From 31006b0c3dc9f4f5d19a2467806d2c8cbe24c8d1 Mon Sep 17 00:00:00 2001 From: v-atulyadav <104008048+v-atulyadav@users.noreply.github.com> Date: Tue, 3 Oct 2023 17:08:23 +0530 Subject: [PATCH 1/8] Repackage Microsoft Defender for Office 365 --- .../Data/Solution_MicrosoftDefenderforOffice365.json | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/Solutions/Microsoft Defender for Office 365/Data/Solution_MicrosoftDefenderforOffice365.json b/Solutions/Microsoft Defender for Office 365/Data/Solution_MicrosoftDefenderforOffice365.json index 59a1e2fdcf5..bf29c230f96 100644 --- a/Solutions/Microsoft Defender for Office 365/Data/Solution_MicrosoftDefenderforOffice365.json +++ b/Solutions/Microsoft Defender for Office 365/Data/Solution_MicrosoftDefenderforOffice365.json @@ -14,10 +14,11 @@ "Solutions/Microsoft Defender for Office 365/Playbooks/O365DefenderPlaybooks/o365-BlockMalwareFileExtension/azuredeploy.json", "Solutions/Microsoft Defender for Office 365/Playbooks/O365DefenderPlaybooks/o365-BlockSender/azuredeploy.json", "Solutions/Microsoft Defender for Office 365/Playbooks/O365DefenderPlaybooks/o365-BlockSender-EntityTrigger/azuredeploy.json", - "Solutions/Microsoft Defender for Office 365/Playbooks/O365DefenderPlaybooks/o365-BlockSpamDomain/azuredeploy.json" + "Solutions/Microsoft Defender for Office 365/Playbooks/O365DefenderPlaybooks/o365-BlockSpamDomain/azuredeploy.json", + "Solutions/Microsoft Defender for Office 365/Playbooks/O365DefenderPlaybooks/o365-DeleteMaliciousInboxRule/azuredeploy.json" ], - "BasePath": "C:\\GitHub\\Azure-Sentinel", - "Version": "3.0.0", + "BasePath": "C:\\GitHub\\Azure-Sentinel\\", + "Version": "3.0.1", "Metadata": "SolutionMetadata.json", "TemplateSpec": true, "Is1PConnector": true From 9e40c06038f686fe043a6e5051593191e8c67a34 Mon Sep 17 00:00:00 2001 From: v-atulyadav <104008048+v-atulyadav@users.noreply.github.com> Date: Tue, 3 Oct 2023 17:17:55 +0530 Subject: [PATCH 2/8] Update ReleaseNotes.md --- Solutions/Microsoft Defender for Office 365/ReleaseNotes.md | 1 + 1 file changed, 1 insertion(+) diff --git a/Solutions/Microsoft Defender for Office 365/ReleaseNotes.md b/Solutions/Microsoft Defender for Office 365/ReleaseNotes.md index ff55036f63b..6b4958a8744 100644 --- a/Solutions/Microsoft Defender for Office 365/ReleaseNotes.md +++ b/Solutions/Microsoft Defender for Office 365/ReleaseNotes.md @@ -1,4 +1,5 @@ | **Version** | **Date Modified (DD-MM-YYYY)** | **Change History** | |-------------|--------------------------------|--------------------------------------------------------------------------| +| 3.0.1 | 29-09-2023 | 1 new **Playbook** added to the solution | | 3.0.0 | 11-07-2023 | 4 new **Playbooks** added to the solution | | | | 1 **Custom Connector** added as a pre-requisite for playbooks deployment | From 95a4009ea184e34dd887f7097c03686f934ccbbe Mon Sep 17 00:00:00 2001 From: v-atulyadav <104008048+v-atulyadav@users.noreply.github.com> Date: Tue, 3 Oct 2023 17:46:54 +0530 Subject: [PATCH 3/8] Update Solution_MicrosoftDefenderforOffice365.json --- .../Data/Solution_MicrosoftDefenderforOffice365.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Solutions/Microsoft Defender for Office 365/Data/Solution_MicrosoftDefenderforOffice365.json b/Solutions/Microsoft Defender for Office 365/Data/Solution_MicrosoftDefenderforOffice365.json index bf29c230f96..402c63a289b 100644 --- a/Solutions/Microsoft Defender for Office 365/Data/Solution_MicrosoftDefenderforOffice365.json +++ b/Solutions/Microsoft Defender for Office 365/Data/Solution_MicrosoftDefenderforOffice365.json @@ -21,5 +21,5 @@ "Version": "3.0.1", "Metadata": "SolutionMetadata.json", "TemplateSpec": true, - "Is1PConnector": true + "Is1PConnector": true } \ No newline at end of file From dd34e6723524979906faabbf81abe7455dd39dc3 Mon Sep 17 00:00:00 2001 From: Github Bot Date: Tue, 3 Oct 2023 12:40:05 +0000 Subject: [PATCH 4/8] [skip ci] Github Bot Added package to Pull Request! --- .../Data/system_generated_metadata.json | 38 +++++++++++++++++++ 1 file changed, 38 insertions(+) create mode 100644 Solutions/Microsoft Defender for Office 365/Data/system_generated_metadata.json diff --git a/Solutions/Microsoft Defender for Office 365/Data/system_generated_metadata.json b/Solutions/Microsoft Defender for Office 365/Data/system_generated_metadata.json new file mode 100644 index 00000000000..7c07cd51878 --- /dev/null +++ b/Solutions/Microsoft Defender for Office 365/Data/system_generated_metadata.json @@ -0,0 +1,38 @@ +{ + "Name": "Microsoft Defender for Office 365", + "Author": "Microsoft - support@microsoft.com", + "Logo": "", + "Description": "The [Microsoft Defender for Office 365](https://www.microsoft.com/security/business/threat-protection/office-365-defender) solution for Microsoft Sentinel enables you to ingest security alerts from the Defender for Office 365 platform, providing visibility into threats within email messages, links (URLs) and collaboration tools.\n\n**Underlying Microsoft Technologies used:**\n\nThis solution is dependent on the following technologies, and some of these dependencies either may be in [Preview](https://azure.microsoft.com/support/legal/preview-supplemental-terms/) state or might result in additional ingestion or operational costs:\n\na. [Codeless Connector Platform/Native Sentinel Polling](https://docs.microsoft.com/azure/sentinel/create-codeless-connector?tabs=deploy-via-arm-template%2Cconnect-via-the-azure-portal)", + "BasePath": "C:\\GitHub\\Azure-Sentinel\\", + "Version": "3.0.1", + "Metadata": "SolutionMetadata.json", + "TemplateSpec": true, + "Is1PConnector": true, + "publisherId": "azuresentinel", + "offerId": "azure-sentinel-solution-microsoftdefenderforo365", + "providers": [ + "Microsoft" + ], + "categories": { + "domains": [ + "Security - Threat Protection" + ] + }, + "firstPublishDate": "2022-05-17", + "support": { + "tier": "Microsoft", + "name": "Microsoft Corporation", + "email": "support@microsoft.com", + "link": "https://support.microsoft.com/" + }, + "Data Connectors": "[\n \"template_OfficeATP.json\"\n]", + "Playbooks": [ + "Playbooks/CustomConnector/O365_Defender_FunctionAppConnector/azuredeploy.json", + "Playbooks/O365DefenderPlaybooks/o365-BlockMalwareFileExtension/azuredeploy.json", + "Playbooks/O365DefenderPlaybooks/o365-BlockSender-EntityTrigger/azuredeploy.json", + "Playbooks/O365DefenderPlaybooks/o365-BlockSender/azuredeploy.json", + "Playbooks/O365DefenderPlaybooks/o365-BlockSpamDomain/azuredeploy.json", + "Playbooks/O365DefenderPlaybooks/o365-DeleteMaliciousInboxRule/azuredeploy.json" + ], + "Workbooks": "[\n \"MicrosoftDefenderForOffice365.json\"\n]" +} From 1dd047ae535ca3fa1c3f086eee70bcc858172c4b Mon Sep 17 00:00:00 2001 From: v-atulyadav <104008048+v-atulyadav@users.noreply.github.com> Date: Wed, 4 Oct 2023 15:28:17 +0530 Subject: [PATCH 5/8] update package --- .../Package/3.0.1.zip | Bin 0 -> 27524 bytes .../Package/createUiDefinition.json | 4 +- .../Package/mainTemplate.json | 900 ++++++++++++++++-- Workbooks/WorkbooksMetadata.json | 14 +- 4 files changed, 834 insertions(+), 84 deletions(-) create mode 100644 Solutions/Microsoft Defender for Office 365/Package/3.0.1.zip diff --git a/Solutions/Microsoft Defender for Office 365/Package/3.0.1.zip b/Solutions/Microsoft Defender for Office 365/Package/3.0.1.zip new file mode 100644 index 0000000000000000000000000000000000000000..5a0639ee4c724232e951c6be441d43102d2ad473 GIT binary patch literal 27524 zcmV)GK)%0FO9KQH000080DE*qS5m>l7T^c~0K**s02crN0Aq4xVRU6xX+&jaX>MtB zX>V>WYIARH-C1jI+eQ}szQF#60lN!JhDg~ivRfGI241^O12~OgI}H|=VT{O;IQ5Xj z&J3-nS^xJvGklAbA8i8^YXpHbyu8nIA9MBjuYV!L`zwJE zQKd4yLp1eNmpW-Fa%-S=)CKXFWK0=~=%q_yBr!49bG)mW1ipu$svq~U@ju*F7yLg21DO-3Is&ft2a z1qr1PbS@Qj`Wq>Q4vJ8JuqueP71Ee=#lkq101byZ0Ad6%6wXK7YBvB0Bx0F0A~nSF zg;fhkk}DVI7L$q7Ld%2^xv+EyclBy$g)kTbSCmMDN!RB^Lbh<`Qh6hmd6r3Krh+Z0 zn3g&0+f(6c3l%={1L#Eb3`zijs}qZOfK8)@SV=UBTv4H-44JhJbP|}Q<%3XaqYteM zXh5z{WW*3?O-^K*0x=*yFM~Gy5wF~{1{CMgfwwUulA+$P!dX@)&@^<_$`4B^_)toD zZRlJd!EZvY{d-P*suI|jSj4cuADong?h)MSJHEbk5EbJh+^5vgMs01Ae1AfAck2pL zpM0OEE*HpgmNloab6wNDvOKTP7*#1rY_bAkxfw`}Ua@eRRR)jAe@UN9RUZ14rt@-L zZs6CkH)$1HozL6VwpEAm5Da9lLU!&_tf=$XZ3@!vBJV3G=y!G7n%0urQn$TG#oJU{ z;OXfKuGSe1QKqv>`qUMNiyZNOgj*-HzQTpx^M{=jOgBz8%8C4(44;AC4iPz9*ck>h@g0&kqo*jRzO=)Xo z)*0&#BsHvqW0f3d9Jy$e6y3K_pRc&J!gCdO!G#?~$b8*+Ov9bj5N2(%Rm?i~qVxfA zPC(}o$Z{5Sc%w!X<<4@yUb<4FMuMeF6OTGh9E}5O;drt)zVW)Q{sleV41pw;b`9cuJgCM@|d8c?T07E2KoQ|hIQ520j>=nWJ^kQmtkY{i8@ zi`Ta2iWVeVh|n*DgfZDs1lmniJusSQPZkebRqFjnn2)N>+?Sy-v4T(1$hK$Dr}a^!m-#{I~-3ztIZrdauZ==$gG&V%b?4 z72xYZv%CXnhiI!7sr7Qhb2+wkM%ZoBH5!mEX6XKyG9mUxuq2PncW#c|GUEm0cmYVa zt}ISrUEgzx3uJCb9B?VF3&mY%!zdK`W{zIwJfdmnrs87!Xgp)b-N5U*@uB^-+e@Dp zYTsTT4!(4#t&pJyZQ%EY!cs}=7U!~}T=d2u#|5`8ueEo0#@td-XPa)BmKwdoo6LQw^-x;gF+3oRQ>&=2Al=rmZ{OpaJlKecPi8NNY<%+ z-GVc$;Y&+Rt=XTU$W+RVaCb(Th?&UTm41o#WvSc{QeDI0S!b+KYj??Z-PL7kuev;0 z9&oHoS%TW}`htnyINqh>7k2#1QvQ!gYLla+aVmVM&GFGkD3wd`m!?K)BZ)0Y$;K%*Z$W6tm%aMq5{ORdfW~ z-vdHiZr2GUm?_qB!hXY$Y!tY-A-PzcX~)#AsSG+{?A%v0>157uzm3R;i?c!ibXssc zp{YzzG#RA*2b@Ei5?oIuSWy+mXyKER>x3v4@{EHgj`I1>hV~Rq*@E=x`*+kT#6Psby@AD-vh49UI2?Obc}+T6nkQu0JuPA(1(%H z<@@7{akCZGPxiB7&FgNfbGPmlat#pYE`Mu9uWCihD{D&u7qV^L^eSd+mv&%YPu7uB zy7+M^YSvCe?bGr-DSlufKjia2pqn;m_`mO_%E2P?%O4{A%JkPCuYx4J<@6aWAK z2mk|gL|53spEjmp008^M0{{^K003=aX>L?yZE$R1bY(7Tb8l|!U3+ueIFkSWs_r|W zJXdEsCEB7yy>gYibzZZn$?IZgrmiek1|%VgYl_s6lpT-P_t~!-AV`n|MOl$!XU?8l zM&WZ zr)}|Jr)`dmwq>-Pgcy4rhyF5w z!AOz{L?&TGa$Yalgas~(_~Q?giRUoV?e}(&)s2v9K_d#1fzXOve(2CdD3Lybhso7~ z;h=F6dBIf5gNk{{(&6jOyyNE zQpziKB5#q(wDUep$TDVbi`dJA1dO@NB}qsYG>!?4=0=j7gH7Uu{Qfo_#5kUXOW!r1 ztMQx}f2Wb_gwXBx144dd#0%ntQ5U(AWX8zvmtk}sFQ~%|Ddz9wa^^WR;>83^>RrH) zlPH{X^0!AM>#!r`z7Zd8Ix`)AF%7gS!MS-rQdrSflbJQ9GQ-2dN(Q*sng z|0?mE80L~iObL}^h$$~%K2C4UlI3EhDs~v2n+CGpYzj3Y`nnjRjp4PP9o|dr(MzS| z71fk{a6u!F+CEd$0VG1t=X$NoOkXm((~QgBE`PYYf0mO;r+Y8Vr!&SxYmB_Bl4QG( zV$F;~61;J-ji>WComr9G4f)lOq(-KVn+^}7huUEUS5>>bMOAU>y$FMeH+|!p*gA{Bui+FmV{u}5qoh9*MmJH(E7Ex14)&RMrMHDW_%vnZWa+R?tNQG<^rRtRD2}*CF zCey64i39`33+A9pn`+9f(XO?7xI($zR#R`ob&TECGVuObGLdZd)-%9=hsNvD-wNdij)~@U9@()BPa4Zx^dDM32U0(rq*{c%l>QuNFC%v>+ zIjL6iLWt_Ed)lCVQF$&+o~0_5p0CVQ8H`w!sWcLABT6pqjicnZRE%nX=nPhgjk4dD z=H&x;@fYdZUtTW*4hoMJi!7daQEH~j%(ez?Y2urEsE#1L|J8hvTpdLbz2f|E^|rTr zdZv;B-IXThEA2&}Y!)Y1R?k6Iu1cYk@LocCLRW>fPViz#ONwm-$b@bjAV&xVs%bXUuw zr(YQ-U45K%w-zVewc@1v0OO>)Zk!Z^e^7DKZH|+&mSyiUUIhu*`6TkDQ++IyC~704 z%4t=c6scE4jnx=6)@`KL_g)!8mOh58t;LYFRt#AWFovvkW5{~2F=REzP+3dG*A{gC zGMrPdgwmAfx_Bw{s)>?}W<_lD8e^l^ESJ8|%82OcBcivpi0G{q5xoZ(5xsRIqW54U zqSqV|Wi7dfy<|RE5TL&2c;PaB6WHO`PfMR=E?7%YjFDA*D#21mydrA)jZxFTg~mbKhK$#`=mkHq zcAXG;8%!WD>}Q*9(Mg4k<(Tb zf!zK5o@}7hjEW=H`dGd-cvfOkymoU_Y|Pkc+B8uof3AyP)gWlf=&S32>LzQPtttXk z0@gIzU2VW-UA`f66c2?pyf+Q%jKR4V@brD00Fm?gjfSKyN-~1X??0yp{dzi}^eWd4 z)O!P333)$QBm3*!tRQSjhwLXmsv|muu#Om`>PqNh3EV zSK!?wjHWd3{uI}a=#=8^EHamPjU=;((Ih5|FlH{XuL!?mLgp-vF|oCX?*->E+57zI zZM;ut;6kqPeQJlojYtxPetbZlUlFLHfMDQv^QAdLeVEo5x+J0I-cSoACk_pOzzL&8 z$S+WN0Wg`Tdf4GI5uzGgC=k!EDXJh9;=H*9>?outL*&KhKurCs*o%2Dd+GTu-q%`$ zLCi?(umJocghmI(bwL;Z>R=p@ad0xjt3N(KOH>f!DkkAX>T&7$KCwZ>IbP{u?$dEF z4h)#aBd{w*wMTvbO0hbKOC0!ePA(~4flI)NL3YvURbd7&w5bw;< z34|PU_dQ7TS53VaGw?nfI$nc8#Dps763ZBfKu$S4%%$KZIvg+KMXHx@o*3qw4@eVW zA5;|ljQk=FcllF(HBNRCEYN^pbC{IW#OMuR;h3=iMM{0iS;k2?hqMFJ&97xWc_N!+ z?&TBxB7`F3(Ey&mfaze-lP3o_1YQ)Ihf%?~S~v)2c3O2!;)c!=%bK`txhKoxG(5;p zzp*AxE-`Qp7l;3a|9bATPRAULtj@n*CI@rp3p|jQr+6925*hH1zocdHixc=?oS4Rr zw|`KRC#Dfy%>H}HB2QPw$53Kb9id( zBb+R~YG0gP9ZCOKyeWmM{_!h9V3Gre#4F|AenTHdo~WW4j? z=;Y&gXGhQVM)&wkZ`5=)ybBoh1q=<=r5jmS7GUWZG~ zoqf9n&;?E~%Wa~ygi2+v0GU@!x=-T-?<9RnJ#SM7fP}65{FB7X`5e;vpNyP%NC|oD z>mGjmnFWZ3n7d!@A_nl{AVesgTygUKTX|OXVTG>r;HG4nDhB-qJeOT@T?1Iwt^~6# zTLQyr@8V4~Ts)&I?8T6>i!1W#Jwh0vxK*GC*@zxNYL2+MCilLi{MKuj1=So$QbE1V z*HjCPBuXz#k(Tn}TNZIC4`J?F5T7j>()D#sO_bi*h(l}o7cRKft?SP;*`OT3oLlyX zDSDkM!qy0-y%7E-yAi&oFzK!HT4^9!)>@uaP5dGS>h;sI-qrU~Cqz#>>OO?%TS8kp z^_#M-`c=u+s@Whz@co@%R`{KysoBG*?){zVdP@MN?TU>x{TiKA?UN>jW4>Key7u4J zQEr?*B!gd?vd50=#klvo_TMk)SJ`sB;=XXL+-2&D_?q2<+cCIpGL&6Qe;~7!P2g(j zzeUM^(51e9gLpM7?UwAO8(Q^yxqm%;@$HGB5l`GYbkx3j{Lp|KHpL6K#|eenqQ?bI zcwl`TP#CPH?l;x@+tm46)%V-i^{igkrpPU2sqA#d0juWqhwuoJ%h9q?`Ld>2=^rQ}(^zgvIw zz21KA54VrI%1+LDCjs?awGBJ}t9JZX?DU_luR-&{cTV1nvAzMnICpjz35V0&-+R1< zwDoI9y1&ByEj2&MKKzv~AxY=D@B2s9$gBQ2yC%P^ikI3|dfIo>fXNuh1x7prP^7D$ zx|P!qrcOgT*S@1AYc4tL&)`}3A|h@e1?e^e?}%QCvhRmefbCGV0SZft5uYV|)c~#V z4XSw(VQN5dl_NXQs0D3+S!Vq8QXF8hxy@XBw-O>-J^;ux0Rus6h`5)*X#bOD^WPZ65W)k=H171u#aiZ}k$o&#Z>^`X?eFU6GaT#x0((0J$R7~fjOkjru! z#ye1&=P@*$0wIP9d^F*48r$#8eV=TT*TNXz=(G`(x=rT*HGT zS~BF0V21b1sE=8KE8bXG1y-y6(q%`!58o%?<=88pg_keIOP%CXw0Htgjc2H@sY%_X zD539=*|2Z5@ux)j8Wu{KQd|;5e4i++yweFwE#~$Hw&PBE24xP|X)^2^qqgN3{ed|! zf%(WB*&A5wH<=k#bM

