDependencies": [ + ], + "dataConnectorsDependencies": [ "ESI-ExchangeOnPremisesCollector", "ESI-ExchangeAdminAuditLogEvents", "ESI-ExchangeOnlineCollector" - ], - "previewImagesFileNames": [ - "" - ], - "version": "1.0.0", - "title": "Microsoft Exchange Search AdminAuditLog", - "templateRelativePath": "Microsoft Exchange Search AdminAuditLog.json", - "subtitle": "", - "provider": "Microsoft" - }, - { - "workbookKey": "MicrosoftExchangeSecurityMonitoring", - "logoFileName": "Azure_Sentinel.svg", - "description": "This Workbook is dedicated to On-Premises Exchange organizations. It uses the MSExchange Management event logs and Microsoft Exchange Security configuration collected by data connectors. It helps to track admin actions, especially on VIP Users and/or on Sensitive Cmdlets. This workbook allows also to list Exchange Services changes, local account activities and local logon on Exchange Servers.", - "dataTypesDependencies": [ + ], + "previewImagesFileNames": [""], + "version": "1.0.0", + "title": "Microsoft Exchange Search AdminAuditLog", + "templateRelativePath": "Microsoft Exchange Search AdminAuditLog.json", + "subtitle": "", + "provider": "Microsoft" +}, +{ + "workbookKey": "MicrosoftExchangeSecurityMonitoring", + "logoFileName": "Azure_Sentinel.svg", + "description": "This Workbook is dedicated to On-Premises Exchange organizations. It uses the MSExchange Management event logs and Microsoft Exchange Security configuration collected by data connectors. It helps to track admin actions, especially on VIP Users and/or on Sensitive Cmdlets. This workbook allows also to list Exchange Services changes, local account activities and local logon on Exchange Servers.", + "dataTypesDependencies": [ "ESIExchangeOnlineConfig_CL" - ], - "dataConnectorsDependencies": [ + ], + "dataConnectorsDependencies": [ "ESI-ExchangeOnPremisesCollector", "ESI-ExchangeAdminAuditLogEvents", "ESI-ExchangeOnlineCollector" - ], - "previewImagesFileNames": [ - "" - ], - "version": "1.0.0", - "title": "Microsoft Exchange Admin Activity", - "templateRelativePath": "Microsoft Exchange Admin Activity.json", - "subtitle": "", - "provider": "Microsoft" - }, - { - "workbookKey": "MicrosoftExchangeSecurityReview-Online", - "logoFileName": "Azure_Sentinel.svg", - "description": "This Workbook is dedicated to Exchange Online tenants. It displays and highlights current Security configuration on various Exchange components specific to Online including delegations, the transport configuration and the linked security risks, and risky protocols.", - "dataTypesDependencies": [ + ], + "previewImagesFileNames": [""], + "version": "1.0.0", + "title": "Microsoft Exchange Admin Activity", + "templateRelativePath": "Microsoft Exchange Admin Activity.json", + "subtitle": "", + "provider": "Microsoft" +}, +{ + "workbookKey": "MicrosoftExchangeSecurityReview-Online", + "logoFileName": "Azure_Sentinel.svg", + "description": "This Workbook is dedicated to Exchange Online tenants. It displays and highlights current Security configuration on various Exchange components specific to Online including delegations, the transport configuration and the linked security risks, and risky protocols.", + "dataTypesDependencies": [ "ESIExchangeOnlineConfig_CL" - ], - "dataConnectorsDependencies": [ + ], + "dataConnectorsDependencies": [ "ESI-ExchangeOnPremisesCollector", "ESI-ExchangeAdminAuditLogEvents", "ESI-ExchangeOnlineCollector" - ], - "previewImagesFileNames": [ - "" - ], - "version": "1.0.0", - "title": "Microsoft Exchange Security Review - Online", - "templateRelativePath": "Microsoft Exchange Security Review - Online.json", - "subtitle": "", - "provider": "Microsoft" - }, - { - "workbookKey": "MicrosoftExchangeSecurityReview", - "logoFileName": "Azure_Sentinel.svg", - "description": "This Workbook is dedicated to On-Premises Exchange organizations. It displays and highlights current Security configuration on various Exchange components including delegations, rights on databases, Exchange and most important AD Groups with members including nested groups, local administrators of servers. This workbook helps also to understand the transport configuration and the linked security risks.", - "dataTypesDependencies": [ + ], + "previewImagesFileNames": [""], + "version": "1.0.0", + "title": "Microsoft Exchange Security Review - Online", + "templateRelativePath": "Microsoft Exchange Security Review - Online.json", + "subtitle": "", + "provider": "Microsoft" +}, +{ + "workbookKey": "MicrosoftExchangeSecurityReview", + "logoFileName": "Azure_Sentinel.svg", + "description": "This Workbook is dedicated to On-Premises Exchange organizations. It displays and highlights current Security configuration on various Exchange components including delegations, rights on databases, Exchange and most important AD Groups with members including nested groups, local administrators of servers. This workbook helps also to understand the transport configuration and the linked security risks.", + "dataTypesDependencies": [ "ESIExchangeOnlineConfig_CL" - ], - "dataConnectorsDependencies": [ + ], + "dataConnectorsDependencies": [ "ESI-ExchangeOnPremisesCollector", "ESI-ExchangeAdminAuditLogEvents", "ESI-ExchangeOnlineCollector" - ], - "previewImagesFileNames": [ - "" - ], - "version": "1.0.0", - "title": "Microsoft Exchange Security Review", - "templateRelativePath": "Microsoft Exchange Security Review.json", - "subtitle": "", - "provider": "Microsoft" - }, - { - "workbookKey": "ibossMalwareAndC2Workbook", - "logoFileName": "iboss_logo.svg", - "description": "A workbook providing insights into malware and C2 activity detected by iboss.", - "dataTypesDependencies": [], - "dataConnectorsDependencies": [], - "previewImagesFileNames": [ - "" - ], - "version": "1.0.0", - "title": "iboss Malware and C2", - "templateRelativePath": "ibossMalwareAndC2.json", - "subtitle": "", - "provider": "iboss" - }, - { - "workbookKey": "ibossWebUsageWorkbook", - "logoFileName": "iboss_logo.svg", - "description": "A workbook providing insights into web usage activity detected by iboss.", - "dataTypesDependencies": [], - "dataConnectorsDependencies": [], - "previewImagesFileNames": [ - "" - ], - "version": "1.0.0", - "title": "iboss Web Usage", - "templateRelativePath": "ibossWebUsage.json", - "subtitle": "", - "provider": "iboss" - }, - { - "workbookKey": "CynerioOverviewWorkbook", - "logoFileName": "Cynerio.svg", - "description": "An overview of Cynerio Security events", - "dataTypesDependencies": [ - "CynerioEvent_CL" - ], - "dataConnectorsDependencies": [ - "CynerioSecurityEvents" - ], - "previewImagesFileNames": [ - "CynerioOverviewBlack.png", - "CynerioOverviewWhite.png" - ], - "version": "1.0.0", - "title": "Cynerio Overview Workbook", - "templateRelativePath": "CynerioOverviewWorkbook.json", - "subtitle": "", - "provider": "Cynerio" - }, - { - "workbookKey": "ReversingLabs-CapabilitiesOverview", - "logoFileName": "reversinglabs.svg", - "description": "The ReversingLabs-CapabilitiesOverview workbook provides a high level look at your threat intelligence capabilities and how they relate to your operations.", - "dataTypesDependencies": [], - "dataConnectorsDependencies": [], - "previewImagesFileNames": [ + ], + "previewImagesFileNames": [""], + "version": "1.0.0", + "title": "Microsoft Exchange Security Review", + "templateRelativePath": "Microsoft Exchange Security Review.json", + "subtitle": "", + "provider": "Microsoft" +}, +{ + "workbookKey": "ibossMalwareAndC2Workbook", + "logoFileName": "iboss_logo.svg", + "description": "A workbook providing insights into malware and C2 activity detected by iboss.", + "dataTypesDependencies": [], + "dataConnectorsDependencies": [], + "previewImagesFileNames": [""], + "version": "1.0.0", + "title": "iboss Malware and C2", + "templateRelativePath": "ibossMalwareAndC2.json", + "subtitle": "", + "provider": "iboss" +}, +{ + "workbookKey": "ibossWebUsageWorkbook", + "logoFileName": "iboss_logo.svg", + "description": "A workbook providing insights into web usage activity detected by iboss.", + "dataTypesDependencies": [], + "dataConnectorsDependencies": [], + "previewImagesFileNames": [""], + "version": "1.0.0", + "title": "iboss Web Usage", + "templateRelativePath": "ibossWebUsage.json", + "subtitle": "", + "provider": "iboss" +}, +{ + "workbookKey": "CynerioOverviewWorkbook", + "logoFileName": "Cynerio.svg", + "description": "An overview of Cynerio Security