Skip to content

Commit

Permalink
Merge pull request #9140 from Azure/v-sabiraj-changingdatatypesforins…
Browse files Browse the repository at this point in the history
…iderriskmanagement

Updated workbook datatype to fix duplicates
  • Loading branch information
v-atulyadav authored Oct 3, 2023
2 parents db0cb72 + 447d1e8 commit 6580195
Show file tree
Hide file tree
Showing 4 changed files with 19 additions and 19 deletions.
Binary file not shown.
Original file line number Diff line number Diff line change
Expand Up @@ -41,7 +41,7 @@
"email": "support@microsoft.com",
"_email": "[variables('email')]",
"_solutionName": "MicrosoftPurviewInsiderRiskManagement",
"_solutionVersion": "3.0.1",
"_solutionVersion": "3.0.2",
"solutionId": "azuresentinel.azure-sentinel-solution-insiderriskmanagement",
"_solutionId": "[variables('solutionId')]",
"workbookVersion1": "1.0.0",
Expand Down Expand Up @@ -140,7 +140,7 @@
"[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]"
],
"properties": {
"description": "InsiderRiskManagementWorkbook Workbook with template version 3.0.1",
"description": "InsiderRiskManagementWorkbook Workbook with template version 3.0.2",
"mainTemplate": {
"$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
"contentVersion": "[variables('workbookVersion1')]",
Expand Down Expand Up @@ -193,7 +193,7 @@
"operator": "AND",
"criteria": [
{
"contentId": "SigninLogsSigninLogs",
"contentId": "SigninLogs",
"kind": "DataType"
},
{
Expand Down Expand Up @@ -244,7 +244,7 @@
"[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]"
],
"properties": {
"description": "InsiderRiskHighUserAlertsCorrelation_AnalyticalRules Analytics Rule with template version 3.0.1",
"description": "InsiderRiskHighUserAlertsCorrelation_AnalyticalRules Analytics Rule with template version 3.0.2",
"mainTemplate": {
"$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
"contentVersion": "[variables('analyticRuleVersion1')]",
Expand Down Expand Up @@ -384,7 +384,7 @@
"[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]"
],
"properties": {
"description": "InsiderRiskHighUserIncidentsCorrelation_AnalyticalRules Analytics Rule with template version 3.0.1",
"description": "InsiderRiskHighUserIncidentsCorrelation_AnalyticalRules Analytics Rule with template version 3.0.2",
"mainTemplate": {
"$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
"contentVersion": "[variables('analyticRuleVersion2')]",
Expand Down Expand Up @@ -539,7 +539,7 @@
"[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]"
],
"properties": {
"description": "InsiderRiskM365IRMAlertObserved_AnalyticalRules Analytics Rule with template version 3.0.1",
"description": "InsiderRiskM365IRMAlertObserved_AnalyticalRules Analytics Rule with template version 3.0.2",
"mainTemplate": {
"$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
"contentVersion": "[variables('analyticRuleVersion3')]",
Expand Down Expand Up @@ -658,7 +658,7 @@
"[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]"
],
"properties": {
"description": "InsiderRiskSensitiveDataAccessOutsideOrgGeo_AnalyticalRules Analytics Rule with template version 3.0.1",
"description": "InsiderRiskSensitiveDataAccessOutsideOrgGeo_AnalyticalRules Analytics Rule with template version 3.0.2",
"mainTemplate": {
"$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
"contentVersion": "[variables('analyticRuleVersion4')]",
Expand Down Expand Up @@ -783,7 +783,7 @@
"[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]"
],
"properties": {
"description": "InsiderRiskyAccessByApplication_AnalyticalRules Analytics Rule with template version 3.0.1",
"description": "InsiderRiskyAccessByApplication_AnalyticalRules Analytics Rule with template version 3.0.2",
"mainTemplate": {
"$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
"contentVersion": "[variables('analyticRuleVersion5')]",
Expand Down Expand Up @@ -902,7 +902,7 @@
"[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]"
],
"properties": {
"description": "Notify-InsiderRiskTeam Playbook with template version 3.0.1",
"description": "Notify-InsiderRiskTeam Playbook with template version 3.0.2",
"mainTemplate": {
"$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
"contentVersion": "[variables('playbookVersion1')]",
Expand Down Expand Up @@ -1166,7 +1166,7 @@
"[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]"
],
"properties": {