^#=lD-Yu&H<8d_3kumls&;FN;$K#!R@f7A*!mDBlq}|N9 z8fQ;Ri3^9Wm!O3&^WfNaJ9_F)BaGeh8bcd5s#~8Fn zj$xT?+Zc6O+vv9$wfknTO$WUVT&E~>>N-|Kq?Jw7Z(GCMMwJ;9ubo2}z+ayxvq*u3 zDH)U-y8W64)3Rz>tZt{KC7;U*w?U^)f=+K#$4^nb!m!gG)rp>Q)U@@?p;gy57!3Mp z8-@t((NqU3MfOaNyuz_zK;clSn zS7sYNE0~E>{R&GhLg? z62NSB3|;WwR`D?(1d|`o(YYei{-D|W}~jz8yQ0z z;1lGqzA@~yC-AAyC=^4-H3wT0^(b51XynZs<3_0+t34U?nQM$Jn}Mv8iDCD9w$Yuq zwA=1aI!@Q!n$({ooq4mTWiihRekYET3^Kg?6-I_u8G_EJ>pW8*%muU&iv@ZB_->T zXCw*J*BFR9eOlfv&iQW~)Dv_6w0*W;&BgE1EU2dA@?@3rvFxHv$)&z6l4j$|^E4ex zW)C|fb1ytnAjJYLC+aK1?4DA-fZ-e_nzlP*-ep54RK zsF6XPey2YePE2bfte!f^=TC39?HPFQkh_L@-n^M}bRM2_6i-p^$2*Ff+0+g%wm*jI zE5$u+_}`0garM2ow!5na0DmvI`CkTRNzTQ6A-q$vcU^pTvtR5{O8w+NpOI^QRk#tC zz$3pxD6_-OT`%o~$k_4(e+m6cqudltm=3L{T*+4j`!|~DRyh}GS9y>C5sC|m2l5Vi zOe$pC++*a>4_J)l7EzLB2XW?8+DW~W49C9WrT5n!^WE&QMYD}7$TCJ5sgCMp8D}1C zA7Hj_U0A$$i5HM)RvZ)0PdVYIYLR&!MlLtmB)!(cr{{&5%$(3)&VzR}ab|Uf6L;)| z?M<8;pG}gLO!CTJ=-bI26g>PWv+nY&%#YOYZleg4Wds--LD+QQX&D1}SARC}yn zf93k6GA_ht9rq$t&b`|Cu|(caiL||-__vHLa-9{Xr_+c_)he$Q8&-tK04fFh&gD|L zLUXNrNHucKoEeRh$2z&~I@xVMtUCE!%H{u$0`y~nf;%&VAb709KVltz>BW%dog}-1 z;EJ032690ZF!}tA3$<6$X1Zt8TI1__2(_yH#B=EJo+VhUvSH(Ab9&Cc#4On>H)-xk zq$8IX*kvUvYi%s4Id(V+7b#!4Y`i<*z}$?6Z^Z)lNdZgf6+{NrvLR?YytQ(BfkO$N z^NRyiEMCLBLMKKmQlI2E3n~Jf%0E%rE||I9zV8I;t|fC^IDEiFb7 zXy65B$uU7XIOp6M;Sl1IX9Z7{e6}*6r5{iQMK(8mt4WG>vlMyA-=Q4lE#ycO$sI~F zsFy|`GO8H8n=}1xf9ZmP1ZV9>IQH#0Z3CwbppbsvwgQEQ&Bg!j zp^#~H7hjviP?rXGBt^Skip{Y{w+?$e?g)*yRUaQA$eo*55IjPVM+mYV2qJWE0v~H^ z8D$)ax;Xt|fJkbG9|?shB7Zaf=p77ugEe*_9zn>Rf{<-u5m1?UE|e=mqljMNJCpH` z-`p!0-E;P?Yj!km_FMHNdC6NvCG+Y2e~7$Ni;BuUc~Sx)_1Tu*IXjX<%c#(p?sq6pR`_ksNktEUYFXH_N1b5%cju1sjK6?6G%d*_9 zaog5PvU_LT4hBSk5>_O@0Z6;m{rrCW%d86ppe}&mVH*g?Obe_dt19nGWX_`z$}9HG zT&`WQo&W@F$z;=dRV}s3q))v{SY%SW8r5ffA@;y<6{SSrmCq`FHof#bkM#2t$*(fq z!Qa&LVJQ92!NOnGyh<}^0Wf-z%lOfpaXev)46ra22qZ4uX*#22;d z>2$L!;@dd+7;9#EuTl9ek#!qD4F*!EJ+*8x8gcS;*iQXSPbbOfRzJ@esD}Nz)HHvG zlhMxtMwj?#*I}AEl*RQ7W^< z-koB)PqQJ&wd(Q@N)_-qPywnSyX3!6Z2-;gm!rc+k9S$s9ekJZKd@;@ zB+Q6cy0<9gVL*nb?cxN})iSW?8lyQZ#fuZ3I)PNKqB&fkYeIhVrK$iQap8;%DAun; zr`wozrSg9~()d5VX%EeShT6t27?LRTlEY1jCnuF;7!A>clpyQyL&A^TF;+htur{1r z9ZOEI==Wk2IeDi_27GA3)NM?Ou~i8X9?t`1+y)1 zca75d@T-^3N+G?;%54Xa$A{tg+i`#V=-aFQL#*NUw{J$@^dCJw7(KkY8vEZK(oJ=O zNi09dCrX#Q`Gts;bu`SpFIQ?HyUSDOKYkcI4EFc?-;BS36^=*y{cpcL2>S`aJAG5DSOCQc(}XTaxwYL@-=2Ivr6JgP9nx{zsvHWtfZ+5rsOy0tVl}!f)z$7 zje_s}oUb%0k-`u4-S1yoX{2>lPa&(_SgC+kERrqzRzXdJnoxqM<~IvGTBW3^7I~`1 zc9FE|B8Q@SHK$p1iz+X96Gw0cWXaiY(fsD}Cd%?&T+gj2tyL8lJLBXQO;;bNQ`T0s zLD6jzsf#wsS5`|YRdia9R$7n!Hqc>>D=leKc#N>}r*~{DjBa=lQiA80K+hdoy=IvN z4`_f#5M@u)AVUapDMl{ zs#8O(Y6ug>D~qPGggdvTQIxpzDwT>>Xk92lC{i~+_TW^M9~ zF_+p_h5d3taO+tj9(hsEekBI>jEWH3k>yWC;T0&AQmz^~TY?ZI;LK?X-N&~8Tro%^Ru z*^q#_nj}|)sh`2V4Cs(V6Tu(%{)ghN zxl(poRmujS?tcJ^PO||Zksp9+TZOjg&!V^arX21c9`^SS@E>rM4^jA0(FKu-><;s- zcM*;jDIk@Ab7zb%yp6B6b*B%Gc116Q>NboEC z<LPqQvP{5!5lw5gkSs^?8^yk+Mf3h7k9$ZbK^Q5qO7jU`D_HWUJsE*j ztOsZjda1dWAR!IcqE44;-y!dO%v)&3K#vD@=QM3&!YU9MJJQZUxv!eQB@iw^aO<{7 zVq#W;)b!VhiDAa(rQ)I5x6J6tX#Qe;lcd@;Re;q1MOZ)uBJ#EdFxg^;egiEuz+Y1r zXsTO$oTM+%DMmuUBZtLZrH(W_?~ zz<^XiEJi-GdZ%ij5cB*glB47~R8K{^aMXXsSg2yf_^4KmPaRm8+jKjC$xVrtU{bw) zuRx#jtFlff|0(sC*9;tcbPICng@JAHHgDC8Q?MNNdx>%K-mkdYrs|46YWi7uoZN>U z&IQrSC3qj8NL96LB5ru!7Y1q53nI`X{X4PhvX+V+4*IcT-E8!;Gzk_X6M*H06*!|M z`qq$=ycfeaj$VRb3k$~IhO^O{UAJ1OLMef^sN3K^8?A(&Om*)Su=uV_r4`@5brO2zi!XHV%1 z$I%g&bhz*HmFdi!vU&3w?Gvun44*Gz;`amdS}4xm89M~;BUs`>k>#4Ohh%$DKuf%d z;wM&?j@-mA$YSzlZ|cXeRAkY6{-299BodkamJJT~55A?SGk`;zBzIE@N5Pt5{ z;bhQss0{EHaOr47f)ARGQso}~CnO4D_8ae83GDlT;+?bRuSuiDX z;qzs^in8tEOS_<0H7H`2Lfck)%z%9zD4ND96j<(_r}P`Grb*78W0GSaoJrrxkWMUGCdM1!z`(oj(DjemY66&K6g|KaR*<5VR$+ zb}C3?>YhIuP4u?g)!ob|qx6nY6kUYrhiDXP46ELUD4j3-3G@4(FDOGU$Qv%IPB5td z2;;Xjz6%&Gnk_v9lRfknk1PXs$<@4N#&Pxw3h2w!M@Pr&c!JJq5+tGM0=95^$F&Oe zo@RU#H4RW^MH8*phBUYhNiYIg5hV`w29U;Kj5`-FsMXDMwq*~m5Y`Ne>a`j^ocx0O zxT+jVb>o!&>&^tF# z5QK3b-HPAs;H8I3@gf8g&C5!Qc2%gp0PtK*a={iWE=V_}L(Z>0hF30Q3rwsuZ-Oym zGhFbbCZDh?^DW{B-xfY89H*j{#B;-dU5g(gBtUJ`!aAN#$k$~KpMZ86$L6Z ziypCDMC{zhA>d%p(L)gBMR=#WpTej94T0DSRPW*V{+?WATzhg_KNkcn{^}$SW=RB# zJWG>#GD;>t68!pJqM{$|WClC%Js;^}0c!Uj*eQ&`z(``;hk3eRbk=EmYORs zt2>`{?*c=*z>s36=7AwL9wz_U-R!&G>|2>e`DS0sGs@Td^)6WKSNt4O>ovXNir=|! z4SvUaeHmB$husx_OIQ3vi6fu3y!0m@LDFM*>j_`|S8=_6SRyOWa=p*@gt3mQ`l-6x z*YB}HB{N_7m)grtJi<)$`Y;=>I-$^doub}PU~^NC7zsqBDFRULZ_(a+Y){S-7~@X6 zrz>7U6^Odac%5GRarCFpMdl_}QGucEB3^`d9}soD*tUX;Hdlaw{kP$rm(R^2{zu5d z#)w-O{lA!A&0yBK7iAv$Aj0~{cAO75gc*m{b+&X;|G;lIV0Y=_@T_pn(vq@pl!kM* zEc_bdmLJ7}m=5&!toDMrCX=ls7-`vUL5RF$Og2M?)T3VoVvZ83eC>MCn0&VK(TB~N zC*J4=zkMei8T4dpcRfrH;$;i`TqN-p8Eul`JQ04DGVyS69+*YRl+cOCr9tNT_?^DO z17p(NYs6d$Y0tmQV5()#FeJ}mrE$NcO2|@38I+?qd2@_cCY-H}g1m5FVJJQl_ZRR5 zf$el9&K~_4p8SHiF7rQ61JI5Jg?UMrG9>iKcO+d@aiugUDo@qrDi*^Tq3MWto7yKc z5`*>+m)<1Z(z(K0UcTWz3x}hMSa39pvH>xkxX(`&yEUw?M4CzdQPo@e{lPYG1IFrc zZfx6y2c}(ku+BKbuP-Lg?#M(OL6sYr+Qpn2D7_2J4-f{ROH_oJhjNZJJ7F<8szxAy zqBvqQP3_sLY5AzInFeY~Hqqn${$sR>cmf$YWX#iXGS`*9%FkN4piBIr|Ay*cMQ9Qz299ma9>BrX%QZCnXKxp1* zKD=e!qIkBL8>t)`T_wStxe2l&(8sU*(d}@N64(5bzwmncn7w_IPVU|Rq}f7zbf=FG z`R2e5fLOMzsh2w_pU8(UGrpbs?{@rx&h-ABB>zu?9UVf@M~N2fC(}}A{`>|38}L)_ zgRMv%qPkw1sp=r6Z{zlu5r$?a8TN-Dw&0wj@o*eX=9sT%h(|rV@w1^H-wlPo)rhdx zDM_oNAOMwYiXwG5PXs9p@4bC+-*(KsbP*qo=b`q-Olqq4=xL*Gq~5vSVQ#9pAkQBY zTIdK|PuZl83w4u*E)-50@&h>Hfl^NxPkRa@+`Ipu?{*TR4D7sz|BR4Gj1ZDBS^5VY z?T6Vsz`F`TJM!R^yepc+$@}hytMsSe<0pT~Ax8``#SlC9 zKhb7C3}!!BPRV=_j_imutizH>hn2G>dp`a0)YpB}mQNC$0jxZs^kl2%;t zLQ#93kDd**XRTM)_+umj6YlAL(r=2R9O^w!(qZV2Za~7)vjzorIOXiHAXbec$w?e( zMUi10;UqIE->y>KBG-q9w(iZuVGWwCLA9$9iWRYVM!g7uEEQ1-`V&wOgF7J&lhm8~ z@Mq}7N#2%c6bc-~pPjyIh`hA>CFqWy%W!Z(XW2f4U!ZeUi_+vTd9lbw$1Iz|}dJNbiNpuOg(%!PHbOxT{4Dm@H1M}NXff*iC4&Hc!f;H zL{RSS{2b1Q^ul-tB?$=-ut^Y=%d7}v)xXu$H{+`7Eu-ft5#6lg>A7A_B6}8PqgBya zL#IkdX^klD3nL00Vy=lU8p#Mf#f*~_N0S)enV)9i@b4F|U%?b7un~A0ID~d&G}CFj zSs^*~Sx?DnJkkr(Tb?LCR+;S?ipYLh=vU-El>VhoR2 z{#~oNW;TAzeBafWA&ngj8hosqjPqg|cB^JAnlH1n?{@HmCYxF)rb1tt6(e0}+T5Ux z>kh3|gijOG){STO%+kkps7|bNDJ6`FOLaphp>1(7x`}E@VbL(sHU+iaGw3!VX{i&{ z_O6=}RTWo5#>XlYtXN@f@Wsdt;ZRuVptZMy!ddFAB9D9S z`$%T+_^x*iR570 zbs{%9kw3;UuFaJ^YAaJ>aYS8gN+$YUZ3Q14Fhh@%pV8?x^xACM8KPED2)}8AW$11N zH_H(|+gpQEyrYlica>pOaZ~1@zOW033iht)=E3TkS(=0jD(+_KhAj5)+46)lqMr&8 zoHK+cl^nFJL>u2_v-#N*A4XYl4h>UVE6@HBSgE=BD~(m1?(FW(|8Lof&;N>jChqW_o~~ysszPV zl1xHh|KTcqtY83-z(nYaD7y)R4dDe%86k+2WR@fhY~#B_A;Sy8=ftDAIT!@OZqx2? zFBqYrQzs*>ZPZ~PhU2%JFg_-V@Fq}Fn*Gh?@umPEUpjAW`E>TpEdQVW>_k*Xb)Vc(1e<;~gC=IO z`p0X#wNx(*~(CzW0ncXgwF&M5mrpKiIZiZ2semlO`=S5@qn>eA^Gmn(KY--%LIVxEFn zRlc{a%DRTi%dFlqXWqOt3@4Ym^;h&G7Lz8s^b~op74`EJX|`42aEkMbjIJtiOc!?< z7|2Ii7G1}xVj0ze%k`QLzUl9Oqpr2QObz3<<$SZr4E(q}Md?nyymOU9P*6$<6vd8K zHlJnqRy2)OlEAuoDza*eJb87*w<>ULm;B{wY)dc8lk{Pdu9;b|y`u^7w9cas%Fr7; z1D!+=GE;)BPys<5%Ub2f?cmb!N^z-%R$)H+w(!e}LQ9;SsxSlVsowis#gViY)!Da* znECH#g#q;D9y!3Aq-0Sqstd)wE>XD>b`zb}KpDikB)%Zw(ra4H3aHSzK;m>YMTJMz zT0T-)57&CaTP40VdALw?(A5u-Es93Cc@NdiaHcl$p1@59LyMmp4(Cmt$qAeKS(sPAX;x z|43HfD88nJ?-tpNe)KpHpFh%>{rTJ<-Czz`?1Xq-1p#Cb363Xa)Ks_xRxp4PVL8Ku z)#BszS!r26fSDiHZjps0f`xfBX3!H@;l*JXWH{s%A2AGA9Yj&hPxeRcDP+;%o_7xO z5y;-@W+vVXtY2Dz;r+e6y#f5A@5SqZ9j6DFTzMMqO@sShkc<|%8T4>)a%qF2IGd*n zs=@D-F!+7tD3WacO!U>A#SvlD(Vu`=aJamDqJD<}=y7z7#S#T(MX{H2L~e0;N1)@} z&0(+37n4vm*aMiH_!(5a&%%pAKzwbb1F_WB<+cBxp|dmt20FYQ~E;|UtKNx%IH?LmG^yN z&|1p|nY*i#k6yooeFe^FiN0J@bL-E9kWt+(0s zNpCat#ckMkDVd!0b_pZKsy-iwSl#MMgtgG){*@XwDUFhn&clF)fjD)VfyLuX{ zjUZau6cy31tM6_A-^HjAjave}E0ZoYa!O6ul}Rr=rkGmOQa`IQ>2tJ?hY>C0mC@U# zc`_uIdqW>{6XluNjo53QpR`(6&2;)f(a{9N8SyP)QlXwp-Yu8JN%$ykck{=D9y&tT zQ#k44Lgl2P3#F5WE2s=xstZdUdOOt;={H~@Uxi^TD#QA7w7ykWr=o&-xqcBKaT-oR zy@{`f!GcOxOtpzMXvl}MSXSL$QPzA^j*N>mti!xWhm|uhd<;yC{A^qPv{nt-rWItH zvRYSMu$_n?NvE2D*h)DDH zx#>v^+%u#&(STLi2+N~M0C^BEyDC|dwp|l3lg3LVV^(3SUK{6+k#m_ChVCc*emIhb zx1(m-EXm&Rh%S)4Yap5D@2 zb6GE+axFaOQgqBlz1M_mr?z28+b5GSzMkKh^dJWj*A>2Z6h5P5GJ!dS=s~)~0=-T; z*~&zZyAI~W|ob)8jIWX+bXp`dWL!rcmYcXxMpNZj3ug2LV1 z-Q6kN-8FG{cewoLbocFhM|b8!jLflPKkc<+%{9M>HJXt%vp`zenA~1{jC(pu=ef<+2Mt9gt?T(lDdzp^SXJiJOG`Bj6 zk~m*gekQ_LKqM~Mm7hvZ*)%_)BBALd5i(|%3Nwdh-bmTlP+kZjXRUX`My;kToLem{ ziw!EEqIMm8>@>VTEK!U7!CIc$v5xecW#4x}cx@(rk!~nj9_Qn*@d~1?S^|{y>D!#i zXcypZ`eS6$cEHrfqASyaZuAL093BsQbNC1=C$0@j7pZc#B#V<~ke^)zr+ln)q z-MpF(W7pv>_*nt_%DNe~MpY$?BM_A%bJT1g>K&y|_DbSFaWY*?VIfe_HvdQSwS@HV zb(EnonfK7XN-8WT=nMImb}5kA6zN}izZdwz%@Avf9i za(1`}yiUl}CgEkLXMzR+&$oRwnf&{O!k*$I_-y~1-hRlPAdu=?mM?4^USQ&u?bE-EkC z1Tpr$N`pisNSTW^cX7PyGJI^ekYe97Pi=n4J?gbGY9UVEC^v~>Uu_T=#dw&_ye=n15L$jFGhsCBdV9dmXZ zuzWedP$I}xdG>@pIVk0<;T4U%STm6U2!I|#oyNk4nc-@}y{(nGRMWwZjG>!RhGa*8 z+oy?>@PbKgwSXMTwy-I~V2c2DDHZ4fISy~#eJ=qsKmTzK0`QJ23RN|a;f(A2xqJGY8Z$qkdRKnO(u5UMcQe8zHC5nPYDD zvFnqR`?iSU%=YH0rhkvGeUGRGubR(9R~dHlt%JQhyo&XuezDj>EP99Q8`DCYbA7le zJVKcswO(0MFA;s1v06e^R-W+)KI4n)kK+2m2`U=0%@X=jq0FpQmwU8kWYc!fu&8R) z-rTpcuy=hM-T~Ok@P_i7;n^TJbhKk-rMxk2bx!c_HqPj1?J!|wKV%(_-3wb(grkqB zC|%Lftnwn3R259}ef7}M2r4=P@}kgA6Y^%FW{kdzekBp#2dV;$YL(RmW4#}zRTT=* z(db1Kh2?Ght7=?