events", + "dataTypesDependencies": ["CynerioEvent_CL"], + "dataConnectorsDependencies": ["CynerioSecurityEvents"], + "previewImagesFileNames": ["CynerioOverviewBlack.png", "CynerioOverviewWhite.png"], + "version": "1.0.0", + "title": "Cynerio Overview Workbook", + "templateRelativePath": "CynerioOverviewWorkbook.json", + "subtitle": "", + "provider": "Cynerio" +}, +{ + "workbookKey": "ReversingLabs-CapabilitiesOverview", + "logoFileName": "reversinglabs.svg", + "description": "The ReversingLabs-CapabilitiesOverview workbook provides a high level look at your threat intelligence capabilities and how they relate to your operations.", + "dataTypesDependencies": [], + "dataConnectorsDependencies": [], + "previewImagesFileNames": [ "ReversingLabsTiSummary-White.png", "ReversingLabsTiSummary-Black.png", "ReversingLabsOpsSummary-White.png", "ReversingLabsOpsSummary-Black.png" - ], - "version": "1.1.1", - "title": "ReversingLabs-CapabilitiesOverview", - "templateRelativePath": "ReversingLabs-CapabilitiesOverview.json", - "subtitle": "", - "provider": "ReversingLabs" - }, - { - "workbookKey": "vCenter", - "logoFileName": "Azure_Sentinel.svg", - "description": "This data connector depends on a parser based on Kusto Function **vCenter** to work as expected. [Follow steps to get this Kusto Function](https://aka.ms/sentinel-vCenter-parser)", - "dataTypesDependencies": [ + ], + "version": "1.1.1", + "title": "ReversingLabs-CapabilitiesOverview", + "templateRelativePath": "ReversingLabs-CapabilitiesOverview.json", + "subtitle": "", + "provider": "ReversingLabs" +}, +{ + "workbookKey": "vCenter", + "logoFileName": "Azure_Sentinel.svg", + "description": "This data connector depends on a parser based on Kusto Function **vCenter** to work as expected. [Follow steps to get this Kusto Function](https://aka.ms/sentinel-vCenter-parser)", + "dataTypesDependencies": [ "vCenter_CL" - ], - "dataConnectorsDependencies": [ + ], + "dataConnectorsDependencies": [ "VMwarevCenter" - ], - "previewImagesFileNames": [ - "" - ], - "version": "1.0.0", - "title": "vCenter", - "templateRelativePath": "vCenter.json", - "subtitle": "", - "provider": "VMware" - }, - { - "workbookKey": "SAP-Monitors-AlertsandPerformance", - "logoFileName": "SAPVMIcon.svg", - "description": "SAP -Monitors- Alerts and Performance", - "dataTypesDependencies": [ + ], + "previewImagesFileNames": [""], + "version": "1.0.0", + "title": "vCenter", + "templateRelativePath": "vCenter.json", + "subtitle": "", + "provider": "VMware" +}, +{ + "workbookKey": "SAP-Monitors-AlertsandPerformance", + "logoFileName": "SAPVMIcon.svg", + "description": "SAP -Monitors- Alerts and Performance", + "dataTypesDependencies": [ "SAPAuditLog" - ], - "dataConnectorsDependencies": [ + ], + "dataConnectorsDependencies": [ "SAP" - ], - "previewImagesFileNames": [ - "" - ], - "version": "2.0.1", - "title": "SAP -Monitors- Alerts and Performance", - "templateRelativePath": "SAP -Monitors- Alerts and Performance.json", - "subtitle": "", - "provider": "Microsoft" - }, - { - "workbookKey": "SAP-SecurityAuditlogandInitialAccess", - "logoFileName": "SAPVMIcon.svg", - "description": "SAP -Security Audit log and Initial Access", - "dataTypesDependencies": [ + ], + "previewImagesFileNames": [""], + "version": "2.0.1", + "title": "SAP -Monitors- Alerts and Performance", + "templateRelativePath": "SAP -Monitors- Alerts and Performance.json", + "subtitle": "", + "provider": "Microsoft" +}, +{ + "workbookKey": "SAP-SecurityAuditlogandInitialAccess", + "logoFileName": "SAPVMIcon.svg", + "description": "SAP -Security Audit log and Initial Access", + "dataTypesDependencies": [ "SAPAuditLog" - ], - "dataConnectorsDependencies": [ + ], + "dataConnectorsDependencies": [ "SAP" - ], - "previewImagesFileNames": [ - "" - ], - "version": "2.0.1", - "title": "SAP -Security Audit log and Initial Access", - "templateRelativePath": "SAP -Security Audit log and Initial Access.json", - "subtitle": "", - "provider": "Microsoft" - }, - { - "workbookKey": "DNSSolutionWorkbook", - "logoFileName": "Azure_Sentinel.svg", - "description": "This workbook is included as part of the DNS Essentials solution and gives a summary of analyzed DNS traffic. It also helps with threat analysis and investigating suspicious Domains, IPs and DNS traffic. DNS Essentials Solution also includes a playbook to periodically summarize the logs, thus enhancing the user experience and improving data search. For effective usage of workbook, we highly recommend enabling the summarization playbook that is provided with this solution.", - "dataTypesDependencies": [], - "dataConnectorsDependencies": [], - "previewImagesFileNames": [ + ], + "previewImagesFileNames": [""], + "version": "2.0.1", + "title": "SAP -Security Audit log and Initial Access", + "templateRelativePath": "SAP -Security Audit log and Initial Access.json", + "subtitle": "", + "provider": "Microsoft" +}, +{ + "workbookKey": "DNSSolutionWorkbook", + "logoFileName": "Azure_Sentinel.svg", + "description": "This workbook is included as part of the DNS Essentials solution and gives a summary of analyzed DNS traffic. It also helps with threat analysis and investigating suspicious Domains, IPs and DNS traffic. DNS Essentials Solution also includes a playbook to periodically summarize the logs, thus enhancing the user experience and improving data search. For effective usage of workbook, we highly recommend enabling the summarization playbook that is provided with this solution.", + "dataTypesDependencies": [], + "dataConnectorsDependencies": [], + "previewImagesFileNames": [ "DNSDomainWorkbookWhite.png", "DNSDomainWorkbookBlack.png" - ], - "version": "1.0.0", - "title": "DNS Solution Workbook", - "templateRelativePath": "DNSSolutionWorkbook.json", - "subtitle": "", - "provider": "Microsoft" - }, - { - "workbookKey": "MicrosoftPowerBIActivityWorkbook", - "logoFileName": "PowerBILogo.svg", - "description": "This workbook provides details on Microsoft PowerBI Activity", - "dataTypesDependencies": [ + ], + "version": "1.0.0", + "title": "DNS Solution Workbook", + "templateRelativePath": "DNSSolutionWorkbook.json", + "subtitle": "", + "provider": "Microsoft" +}, +{ + "workbookKey": "MicrosoftPowerBIActivityWorkbook", + "logoFileName": "PowerBILogo.svg", + "description": "This workbook provides details on Microsoft PowerBI Activity", + "dataTypesDependencies": [ "PowerBIActivity" - ], - "dataConnectorsDependencies": [ + ], + "dataConnectorsDependencies": [ "Microsoft PowerBI (Preview)" - ], - "previewImagesFileNames": [ + ], + "previewImagesFileNames": [ "MicrosoftPowerBIActivityWorkbookBlack.png", "MicrosoftPowerBIActivityWorkbookWhite.png" - ], - "version": "1.0.0", - "title": "Microsoft PowerBI Activity Workbook", - "templateRelativePath": "MicrosoftPowerBIActivityWorkbook.json", - "subtitle": "", - "provider": "Microsoft" - }, - { - "workbookKey": "MicrosoftThreatIntelligenceWorkbook", - "logoFileName": "Azure_Sentinel.svg", - "description": "Gain insights into threat indicators ingestion and search for indicators at scale across Microsoft 1st Party, 3rd Party, On-Premises, Hybrid, and Multi-Cloud Workloads. Indicators Search facilitates a simple interface for finding IP, File, Hash, Sender and more across your data. Seamless pivots to correlate indicators with Microsoft Sentinel: Incidents to make your threat intelligence actionable.", - "dataTypesDependencies": [ + ], + "version": "1.0.0", + "title": "Microsoft PowerBI Activity Workbook", + "templateRelativePath": "MicrosoftPowerBIActivityWorkbook.json", + "subtitle": "", + "provider": "Microsoft" +}, +{ + "workbookKey": "MicrosoftThreatIntelligenceWorkbook", + "logoFileName": "Azure_Sentinel.svg", + "description": "Gain insights into threat indicators ingestion and search for indicators at scale across Microsoft 1st Party, 3rd Party, On-Premises, Hybrid, and Multi-Cloud Workloads. Indicators Search facilitates a simple interface for finding IP, File, Hash, Sender and more across your data. Seamless pivots to correlate indicators with Microsoft Sentinel: Incidents to make your threat intelligence actionable.", + "dataTypesDependencies": [ "ThreatIntelligenceIndicator", "SecurityIncident" - ], - "dataConnectorsDependencies": [ + ], + "dataConnectorsDependencies": [ "ThreatIntelligence", "ThreatIntelligenceTaxii" - ], - "previewImagesFileNames": [ + ], + "previewImagesFileNames": [ "ThreatIntelligenceWhite.png", "ThreatIntelligenceBlack.png" - ], - "version": "1.0.0", - "title": "Threat Intelligence", - "templateRelativePath": "MicrosoftThreatIntelligence.json", - "subtitle": "", - "provider": "Microsoft" - }, + ], + "version": "1.0.0", + "title": "Threat