Merge pull request #9005 from nlepagnez/Parsers-Readme-and-Workbooks-…

…version-update readme file for parsers and typo correction. Update Workbook version
Azure · Sep 15, 2023 · 390b628 · 390b628
2 parents 58c7ff2 + a00a20a
commit 390b628
Show file tree

Hide file tree

Showing 18 changed files with 446 additions and 152 deletions.
diff --git a/...xchange Security - Exchange On-Premises/Analytic Rules/CriticalCmdletsUsageDetection.yaml b/...xchange Security - Exchange On-Premises/Analytic Rules/CriticalCmdletsUsageDetection.yaml
@@ -1,7 +1,7 @@
 id: 5170c3c4-b8c9-485c-910d-a21d965ee181
 name: VIP Mailbox manipulation
 description: |
-  'Alert if an high important Cmdlet is executed on a VIP Mailbox as those Cmdlets can be used for data exfiltration or mailbox access.'
+  'Alert if a cmdlet that can be translated to data exfiltration or mailbox access is executed on a VIP Mailbox.'
 requiredDataConnectors:
   - connectorId: ESI-ExchangeAdminAuditLogEvents
     dataTypes:
@@ -47,5 +47,5 @@ entityMappings:
   fieldMappings:
     - identifier: Name
       columnName: Caller
-version: 1.0.0
+version: 1.0.1
 kind: Scheduled
diff --git a/...y - Exchange On-Premises/Analytic Rules/ServerOrientedWithUserOrientedAdministration.yaml b/...y - Exchange On-Premises/Analytic Rules/ServerOrientedWithUserOrientedAdministration.yaml
@@ -1,7 +1,7 @@
 id: 7bce901b-9bc8-4948-8dfc-8f68878092d5
 name: Server Oriented Cmdlet And User Oriented Cmdlet used
 description: |
-  'Detect if a server oriented Cmdlet and a user oriented cmdlet that are monitored are launched by a same user in a same server in a 10 minutes timeframe'
+  'Detect if a server oriented cmdlet and a user oriented cmdlet that are monitored are launched by the same user in the same server within a 10 minutes timeframe'
 requiredDataConnectors:
   - connectorId: ESI-ExchangeAdminAuditLogEvents
     dataTypes:
@@ -74,5 +74,5 @@ entityMappings:
       columnName: Caller
     - identifier: ObjectGuid
       columnName: TargetObject
-version: 1.0.0
+version: 1.0.1
 kind: Scheduled
diff --git a/Solutions/Microsoft Exchange Security - Exchange On-Premises/Package/3.0.1.zip b/Solutions/Microsoft Exchange Security - Exchange On-Premises/Package/3.0.1.zip
diff --git a/Solutions/Microsoft Exchange Security - Exchange On-Premises/Package/createUiDefinition.json b/Solutions/Microsoft Exchange Security - Exchange On-Premises/Package/createUiDefinition.json
@@ -98,8 +98,8 @@
               "text": "After installing the solution, configure and enable the data connector that’s most relevant to your Exchange environment by following guidance in Manage solution view."
             }
           },
-{
-            "name": "dataconnectors-parser",
+          {
+"name": "dataconnectors-parser",
             "type": "Microsoft.Common.Section",
             "label": "Parsers",
             "elements": [
@@ -159,7 +159,7 @@
                 "name": "workbook1-text",
                 "type": "Microsoft.Common.TextBlock",
                 "options": {
-                  "text": "This Workbook, dedicated to On-Premises environments is built to have a simple view of non-standard RBAC delegations on an On-Premises Exchange environment. This Workbook allow you to go deep dive on custom delegation and roles and also members of each delegation, including the nested level and the group imbrication on your environment. Required Data Connector: Exchange Security Insights On-Premises Collector"
+                  "text": "This Workbook, dedicated to On-Premises environments is built to have a simple view of non-standard RBAC delegations on an On-Premises Exchange environment. This Workbook allow you to go deep dive on custom delegation and roles and also members of each delegation, including the nested level and the group imbrication on your environment. Required Data Connector: Exchange Security Insights On-Premises Collector."
                 }
               }
             ]
@@ -173,7 +173,7 @@
                 "name": "workbook2-text",
                 "type": "Microsoft.Common.TextBlock",
                 "options": {
-                  "text": "This workbook is dedicated to On-Premises Exchange organizations. It uses the MSExchange Management event logs to give you a simple way to view administrators’ activities in your Exchange environment with Cmdlets usage statistics and multiple pivots to understand who and/or what is affected to modifications on your environment. Required Data Connector: Exchange Audit Event logs via Legacy Agent"
+                  "text": "This workbook is dedicated to On-Premises Exchange organizations. It uses the MSExchange Management event logs to give you a simple way to view administrators’ activities in your Exchange environment with Cmdlets usage statistics and multiple pivots to understand who and/or what is affected to modifications on your environment. Required Data Connector: Exchange Audit Event logs via Legacy Agent."
                 }
               }
             ]
@@ -187,7 +187,7 @@
                 "name": "workbook3-text",
                 "type": "Microsoft.Common.TextBlock",
                 "options": {
-                  "text": "This Workbook is dedicated to On-Premises Exchange organizations. It uses the MSExchange Management event logs and Microsoft Exchange Security configuration collected by data connectors. It helps to track admin actions, especially on VIP Users and/or on Sensitive Cmdlets. This workbook allows also to list Exchange Services changes, local account activities and local logon on Exchange Servers. Required Data Connector: Exchange Audit Event logs via Legacy Agent"
+                  "text": "This Workbook is dedicated to On-Premises Exchange organizations. It uses the MSExchange Management event logs and Microsoft Exchange Security configuration collected by data connectors. It helps to track admin actions, especially on VIP Users and/or on Sensitive Cmdlets. This workbook allows also to list Exchange Services changes, local account activities and local logon on Exchange Servers. Required Data Connector: Exchange Audit Event logs via Legacy Agent."
                 }
               }
             ]
@@ -201,7 +201,7 @@
                 "name": "workbook4-text",
                 "type": "Microsoft.Common.TextBlock",
                 "options": {
-                  "text": "This Workbook is dedicated to On-Premises Exchange organizations. It displays and highlights current Security configuration on various Exchange components including delegations, rights on databases, Exchange and most important AD Groups with members including nested groups, local administrators of servers. This workbook helps also to understand the transport configuration and the linked security risks. Required Data Connector: Exchange Security Insights On-Premises Collector"
+                  "text": "This Workbook is dedicated to On-Premises Exchange organizations. It displays and highlights current Security configuration on various Exchange components including delegations, rights on databases, Exchange and most important AD Groups with members including nested groups, local administrators of servers. This workbook helps also to understand the transport configuration and the linked security risks. Required Data Connector: Exchange Security Insights On-Premises Collector."
                 }
               }
             ]