{VYkc2mlLJVq{w_T3sHn0@P0YwM<;M1P${R6(kk^T)95MND;~x> z1{G2dQZ_$pg)=5K&h3XWsyWnoJP*K_u#VEJy|n#=LNxjQiwIquQjlOQ#Vx-vS>Ib@ zIkf7H_-ozz6FElzARl7<9%uIBg({4Zk0v&;`NSwwtR94?onh1v6kQgh*8$r(WpyA+lE8VIGLnPQ~0$)!D#5DGWK@6VyWba09+ zu7(kLwViEqrSm(fl@`I6%^I7>;D7rXFzQ)UD`*t!v_qx5WxON#pd4I z3BbaC$m%qioMdq5I|Fo}MqwJS&2JrXpSb{S3ypUC!7^Ffe=$BpoaC!KwRYGz6gm_* zC{&}b;f{<8iKKsEVHj+Z>vvhuMF z9=*-50y_GGm-LM`JbDA2%Pyn94otaZECoeKJI#JW@8t*jK9i|1tO0HID#P0HP$Z0DJcMQb&WJeBR z`|jY?5u6ts?@~4sU72}gQ(#feFWgdOD(J3n1Cv zLkAs^+x9VvV|=mn@I=x(>!XVlx+&JE7^A!MNn7hzjk15#P*(xkkf+%q*&a|V;T*-0yGso^ z_@Pr2^|naY^Wv=(Hy}W%?QUJy({>@esKvQMNvAAV)%m!!{cfFA zaqx83sa}!4`feRjJu9m{jXJ^wua$yg{wriXZNEa+^Ma1otyVcXt6h4Ew)n8fM8-xz z-Z-#|N7T)<}5wn`=eJ`m&)y1%d@R-C&H`&g5 zo->CwoB5z}wBx5jj&JT=Uo$dS?Hxh`Q)hENTe%zkSDv}QcSyI}WP_|bXalU-k3V6u zoy%^ISX!MSOe(_S0ur127h5QT|XGn%3R#oUteSv_=;0;YUy#yu)nOds(XxE#Xtf>wQh;+ z;{*B18eLW+t+|1aiaByz=eLiNv}iKM}gV5U3%5C^3 znWGKI33nCTQ$*~y#ljKa{6FRT05?Rq5U^A~#&Zv)abZ*A1M%VB3A+nIyCW>Ba;8pA zy5qnTb-4(1u&Q9AOw`}odK9nsc3XbCH*-V`_Hnkw{841P+vWbVK#aIGJ!Fg(MG{dX z3^3&qr4Ef#8{4CD6G59zD54S_q6RLk#{6=25QOq>koXlH>UL6)gD)yU@B>)_yDda; zb~;Np(>GGe@lgC1tsoIreTru0HL8`Zi#(}%attn-vmc6m)Lxw8M#pK?w=|Xtk^;%# zL|992xZbpX=eLV@MObs`WoVq0S!9It6&yOd@j9~|KHrR#;(;jqsAU3zy%@F2O@|yu zMvh({VD66bGFKJ&Ywd3+x|_JhcQAiCWAV^5jXXaaK>|rJ4;k1W*Fp^vyB_!G!IUW% zmbT#b7mPg7i?}cOIb}+NTqSkf-nUX&^mg(OnHEoI89p#e-92^;1FBe&UuZIx7bs^P zGvl0$Sw3OyCmA@3d~**)$WYEKGo6*m7e2};co4;BXaeLCW-?La*rRRz4IblKFb`i> zX6R5R{!k{*sat`U$KU)au#x*m*JB+lu=jVcrW&akj{`_f zuuSxfUr5+|r>M>)q+G zycdhVQRCf=E-Tfp>D0eo%1Rn0SVKPIZjnb9uq3hY>ZF`Kmw-G5 zFdnf#160iIU*{>6oittzmslq2Pyj+U@xZ;I%??fqju&Sg)T=kx?u}bc>k0!lYQn*? z^90V9LGk`9w6`xAXBOT}aE`R|lZHByA=ZG>X3DJLdY2<>`zvTmh_$!3*z^5aAt=-1Z zxZY_geo-e8nK5kDRV>uVD%?Va2%j^qh|0526r=AlQnsNSm^gqol{F?jlojBA z=FdYYC=H-&T(j|c{)i4AgCBtyp^}5bv3mj6pY;B{4L}?AJS9j~T3Nm!C1eTaPL4=% zEz9r6U|xs&Q1N$eWOB19s3m9m^;3qq%J+)g^Pjr8lrHx!af1jSa^4wi%asPq0PZr? z1}uVROvT{a{^EuF{-Gn2!src7JKO0&*5XC_@F|$@g81LwHE$kVVQEfu;nO!V)HX12 zZkU`!F;3ga=DD!VYlH_4gQsv4FvZ{0r%IOG+2t^^1$jrzfS|QP+J^WfK}XF^=qfD4 zgR{dL2IqKbrP&aJ=ZF59YQoNdv$6>tZa5YG$ckoK;odL`2f*FzcUfzUaK1Gh)zW}+ ztF8f|Px>>lChwqzBrgq$A8)gP^`>&~U-@yo>tDz_Ha#&esE^m=ubl|0pvio*_-z=L zjh-POQ2;c4>b=c%Btng*nipDiJcF}1#O$^jYXq3BLpO7FMOWd!Q*APGyB;TC`jya% z;i^Hb`s)k7iW=X4cGq!IV#Ke#mA6X&z1VIL7le}Bw(6SrMdZh?2?_I-wzsNblE{Z( zz>{w_^lg{|j%{=$i;Q4batHG7EEBAYzeTJgK(0hz&_(ZQDOWkyp!9JRgbT46RI?cr z*H%4dxPGoJWeva0Uf?D}J^j~iEB{DuJ!yDN9%>2o9@j#4$P^O$po5=Y${avac5O3p zrx+OL3?vU}62`~s3fsi+Z!*qj8@48;@BRZ4!f2<8p%)Ry@wRntHKrVGf8*sc}gk3aq_2o zZ+nCpmVCG-VitxAobBJ4hVMM(=6D8L>ltTQ6V@820c_1AUZ?VwV>cL}8frMUvV|VU z#m(YaQlt%8db8NJE`$I?dPfDhB6UL$M@H^Qzf}2Vu)LMG3$ph-PbVJw;6sl%xn|4X zS^2L%>D`h=;&(6D;lFq{5jsBFKYRWXLbo=XeU*ofmHnL4Bi~vVvgzBZQ3x%++o9X) z8xRpTi26y-=784gLCe%LF86^<(feXsLwkN==<(`Wf2_w5VsGlwK;hdwgc;{g@=Hk! z7`> zF7zA??H|C9V+fh-9L2TO;HK32YI^JYvR~z@1!fF;WbUOi0X4#gbYq$_At(yR?#+N3 zQJg=+rZ8^DZs;vT_j!UZ>!nTHb9HdzUT+YyZiEAbf$96gBku1kZ4JO`lmC2bi2#o7 zY)o0V#=AiGH8{NxgYE&B1qqoCwp{o|mw>;9&C$6_A!k0)GRwdoXX?eAW@o>JoaU3F z(jJC^SFu+RE<5MUEObPZ%*pQrc9~J=*?O6i`(yrGKGL=~T)N?t6HKH#s0AbTxoMZzL`JRF=zurB$^HdSE? z1MKu+G^$p5uEC_LQ5?1Ff4}m?jT+lkv>!A-(uj_)awp(1J>Zl59s}l{S=Bx=^oOo- zmkXhsb>1o3KXh3Jhj!{OgfuaVB75Q`%cf+&N4Em;rU3Q%9)ZFOJ#)la{ybG}n$ zJ3obG`kZE6{=`)4BDt;Lt2*EtTau@N_HMnisY^CeiQ#vXi3Is!<%kyv;oe|eBZKa# z5l!Iw-2wh7Cu8mJVusBnIm{NrONNL3pE)dYoWs2UN${8cJW*+(! z9FE_F{kSPBRgf6HAa7Iw#^Dl zSS21=3n4u?>s0+^C0#KM3$p^7q@P4_+`V@ZBIH7y$8Is{pW6=t3j|4m3vss{cR z^_-xLIZDODp8G#ie#w;RF50)cylE7QM}cx}iw8b+D^giemj_y6vyWFzLy*o;aRdg6 zpPC&`s!QQ3rChzXd2`s5zcrHke~?CQq^Z?^qw^_G4 zSa-{r>k}qadSjRF`yzs8M5<-;O!85qqb=D5k^auiX`=<^b zw*vEpb_%hq9I$za`vL-0Mh&?mzm;_NrBW573r5nDr2Q;ebsOd;xW!myn6)WN1bs%MuOD9%4*r z3By&|J%+wz-8zifJ&!?jVM%9%jx7*N2gafx-h~1a%<70QQ&l;J{V;sSczf2U%|TN* zCa;aBDHt-v}aM3RBrr?=!SDh!fxGt}bHw{Y_(wT1YiIK!m{8&9h=WKu{@0@D^q7 z;}|=7h@0USH;CJ%z}s)4eqe!IK*L?_Fu*b4-h@SCLI4At$-+UYXj`%$&>Ro#r?`Wk zp-e8FnNcqTA(z$vUsuErQsdt3zq=v||F|LsLx;x!mZx51*0lO+F{}DhBKjMexX4Ag z?^vEGM8L5H%?Sj&UDE^BY3C?K#k2kOXl->M@)5I}(=s*9Q5E(XsEnL9Od0UdkWG5{ zBby=~Nj^}%82f~=J4h9iw>H-L@SxiQ6xs3|$CBR840Q26g3=Ds=LB?>7t*hthvUuG zkKp6IKH#}O5d{$QA)%>K$;9d;@$+TskVHS%0!ch!$0f%EPUOs?Ozn;GXdS{FTaLl; zLX}Bf8Zq^didTnI*-3^YOqI=f#o6OSFM3MLR>`$}*iXuDH~__Ye1NGag42k3k4o}?J#@x>#*w^+ZR+&ni>0rZ{Sh)3INc9q--NH z@1t-{j$UR@o#oIx95DbR47*Hi{@}!#*N+dzp{sGy$Wl_a=)Bd5RV(S zFiwebullI!w}5}cBbr)U1%PLY;;2;MUVDR?nDBSa*7hxaSF{6Zf>q8}k`Esg(mQ_C zj%IS1*a#ZL(L-cqH{-|<0e%d6iiu31@LKzu3F*xmWPvgS76}tYdPJp7C|R@aFreiN zHzQMI5uCp|WqDD!1m{zULH0i|Ehy}RcUIWRMz(-1+CWEvnYWDB@UK$ z8i)e#6X}~G;?Xfr=mOS+Q^Gqja{IWsCF$FB0z=XYb18&RB1^8>cgWYPenfV*n{4~s zZTI)+0-V#=1A3e)cB}x z*$(POGxfD(F+ew0ShH~^NxsxOQj?v9Zp;uzTv5l4MALj5d8dFh=3)TL~+ z|NZg3?3pU`GaS|usY)p&+4-liP_z!gvd}tdVNTMCBYL>vW*nM&|Jpns*0J2F{qdJI zCKF8ySIPeW;d;*Fu-%%j+rI!mRDPuJ(h{1Gc9C3;rc7azSYLbHw)Eo9P+tA%YMl{S zBGX1t&fmXEx8|gL{07xQ}aP_9Ov5 zV2*}kwYAuYsj@7y+eE4zFaQ&xP=yPZNJ}J8x{3z*#d1MPdC)12W?5y_6$o^&1v#JQ z@t?B=SZJyN!qjI9zws5F!WUPMH-fZNP2~N?vURy0T=;dF_bq(TY`R=DED7?9;Ok7n zk8tv_88j5M6s~fD&vzFIc*;;{Q#e91nTkBPNON&2>)2JPumra}PvmdIqf>G`f8L{~ z;d2`Yc1cn^UidNj+~x$$tZDQt^d7=km9mfk2|?n0iKsJ7`fe)C%h0aS)XNn-uE z6YkfP{}*K!k`kp_exxqjr%$KI-tU;+oIk&0x|Qff!1lvZ{xyY!djP^RuIcCG^MW<~9MLN-$jK9}32; zw$6lu(NZ8$SRrqKU43_cL85M+_6^)doQaGU4Lv5)m6886-Zf zv?^IO7|>=G$uGK&=#MjqATnJPS`a}QoU+M-aQ5Yq8Q>(2#!WH+o8ow$0xDA5!X%Dz z7^=w9M8&G&Ml&H&h4TB50}r%M1NPUcS?n2whWsW$v9BZ?)%Hi^t$cn>cR>zF8==*q zp%%y&HSo51XwwZbPsqv#AktwbY<}SZKof$pi`$jJyolw8}v3 zdW}8w%j|zu89tFCTSe2TDITzRf<~n3;q>FeB`WA=uWZQAdT7^Gl>Dzb}F{;Xpg| zk{lB_H|$C_kdTD=AcT4*$aJ;Lfe(aouyOldX<~WuIctX4PUWFWy-2=lh8U%3D$nx zmrRXN49>U)&@f!Z28xApT~Br^3T+t|eh(&RQz@f|Zy2t>@7>}g2_y@hY5-k?uV`OW zb#2`6l3_c%OdUBVewoje!Ur!fFI{{#Kti6|W5`#ppG-B6K2+lGG!H^DKJ=Zf;>JkW zihk#LCdnI4>)F>b4d7=5DObI$3Rf^!M;q=7FJ)jLPy?~ z|5b)daTB2!e^M-FX8Hkz=5Q%EIazt{HKaJO&9zsyAH5bD8f(*P^=v$lY?|m>|GQrb zIdgjQ)w*-qmN+myY|9L8)|crHKb!y-s23P{V^SpfHAu??Z_7EeVQlh zdl4|nORh8Eay~5U?YL8lCvXafBAnyu1;~t%{7RL&+2Vv$j`AxyaTYJFA_gnaZ@eZY zDSq$bxi%ho+h2<}INfCizrC^m!~9B#8b zBQ4fBNb>(6>LVyGvsjC*{#Ei9rOgUsaw0o1UM~^1f?Fwh=Ps`@pJ$EaHM-n$6wKTx zzOwM|Ng20l@bsjYavSK!@}uWOgND!pYi!Q3xp+PhKeS#bfBZ>T#XPlgg=x%17u8-m z+h!t~hCLjj(ky;i!4^E$&w2xZTqQhI0Yx)*ur;DDfcK`w5!(9~DCB1HESe08fjlI6R4*9%syjPPK` z=su@f2b7$KB*m@i_@9+B&Z&y|8gl)*Ybg2or?v6D`=(Ms$Rj3*N`Jzh4ZzlVIRy0x z!E3U^|1O zZ)X!w+BNL)M>FdW($kKNC0d^?46#&ytAhQM!FN8ha`&sq1^S4P7~17u1$?jT^-Pcz(AwLs-QwF) zONQwfCMxbrO9a0M!zfQ_xkC#AaPTYHSnEBCp?}X=4s-OF{%!a2dUYw_fSab2x$`K7 zJ4+S3@b-@?cl}c3dj*u2I^SK;0+qgr*5)Tpm?t`*$r>jT)_iI5vei5}v%N=PS$E^g z{J!Jge?Y!@L#5&UIQ=~NE!i_;-EXG!9AKFONW}kee4H|P0A+P>LYQFXL(D4L`$PC4^%yQB?l-kcmc2j1;GJ zu_6eo3VI~{c+OyQtXGf6IcD>pu-m*?ZFskHTou?EBSy&W0Cc#e8a&^@9q>-`Z4OdX ze@V`bYfLyK#0GiUPoY*}kNQ2K{YjN*hdRwK^s*Unc>G@XdN3w>{%{T7RNCpcK#DIMD{OWoe@>EUg2&mMv@Ko0&<92u#DkU0$A_!*3Dz(CZbL}0M%U? zIuB))z`4_wJ+TfhO%&5g_feGvlm+tS4IbQ2@rN(`kZ1xKnPDb7HyBi}L#OS7GFmgo zD`id?&5M)bFe%RsylrIz7Xe+pWJUFaO6k7nI~tPWWIXiG{>frx_!*r+a#Q+*x8l3t3U>cd-nQ?s_d$Y}dp5wb{mN;qmCHhxYhW*nvWu!l zKu5N!Wa2A>>25&ati%-`ea!KoI*j!uiT zd6QhI{}|%7gV)j+V>xmBq>{kRwZsHl@+@JA2&W@2WTnxO39^}9Ex)-SG(&&W5<{(m z2uMOINh(}Qr>!DabVV(ia?ZCWYC6?~$JLy9Gvy)AqAVgMUh7rZ_xflj9pyOrq^Qdj!hw(MNwg z_jP}c^wnRHR9MR2i%(-b<6i~L6BFXlWDT!^E}*_j9D;HaX$0Oc505?}#B8F4 ziAgANnE`d{x*L0hdaW-UN(7>VGe<;RbT?E=w5PTgoRc*nTjB`>bpM8tbI72@`}75w z0*9cK13dck?ln?3t(Sz2S#K{oIX_w3FP|Mi+Lldr^cgEax8fw5C?1mYhj9YU9D{H7 z%iH0^*&UcbGqKg0hI5Y%L~#T1h>pUB;Ri2$70Z%8)}Y^vFMNIyTTB#<#=U&q2@K5 zP6S0uL2Atu-!*m6;?D_c6{wgq9tg@?iLIAd-nGv18Db*?O^3&%>OStny)r_1R|&#n zxvK!@(u^W(1O54e_i&BFCQwl%DPLSe>52U8hY+nPe1m#s zm>sb;qFS8Y_P}%uF}50QHq=3AyR{L^_=*@zq33P4ZHYLVK{wfMfHCA>)E7% zsdOdAp|Eh30cz%qh^!M|W)vss8TlJb(e^0Ep2H1Kk@HEIrSqZAnbb!5#BaSF!crIH z7G9YRsmEd`An%j5k8(#76lAXw7*m#w%x`WZB)C7b+K%L0(Qbb(bC;L=pIIyZ77A$>Stjs3Xks=8w70x zxV#}h?K{1h>>yfHUQyP}tS{z;v}vqqm1tXH9T8aLzI;GKm$erV@Y2>N1*hwbjc4;o z`(M%rNk_BQf6H96NG;@1qY?d3b|k|9U*wRgf5y6}^Jm$n+wJ@K$p5Oqi#7&(IgFx6 z#T7nVtvs&w6<{rep7agq3CJmK6P;gULR4SsqL5(NRiwD+X_R%aePllquZ3mDkU+zR zB`mu$aq7Aue$@uCh&v!^KKK=+LBFAa{O`T4zB)UAfPxVIGkksim(ExJ{U-lYZ-{@U f{`)5A(EmfH2nFfy5dU2A?du!(HJ(`h^XvZru?(rE literal 0 HcmV?d00001 diff --git a/Solutions/Microsoft Defender for Office 365/Package/createUiDefinition.json b/Solutions/Microsoft Defender for Office 365/Package/createUiDefinition.json index 4cdaa49696d..5f7eb2478fc 100644 --- a/Solutions/Microsoft Defender for Office 365/Package/createUiDefinition.json +++ b/Solutions/Microsoft Defender for Office 365/Package/createUiDefinition.json @@ -6,7 +6,7 @@ "config": { "isWizard": false, "basics": { - "description": "\n\n**Note:** Please refer to the following before installing the solution: \r \n • Review the solution [Release Notes](https://github.com/Azure/Azure-Sentinel/blob/master/Solutions/Microsoft%20Defender%20for%20Office%20365/ReleaseNotes.md)\r \n • There may be [known issues](https://aka.ms/sentinelsolutionsknownissues) pertaining to this Solution.\n\nThe [Microsoft Defender for Office 365](https://www.microsoft.com/security/business/threat-protection/office-365-defender) solution for Microsoft Sentinel enables you to ingest security alerts from the Defender for Office 365 platform, providing visibility into threats within email messages, links (URLs) and collaboration tools.