Intelligence", + "templateRelativePath": "MicrosoftThreatIntelligence.json", + "subtitle": "", + "provider": "Microsoft" +}, { "workbookKey": "MicrosoftDefenderForEndPoint", "logoFileName": "Azure_Sentinel.svg", @@ -5626,112 +5543,112 @@ } }, { - "workbookKey": "MicrosoftDefenderForIdentity", - "logoFileName": "Azure_Sentinel.svg", - "description": "Use this workbook to analyse the advance hunting data ingested for Defender For Identity.", - "dataTypesDependencies": [ - "IdentityLogonEvents", - "IdentityQueryEvents", - "IdentityDirectoryEvents", - "SecurityAlert" - ], - "dataConnectorsDependencies": [], - "previewImagesFileNames": [ - "microsoftdefenderforidentity-black.png", - "microsoftdefenderforidentity-white.png" - ], - "version": "1.0.0", - "title": "Microsoft Defender For Identity", - "templateRelativePath": "MicrosoftDefenderForIdentity.json", - "subtitle": "", - "provider": "Microsoft Sentinel Community", - "support": { - "tier": "Community" - }, - "author": { - "name": "Samik Roy" - }, - "source": { - "kind": "Community" - }, - "categories": { - "domains": [ - "Identity", - "Security - Threat Protection" - ] - } - }, - { - "workbookKey": "EsetProtect", - "logoFileName": "eset-logo.svg", - "description": "Visualize events and threats from Eset protect.", - "dataTypesDependencies": [ - "ESETPROTECT" - ], - "dataConnectorsDependencies": [ - "ESETPROTECT" - ], - "previewImagesFileNames": [ - "ESETPROTECTBlack.png", - "ESETPROTECTWhite.png" - ], - "version": "1.0.0", - "title": "EsetProtect", - "templateRelativePath": "ESETPROTECT.json", - "subtitle": "", - "provider": "Community" - }, - { - "workbookKey": "CyberArkEPMWorkbook", - "logoFileName": "CyberArk_Logo.svg", - "description": "Sets the time name for analysis", - "dataTypesDependencies": [ - "CyberArkEPM_CL" - ], - "dataConnectorsDependencies": [ - "CyberArkEPM" - ], - "previewImagesFileNames": [ - "CyberArkEPMBlack.png", - "CyberArkEPMWhite.png" - ], - "version": "1.0.0", - "title": "CyberArk EPM", - "templateRelativePath": "CyberArkEPM.json", - "subtitle": "", - "provider": "CyberArk" - }, - { - "workbookKey": "IncidentTasksWorkbook", + "workbookKey": "MicrosoftDefenderForIdentity", "logoFileName": "Azure_Sentinel.svg", - "description": "Use this workbook to review and modify existing incidents with tasks. This workbook provides views that higlight incident tasks that are open, closed, or deleted, as well as incidents with tasks that are either owned or unassigned. The workbook also provides SOC metrics around incident task performance, such as percentage of incidents without tasks, average time to close tasks, and more.", - "dataTypesDependencies": [], + "description": "Use this workbook to analyse the advance hunting data ingested for Defender For Identity.", + "dataTypesDependencies": [ + "IdentityLogonEvents", + "IdentityQueryEvents", + "IdentityDirectoryEvents", + "SecurityAlert" + ], "dataConnectorsDependencies": [], "previewImagesFileNames": [ - "Tasks-Black.png", - "Tasks-White.png" + "microsoftdefenderforidentity-black.png", + "microsoftdefenderforidentity-white.png" ], - "version": "1.1.0", - "title": "Incident Tasks Workbook", - "templateRelativePath": "IncidentTasksWorkbook.json", + "version": "1.0.0", + "title": "Microsoft Defender For Identity", + "templateRelativePath": "MicrosoftDefenderForIdentity.json", "subtitle": "", - "provider": "Microsoft", + "provider": "Microsoft Sentinel Community", "support": { - "tier": "Microsoft" + "tier": "Community" }, "author": { - "name": "Microsoft Corporation" + "name": "Samik Roy" }, "source": { "kind": "Community" }, "categories": { "domains": [ - "Incident Management", - "SOC Reporting" + "Identity", + "Security - Threat Protection" ] } }, +{ + "workbookKey": "EsetProtect", + "logoFileName": "eset-logo.svg", + "description": "Visualize events and threats from Eset protect.", + "dataTypesDependencies": [ + "ESETPROTECT" + ], + "dataConnectorsDependencies": [ + "ESETPROTECT" + ], + "previewImagesFileNames": [ + "ESETPROTECTBlack.png", + "ESETPROTECTWhite.png" + ], + "version": "1.0.0", + "title": "EsetProtect", + "templateRelativePath": "ESETPROTECT.json", + "subtitle": "", + "provider": "Community" +}, +{ + "workbookKey": "CyberArkEPMWorkbook", + "logoFileName": "CyberArk_Logo.svg", + "description": "Sets the time name for analysis", + "dataTypesDependencies": [ + "CyberArkEPM_CL" + ], + "dataConnectorsDependencies": [ + "CyberArkEPM" + ], + "previewImagesFileNames": [ + "CyberArkEPMBlack.png", + "CyberArkEPMWhite.png" + ], + "version": "1.0.0", + "title": "CyberArk EPM", + "templateRelativePath": "CyberArkEPM.json", + "subtitle": "", + "provider": "CyberArk" +}, +{ + "workbookKey": "IncidentTasksWorkbook", + "logoFileName": "Azure_Sentinel.svg", + "description": "Use this workbook to review and modify existing incidents with tasks. This workbook provides views that higlight incident tasks that are open, closed, or deleted, as well as incidents with tasks that are either owned or unassigned. The workbook also provides SOC metrics around incident task performance, such as percentage of incidents without tasks, average time to close tasks, and more.", + "dataTypesDependencies": [], + "dataConnectorsDependencies": [], + "previewImagesFileNames": [ + "Tasks-Black.png", + "Tasks-White.png" +], + "version": "1.1.0", + "title": "Incident Tasks Workbook", + "templateRelativePath": "IncidentTasksWorkbook.json", + "subtitle": "", + "provider": "Microsoft", + "support": { + "tier": "Microsoft" + }, +"author": { + "name": "Microsoft Corporation" + }, +"source": { + "kind": "Community" + }, +"categories": { + "domains": [ + "Incident Management", + "SOC Reporting" + ] + } +}, { "workbookKey": "SentinelWorkspaceReconTools", "logoFileName": "Azure_Sentinel.svg", @@ -5827,7 +5744,7 @@ "templateRelativePath": "SentinelHealth.json", "subtitle": "", "provider": "Microsoft Sentinel Community", - "support": { + "support": { "tier": "Microsoft" }, "author": { @@ -5837,9 +5754,7 @@ "kind": "Community" }, "categories": { - "domains": [ - "Platform" - ] + "domains": [ "Platform" ] } }, { @@ -5848,16 +5763,13 @@ "description": "This workbook provides an estimated cost in GBP (£) across the main billed items in Microsoft Sentinel: ingestion, retention and automation. It also provides insight about the possible impact of the Microsoft 365 E5 offer.", "dataTypesDependencies": [], "dataConnectorsDependencies": [], - "previewImagesFileNames": [ - "MicrosoftSentinelCostGBPWhite.png", - "MicrosoftSentinelCostGBPBlack.png" - ], + "previewImagesFileNames": [ "MicrosoftSentinelCostGBPWhite.png", "MicrosoftSentinelCostGBPBlack.png"], "version": "1.6.0", "title": "Microsoft Sentinel Cost (GBP)", "templateRelativePath": "MicrosoftSentinelCostGBP.json", "subtitle": "", "provider": "Microsoft Sentinel Community", - "support": { + "support": { "tier": "Microsoft" }, "author": { @@ -5867,9 +5779,7 @@ "kind": "Community" }, "categories": { - "domains": [ - "Platform" - ] + "domains": [ "Platform" ] } }, { @@ -5887,7 +5797,7 @@ "templateRelativePath": "SentinelCosts.json", "subtitle": "", "provider": "Microsoft Sentinel Community", - "support": { + "support": { "tier": "Microsoft" }, "author": { @@ -5897,24 +5807,16 @@ "kind": "Community" }, "categories": { - "domains": [ - "Platform" - ] + "domains": [ "Platform" ] } }, { "workbookKey": "AnalyticsHealthAudit", "logoFileName": "Azure_Sentinel.svg", "description": "This workbook provides visibility on the health and audit of your analytics rules. You will be able to find out whether an analytics rule is running as expected and get a list of changes made to an analytic rule.", - "dataTypesDependencies": [ - "SentinelHealth", - "SentinelAudit" - ], + "dataTypesDependencies": ["SentinelHealth", "SentinelAudit"], "dataConnectorsDependencies": [], - "previewImagesFileNames": [ - "AnalyticsHealthAuditWhite.png", - "AnalyticsHealthAuditBlack.png" - ], + "previewImagesFileNames": [ "AnalyticsHealthAuditWhite.png", "AnalyticsHealthAuditBlack.png" ], "version": "1.0.0", "title": "Analytics Health & Audit", "templateRelativePath": "AnalyticsHealthAudit.json", @@ -5932,412 +5834,373 @@ "categories": { "domains": [ "IT Operations", - "Platform" - ] - } - }, - { - "workbookKey": "AzureLogCoverage", - "logoFileName": "Azure_Sentinel.svg", - "description": "This Workbook pulls the current Azure inventory via Azure Resource Graph explorer and compares it with data written to one or more selected Log Analytics workspaces to determine which resources are sending data and which ones are not. This can be used