"description": "InsiderEntityAnomalyFollowedByIRMAlert_HuntingQueries Hunting Query with template version 3.0.1",
"description": "InsiderEntityAnomalyFollowedByIRMAlert_HuntingQueries Hunting Query with template version 3.0.2",
"mainTemplate": {
"$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
"contentVersion": "[variables('huntingQueryVersion1')]",
Expand Down Expand Up @@ -1251,7 +1251,7 @@
"[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]"
],
"properties": {
"description": "InsiderISPAnomalyCorrelatedToExfiltrationAlert_HuntingQueries Hunting Query with template version 3.0.1",
"description": "InsiderISPAnomalyCorrelatedToExfiltrationAlert_HuntingQueries Hunting Query with template version 3.0.2",
"mainTemplate": {
"$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
"contentVersion": "[variables('huntingQueryVersion2')]",
Expand Down Expand Up @@ -1336,7 +1336,7 @@
"[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]"
],
"properties": {
"description": "InsiderMultipleEntityAnomalies_HuntingQueries Hunting Query with template version 3.0.1",
"description": "InsiderMultipleEntityAnomalies_HuntingQueries Hunting Query with template version 3.0.2",
"mainTemplate": {
"$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
"contentVersion": "[variables('huntingQueryVersion3')]",
Expand Down Expand Up @@ -1421,7 +1421,7 @@
"[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]"
],
"properties": {
"description": "InsiderPossibleSabotage_HuntingQueries Hunting Query with template version 3.0.1",
"description": "InsiderPossibleSabotage_HuntingQueries Hunting Query with template version 3.0.2",
"mainTemplate": {
"$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
"contentVersion": "[variables('huntingQueryVersion4')]",
Expand Down Expand Up @@ -1506,7 +1506,7 @@
"[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]"
],
"properties": {
"description": "InsiderSignInRiskFollowedBySensitiveDataAccessyaml_HuntingQueries Hunting Query with template version 3.0.1",
"description": "InsiderSignInRiskFollowedBySensitiveDataAccessyaml_HuntingQueries Hunting Query with template version 3.0.2",
"mainTemplate": {
"$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
"contentVersion": "[variables('huntingQueryVersion5')]",
Expand Down Expand Up @@ -1591,7 +1591,7 @@
"[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]"
],
"properties": {
"description": "MicrosoftPurviewInsiderRiskManagement data connector with template version 3.0.1",
"description": "MicrosoftPurviewInsiderRiskManagement data connector with template version 3.0.2",
"mainTemplate": {
"$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
"contentVersion": "[variables('dataConnectorVersion1')]",
Expand Down Expand Up @@ -1746,7 +1746,7 @@
"apiVersion": "2023-04-01-preview",
"location": "[parameters('workspace-location')]",
"properties": {
"version": "3.0.1",
"version": "3.0.2",
"kind": "Solution",
"contentSchemaVersion": "3.0.0",
"displayName": "MicrosoftPurviewInsiderRiskManagement",
Expand Down Expand Up @@ -1858,4 +1858,4 @@
}
],
"outputs": {}
}
}
Original file line number Diff line number Diff line change
Expand Up @@ -5214,7 +5214,7 @@
"logoFileName": "Azure_Sentinel.svg",
"description": "The Microsoft Insider Risk Management Workbook integrates telemetry from 25+ Microsoft security products to provide actionable insights into insider risk management. Reporting tools provide \u201cGo to Alert\u201d links to provide deeper integration between products and a simplified user experience for exploring alerts. ",
"dataTypesDependencies": [
"SigninLogsSigninLogs",
"SigninLogs",
"AuditLogs",
"AzureActivity",
"OfficeActivity",
Expand Down
2 changes: 1 addition & 1 deletion Workbooks/WorkbooksMetadata.json
Original file line number Diff line number Diff line change
Expand Up @@ -6323,7 +6323,7 @@
"logoFileName": "Azure_Sentinel.svg",
"description": "The Microsoft Insider Risk Management Workbook integrates telemetry from 25+ Microsoft security products to provide actionable insights into insider risk management. Reporting tools provide \u201cGo to Alert\u201d links to provide deeper integration between products and a simplified user experience for exploring alerts. ",
"dataTypesDependencies": [
"SigninLogsSigninLogs",
"SigninLogs",
"AuditLogs",
"AzureActivity",
"OfficeActivity",
Expand Down

0 comments on commit 6580195

Please sign in to comment.