\n\n**Underlying Microsoft Technologies used:**\n\nThis solution is dependent on the following technologies, and some of these dependencies either may be in [Preview](https://azure.microsoft.com/support/legal/preview-supplemental-terms/) state or might result in additional ingestion or operational costs:\n\na. [Codeless Connector Platform/Native Microsoft Sentinel Polling](https://docs.microsoft.com/azure/sentinel/create-codeless-connector?tabs=deploy-via-arm-template%2Cconnect-via-the-azure-portal)\n\n**Data Connectors:** 1, **Workbooks:** 1, **Function Apps:** 1, **Playbooks:** 4\n\n[Learn more about Microsoft Sentinel](https://aka.ms/azuresentinel) | [Learn more about Solutions](https://aka.ms/azuresentinelsolutionsdoc)", + "description": "\n\n**Note:** _There may be [known issues](https://aka.ms/sentinelsolutionsknownissues) pertaining to this Solution, please refer to them before installing._\n\nThe [Microsoft Defender for Office 365](https://www.microsoft.com/security/business/threat-protection/office-365-defender) solution for Microsoft Sentinel enables you to ingest security alerts from the Defender for Office 365 platform, providing visibility into threats within email messages, links (URLs) and collaboration tools.\n\n**Underlying Microsoft Technologies used:**\n\nThis solution is dependent on the following technologies, and some of these dependencies either may be in [Preview](https://azure.microsoft.com/support/legal/preview-supplemental-terms/) state or might result in additional ingestion or operational costs:\n\na. [Codeless Connector Platform/Native Sentinel Polling](https://docs.microsoft.com/azure/sentinel/create-codeless-connector?tabs=deploy-via-arm-template%2Cconnect-via-the-azure-portal)\n\n**Data Connectors:** 1, **Workbooks:** 1, **Function Apps:** 1, **Playbooks:** 5\n\n[Learn more about Microsoft Sentinel](https://aka.ms/azuresentinel) | [Learn more about Solutions](https://aka.ms/azuresentinelsolutionsdoc)", "subscription": { "resourceProviders": [ "Microsoft.OperationsManagement/solutions", @@ -60,7 +60,7 @@ "name": "dataconnectors1-text", "type": "Microsoft.Common.TextBlock", "options": { - "text": "This solution installs the data connector for ingesting Microsoft Defender for Office 365 logs into Microsoft Sentinel, using Codeless Connector Platform and Native Microsoft Sentinel Polling. After installing the solution, configure and enable this data connector by following guidance in Manage solution view." + "text": "This solution installs the data connector for ingesting Microsoft Defender for Office 365 logs into Microsoft Sentinel, using Codeless Connector Platform and Native Sentinel Polling. After installing the solution, configure and enable this data connector by following guidance in Manage solution view." } }, { diff --git a/Solutions/Microsoft Defender for Office 365/Package/mainTemplate.json b/Solutions/Microsoft Defender for Office 365/Package/mainTemplate.json index 4f5e3f1f80b..1254b2e2e3f 100644 --- a/Solutions/Microsoft Defender for Office 365/Package/mainTemplate.json +++ b/Solutions/Microsoft Defender for Office 365/Package/mainTemplate.json @@ -41,7 +41,7 @@ "email": "support@microsoft.com", "_email": "[variables('email')]", "_solutionName": "Microsoft Defender for Office 365", - "_solutionVersion": "3.0.0", + "_solutionVersion": "3.0.1", "solutionId": "azuresentinel.azure-sentinel-solution-microsoftdefenderforo365", "_solutionId": "[variables('solutionId')]", "uiConfigId1": "OfficeATP", @@ -101,6 +101,14 @@ "playbookId5": "[resourceId('Microsoft.Logic/workflows', variables('playbookContentId5'))]", "playbookTemplateSpecName5": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat(parameters('workspace'),'-pl-',uniquestring(variables('_playbookContentId5'))))]", "_playbookcontentProductId5": "[concat(take(variables('_solutionId'),50),'-','pl','-', uniqueString(concat(variables('_solutionId'),'-','Playbook','-',variables('_playbookContentId5'),'-', variables('playbookVersion5'))))]", + "o365-DeleteMaliciousInboxRule": "o365-DeleteMaliciousInboxRule", + "_o365-DeleteMaliciousInboxRule": "[variables('o365-DeleteMaliciousInboxRule')]", + "playbookVersion6": "1.0", + "playbookContentId6": "o365-DeleteMaliciousInboxRule", + "_playbookContentId6": "[variables('playbookContentId6')]", + "playbookId6": "[resourceId('Microsoft.Logic/workflows', variables('playbookContentId6'))]", + "playbookTemplateSpecName6": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat(parameters('workspace'),'-pl-',uniquestring(variables('_playbookContentId6'))))]", + "_playbookcontentProductId6": "[concat(take(variables('_solutionId'),50),'-','pl','-', uniqueString(concat(variables('_solutionId'),'-','Playbook','-',variables('_playbookContentId6'),'-', variables('playbookVersion6'))))]", "_solutioncontentProductId": "[concat(take(variables('_solutionId'),50),'-','sl','-', uniqueString(concat(variables('_solutionId'),'-','Solution','-',variables('_solutionId'),'-', variables('_solutionVersion'))))]" }, "resources": [ @@ -113,7 +121,7 @@ "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]" ], "properties": { - "description": "Microsoft Defender for Office 365 data connector with template version 3.0.0", + "description": "Microsoft Defender for Office 365 data connector with template version 3.0.1", "mainTemplate": { "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", "contentVersion": "[variables('dataConnectorVersion1')]", @@ -191,7 +199,7 @@ "contentSchemaVersion": "3.0.0", "contentId": "[variables('_dataConnectorContentId1')]", "contentKind": "DataConnector", - "displayName": "Microsoft Defender for Office 365", + "displayName": "Microsoft Defender for Office 365 (Preview)", "contentProductId": "[variables('_dataConnectorcontentProductId1')]", "id": "[variables('_dataConnectorcontentProductId1')]", "version": "[variables('dataConnectorVersion1')]" @@ -272,7 +280,7 @@ "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]" ], "properties": { - "description": "MicrosoftDefenderForOffice365Workbook Workbook with template version 3.0.0", + "description": "MicrosoftDefenderForOffice365Workbook Workbook with template version 3.0.1", "mainTemplate": { "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", "contentVersion": "[variables('workbookVersion1')]", @@ -364,7 +372,7 @@ "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]" ], "properties": { - "description": "O365_Defender_FunctionAppConnector Playbook with template version 3.0.0", + "description": "O365_Defender_FunctionAppConnector Playbook with template version 3.0.1", "mainTemplate": { "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", "contentVersion": "[variables('playbookVersion1')]", @@ -539,7 +547,7 @@ "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]" ], "properties": { - "description": "o365-BlockMalwareFileExtension Playbook with template version 3.0.0", + "description": "o365-BlockMalwareFileExtension Playbook with template version 3.0.1", "mainTemplate": { "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", "contentVersion": "[variables('playbookVersion2')]", @@ -1244,7 +1252,7 @@ "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]" ], "properties": { - "description": "o365-BlockSender Playbook with template version 3.0.0", + "description": "o365-BlockSender Playbook with template version 3.0.1", "mainTemplate": { "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", "contentVersion": "[variables('playbookVersion3')]", @@ -1875,7 +1883,7 @@ "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]" ], "properties": { - "description": "o365-BlockSender-EntityTrigger Playbook with template version 3.0.0", + "description": "o365-BlockSender-EntityTrigger Playbook with template version 3.0.1", "mainTemplate": { "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", "contentVersion": "[variables('playbookVersion4')]", @@ -2382,7 +2390,7 @@ "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]" ], "properties": { - "description": "o365-BlockSpamDomain Playbook with template version 3.0.0", + "description": "o365-BlockSpamDomain Playbook with template version 3.0.1", "mainTemplate": { "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", "contentVersion": "[variables('playbookVersion5')]", @@ -3280,74 +3288,828 @@ } }, { - "type": "Microsoft.OperationalInsights/workspaces/providers/contentPackages", + "type": "Microsoft.OperationalInsights/workspaces/providers/contentTemplates", "apiVersion": "2023-04-01-preview", + "name": "[variables('playbookTemplateSpecName6')]", "location": "[parameters('workspace-location')]", + "dependsOn": [ + "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]" + ], "properties": { - "version": "3.0.0", - "kind": "Solution", - "contentSchemaVersion": "3.0.0", - "displayName": "Microsoft Defender for Office 365", - "publisherDisplayName": "Microsoft Sentinel, Microsoft Corporation", - "descriptionHtml": "