to expose gaps in your logging coverage and/or identify inactive resources.", - "dataTypesDependencies": [], - "dataConnectorsDependencies": [], - "previewImagesFileNames": [ - "AzureLogCoverageWhite1.png", - "AzureLogCoverageWhite2.png", - "AzureLogCoverageBlack1.png", - "AzureLogCoverageBlack2.png" - ], - "version": "1.0.0", - "title": "Azure Log Coverage", - "templateRelativePath": "AzureLogCoverage.json", - "subtitle": "", - "provider": "Microsoft Sentinel Community", - "support": { - "tier": "Community" - }, - "author": { - "name": "Alex Anders" - }, - "source": { - "kind": "Community" - } - }, - { - "workbookKey": "AzureSensitiveOperationsReview", - "logoFileName": "Azure_Sentinel.svg", - "description": "Monitor Sesnitive Operations in Azure Activity using Azure Threat Research Matrix ", - "dataTypesDependencies": [ - "AzureActivity" - ], - "dataConnectorsDependencies": [ - "AzureActivity" - ], - "previewImagesFileNames": [ - "SensitiveoperationSecurityBlack.png", - "SensitiveoperationSecurityWhite.png" - ], - "version": "1.0.0", - "title": "Azure SensitiveOperations Review Workbook", - "templateRelativePath": "SensitiveOperationsinAzureActivityLogReview.json", - "subtitle": "", - "provider": "Microsoft Sentinel community", - "support": { - "tier": "Microsoft" - }, - "author": { - "name": "Microsoft Corporation" - }, - "source": { - "kind": "Community" - }, - "categories": { - "domains": [ - "IT Operations", - "Platform" - ] - } - }, - { - "workbookKey": "MicrosoftSentinelCostEUR", - "logoFileName": "Azure_Sentinel.svg", - "description": "This workbook provides an estimated cost in EUR (€) across the main billed items in Microsoft Sentinel: ingestion, retention and automation. It also provides insight about the possible impact of the Microsoft 365 E5 offer.", - "dataTypesDependencies": [], - "dataConnectorsDependencies": [], - "previewImagesFileNames": [ - "MicrosoftSentinelCostEURWhite.png", - "MicrosoftSentinelCostEURBlack.png" - ], - "version": "1.0.0", - "title": "Microsoft Sentinel Cost (EUR)", - "templateRelativePath": "MicrosoftSentinelCostEUR.json", - "subtitle": "", - "provider": "Microsoft Sentinel Community", - "support": { - "tier": "Microsoft" - }, - "author": { - "name": "Marco Passanisi" - }, - "source": { - "kind": "Community" - }, - "categories": { - "domains": [ - "Platform" - ] - } - }, - { - "workbookKey": "LogAnalyticsQueryAnalysis", - "logoFileName": "Azure_Sentinel.svg", - "description": "This workbook provides an analysis on Log Analytics Query Logs.", - "dataTypesDependencies": [], - "dataConnectorsDependencies": [], - "previewImagesFileNames": [ - "LogAnalyticsQueryAnalysisBlack.PNG", - "LogAnalyticsQueryAnalysisWhite.PNG" - ], - "version": "1.0.0", - "title": "Log Analytics Query Analysis", - "templateRelativePath": "LogAnalyticsQueryAnalysis.json", - "subtitle": "", - "provider": "Microsoft Sentinel Community", - "support": { - "tier": "Microsoft" - }, - "author": { - "name": "Samik Roy" - }, - "source": { - "kind": "Community" - }, - "categories": { - "domains": [ - "Platform" - ] - } - }, - { - "workbookKey": "AcscEssential8", - "logoFileName": "ACSClogo.svg", - "description": "This workbook provides insights on the health state of Azure resources against requirements by the ACSC Essential 8.", - "dataTypesDependencies": [ - "DeviceTvmSecureConfigurationAssessment" - ], - "dataConnectorsDependencies": [], - "previewImagesFileNames": [ - "AcscEssential8Black1.png", - "AcscEssential8White1.png", - "AcscEssential8Black2.png", - "AcscEssential8White2.png" - ], - "version": "2.0.0", - "title": "ACSC Essential 8", - "templateRelativePath": "AcscEssential8.json", - "subtitle": "", - "provider": "Microsoft", - "support": { - "tier": "Microsoft" - }, - "author": { - "name": "Microsoft Corporation" - }, - "source": { - "kind": "Community" - }, - "categories": { - "domains": [ - "Compliance", - "IT Operations" - ] - } - }, - { - "workbookKey": "TalonInsights", - "logoFileName": "Talon.svg", - "description": "This workbook provides Talon Security Insights on Log Analytics Query Logs", - "dataTypesDependencies": [], - "dataConnectorsDependencies": [], - "previewImagesFileNames": [ - "TalonInsightsBlack.png", - "TalonInsightsWhite.png" - ], - "version": "2.0.0", - "title": "Talon Insights", - "templateRelativePath": "TalonInsights.json", - "subtitle": "", - "provider": "Talon Cyber Security" - }, - { - "workbookKey": "manualincident", - "logoFileName": "Azure_Sentinel.svg", - "description": "This workbook gives the ability for efficient incident management by enabling manual creation of Microsoft Sentinel incidents directly from within the workbook.", - "dataTypesDependencies": [ - "" - ], - "dataConnectorsDependencies": [ - "" - ], - "previewImagesFileNames": [ - "ManualincidentWhite.png", - "ManualincidentBlack.png" - ], - "version": "1.0.0", - "title": "Incident Management with Microsoft Sentinel Manual Creation of Incidents Workbook", - "templateRelativePath": "ManualSentinelIncident.json", - "subtitle": "", - "provider": "Microsoft Sentinel community", - "support": { - "tier": "Community" - }, - "author": { - "name": "Microsoft Sentinel Community" - }, - "source": { - "kind": "Community" - }, - "categories": { - "domains": [ - "Security - Others" - ] - } - }, - { - "workbookKey": "CofenseTriageThreatIndicators", - "logoFileName": "CofenseTriage.svg", - "description": "This workbook provides visualization of Cofense Triage threat indicators which are ingested in the Microsoft Sentinel Threat intelligence.", - "dataTypesDependencies": [ - "ThreatIntelligenceIndicator", - "Report_links_data_CL" - ], - "dataConnectorsDependencies": [ - "CofenseTriageDataConnector" - ], - "previewImagesFileNames": [ - "CofenseTriageThreatIndicatorsWhite1.png", - "CofenseTriageThreatIndicatorsBlack1.png" - ], - "version": "1.0", - "title": "CofenseTriageThreatIndicators", - "templateRelativePath": "CofenseTriageThreatIndicators.json", - "subtitle": "", - "provider": "Cofense" - }, - { - "workbookKey": "OptimizationWorkbook", - "logoFileName": "optimization.svg", - "description": "This workbook aims to help you gain insights into your current Microsoft Sentinel environment, while also providing recommendations for optimizing costs, improving operational effectiveness, and offering a management overview.", - "dataTypesDependencies": [ - "SentinelHealth", - "SentinelAudit" - ], - "dataConnectorsDependencies": [], - "previewImagesFileNames": [ - "OptimizationWorkbookBlack.png", - "OptimizationWorkbookWhite.png" - ], - "version": "1.1.0", - "title": "Microsoft Sentinel Optimization Workbook", - "templateRelativePath": "OptimizationWorkbook.json", - "subtitle": "", - "provider": "Microsoft", - "support": { - "tier": "Microsoft" - }, - "author": { - "name": "Jeremy Tan, Matthew Lowe, Margaret Mwaura" - }, - "source": { - "kind": "Community" - }, - "categories": { - "domains": [ - "IT Operations" + "Platform" ] } }, { - "workbookKey": "DataCollectionRuleToolkit", + "workbookKey": "AzureLogCoverage", "logoFileName": "Azure_Sentinel.svg", - "description": "Use this workbook solution to create, review, and modify data collection rules for Microsoft Sentinel. This workbook provides a click-through experience that centralizes key components from Microsoft Sentinel, Azure Log Analytics, and Azure Monitor to enable users to create new DCRs, modify existing DCRs, and review all DCRs in the environment.", + "description": "This Workbook pulls the current Azure inventory via Azure Resource Graph explorer and compares it with data written to one or more selected Log Analytics workspaces to determine which resources are sending data and which ones are not. This can be used to expose gaps in your logging coverage and/or identify inactive resources.", "dataTypesDependencies": [], "dataConnectorsDependencies": [], "previewImagesFileNames": [ - "Dcr-toolkit-Black.png", - "Dcr-toolkit-White.png" + "AzureLogCoverageWhite1.png", + "AzureLogCoverageWhite2.png", + "AzureLogCoverageBlack1.png", + "AzureLogCoverageBlack2.png" ], - "version": "1.1.0", - "title": "Data Collection Rule Toolkit", - "templateRelativePath": "DCR-Toolkit.json", + "version": "1.0.0", + "title": "Azure Log Coverage", + "templateRelativePath": "AzureLogCoverage.json", "subtitle": "", "provider": "Microsoft Sentinel Community", "support": { "tier": "Community" }, "author": { - "name": "Microsoft Sentinel Community" + "name": "Alex Anders" }, "source": { "kind": "Community" - }, - "categories": { - "domains": [ - "Data Collection" - ] } }, - { - "workbookKey": "NetskopeWorkbook", - "logoFileName": "Netskope_logo.svg", - "description": "Gain insights and comprehensive monitoring into Netskope events data by analyzing traffic and user activities.\nThis workbook provides insights into various Netskope events types such as Cloud Firewall, Network Private Access, Applications, Security Alerts as well as Web Transactions.\nYou can use this workbook to get visibility in to your Netskope Security Cloud and quickly identify threats, anamolies, traffic patterns, cloud application useage, blocked URL addresses and more.", - "dataTypesDependencies": [ - "Netskope_Events_CL", - "Netskope_Alerts_CL", - "Netskope_WebTX_CL" - ], - "dataConnectorsDependencies": [], - "previewImagesFileNames": [ - "Netskope-ApplicationEvents-Black.png", - "Netskope-ApplicationEvents-White.png", - "Netskope-SecurityAlerts-DLP-Black.png", - "Netskope-SecurityAlerts-DLP-White.png", - "Netskope-NetworkEvents-CFW-Black.png", - "Netskope-NetworkEvents-CFW-White.png", - "Netskope-SecurityAlerts-Malsite-Black.png", - "Netskope-SecurityAlerts-Malsite-White.png", - "Netskope-NetworkEvents-NPA-Black.png", - "Netskope-NetworkEvents-NPA-White.png", - "Netskope-SecurityAlerts-Malware-White.png", - "Netskope-SecurityAlerts-Malware-Black.png", - "Netskope-SecurityAlerts-BehaviorAnalytics-Black.png", - "Netskope-SecurityAlerts-BehaviorAnalytics-White.png", - "Netskope-SecurityAlerts-Overview-Black.png", - "Netskope-SecurityAlerts-Overview-White.png", - "Netskope-SecurityAlerts-CompormisedCredentials-Black.png", - "Netskope-SecurityAlerts-CompromisedCredentials-White.png", - "Netskope-WebTransactions-Black.png", - "Netskope-WebTransactions-White.png" - ], - "version": "1.0", - "title": "Netskope", - "templateRelativePath": "NetskopeEvents.json", - "subtitle": "", - "provider": "Netskope" - }, - { - "workbookKey": "AIShield", - "logoFileName": "AIShield_Logo.svg", - "description": "Visualize events generated by AIShield. This workbook is dependent on a parser AIShield which is a part of the solution deployment.", - "dataTypesDependencies": [ - "AIShield" - ], - "dataConnectorsDependencies": [ - "AIShield" - ], - "previewImagesFileNames": [ - "AIShieldBlack.png", - "AIShieldWhite.png" + { + "workbookKey": "AzureSensitiveOperationsReview", + "logoFileName": "Azure_Sentinel.svg", + "description": "Monitor Sesnitive Operations in Azure Activity using Azure Threat Research Matrix ", + "dataTypesDependencies": [ "AzureActivity" ], + "dataConnectorsDependencies": [ "AzureActivity" ], + "previewImagesFileNames": [ "SensitiveoperationSecurityBlack.png", "SensitiveoperationSecurityWhite.png" ], + "version": "1.0.0", + "title": "Azure SensitiveOperations Review Workbook", + "templateRelativePath": "SensitiveOperationsinAzureActivityLogReview.json", + "subtitle": "", + "provider": "Microsoft Sentinel community", + "support": { + "tier": "Microsoft" + }, + "author": { + "name": "Microsoft Corporation" + }, + "source": { + "kind": "Community" + }, + "categories": { + "domains": [ + "IT Operations", + "Platform" + ] + } + }, + { + "workbookKey": "MicrosoftSentinelCostEUR", + "logoFileName": "Azure_Sentinel.svg", + "description": "This workbook provides an estimated cost in EUR (€) across the main billed items in Microsoft Sentinel: ingestion, retention and automation. It also provides insight about the possible impact of the Microsoft 365 E5 offer.", + "dataTypesDependencies": [], + "dataConnectorsDependencies": [], + "previewImagesFileNames": [ "MicrosoftSentinelCostEURWhite.png", "MicrosoftSentinelCostEURBlack.png"], + "version": "1.0.0", + "title": "Microsoft Sentinel Cost (EUR)", + "templateRelativePath": "MicrosoftSentinelCostEUR.json", + "subtitle": "", + "provider": "Microsoft Sentinel Community", + "support": { + "tier": "Microsoft" + }, + "author": { + "name": "Marco Passanisi" + }, + "source": { + "kind": "Community" + }, + "categories": { + "domains": [ "Platform" ] + } + }, + { + "workbookKey": "LogAnalyticsQueryAnalysis", + "logoFileName": "Azure_Sentinel.svg", + "description": "This workbook provides an analysis on Log Analytics Query Logs.", + "dataTypesDependencies": [], + "dataConnectorsDependencies": [], + "previewImagesFileNames": [ "LogAnalyticsQueryAnalysisBlack.PNG", "LogAnalyticsQueryAnalysisWhite.PNG"], + "version": "1.0.0", + "title": "Log Analytics Query Analysis", + "templateRelativePath": "LogAnalyticsQueryAnalysis.json", + "subtitle": "", + "provider": "Microsoft Sentinel Community", + "support": { + "tier": "Microsoft" + }, + "author": { + "name": "Samik Roy" + }, + "source": { + "kind": "Community" + }, + "categories": { + "domains": [ "Platform" ] + } + }, + { + "workbookKey": "AcscEssential8", + "logoFileName": "ACSClogo.svg", + "description": "This workbook provides insights on the health state of Azure resources against requirements by the ACSC Essential 8.", + "dataTypesDependencies": [ "DeviceTvmSecureConfigurationAssessment" ], + "dataConnectorsDependencies": [], + "previewImagesFileNames": [ "AcscEssential8Black1.png", "AcscEssential8White1.png", "AcscEssential8Black2.png", "AcscEssential8White2.png" ], + "version": "2.0.0", + "title": "ACSC Essential 8", + "templateRelativePath": "AcscEssential8.json", + "subtitle": "", + "provider": "Microsoft", + "support": { + "tier": "Microsoft" + }, + "author": { + "name": "Microsoft Corporation" + }, + "source": { + "kind": "Community" + }, + "categories": { + "domains": [ + "Compliance", + "IT Operations" + ] + } + } , + { + "workbookKey": "TalonInsights", + "logoFileName": "Talon.svg", + "description": "This workbook provides Talon Security Insights on Log Analytics Query Logs", + "dataTypesDependencies": [], + "dataConnectorsDependencies": [], + "previewImagesFileNames": [ + "TalonInsightsBlack.png", + "TalonInsightsWhite.png" ], - "version": "1.0.0", - "title": "AIShield Workbook", - "templateRelativePath": "AIShield.json", - "subtitle": "", - "provider": "Community" - }, + "version": "2.0.0", + "title": "Talon Insights", + "templateRelativePath": "TalonInsights.json", + "subtitle": "", + "provider": "Talon Cyber Security" + }, + { + "workbookKey": "manualincident", + "logoFileName": "Azure_Sentinel.svg", + "description": "This workbook gives the ability for efficient incident management by enabling manual creation of Microsoft Sentinel incidents directly from within the workbook.", + "dataTypesDependencies": [ "" ], + "dataConnectorsDependencies": [ "" ], + "previewImagesFileNames": [ "ManualincidentWhite.png", "ManualincidentBlack.png" ], + "version": "1.0.0", + "title": "Incident Management with Microsoft Sentinel Manual Creation of Incidents Workbook", + "templateRelativePath": "ManualSentinelIncident.json", + "subtitle": "", + "provider": "Microsoft Sentinel community", + "support": { + "tier": "Community" + }, + "author": { + "name": "Microsoft Sentinel Community" + }, + "source": { + "kind": "Community" + }, + "categories": { + "domains": [ + "Security - Others" + ] + } + }, + { + "workbookKey": "CofenseTriageThreatIndicators", + "logoFileName": "CofenseTriage.svg", + "description": "This workbook provides visualization of Cofense Triage threat indicators which are ingested in the Microsoft Sentinel Threat intelligence.", + "dataTypesDependencies": [ + "ThreatIntelligenceIndicator", + "Report_links_data_CL" + ], + "dataConnectorsDependencies": [ + "CofenseTriageDataConnector" + ], + "previewImagesFileNames": [ + "CofenseTriageThreatIndicatorsWhite1.png", + "CofenseTriageThreatIndicatorsBlack1.png" + ], + "version": "1.0", + "title": "CofenseTriageThreatIndicators", + "templateRelativePath": "CofenseTriageThreatIndicators.json", + "subtitle": "", + "provider": "Cofense" + }, + { + "workbookKey": "OptimizationWorkbook", + "logoFileName": "optimization.svg", + "description": "This workbook aims to help you gain insights into your current Microsoft Sentinel environment, while also providing recommendations for optimizing costs, improving operational effectiveness, and offering a management overview.", + "dataTypesDependencies": ["SentinelHealth", "SentinelAudit"], + "dataConnectorsDependencies": [], + "previewImagesFileNames": [ + "OptimizationWorkbookBlack.png", + "OptimizationWorkbookWhite.png" + ], + "version": "1.1.0", + "title": "Microsoft Sentinel Optimization Workbook", + "templateRelativePath": "OptimizationWorkbook.json", + "subtitle": "", + "provider": "Microsoft", + "support": { + "tier": "Microsoft" + }, + "author": { + "name": "Jeremy Tan, Matthew Lowe, Margaret Mwaura" + }, + "source": { + "kind": "Community" + }, + "categories": { + "domains": [ + "IT Operations" + ] + } + }, + { + "workbookKey": "DataCollectionRuleToolkit", + "logoFileName": "Azure_Sentinel.svg", + "description": "Use this workbook solution to create, review, and modify data collection rules for Microsoft Sentinel. This workbook provides a click-through experience that centralizes key components from Microsoft Sentinel, Azure Log Analytics, and Azure Monitor to enable users to create new DCRs, modify existing DCRs, and review all DCRs in the environment.", + "dataTypesDependencies": [], + "dataConnectorsDependencies": [], + "previewImagesFileNames": [ "Dcr-toolkit-Black.png", "Dcr-toolkit-White.png"], + "version": "1.1.0", + "title": "Data Collection Rule Toolkit", + "templateRelativePath": "DCR-Toolkit.json", + "subtitle": "", + "provider": "Microsoft Sentinel Community", + "support": { + "tier": "Community" + }, + "author": { + "name": "Microsoft Sentinel Community" + }, + "source": { + "kind": "Community" + }, + "categories": { + "domains": [ + "Data Collection" + ] + } + }, + + { + "workbookKey": "NetskopeWorkbook", + "logoFileName": "Netskope_logo.svg", + "description": "Gain insights and comprehensive monitoring into Netskope events data by analyzing traffic and user activities.