Note: There may be known issues pertaining to this Solution, please refer to them before installing.

\n

The Microsoft Defender for Office 365 solution for Microsoft Sentinel enables you to ingest security alerts from the Defender for Office 365 platform, providing visibility into threats within email messages, links (URLs) and collaboration tools.

\n

Underlying Microsoft Technologies used:

\n

This solution is dependent on the following technologies, and some of these dependencies either may be in Preview state or might result in additional ingestion or operational costs:

\n
    \n
  1. Codeless Connector Platform/Native Sentinel Polling
    2. \n
\n

Data Connectors: 1, Workbooks: 1, Function Apps: 1, Playbooks: 4

\n

Learn more about Microsoft Sentinel | Learn more about Solutions

\n", - "contentKind": "Solution", - "contentProductId": "[variables('_solutioncontentProductId')]", - "id": "[variables('_solutioncontentProductId')]", - "icon": "", - "contentId": "[variables('_solutionId')]", - "parentId": "[variables('_solutionId')]", - "source": { - "kind": "Solution", - "name": "Microsoft Defender for Office 365", - "sourceId": "[variables('_solutionId')]" - }, - "author": { - "name": "Microsoft", - "email": "[variables('_email')]" - }, - "support": { - "name": "Microsoft Corporation", - "email": "support@microsoft.com", - "tier": "Microsoft", - "link": "https://support.microsoft.com/" - }, - "dependencies": { - "operator": "AND", - "criteria": [ - { - "kind": "DataConnector", - "contentId": "[variables('_dataConnectorContentId1')]", - "version": "[variables('dataConnectorVersion1')]" - }, - { - "kind": "Workbook", - "contentId": "[variables('_workbookContentId1')]", - "version": "[variables('workbookVersion1')]" + "description": "o365-DeleteMaliciousInboxRule Playbook with template version 3.0.1", + "mainTemplate": { + "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", + "contentVersion": "[variables('playbookVersion6')]", + "parameters": { + "PlaybookName": { + "defaultValue": "o365-DeleteMaliciousInboxRule", + "type": "string" }, - { - "kind": "AzureFunction", - "contentId": "[variables('_O365_Defender_FunctionAppConnector')]", - "version": "[variables('playbookVersion1')]" + "Applicationid": { + "type": "string", + "metadata": { + "description": "Enter value for Applicationid" + } }, - { - "kind": "Playbook", - "contentId": "[variables('_o365-BlockMalwareFileExtension')]", - "version": "[variables('playbookVersion2')]" + "Keyvault name": { + "type": "String", + "metadata": { + "description": "Enter the key vault name where certificate thumbprint is stored" + } }, - { - "kind": "Playbook", - "contentId": "[variables('_o365-BlockSender')]", - "version": "[variables('playbookVersion3')]" + "Certificate_key_name": { + "type": "string", + "metadata": { + "description": "Your Key name for the thumbprint secret stored in keyvault under secrets" + } }, - { - "kind": "Playbook", - "contentId": "[variables('_o365-BlockSender-EntityTrigger')]", - "version": "[variables('playbookVersion4')]" + "OrganizationName": { + "type": "string", + "metadata": { + "description": "Enter value for OrganizationName" + } }, + "FunctionsAppName": { + "defaultValue": "o365def", + "type": "string", + "metadata": { + "description": "Name of the FunctionsApp custom connector, if you want to change the default name, make sure to use the same in all o365 automation playbooks as well" + } + } + }, + "variables": { + "MicrosoftSentinelConnectionName": "[[concat('MicrosoftSentinel-', parameters('PlaybookName'))]", + "FunctionsAppName": "[[concat(parameters('FunctionsAppName'), uniqueString(resourceGroup().id))]", + "o365FuntionsAppId": "[[concat('/subscriptions/', subscription().subscriptionId, '/resourceGroups/', resourceGroup().name, '/providers/Microsoft.Web/sites/', variables('FunctionsAppName'))]", + "KeyvaultConnectionName": "[[concat('Keyvault-', parameters('PlaybookName'))]", + "connection-2": "[[concat('/subscriptions/', subscription().subscriptionId, '/providers/Microsoft.Web/locations/', variables('workspace-location-inline'), '/managedApis/Azuresentinel')]", + "_connection-2": "[[variables('connection-2')]", + "connection-3": "[[concat('/subscriptions/', subscription().subscriptionId, '/providers/Microsoft.Web/locations/', variables('workspace-location-inline'), '/managedApis/', 'keyvault')]", + "_connection-3": "[[variables('connection-3')]", + "workspace-location-inline": "[concat('[resourceGroup().locatio', 'n]')]", + "workspace-name": "[parameters('workspace')]", + "workspaceResourceId": "[[resourceId('microsoft.OperationalInsights/Workspaces', variables('workspace-name'))]" + }, + "resources": [ { - "kind": "Playbook", - "contentId": "[variables('_o365-BlockSpamDomain')]", - "version": "[variables('playbookVersion5')]" + "properties": { + "provisioningState": "Succeeded", + "state": "Enabled", + "definition": { + "$schema": "https://schema.management.azure.com/providers/Microsoft.Logic/schemas/2016-06-01/workflowdefinition.json#", + "contentVersion": "1.0.0.0", + "parameters": { + "$connections": { + "type": "Object" + }, + "Applicationid": { + "defaultValue": "[[parameters('Applicationid')]", + "type": "string" + }, + "Certificate_key_name": { + "defaultValue": "[[parameters('Certificate_key_name')]", + "type": "string" + }, + "OrganizationName": { + "defaultValue": "[[parameters('OrganizationName')]", + "type": "string" + } + }, + "triggers": { + "Microsoft_Sentinel_incident": { + "type": "ApiConnectionWebhook", + "inputs": { + "body": { + "callback_url": "@{listCallbackUrl()}" + }, + "host": { + "connection": { + "name": "@parameters('$connections')['azuresentinel']['connectionId']" + } + }, + "path": "/incident-creation" + } + } + }, + "actions": { + "Add_comment_to_incident_(V3)": { + "runAfter": { + "Create_HTML_table": [ + "Succeeded" + ] + }, + "type": "ApiConnection", + "inputs": { + "body": { + "incidentArmId": "@triggerBody()?['object']?['id']", + "message": "