\nThis workbook provides insights into various Netskope events types such as Cloud Firewall, Network Private Access, Applications, Security Alerts as well as Web Transactions.\nYou can use this workbook to get visibility in to your Netskope Security Cloud and quickly identify threats, anamolies, traffic patterns, cloud application useage, blocked URL addresses and more.", + "dataTypesDependencies": [ + "Netskope_Events_CL", + "Netskope_Alerts_CL", + "Netskope_WebTX_CL" + ], + "dataConnectorsDependencies": [], + "previewImagesFileNames": [ + "Netskope-ApplicationEvents-Black.png", + "Netskope-ApplicationEvents-White.png", + "Netskope-SecurityAlerts-DLP-Black.png", + "Netskope-SecurityAlerts-DLP-White.png", + "Netskope-NetworkEvents-CFW-Black.png", + "Netskope-NetworkEvents-CFW-White.png", + "Netskope-SecurityAlerts-Malsite-Black.png", + "Netskope-SecurityAlerts-Malsite-White.png", + "Netskope-NetworkEvents-NPA-Black.png", + "Netskope-NetworkEvents-NPA-White.png", + "Netskope-SecurityAlerts-Malware-White.png", + "Netskope-SecurityAlerts-Malware-Black.png", + "Netskope-SecurityAlerts-BehaviorAnalytics-Black.png", + "Netskope-SecurityAlerts-BehaviorAnalytics-White.png", + "Netskope-SecurityAlerts-Overview-Black.png", + "Netskope-SecurityAlerts-Overview-White.png", + "Netskope-SecurityAlerts-CompormisedCredentials-Black.png", + "Netskope-SecurityAlerts-CompromisedCredentials-White.png", + "Netskope-WebTransactions-Black.png", + "Netskope-WebTransactions-White.png" + ], + "version": "1.0", + "title": "Netskope", + "templateRelativePath": "NetskopeEvents.json", + "subtitle": "", + "provider": "Netskope" + }, + { + "workbookKey": "AIShield", + "logoFileName": "AIShield_Logo.svg", + "description": "Visualize events generated by AIShield. This workbook is dependent on a parser AIShield which is a part of the solution deployment.", + "dataTypesDependencies": [ + "AIShield" + ], + "dataConnectorsDependencies": [ + "AIShield" + ], + "previewImagesFileNames": [ + "AIShieldBlack.png", + "AIShieldWhite.png" + ], + "version": "1.0.0", + "title": "AIShield Workbook", + "templateRelativePath": "AIShield.json", + "subtitle": "", + "provider": "Community" + }, { "workbookKey": "AdvancedWorkbookConcepts", "logoFileName": "Azure_Sentinel.svg", "description": "Use this workbook to view and learn advanced concepts for workbooks in Azure Monitor and Microsoft Sentinel. Examples are provided in order to teach users how the concepts look, work, and are built.", "dataTypesDependencies": [], "dataConnectorsDependencies": [], - "previewImagesFileNames": [ - "Advancedworkbookconcepts-Black.png", - "Advancedworkbookconcepts-White.png" - ], + "previewImagesFileNames": [ "Advancedworkbookconcepts-Black.png", "Advancedworkbookconcepts-White.png"], "version": "1.1.0", "title": "Advanced Workbook Concepts", "templateRelativePath": "AdvancedWorkbookConcepts.json", "subtitle": "", "provider": "Microsoft Sentinel Community", "support": { - "tier": "Microsoft" - }, - "author": { - "name": "Microsoft Sentinel Community" - }, - "source": { - "kind": "Community" - }, - "categories": { - "domains": [ - "Workbooks", - "Reporting", - "Visualization" - ] - } - }, - { - "workbookKey": "NetCleanProActiveWorkbook", - "logoFileName": "NetCleanImpactLogo.svg", - "description": "This workbook provides insights on NetClean ProActive Incidents.", - "dataTypesDependencies": [ + "tier": "Microsoft" + }, +"author": { + "name": "Microsoft Sentinel Community" + }, +"source": { + "kind": "Community" + }, +"categories": { + "domains": [ + "Workbooks", + "Reporting", + "Visualization" + ] + } +}, +{ + "workbookKey": "NetCleanProActiveWorkbook", + "logoFileName": "NetCleanImpactLogo.svg", + "description": "This workbook provides insights on NetClean ProActive Incidents.", + "dataTypesDependencies": [ "Netclean_Incidents_CL" - ], - "dataConnectorsDependencies": [ + ], + "dataConnectorsDependencies": [ "Netclean_ProActive_Incidents" - ], - "previewImagesFileNames": [ + ], + "previewImagesFileNames": [ "NetCleanProActiveBlack1.png", "NetCleanProActiveBlack2.png", "NetCleanProActiveWhite1.png", "NetCleanProActiveWhite2.png" - ], - "version": "1.0.0", - "title": "NetClean ProActive", - "templateRelativePath": "NetCleanProActiveWorkbook.json", - "subtitle": "", - "provider": "NetClean" + ], + "version": "1.0.0", + "title": "NetClean ProActive", + "templateRelativePath": "NetCleanProActiveWorkbook.json", + "subtitle": "", + "provider": "NetClean" }, { "workbookKey": "AutomationHealth", @@ -6350,29 +6213,29 @@ "previewImagesFileNames": [ "AutomationHealthBlack.png", "AutomationHealthWhite.png" - ], + ], "version": "2.0.0", "title": "Automation health", "templateRelativePath": "AutomationHealth.json", "subtitle": "", "provider": "Microsoft Sentinel Community", "support": { - "tier": "Microsoft" - }, - "author": { - "name": "Microsoft Corporation" - }, - "source": { - "kind": "Community" - }, - "categories": { - "domains": [ - "IT Operations", - "Platform" - ] - } - }, - { + "tier": "Microsoft" + }, + "author": { + "name": "Microsoft Corporation" + }, + "source": { + "kind": "Community" + }, + "categories": { + "domains": [ + "IT Operations", + "Platform" + ] + } + }, +{ "workbookKey": "PlaybooksHealth", "logoFileName": "Azure_Sentinel.svg", "description": "The workbook will provide you with deeper insights regarding the status, activity, and billing of each playbook. You can use the workbook's logic to monitor the general health of the playbooks.", @@ -6408,19 +6271,17 @@ "logoFileName": "cisco-logo-72px.svg", "description": "Cisco SD-WAN Workbook equips administrators with the necessary tools to implement robust security measures and stay ahead of emerging threats.By leveraging the insights and recommendations provided in the workbook, network administrators can effectively protect their SD-WAN infrastructure from potential vulnerabilities and ensure a secure and reliable network connectivity for their organization.", "dataTypesDependencies": [ - "Syslog", - "CiscoSDWANNetflow_CL" - ], - "dataConnectorsDependencies": [ - "CiscoSDWAN" + "Syslog", + "CiscoSDWANNetflow_CL" ], + "dataConnectorsDependencies": ["CiscoSDWAN"], "previewImagesFileNames": [ - "CiscoSDWANWhite1.png", - "CiscoSDWANWhite2.png", - "CiscoSDWANWhite3.png", - "CiscoSDWANBlack1.png", - "CiscoSDWANBlack2.png", - "CiscoSDWANBlack3.png" + "CiscoSDWANWhite1.png", + "CiscoSDWANWhite2.png", + "CiscoSDWANWhite3.png", + "CiscoSDWANBlack1.png", + "CiscoSDWANBlack2.png", + "CiscoSDWANBlack3.png" ], "version": "1.0.0", "title": "Cisco SD-WAN", @@ -6432,34 +6293,25 @@ "logoFileName": "SAPVMIcon.svg", "description": "SAP -Audit Controls (Preview)", "dataTypesDependencies": [ - "SAPAuditLog" + "SAPAuditLog" ], "dataConnectorsDependencies": [ - "SAP" - ], - "previewImagesFileNames": [ - "" + "SAP" ], + "previewImagesFileNames": [""], "version": "1.0.0", "title": "SAP -Audit Controls (Preview)", "templateRelativePath": "SAP -Audit Controls (Preview).json", "subtitle": "", "provider": "Microsoft" - }, +}, { "workbookKey": "ZoomReports", "logoFileName": "Azure_Sentinel.svg", "description": "Visualize various details & visuals on Zoom Report data ingested though the solution. This also have a dependency on the parser which is available as a part of Zoom solution named Zoom", - "dataTypesDependencies": [ - "Zoom" - ], - "dataConnectorsDependencies": [ - "Zoom Reports" - ], - "previewImagesFileNames": [ - "ZoomReportsBlack.png", - "ZoomReportsWhite.png" - ], + "dataTypesDependencies": [ "Zoom" ], + "dataConnectorsDependencies": ["Zoom Reports"], + "previewImagesFileNames": [ "ZoomReportsBlack.png", "ZoomReportsWhite.png" ], "version": "1.0.0", "title": "Zoom Reports", "templateRelativePath": "ZoomReports.json", @@ -6490,23 +6342,21 @@ "provider": "Microsoft" }, { - "workbookKey": "Fortiweb-workbook", - "logoFileName": "Azure_Sentinel.svg", - "description": "This workbook depends on a parser based on a Kusto Function to work as expected [**Fortiweb**](https://aka.ms/sentinel-FortiwebDataConnector-parser) which is deployed with the Microsoft Sentinel Solution.", - "dataTypesDependencies": [ - "CommonSecurityLog" - ], - "dataConnectorsDependencies": [ - "FortinetFortiWeb" - ], - "previewImagesFileNames": [ - "" - ], - "version": "1.0.0", - "title": "Fortiweb-workbook", - "templateRelativePath": "Fortiweb-workbook.json", - "subtitle": "", - "provider": "Microsoft" + "workbookKey": "Fortiweb-workbook", + "logoFileName": "Azure_Sentinel.svg", + "description": "This workbook depends on a parser based on a Kusto Function to work as expected [**Fortiweb**](https://aka.ms/sentinel-FortiwebDataConnector-parser) which is deployed with the Microsoft Sentinel Solution.", + "dataTypesDependencies": [ + "CommonSecurityLog" + ], + "dataConnectorsDependencies": [ + "FortinetFortiWeb" + ], + "previewImagesFileNames": [""], + "version": "1.0.0", + "title": "Fortiweb-workbook", + "templateRelativePath": "Fortiweb-workbook.json", + "subtitle": "", + "provider": "Microsoft" }, { "workbookKey": "WebSessionEssentialsWorkbook", @@ -6530,9 +6380,7 @@ "description": "This workbook provides a view into the activities of administrators in the Island Management Console.", "dataTypesDependencies": [], "dataConnectorsDependencies": [], - "previewImagesFileNames": [ - "" - ], + "previewImagesFileNames": [""], "version": "1.0.0", "title": "Island Admin Audit Overview", "templateRelativePath": "IslandAdminAuditOverview.json", @@ -6540,113 +6388,82 @@ "provider": "Island" }, { - "workbookKey": "IslandUserActivityOverview", - "logoFileName": "island.svg", - "description": "This workbook provides a view into the activities of users while using the Island Enterprise Browser.", - "dataTypesDependencies": [], - "dataConnectorsDependencies": [], - "previewImagesFileNames": [ - "" - ], - "version": "1.0.0", - "title": "Island User Activity Overview", - "templateRelativePath": "IslandUserActivityOverview.json", - "subtitle": "", - "provider": "Island" + "workbookKey": "IslandUserActivityOverview", + "logoFileName": "island.svg", + "description": "This workbook provides a view into the activities of users while using the Island Enterprise Browser.", + "dataTypesDependencies": [], + "dataConnectorsDependencies": [], + "previewImagesFileNames": [""], + "version": "1.0.0", + "title": "Island User Activity Overview", + "templateRelativePath": "IslandUserActivityOverview.json", + "subtitle": "", + "provider": "Island" }, { "workbookKey": "BloodHoundEnterpriseAttackPathWorkbook", "logoFileName": "BHE_Logo.svg", "description": "Gain insights into BloodHound Enterprise attack paths.", - "dataTypesDependencies": [ - "BloodHoundEnterprise" - ], - "dataConnectorsDependencies": [ - "BloodHoundEnterprise" - ], - "previewImagesFileNames": [ - "" - ], + "dataTypesDependencies": [ "BloodHoundEnterprise" ], + "dataConnectorsDependencies": [ "BloodHoundEnterprise" ], + "previewImagesFileNames": [""], "version": "1.0", "title": "BloodHound Enterprise Attack Paths", "templateRelativePath": "BloodHoundEnterpriseAttackPath.json", "subtitle": "", "provider": "SpecterOps" - }, - { +}, +{ "workbookKey": "BloodHoundEnterprisePostureWorkbook", "logoFileName": "BHE_Logo.svg", "description": "Gain insights into BloodHound Enterprise domain posture.", - "dataTypesDependencies": [ - "BloodHoundEnterprise" - ], - "dataConnectorsDependencies": [ - "BloodHoundEnterprise" - ], - "previewImagesFileNames": [ - "" - ], + "dataTypesDependencies": [ "BloodHoundEnterprise" ], + "dataConnectorsDependencies": [ "BloodHoundEnterprise" ], + "previewImagesFileNames": [""], "version": "1.0", "title": "BloodHound Enterprise Posture", "templateRelativePath": "BloodHoundEnterprisePosture.json", "subtitle": "", "provider": "SpecterOps" - }, - { - "workbookKey": "BitSightWorkbook", - "logoFileName": "BitSight.svg", - "description": "Gain insights into BitSight data.", - "dataTypesDependencies": [ - "Alerts_data_CL", - "Breaches_data_CL", - "Company_details_CL", - "Company_rating_details_CL", - "Diligence_historical_statistics_CL", - "Diligence_statistics_CL", - "Findings_summary_CL", - "Findings_data_CL", - "Graph_data_CL", - "Industrial_statistics_CL", - "Observation_statistics_CL" - ], - "dataConnectorsDependencies": [ - "BitSightDatConnector" - ], - "previewImagesFileNames": [ - "BitSightWhite1.png", - "BitSightBlack1.png" - ], - "version": "1.0.0", - "title": "BitSight", - "templateRelativePath": "BitSightWorkbook.json", - "subtitle": "", - "provider": "BitSight" - }, +}, +{ + "workbookKey": "BitSightWorkbook", + "logoFileName": "BitSight.svg", + "description": "Gain insights into BitSight data.", + "dataTypesDependencies": ["Alerts_data_CL", "Breaches_data_CL", "Company_details_CL", "Company_rating_details_CL", "Diligence_historical_statistics_CL", "Diligence_statistics_CL", "Findings_summary_CL", "Findings_data_CL", "Graph_data_CL", "Industrial_statistics_CL", "Observation_statistics_CL"], + "dataConnectorsDependencies": ["BitSightDatConnector"], + "previewImagesFileNames": ["BitSightWhite1.png","BitSightBlack1.png"], + "version": "1.0.0", + "title": "BitSight", + "templateRelativePath": "BitSightWorkbook.json", + "subtitle": "", + "provider": "BitSight" +}, { "workbookKey": "VectraXDR", "logoFileName": "AIVectraDetect.svg", "description": "This workbook provides visualization of Audit, Detections, Entity Scoring, Lockdown and Health data.", "dataTypesDependencies": [ - "Audits_Data_CL", - "Detections_Data_CL", - "Entity_Scoring_Data_CL", - "Lockdown_Data_CL", - "Health_Data_CL" + "Audits_Data_CL", + "Detections_Data_CL", + "Entity_Scoring_Data_CL", + "Lockdown_Data_CL", + "Health_Data_CL" ], "dataConnectorsDependencies": [ - "VectraDataConnector" + "VectraDataConnector" ], "previewImagesFileNames": [ - "VectraXDRWhite1.png", - "VectraXDRWhite2.png", - "VectraXDRWhite3.png", - "VectraXDRWhite4.png", - "VectraXDRWhite5.png", - "VectraXDRBlack1.png", - "VectraXDRBlack2.png", - "VectraXDRBlack3.png", - "VectraXDRBlack4.png", - "VectraXDRBlack5.png" + "VectraXDRWhite1.png", + "VectraXDRWhite2.png", + "VectraXDRWhite3.png", + "VectraXDRWhite4.png", + "VectraXDRWhite5.png", + "VectraXDRBlack1.png", + "VectraXDRBlack2.png", + "VectraXDRBlack3.png", + "VectraXDRBlack4.png", + "VectraXDRBlack5.png" ], "version": "1.0.0", "title": "Vectra XDR", @@ -6655,190 +6472,162 @@ "provider": "Vectra" }, { - "workbookKey": "CloudflareWorkbook", - "logoFileName": "cloudflare.svg", - "description": "Gain insights into Cloudflare events. You will get visibility on your Cloudflare web traffic, security, reliability.", - "dataTypesDependencies": [ - "Cloudflare_CL" - ], - "dataConnectorsDependencies": [ - "CloudflareDataConnector" - ], - "previewImagesFileNames": [ - "CloudflareOverviewWhite01.png", - "CloudflareOverviewWhite02.png", - "CloudflareOverviewBlack01.png", - "CloudflareOverviewBlack02.png" - ], - "version": "1.0", - "title": "Cloudflare", - "templateRelativePath": "Cloudflare.json", - "subtitle": "", - "provider": "Cloudflare" - }, - { + "workbookKey": "CloudflareWorkbook", + "logoFileName": "cloudflare.svg", + "description": "Gain insights into Cloudflare events. You will get visibility on your Cloudflare web traffic, security, reliability.", + "dataTypesDependencies": [ "Cloudflare_CL" ], + "dataConnectorsDependencies": [ "CloudflareDataConnector" ], + "previewImagesFileNames": ["CloudflareOverviewWhite01.png", "CloudflareOverviewWhite02.png", "CloudflareOverviewBlack01.png", "CloudflareOverviewBlack02.png"], + "version": "1.0", + "title": "Cloudflare", + "templateRelativePath": "Cloudflare.json", + "subtitle": "", + "provider": "Cloudflare" +}, +{ "workbookKey": "CofenseIntelligenceWorkbook", "logoFileName": "CofenseTriage.svg", "description": "This workbook provides visualization of Cofense Intelligence threat indicators which are ingested in the Microsoft Sentinel Threat