Rules provided below are deleted from their respective mailboxes:
\n
\n@{variables('Finalarray')}
\n
\n

" + }, + "host": { + "connection": { + "name": "@parameters('$connections')['azuresentinel']['connectionId']" + } + }, + "method": "post", + "path": "/Incidents/Comment" + } + }, + "ConnectExchangeOnline": { + "runAfter": { + "Parse_JSON_-_Parsing_mailbox_Entries": [ + "Succeeded" + ] + }, + "type": "Function", + "inputs": { + "body": { + "ApplicationId": "@parameters('Applicationid')", + "CertificateThumbPrint": "@body('Get_secret')?['value']", + "OrganizationName": "@parameters('OrganizationName')" + }, + "function": { + "id": "[[concat(variables('o365FuntionsAppId'), '/functions/ConnectExchangeOnline')]" + } + } + }, + "Create_HTML_table": { + "runAfter": { + "For_each_-_deleting_Mail_rules_action": [ + "Succeeded" + ] + }, + "type": "Table", + "inputs": { + "format": "HTML", + "from": "@variables('Finalarray')" + } + }, + "DisconnectExchangeOnline_-_Clearing_any_pre-existing-cache_connection": { + "type": "Function", + "inputs": { + "body": { + "ApplicationId": "@parameters('Applicationid')", + "OrganizationName": "@parameters('OrganizationName')" + }, + "function": { + "id": "[[concat(variables('o365FuntionsAppId'), '/functions/DisconnectExchangeOnline')]" + } + } + }, + "DisconnectExchangeOnline_2": { + "runAfter": { + "Parse_JSON_-_Parsing_final_Array": [ + "Succeeded" + ] + }, + "type": "Function", + "inputs": { + "body": { + "ApplicationId": "@parameters('Applicationid')", + "OrganizationName": "@parameters('OrganizationName')" + }, + "function": { + "id": "[[concat(variables('o365FuntionsAppId'), '/functions/DisconnectExchangeOnline')]" + } + } + }, + "For_each_-_Collecting_all_rules_and_Recipient_in_one_array": { + "foreach": "@body('Parse_JSON_-_Parsing_mailbox_Entries')", + "actions": { + "Condition_-_check_if_Response_Body_is_empty_or_not": { + "actions": { + "Append_to_array_variable_2": { + "runAfter": { + "For_each": [ + "Succeeded" + ] + }, + "type": "AppendToArrayVariable", + "inputs": { + "name": "Finalarray", + "value": { + "CompromisedMailBox": "@items('For_each_-_Collecting_all_rules_and_Recipient_in_one_array')?['properties']?['recipient']", + "RuleList": "@variables('RuleNameList')" + } + } + }, + "Append_to_array_variable_4": { + "runAfter": { + "Parse_JSON_-_GetInboxrule-1": [ + "Succeeded" + ] + }, + "type": "AppendToArrayVariable", + "inputs": { + "name": "RuleNameList", + "value": "@body('Parse_JSON_-_GetInboxrule-1')?['Name']" + } + }, + "Append_to_array_variable_5": { + "runAfter": { + "Append_to_array_variable_4": [ + "Succeeded" + ] + }, + "type": "AppendToArrayVariable", + "inputs": { + "name": "Finalarray", + "value": { + "CompromisedMailBox": "@items('For_each_-_Collecting_all_rules_and_Recipient_in_one_array')?['properties']?['recipient']", + "RuleList": "@variables('RuleNameList')" + } + } + }, + "Compose_-dummy_": { + "type": "Compose", + "inputs": "@body('GetInboxRule')" + }, + "For_each": { + "foreach": "@body('Parse_JSON_-_GetInboxrule')", + "actions": { + "Append_to_array_variable": { + "type": "AppendToArrayVariable", + "inputs": { + "name": "RuleNameList", + "value": "@items('For_each')['Name']" + } + } + }, + "runAfter": { + "Parse_JSON_-_GetInboxrule": [ + "Succeeded" + ] + }, + "type": "Foreach" + }, + "Parse_JSON_-_GetInboxrule": { + "runAfter": { + "Compose_-dummy_": [ + "Succeeded" + ] + }, + "type": "ParseJson", + "inputs": { + "content": "@body('GetInboxRule')", + "schema": { + "items": { + "properties": { + "Description": { + "type": "string" + }, + "Enabled": { + "type": "boolean" + }, + "Identity": { + "type": "string" + }, + "InError": { + "type": "boolean" + }, + "Name": { + "type": "string" + } + }, + "required": [ + "Description", + "Enabled", + "Identity", + "InError", + "Name" + ], + "type": "object" + }, + "type": "array" + } + } + }, + "Parse_JSON_-_GetInboxrule-1": { + "runAfter": { + "Compose_-dummy_": [ + "Succeeded" + ] + }, + "type": "ParseJson", + "inputs": { + "content": "@body('GetInboxRule')", + "schema": { + "properties": { + "Description": { + "type": "string" + }, + "Enabled": { + "type": "boolean" + }, + "Identity": { + "type": "string" + }, + "InError": { + "type": "boolean" + }, + "Name": { + "type": "string" + } + }, + "type": "object" + } + } + } + }, + "runAfter": { + "GetInboxRule": [ + "Succeeded" + ] + }, + "else": { + "actions": { + "Append_to_array_variable_3": { + "type": "AppendToArrayVariable", + "inputs": { + "name": "Finalarray", + "value": { + "CompromisedMailBox": "@items('For_each_-_Collecting_all_rules_and_Recipient_in_one_array')?['properties']?['recipient']", + "RuleList": [ + "No rule found - Deleted Nothing" + ] + } + } + } + } + }, + "expression": { + "and": [ + { + "not": { + "equals": [ + "@body('GetInboxRule')", + "" + ] + } + } + ] + }, + "type": "If" + }, + "GetInboxRule": { + "type": "Function", + "inputs": { + "body": { + "Mailbox": "@items('For_each_-_Collecting_all_rules_and_Recipient_in_one_array')?['properties']?['recipient']" + }, + "function": { + "id": "[[concat(variables('o365FuntionsAppId'), '/functions/GetInboxRule')]" + } + } + } + }, + "runAfter": { + "ConnectExchangeOnline": [ + "Succeeded" + ] + }, + "type": "Foreach", + "runtimeConfiguration": { + "concurrency": { + "repetitions": 1 + } + } + }, + "For_each_-_deleting_Mail_rules_action": { + "foreach": "@body('Parse_JSON_-_Parsing_final_Array')", + "actions": { + "For_each_3": { + "foreach": "@items('For_each_-_deleting_Mail_rules_action')['RuleList']", + "actions": { + "ConnectExchangeOnline_2": { + "type": "Function", + "inputs": { + "body": { + "ApplicationId": "@parameters('Applicationid')", + "CertificateThumbPrint": "@body('Get_secret')?['value']", + "OrganizationName": "@parameters('OrganizationName')" + }, + "function": { + "id": "[[concat(variables('o365FuntionsAppId'), '/functions/ConnectExchangeOnline')]" + } + } + }, + "DisconnectExchangeOnline": { + "runAfter": { + "RemoveInboxRule": [ + "Succeeded" + ] + }, + "type": "Function", + "inputs": { + "body": { + "ApplicationId": "@parameters('Applicationid')", + "OrganizationName": "@parameters('OrganizationName')" + }, + "function": { + "id": "[[concat(variables('o365FuntionsAppId'), '/functions/DisconnectExchangeOnline')]" + } + } + }, + "RemoveInboxRule": { + "runAfter": { + "ConnectExchangeOnline_2": [ + "Succeeded" + ] + }, + "type": "Function", + "inputs": { + "body": { + "Identity": "@items('For_each_3')", + "Mailbox": "@{items('For_each_-_deleting_Mail_rules_action')['CompromisedMailBox']}" + }, + "function": { + "id": "[[concat(variables('o365FuntionsAppId'), '/functions/RemoveInboxRule')]" + } + } + } + }, + "type": "Foreach" + } + }, + "runAfter": { + "DisconnectExchangeOnline_2": [ + "Succeeded" + ] + }, + "type": "Foreach", + "runtimeConfiguration": { + "concurrency": { + "repetitions": 1 + } + } + }, + "Get_secret": { + "runAfter": { + "DisconnectExchangeOnline_-_Clearing_any_pre-existing-cache_connection": [ + "Succeeded" + ] + }, + "type": "ApiConnection", + "inputs": { + "host": { + "connection": { + "name": "@parameters('$connections')['keyvault']['connectionId']" + } + }, + "method": "get", + "path": "/secrets/@{encodeURIComponent(parameters('Certificate_key_name'))}/value" + } + }, + "Initialize_variable": { + "runAfter": { + "Get_secret": [ + "Succeeded" + ] + }, + "type": "InitializeVariable", + "inputs": { + "variables": [ + { + "name": "RuleNameList", + "type": "array" + } + ] + } + }, + "Initialize_variable_-_Final_result_array_of_object": { + "runAfter": { + "Initialize_variable": [ + "Succeeded" + ] + }, + "type": "InitializeVariable", + "inputs": { + "variables": [ + { + "name": "Finalarray", + "type": "array" + } + ] + } + }, + "Parse_JSON_-_Parsing_final_Array": { + "runAfter": { + "For_each_-_Collecting_all_rules_and_Recipient_in_one_array": [ + "Succeeded", + "Failed" + ] + }, + "type": "ParseJson", + "inputs": { + "content": "@variables('Finalarray')", + "schema": { + "items": { + "properties": { + "CompromisedMailBox": { + "type": "string" + }, + "RuleList": { + "items": { + "type": "string" + }, + "type": "array" + } + }, + "required": [ + "CompromisedMailBox", + "RuleList" + ], + "type": "object" + }, + "type": "array" + } + } + }, + "Parse_JSON_-_Parsing_mailbox_Entries": { + "runAfter": { + "Initialize_variable_-_Final_result_array_of_object": [ + "Succeeded" + ] + }, + "type": "ParseJson", + "inputs": { + "content": "@triggerBody()?['object']?['properties']?['relatedEntities']", + "schema": { + "items": { + "properties": { + "id": { + "type": "string" + }, + "kind": { + "type": "string" + }, + "properties": { + "properties": { + "fileEntityIds": { + "type": "array" + }, + "friendlyName": { + "type": "string" + }, + "recipient": { + "type": "string" + } + }, + "type": "object" + }, + "type": { + "type": "string" + } + }, + "required": [ + "id", + "type", + "kind", + "properties" + ], + "type": "object" + }, + "type": "array" + } + } + } + } + }, + "parameters": { + "$connections": { + "value": { + "azuresentinel": { + "connectionId": "[[resourceId('Microsoft.Web/connections', variables('MicrosoftSentinelConnectionName'))]", + "connectionName": "[[variables('MicrosoftSentinelConnectionName')]", + "id": "[[concat('/subscriptions/', subscription().subscriptionId, '/providers/Microsoft.Web/locations/', variables('workspace-location-inline'), '/managedApis/Azuresentinel')]", + "connectionProperties": { + "authentication": { + "type": "ManagedServiceIdentity" + } + } + }, + "keyvault": { + "connectionId": "[[resourceId('Microsoft.Web/connections', variables('KeyvaultConnectionName'))]", + "connectionName": "[[variables('KeyvaultConnectionName')]", + "id": "[[concat('/subscriptions/', subscription().subscriptionId, '/providers/Microsoft.Web/locations/', variables('workspace-location-inline'), '/managedApis/Keyvault')]", + "connectionProperties": { + "authentication": { + "type": "ManagedServiceIdentity" + } + } + } + } + } + } + }, + "name": "[[parameters('PlaybookName')]", + "type": "Microsoft.Logic/workflows", + "location": "[[variables('workspace-location-inline')]", + "identity": { + "type": "SystemAssigned" + }, + "tags": { + "hidden-SentinelTemplateName": "o365-DeleteMaliciousInboxRule", + "hidden-SentinelTemplateVersion": "1.0", + "hidden-SentinelWorkspaceId": "[[variables('workspaceResourceId')]" + }, + "apiVersion": "2017-07-01", + "dependsOn": [ + "[[resourceId('Microsoft.Web/connections', variables('MicrosoftSentinelConnectionName'))]", + "[[resourceId('Microsoft.Web/connections', variables('KeyvaultConnectionName'))]" + ] + }, + { + "type": "Microsoft.Web/connections", + "apiVersion": "2016-06-01", + "name": "[[variables('MicrosoftSentinelConnectionName')]", + "location": "[[variables('workspace-location-inline')]", + "kind": "V1", + "properties": { + "displayName": "[[variables('MicrosoftSentinelConnectionName')]", + "parameterValueType": "Alternative", + "api": { + "id": "[[variables('_connection-2')]" + } + } + }, + { + "type": "Microsoft.Web/Connections", + "apiVersion": "2016-06-01", + "name": "[[variables('KeyvaultConnectionName')]", + "kind": "V1", + "location": "[[variables('workspace-location-inline')]", + "properties": { + "api": { + "id": "[[variables('_connection-3')]", + "type": "Microsoft.Web/locations/managedApis" + }, + "parameterValueType": "Alternative", + "alternativeParameterValues": { + "vaultName": "[[parameters('keyvault name')]" + }, + "displayName": "[[variables('KeyvaultConnectionName')]", + "nonSecretParameterValues": { + "vaultName": "[[parameters('keyvault name')]" + } + } + }, + { + "type": "Microsoft.OperationalInsights/workspaces/providers/metadata", + "apiVersion": "2022-01-01-preview", + "name": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat('Playbook-', last(split(variables('playbookId6'),'/'))))]", + "properties": { + "parentId": "[variables('playbookId6')]", + "contentId": "[variables('_playbookContentId6')]", + "kind": "Playbook", + "version": "[variables('playbookVersion6')]", + "source": { + "kind": "Solution", + "name": "Microsoft Defender for Office 365", + "sourceId": "[variables('_solutionId')]" + }, + "author": { + "name": "Microsoft", + "email": "[variables('_email')]" + }, + "support": { + "tier": "Microsoft", + "name": "Microsoft Corporation", + "email": "support@microsoft.com", + "link": "https://support.microsoft.com/" + }, + "dependencies": { + "criteria": [ + { + "kind": "AzureFunction", + "contentId": "[variables('_O365_Defender_FunctionAppConnector')]", + "version": "[variables('playbookVersion1')]" + } + ] + } + } + } + ], + "metadata": { + "title": "O365 - Delete All Malicious Inbox Rule", + "description": "This Playbook provides the automation on deleting all the suspicious/malicious Inbox Rules from Provided Mailbox", + "prerequisites": [ + "1. Prior to the deployment of this playbook, Defender for office 365 Custom Connector needs to be deployed under the same subscription.", + "2. Refer to [Defender for office 365 Logic App Custom Connector](../../CustomConnector/O365_Defender_FunctionAppConnector/readme.md) documentation for deployment instructions.", + "3. Refer to [DeleteMaliciousInboxRule](../../O365DefenderPlaybooks/o365-DeleteMaliciousInboxRule/readme.md) documentation for deployment instructions." + ], + "postDeployment": [ + "1. Authorize each connection.", + "2. Configure Playbook in Microsoft Sentinel Analytic Rule.", + "3. Assign Microsoft Sentinel Responder Role to Playbook.", + "6. Check [readme.md](../../O365DefenderPlaybooks/o365-DeleteMaliciousInboxRule/readme.md) for detailed instructions." + ], + "lastUpdateTime": "2023-09-29T12:00:00Z", + "entities": [ + "Account" + ], + "tags": [ + "Malicious", + "o365", + "Sender", + "Email", + "Account" + ], + "releaseNotes": { + "version": "1.0", + "title": "[variables('blanks')]", + "notes": [ + "Initial version" + ] + } + } + }, + "packageKind": "Solution", + "packageVersion": "[variables('_solutionVersion')]", + "packageName": "[variables('_solutionName')]", + "packageId": "[variables('_solutionId')]", + "contentSchemaVersion": "3.0.0", + "contentId": "[variables('_playbookContentId6')]", + "contentKind": "Playbook", + "displayName": "o365-DeleteMaliciousInboxRule", + "contentProductId": "[variables('_playbookcontentProductId6')]", + "id": "[variables('_playbookcontentProductId6')]", + "version": "[variables('playbookVersion6')]" + } + }, + { + "type": "Microsoft.OperationalInsights/workspaces/providers/contentPackages", + "apiVersion": "2023-04-01-preview", + "location": "[parameters('workspace-location')]", + "properties": { + "version": "3.0.1", + "kind": "Solution", + "contentSchemaVersion": "3.0.0", + "displayName": "Microsoft Defender for Office 365", + "publisherDisplayName": "Microsoft Sentinel, Microsoft Corporation", + "descriptionHtml": "

Note: There may be known issues pertaining to this Solution, please refer to them before installing.

\n

The Microsoft Defender for Office 365 solution for Microsoft Sentinel enables you to ingest security alerts from the Defender for Office 365 platform, providing visibility into threats within email messages, links (URLs) and collaboration tools.

\n

Underlying Microsoft Technologies used:

\n

This solution is dependent on the following technologies, and some of these dependencies either may be in Preview state or might result in additional ingestion or operational costs:

\n
    \n
  1. Codeless Connector Platform/Native Sentinel Polling
    2. \n
\n

Data Connectors: 1, Workbooks: 1, Function Apps: 1, Playbooks: 5

\n

Learn more about Microsoft Sentinel | Learn more about Solutions

\n", + "contentKind": "Solution", + "contentProductId": "[variables('_solutioncontentProductId')]", + "id": "[variables('_solutioncontentProductId')]", + "icon": "", + "contentId": "[variables('_solutionId')]", + "parentId": "[variables('_solutionId')]", + "source": { + "kind": "Solution", + "name": "Microsoft Defender for Office 365", + "sourceId": "[variables('_solutionId')]" + }, + "author": { + "name": "Microsoft", + "email": "[variables('_email')]" + }, + "support": { + "name": "Microsoft Corporation", + "email": "support@microsoft.com", + "tier": "Microsoft", + "link": "https://support.microsoft.com/" + }, + "dependencies": { + "operator": "AND", + "criteria": [ + { + "kind": "DataConnector", + "contentId": "[variables('_dataConnectorContentId1')]", + "version": "[variables('dataConnectorVersion1')]" + }, + { + "kind": "Workbook", + "contentId": "[variables('_workbookContentId1')]", + "version": "[variables('workbookVersion1')]" + }, + { + "kind": "AzureFunction", + "contentId": "[variables('_O365_Defender_FunctionAppConnector')]", + "version": "[variables('playbookVersion1')]" + }, + { + "kind": "Playbook", + "contentId": "[variables('_o365-BlockMalwareFileExtension')]", + "version": "[variables('playbookVersion2')]" + }, + { + "kind": "Playbook", + "contentId": "[variables('_o365-BlockSender')]", + "version": "[variables('playbookVersion3')]" + }, + { + "kind": "Playbook", + "contentId": "[variables('_o365-BlockSender-EntityTrigger')]", + "version": "[variables('playbookVersion4')]" + }, + { + "kind": "Playbook", + "contentId": "[variables('_o365-BlockSpamDomain')]", + "version": "[variables('playbookVersion5')]" + }, + { + "kind": "Playbook", + "contentId": "[variables('_o365-DeleteMaliciousInboxRule')]", + "version": "[variables('playbookVersion6')]" } ] }, @@ -3365,4 +4127,4 @@ } ], "outputs": {} -} \ No newline at end of file +} diff --git a/Workbooks/WorkbooksMetadata.json b/Workbooks/WorkbooksMetadata.json index 69c72846082..f20d2f35d5f 100644 --- a/Workbooks/WorkbooksMetadata.json +++ b/Workbooks/WorkbooksMetadata.json @@ -2880,19 +2880,7 @@ "title": "Microsoft Defender For Office 365", "templateRelativePath": "MicrosoftDefenderForOffice365.json", "subtitle": "", - "provider": "Microsoft Sentinel Community", - "support": { - "tier": "Community" - }, - "author": { - "name": "Brian Delaney" - }, - "source": { - "kind": "Community" - }, - "categories": { - "domains": [ "Security - Others" ] - } + "provider": "Microsoft Sentinel Community" }, { "workbookKey": "ProofPointThreatDashboard", From cff8c83288938d2c51fb18ec2235c856da8b5449 Mon Sep 17 00:00:00 2001 From: v-atulyadav <104008048+v-atulyadav@users.noreply.github.com> Date: Wed, 4 Oct 2023 15:41:40 +0530 Subject: [PATCH 6/8] update branding --- .../Package/3.0.1.zip | Bin 27524 -> 27529 bytes .../Package/createUiDefinition.json | 2 +- 2 files changed, 1 insertion(+), 1 deletion(-) diff --git a/Solutions/Microsoft Defender for Office 365/Package/3.0.1.zip b/Solutions/Microsoft Defender for Office 365/Package/3.0.1.zip index 5a0639ee4c724232e951c6be441d43102d2ad473..9206ef85ece8f624afb5e8da2ff7d24eda9cdfb3 100644 GIT binary patch delta 2378 zcmV-Q3AOfw*8z#w0T)n90|XQR000O8B7Ho|#TNs-LUb{^L zIE`UD4HmXxjL4BR^^n8P46UeH|Mxw2_?GC{ZX2LjBM7A7<$a#}n5$2J{R?Bk-)y`T zDG&BpuyiiB`_pN85~V!j3z3Siq-Vc2=2uDH%DSF zGwGzxqPK-|@~1TVf7$Bnt6<_~EqRtGVMx|n85?c&+(ieTcZWkod@GCvBO>kzs~+dv z@KiVuf#MS#;V{n{)!#P)0OqwS%Ze?t{#5hcZjg8D*CHY@6T`+6n zmzRxq3|~bH>6XQ;u);v1BM*^pyd~xT;TaBPCe#$pf|An@f7;y4w7#*^Hz~Yor^kAs z?Nra_G8SL|N%gj2i6kd$3NjYf5E}Hl1E6fTCs)=u4$@Bs+G?3h%lJQspfm{bzRthUU{YE`I%!9>PqN?5km z1z7==g>|eJ$2h?0ESnphl7;uF4sURWqZEEI`c@|7f3sU@+lHu!W*OVQ|-tWuy0}$8bH;g2h@XKGTMK{hijzMrEkqlL~50LRyo~MZC;3KqFxe zfS3RbrSlQD#tlFMOGHjaWR4MEST%sMnEB47wyQ6UW` zU7VB&f7!vAPvwnR7J06Xn<}y3YFg!RNTWkJ!bbP6PsN*`dxdAO^%IRnVqC;+0#`g5pGb@U~_o zI<^~Dc*~jun#R6bg>fYXA1W!Y9G}^j@SD=>fACiFked|trGyyq_veQdp??H-hMsRo z4&rKDhWm&+-l}aW$)8Qw?ru{-nv?H~%;y3-$n*9TcCH(`7sT`8Sa6fEl#&$?E8IY8 zY!wTyS#9u`{g-WXsmsH5rRlxglpFYU985aJ))upFwe8elJOl$>m{^?n6f5ieMVEqg zf4j)L8VdGp)3&CKCdSsefLo!xijkE&J(*ly?&OXMvWcn~Irp^k0rO5k=TXRVk@R?@MwI1_xL+)MsWBrZvV~iYe|k{3I(sfJMSYC1C?8PiI5L?jJnAQK{A=_bh6>G3G|BR zGOR|qm(TZ}?}dBcgnQ3+pzu(184(0%N=knrJx6O^Gyh;`{?0{c+aVT#^ z8|IkenVD%dYQ!x}!d=ro%B8Olwq%m}w= z6pW=%xxd^m(8!3&k0bSk9G>;YIxIT41I_LGUUS=e^}g(* zzaigmX+M~Sp7iN}@UMLa6eZg#BVTW)7=`N*4c_oo*%7GIM~wO0ZW2fdS1#xjeZ#oy z47m7lxm==I&y*Hc4xMo6-B&j0bS7}qP1yU><5B>0noB(4f0<5EGzFyn2b^P`Fr5E;pE zn}vY>?lzA$4z9XipWe9gdLuO4xK0Ki|JKGeDC~DOu3-(I+PE6c{tS(aTveOJ>II=~ zdYDYB^=O$>e`ocE`W@gZ=qgxtp#v1mwA>g|0^ll{Lm$CLXYUS9$L)U9KG@I7g|EN2 z&ivw6=`}!H`21}YJ#Q4PF0UO0e8}$Wrsqqs_Gt&^&19W;rOTh0l6C<#)IN#tVfj-F z`=OZq0o}Ak!~cCZH69j8Sp6gs)~3Jua2}=cwM<@~fA|G-*cf~5f5f`({wViAiF$ap zE=Z4@vBzy#tOu* zF=`unD~zCLS^Z_yBWagSL^B|*-ko`$;y?WRA5cpJ1QY-O00;mBbVOI!!Jjs!VE_R8 w!~*~kvoHz9VGSaEL|5mKA2#I(007OC18Y_S8VQpz2@{iUYY+zSY5)KL0Kny$^Z)<= delta 2341 zcmV+=3EK9F*8zmr0T)n90|XQR000O8dvrusQo+L(;0OQ!!;u#-f7vdwTNvvGUb{^L zIE`UD4HlMRjL4BV^^n8P46UeH|MxvJe2bJHZ37f*1c5ZXyw7tVbM^VJe<8&Cn+{`^ zQ16g<0&arr14atLcei)UXe4PuYT} z+;Eu&?{Z=IPf75zf0pT2-o(j@X&MQptgLrDR8q@@3634_7Kf7fo+%ARmbfFVe4J55 z6J|gJiqG~4hoMXteAyh}i0hC1SE?c$E~wCKQa_nf%|qQL#$m*CsCZ^d$^YWXl4unk z&1&x`x(b%u#Q8keOhKZt9Dis+?FVk9v!*W|J! zoRCZ~su@vif5BAom?aRnkdVz&ZKx1K4Sd$f?!c&5z z;esTv#YTTZ;I2DOMjtND;CiG538fHpE){k98!3ejico*BDu}fe(wKC`!Z?)x4Tm`Z zVgxW0&PUv8HvkDFVwp7}HN^6TRSQUxD;MV$lZn$p%Y+fRuyhD_^=fE^Fc<EnpFmm$$v?oOI05Fm8SD@U2fplu{UWITb<9_)wWfK@emATu0nS1Qmm-+*KG>Y zf9@jhD=6r9b=#WOlG{?Zy-3B|R9oQb=?bpa84XdUvr78Z6^Dx)@qUC`hlPv6BgAL{ zJam)`B&7D*gg4EXhqlXv4C$b|&J#>unTiRUgX_ z72~Ff*U)Hp^Asb3wHr2`9e=D%X=`QH8S4%tHLQbUl^karxoDIW-M3Jmuei0sa}{^N zg&jr6eBF3V!=2O+W^J-n%sTg?^Z{{BK<5$2au#)Xqec|v&T_wAx>BP?f~89ne~&s& z9E}5O;drt)zVW)Q{sleV41pw;b`9cuJgCM@|d8c?T0 z7E2KoQ|hIQ520j>=nWJ^kQmtke{98tK#SM5=ZY32T8PjugoHK<)0xq|n7YJa(N9z$ zChA9ld{W&@`df7@KKs9z)6 z9&1Wco2UfZO;tTGnrBZI4_j612Cs+Fw9&LXL~}tScEyd;=21#kj6}Uow^`7KHQUFa z@yYc1&DQ+50`p`=;189e6s}`yCa>H{uwsl6>ZPPUx zkS=EE{+Kc$_C~NIkIZ*&e~#TU;|1h+0Z6y5EKXrv-*bu!WNt?sa4D_}#a(E_C=~i; zj$YN++B{(ma|`R-emmHJ?J{S`BG0&=2Al=rmZ{OpaJlKecPi8NNY<%+-GVc$;Y&+Rt=XTU$W+RVaCb(Th?&UT zm41o#WvSc{QeDI0S!b+KYj??Z-PL7kuev;09&oHoS%TW}`htnyINqh>7k2#1QvQ!g zYLla+aVmVM&GFGke<+np@t39ci`=>Yd{15$8>ik2wL=D4+V`E7)_ZkZ_SwH7-}kg1 z%tA-{azMD(9sxzcw#>*k{S>p|dPZAUbX9Z&+us91TyED1B$z4Ia>9PYkZcsVxFNY% zooUC^uBi+HXJgC~yi`Ok=WTaeu~b;MK>R&M!fD}iEm!xPmTJ`z*RA9Kc1E5mFS0{i!{ zd9-nG)BgJM#+6ljpy9@KKKS^zHm*Tozq4@-YxvT}RcrQVXk6A+m06@(3+lRu@uXae z7CCiU?WNxXf3D140E;ekjDndIdt#daxIkvmhmq0c`{RpovlZ1(_OoKm>u#%ax9$~k z4G`xpe``grYDLQ{YfAwavTfb;DrRe!c3@sl){#@X_;D#})=oq1)ABtjeqbR#J|pzwf5X!6Nd@A0qt9^w%G+f+W1<(b2hEJNvb Date: Wed, 4 Oct 2023 16:02:36 +0530 Subject: [PATCH 7/8] update package --- .../Package/3.0.1.zip | Bin 27529 -> 27597 bytes .../Package/createUiDefinition.json | 2 +- 2 files changed, 1 insertion(+), 1 deletion(-) diff --git a/Solutions/Microsoft Defender for Office 365/Package/3.0.1.zip b/Solutions/Microsoft Defender for Office 365/Package/3.0.1.zip index 9206ef85ece8f624afb5e8da2ff7d24eda9cdfb3..cb7afa35b4b3d858129a6ffbb19630a0b9c3257f 100644 GIT binary patch delta 2432 zcmV-`34iv9*8$Df0T@tA0|XQR000O87=A=oJiUY`DG2}oksgs4AAjp^8@Uz!U!dV>uwJ)g@+{P{00J}SJ2_I5EHtYqw#5ct;@*{A7% zErnbxUH$&mG@YjV``>9N4)^!jnG)OzX2e_=<}`Cl!RA^iy^`sI&BR z-)fbUfro5r*nc!