intelligence.", "dataTypesDependencies": [ - "ThreatIntelligenceIndicator", - "Malware_Data" + "ThreatIntelligenceIndicator", + "Malware_Data" ], "dataConnectorsDependencies": [ - "CofenseIntelligenceDataConnector" + "CofenseIntelligenceDataConnector" ], "previewImagesFileNames": [ - "CofenseIntelligenceWhite1.png", - "CofenseIntelligenceBlack1.png" + "CofenseIntelligenceWhite1.png", + "CofenseIntelligenceBlack1.png" ], "version": "1.0", "title": "CofenseIntelligenceThreatIndicators", "templateRelativePath": "CofenseIntelligenceThreatIndicators.json", "subtitle": "", "provider": "Cofense" - }, - { - "workbookKey": "EgressDefendMetricWorkbook", - "logoFileName": "Egress-logo.svg", - "description": "A workbook providing insights into Egress Defend.", - "dataTypesDependencies": [ - "EgressDefend_CL" - ], - "previewImagesFileNames": [ - "EgressDefendMetricWorkbookBlack01.png", - "EgressDefendMetricWorkbookWhite01.png" - ], - "version": "1.0.0", - "title": "Egress Defend Insights", - "templateRelativePath": "DefendMetrics.json", - "subtitle": "Defend Metrics", - "provider": "Egress Software Technologies" +}, +{ + "workbookKey": "EgressDefendMetricWorkbook", + "logoFileName": "Egress-logo.svg", + "description": "A workbook providing insights into Egress Defend.", + "dataTypesDependencies": ["EgressDefend_CL"], + "previewImagesFileNames": [ "EgressDefendMetricWorkbookBlack01.png", "EgressDefendMetricWorkbookWhite01.png" ], + "version": "1.0.0", + "title": "Egress Defend Insights", + "templateRelativePath": "DefendMetrics.json", + "subtitle": "Defend Metrics", + "provider": "Egress Software Technologies" }, { "workbookKey": "UserWorkbook-alexdemichieli-github-update-1", "logoFileName": "GitHub.svg", "description": "Gain insights to GitHub activities that may be interesting for security.", "dataTypesDependencies": [ - "GitHubAuditLogPolling_CL" + "GitHubAuditLogPolling_CL" ], "dataConnectorsDependencies": [ - "GitHubEcAuditLogPolling" - ], - "previewImagesFileNames": [ - "" + "GitHubEcAuditLogPolling" ], + "previewImagesFileNames": [""], "version": "1.0.0", "title": "GitHub Security", "templateRelativePath": "GitHubAdvancedSecurity.json", "subtitle": "", "provider": "Microsoft" - }, - { +}, +{ "workbookKey": "SalemDashboard", "logoFileName": "salem_logo.svg", "description": "Monitor Salem Performance", - "dataTypesDependencies": [ - "SalemAlerts_CL" - ], + "dataTypesDependencies": [ "SalemAlerts_CL" ], "dataConnectorsDependencies": [], - "previewImagesFileNames": [ - "" - ], + "previewImagesFileNames": [""], "version": "1.0.0", "title": "Salem Alerts Workbook", "templateRelativePath": "SalemDashboard.json", "subtitle": "", "provider": "SalemCyber" - }, - { - "workbookKey": "MimecastAuditWorkbook", - "logoFileName": "Mimecast.svg", - "description": "A workbook providing insights into Mimecast Audit.", - "dataTypesDependencies": [ +}, +{ + "workbookKey": "MimecastAuditWorkbook", + "logoFileName": "Mimecast.svg", + "description": "A workbook providing insights into Mimecast Audit.", + "dataTypesDependencies": [ "MimecastAudit_CL" - ], - "previewImagesFileNames": [ + ], + "previewImagesFileNames": [ "MimecastAuditBlack1.png", "MimecastAuditBlack2.png", "MimecastAuditWhite1.png", "MimecastAuditWhite2.png" - ], - "version": "1.0.0", - "title": "MimecastAudit", - "templateRelativePath": "MimecastAudit.json", - "subtitle": "Mimecast Audit", - "provider": "Mimecast" - }, - { - "workbookKey": "MailGuard365Workbook", - "logoFileName": "MailGuard365_logo.svg", - "description": "MailGuard 365 Workbook", - "dataTypesDependencies": [ - "MailGuard365_Threats_CL" - ], - "dataConnectorsDependencies": [ - "MailGuard365" - ], - "previewImagesFileNames": [ - "MailGuard365WorkbookWhite1.png", - "MailGuard365WorkbookWhite2.png", - "MailGuard365WorkbookBlack1.png", - "MailGuard365WorkbookBlack2.png" - ], - "version": "1.0.0", - "title": "MailGuard365", - "templateRelativePath": "MailGuard365Dashboard.json", - "subtitle": "", - "provider": "MailGuard 365" - }, - { - "workbookKey": "MimecastTIRegionalWorkbook", - "logoFileName": "Mimecast.svg", - "description": "A workbook providing insights into Mimecast Regional Threat indicator.", - "dataTypesDependencies": [ - "ThreatIntelligenceIndicator" - ], - "dataConnectorsDependencies": [ - "MimecastTIRegionalConnectorAzureFunctions" - ], - "previewImagesFileNames": [ + ], + "version": "1.0.0", + "title": "MimecastAudit", + "templateRelativePath": "MimecastAudit.json", + "subtitle": "Mimecast Audit", + "provider": "Mimecast" +}, +{ + "workbookKey": "MailGuard365Workbook", + "logoFileName": "MailGuard365_logo.svg", + "description": "MailGuard 365 Workbook", + "dataTypesDependencies": [ + "MailGuard365_Threats_CL" + ], + "dataConnectorsDependencies": [ + "MailGuard365" + ], + "previewImagesFileNames": ["MailGuard365WorkbookWhite1.png", + "MailGuard365WorkbookWhite2.png", + "MailGuard365WorkbookBlack1.png", + "MailGuard365WorkbookBlack2.png" +], + "version": "1.0.0", + "title": "MailGuard365", + "templateRelativePath": "MailGuard365Dashboard.json", + "subtitle": "", + "provider": "MailGuard 365" +}, +{ + "workbookKey": "MimecastTIRegionalWorkbook", + "logoFileName": "Mimecast.svg", + "description": "A workbook providing insights into Mimecast Regional Threat indicator.", + "dataTypesDependencies": ["ThreatIntelligenceIndicator"], + "dataConnectorsDependencies": [ + "MimecastTIRegionalConnectorAzureFunctions" + ], + "previewImagesFileNames": [ "MimecastTIReginalWhite.png", "MimecastTIRegionalBlack.png" - ], - "version": "1.0.0", - "title": "MimecastTIRegional", - "templateRelativePath": "MimecastTIRegional.json", - "subtitle": "Mimecast TI Regional", - "provider": "Mimecast" - }, - { + ], + "version": "1.0.0", + "title": "MimecastTIRegional", + "templateRelativePath": "MimecastTIRegional.json", + "subtitle": "Mimecast TI Regional", + "provider": "Mimecast" +}, +{ "workbookKey": "DataminrPulseAlerts", "logoFileName": "DataminrPulse.svg", "description": "This Workbook provides insight into the data coming from DataminrPulse.", - "dataTypesDependencies": [ - "DataminrPulse_Alerts_CL" - ], - "dataConnectorsDependencies": [ - "DataminrPulseAlerts" - ], - "previewImagesFileNames": [ - "DataminrPulseAlertsBlack1.png", - "DataminrPulseAlertsBlack2.png", - "DataminrPulseAlertsBlack3.png", - "DataminrPulseAlertsBlack4.png", - "DataminrPulseAlertsBlack5.png", - "DataminrPulseAlertsWhite1.png", - "DataminrPulseAlertsWhite2.png", - "DataminrPulseAlertsWhite3.png", - "DataminrPulseAlertsWhite4.png", - "DataminrPulseAlertsWhite5.png" + "dataTypesDependencies": ["DataminrPulse_Alerts_CL"], + "dataConnectorsDependencies": ["DataminrPulseAlerts"], + "previewImagesFileNames": [ "DataminrPulseAlertsBlack1.png", + "DataminrPulseAlertsBlack2.png", + "DataminrPulseAlertsBlack3.png", + "DataminrPulseAlertsBlack4.png", + "DataminrPulseAlertsBlack5.png", + "DataminrPulseAlertsWhite1.png", + "DataminrPulseAlertsWhite2.png", + "DataminrPulseAlertsWhite3.png", + "DataminrPulseAlertsWhite4.png", + "DataminrPulseAlertsWhite5.png" ], "version": "1.0.0", "title": "Dataminr Pulse Alerts", "templateRelativePath": "DataminrPulseAlerts.json", "provider": "Dataminr" - }, - { +}, +{ "workbookKey": "DoDZeroTrustWorkbook", "logoFileName": "", "description": "This workbook solution provides an intuitive, customizable, framework intended to help track/report Zero Trust implementation in accordance with the latest DoD Zero Trust Strategy.", @@ -6870,35 +6659,9 @@ "domains": [ "IT Operations" ] - } - }, - { - "workbookKey": "WizFindingsWorkbook", - "logoFileName": "Wiz_logo.svg", - "description": "A visualized overview of Wiz Findings.\nExplore, analize and learn about your security posture using Wiz Findings Overview", - "dataTypesDependencies": [ - "WizIssues_CL", - "WizVulnerabilities_CL", - "WizAuditLogs_CL" - ], - "dataConnectorsDependencies": [ - "Wiz" - ], - "previewImagesFileNames": [ - "WizFindingsBlack1.png", - "WizFindingsBlack2.png", - "WizFindingsBlack3.png", - "WizFindingsWhite1.png", - "WizFindingsWhite2.png", - "WizFindingsWhite3.png" - ], - "version": "1.0.0", - "title": "Wiz Findings overview", - "templateRelativePath": "OrcaAlerts.json", - "subtitle": "", - "provider": "Wiz" - }, - { +} +}, +{ "workbookKey": "WizFindingsWorkbook", "logoFileName": "Wiz_logo.svg", "description": "A visualized overview of Wiz Findings.\nExplore, analize and learn about your security posture using Wiz Findings Overview", @@ -6923,5 +6686,5 @@ "templateRelativePath": "OrcaAlerts.json", "subtitle": "", "provider": "Wiz" - } -] \ No newline at end of file +} +]