-|NZxW*tz#@XPaG}i-J1|v)9AQ1BLawO`a(|tL(lgnb}Ew;(vO6 zfKwJ}EDRo@ApXAde!v4K?f4C#YbUnU zrn1I*>VkO0GGQDCRLLXcG-+9-X-E!+Aa+%2%qo51T7Sa|T^TfOgsxVrFsUK!14Tr+ zk#0Q!OrVFg6SpLc1IDl`B1z@x2jCRMrG!!Aev;LwPLbBF3IQ`})G88aw!D`RrSt+a9`6|s@2_X}xk*$M|PQ-;8oiY2gx5Ikl8 z)Qx4s_kZW7@F+r?MF1Y3X~Vt#PHSbu0+!=Vj0Xc}PQE}WS-0?*IBS$`6f?&EU=?2YgS?Bx~6+UJg-g#Hz`XfodIIG>j{mm9N;yp3?8w6v28AO ze!BnTI*Y)sqrtdUFl;_+SBzFI!6q2!+(hEchgeaouG$o=T?yY+P_S?7(mSaox25j- zkgGSTCE(e~3a+*pk5Fo|O8Uenhw~igeSZ(P4hw$@_Yk9u$;eaA5s-G!CcJK5?%FO> zI^w-F1u_ z_}r&N)h6svy*kj>M(5d<{+yE1*PkSUJEbnfnY_)YdMqC*#!VwqL!;f1q-b-zLaFez-QdKRMbwf*}CzVg*&-pf^4EJ zM$SDieZagEPtgoXEG?;(U;E;o*x7Ue+v$t z?Lpzb)2&tNJH^!_5Aawg33`zeqq7tAEgfpqSfPl#9}URUkyvUK7oGNnKOe@~4$&JZ zh#@hizG@|vLW#Fjb5#oxEkxKSLc%(Orpwu_GxdQZ;_tb_k^2Kocs48mIe#p|W4PB1 zfW1+8OXOo#(v8^5uNbxC5MhT-pMs+)_i*x~F{{>k@izj&P@>FvKDb?2F)UHE_jy|Q zd^$Ls4)(^3$oyAhwl^J&rvtA^|L)x$SYL18l&~$0h_`b@+ha{iY7><}yRNba+U)GX zBSYM>MI$YQ22(T()hU7Is&6jRItg9(ub?88f;OEZ9B$ zo$q7I9Ov0B zdSjhg`|Gx^vp!O{(!_)50n5gf$*6r^Uoh|+$NO;n!j6Ah$p1P)?Q*0v$yETgB_0DD zrST#Dw9tN%JD)w?lNZJ8Y3qa9Aw9+In@(}t`gB+H(Z4?5Z+~gu8-45N`-2;k( zZ5ffTw?mAM>k$Rs@KsR}sM3dw`Pi-lNC{UA=oG!7U3Lase7jr>(X3}m11pD0xb*HT zigYp)xar31{rPDj06NVjc6h22BuxQn{{-iVrwkWW4OZMlOO)_&$#u+(h-4lK>zMGmo^rz+pkYATv;^{ z>MvYpz1u&xaP1OmTC?9m;UZU6X0d8OXzLm#lX5&-#MDJKp?(Lr3c3mw zRpMa#=; zO96jmyQ=BsQmlR0fqC6o$6o2;r?R*iK=qYR;(J{DT*SW3XTL%^*#2ShffV&{Z(TgpS8v=9vb;OaXa+n%Ys@*g znoDEd@Hl5qH2|^UFPLnM#g92kMfHUrO;qAnjpU6Hh#zBAHgrZ9gN|j@%dkVz44a6i yM_M&I^FGBN{Qt8V3F2W67=A=oJiUY`DG2}oksgx?YgGYWlV58j1~Y2_0002Fm7aV6 delta 2379 zcmV-R3AFaj*8z#w0UJA!KM!NMBE{4L^PTi950SLhCm{h7f z7lKomR1(Ilw#>_FRj7l(M8;=IShm&$Spk)Wb*vW0IKb&Fn|~Xfl7;uF4sURWqZEEI z`c@|7vs-E9Oe$g{Gw&hN*s>L%A~S}hk&30Tg`z)UaMz7xqxYxBa6Qt3#abyo(}sKf zoz}`mWvJhi3TjP4T9eL2yv#H}BVi7Jm;el=^AWek4L|}*L{3IzjuBs2HHRd<@^S7k znRqR%P6g9*qJKlU>sMnEB47wyQ6UW`U7VB&*}<7l<&9Vtd9IC{DzV^dTIFy^r^?qB zu0rGo(23|dlmG@-r-XQb&7y{oB%UO`sBl$-(564)m0Qt*;zWD!wq_(cwi{M>%bEn5#(%zAg>fYXA1W!Y9G}^j@SD=> z@K*AWn-un?gc$Mn=Z6)ce*|}io^MDF;%Z!m`-nTWt{b`+#Pi}Al>P8~Ak`OghEZ z7PD@(?SIr^JOl$>m{^?n6f5ieMVEqgyU4p53ifT&wx*5buGITp^G-nLQOI(U z^nZAxMwI1_xL+)MsWBrZvV~iYdQKdTBeHNj*&AO4eOLd2p6-S~veYyR1+Tw5?;{ff zm0Nm=kPmo_y2%MaGMVgjvf;4_^or*)tVX$)&-b41g?rzGd(U>D@KAIcm4>3YdSn0( zb(&%VJu*5!!hqAGMvoPW$cNE@IvtCpR)0x3rJnitFwX7~y@7%R5)&H0R#GXncuPH3 zbs*6}gnc3;tTUL-oZX74PaKi_#1%sB1DNuBR048TrpIWfp8z}K=$6PQtfCvUm)|lP zWg)_joIVCeQ$0iE#}ihc4dQPMf{{d<^L#LwTQRCowDak*^!a75e;Mpd7?Jt6CVy<_ zGMHQjUX$UccROHxwSiN@wlpHyt`S|2wI!)bQ~~X(t{xc8^9PFuRn?}!+hH_qH0>VI zOz}jVOXs!uETt$%qODH1SmwR`qoD85yYAP1 zSAAU2L%K*j|I$GxAwv(kDX=vjR!WjvyvxeMu{98RF1UXMoejhzCh%&ICV$Rh&3TjY zUH_o(?Dk7DYdze4wnn;sL)m_eE_z&1^vgDGLMYilOWo-Y8^93|@0lNi9M_!wdq+C! z4rje8*e^Z98a}n?G@AVx%1y1z2)AeyjHOVyzuYg-$cW01BlU$Gp7q8$v-a0*-)DWM zZk34#%L9&$tBO%KUSBZrTYtyHXNVIlKbVD{^yz@`uYCp-CEF?^UvH-vh3gRw z-tbk~5vbEgjQQMd5=aSGF6b0}!?^4WxcG6oT%uXelonPFop9;hSARC?bS7}qP1yU> z<5B>0noB(4nNCqO1*H84oMWCbTvRn!aT71m!Y38i2{R&=xdcxf6||c~}VII=~dYDYB^=O$>XZ42q9pEbHDp+=*0~E}(+!#{= z;3}CzAHhav?+#AK?S9lg*w4y^ufMm>{Nh*XH9%bW{B0CHZxpRAuN?(^$nNW==S#8n zX$R)bWSw}W%b%H&b^$fiK8f#P`BMw~p_u&v-Lyr+|9v+#9)A`|Sp6gs)~3Jua2}=c zwM<@~_yu&>7<=u1#JcYODEB~#dU&=jKQvcw+z|4jzs_hEJYi?e8C=Yzv2OGmw;F)h z=yz;3CgPU@t)hOzuO@2ot5)*H3dFB5Y8!ehjG$*({bkf6X_rkzGa#+roq3<)Km7Y2 xP)h>@6aWAK2(xDi*kKMLeMDF1kRLYX2mk=h9g|IKRRJ24qiZAv?`i-5002tYo$mku diff --git a/Solutions/Microsoft Defender for Office 365/Package/createUiDefinition.json b/Solutions/Microsoft Defender for Office 365/Package/createUiDefinition.json index 744ad559f8b..76cb8332b65 100644 --- a/Solutions/Microsoft Defender for Office 365/Package/createUiDefinition.json +++ b/Solutions/Microsoft Defender for Office 365/Package/createUiDefinition.json @@ -6,7 +6,7 @@ "config": { "isWizard": false, "basics": { - "description": "\n\n**Note:** _There may be [known issues](https://aka.ms/sentinelsolutionsknownissues) pertaining to this Solution, please refer to them before installing._\n\nThe [Microsoft Defender for Office 365](https://www.microsoft.com/security/business/threat-protection/office-365-defender) solution for Microsoft Sentinel enables you to ingest security alerts from the Defender for Office 365 platform, providing visibility into threats within email messages, links (URLs) and collaboration tools.\n\n**Underlying Microsoft Technologies used:**\n\nThis solution is dependent on the following technologies, and some of these dependencies either may be in [Preview](https://azure.microsoft.com/support/legal/preview-supplemental-terms/) state or might result in additional ingestion or operational costs:\n\na. [Codeless Connector Platform/Native Sentinel Polling](https://docs.microsoft.com/azure/sentinel/create-codeless-connector?tabs=deploy-via-arm-template%2Cconnect-via-the-azure-portal)\n\n**Data Connectors:** 1, **Workbooks:** 1, **Function Apps:** 1, **Playbooks:** 5\n\n[Learn more about Microsoft Sentinel](https://aka.ms/azuresentinel) | [Learn more about Solutions](https://aka.ms/azuresentinelsolutionsdoc)", + "description": "\n\n**Note:** Please refer to the following before installing the solution: \r \n • Review the solution [Release Notes](https://github.com/Azure/Azure-Sentinel/blob/master/Solutions/Microsoft%20Defender%20for%20Office%20365/ReleaseNotes.md)\r \n • There may be [known issues](https://aka.ms/sentinelsolutionsknownissues) pertaining to this Solution.\n\nThe [Microsoft Defender for Office 365](https://www.microsoft.com/security/business/threat-protection/office-365-defender) solution for Microsoft Sentinel enables you to ingest security alerts from the Defender for Office 365 platform, providing visibility into threats within email messages, links (URLs) and collaboration tools.\n\n**Underlying Microsoft Technologies used:**\n\nThis solution is dependent on the following technologies, and some of these dependencies either may be in [Preview](https://azure.microsoft.com/support/legal/preview-supplemental-terms/) state or might result in additional ingestion or operational costs:\n\na. [Codeless Connector Platform/Native Sentinel Polling](https://docs.microsoft.com/azure/sentinel/create-codeless-connector?tabs=deploy-via-arm-template%2Cconnect-via-the-azure-portal)\n\n**Data Connectors:** 1, **Workbooks:** 1, **Function Apps:** 1, **Playbooks:** 5\n\n[Learn more about Microsoft Sentinel](https://aka.ms/azuresentinel) | [Learn more about Solutions](https://aka.ms/azuresentinelsolutionsdoc)", "subscription": { "resourceProviders": [ "Microsoft.OperationsManagement/solutions", From 354f9a783ebe7f923a533ce11973319e735f2011 Mon Sep 17 00:00:00 2001 From: v-atulyadav <104008048+v-atulyadav@users.noreply.github.com> Date: Wed, 4 Oct 2023 16:32:52 +0530 Subject: [PATCH 8/8] branding failure --- .../Package/3.0.1.zip | Bin 27597 -> 27592 bytes .../Package/createUiDefinition.json | 2 +- 2 files changed, 1 insertion(+), 1 deletion(-) diff --git a/Solutions/Microsoft Defender for Office 365/Package/3.0.1.zip b/Solutions/Microsoft Defender for Office 365/Package/3.0.1.zip index cb7afa35b4b3d858129a6ffbb19630a0b9c3257f..409668288b30bc6d2bcceb7923bc40a1daef0b9b 100644 GIT binary patch delta 1614 zcmV-U2C@0g*8#}a0UJ;&+JQhQ0aAWD|x_80!tIZ4ubW#B=lQw zY~c9@TliigSx||pVc4O1b)c_}&a*B3Ii;tsKS_jnO8tm4d7Dx7 zSUyyYo0g=8M!Ppj(eRMnu<`WhLv2c1E4R)>x4o)i9UhtFD3gdqXSC{mg-m@Z$%=u` zy>qFkv0}4z<1q_&a>oSOM1T2=oO@pSfO#jN1}Q|jh&#NIBZ|aF+^-fs)tI3Y>B23C z9VZS)Az3&YAB?UCU045zqV4)XveeYr4PJkJ*+nMWL$~x2As_GH|l_ z-*bf{_Xn8pY*+wtScJ!LuNwe+qwto<$E>6qv6o*lYRn z1cISNne%*b&#+=xqJL=b^R)2!bZ|Hw?2Q?b`LD)oZ#o!H2VRr@-Mc-ozTUtoVOtsz zZ|8`%$C{MXCMtn;U1bk6+}VT4gR*K};B7yeHi~wKXr_29E~WF@+)F8n=4h+ZZ6@@7 z&7Psr_~f?g&Cd9^1ob~q3U0PO(OFS7w@L}IBN-Lo>z1>;FMnB&Xi|&SdigfGY~VW0 z?5;i=1;`fN^mdyvW^^}LuzNZ^-_btU?S<@U4sh?f=#5!%G0v&k0l(r3QCxdA%tOj= zdh10lW1dF7Q!W~j#z)iwhl8#|@7k~3s`|J?59mtq{7WA?3F+Hthrm{QSSm?w@h&S8 z$5un+x!@)?Xn)O99?^l9jWlr%D$bjX@45?JXE!f(uk~>G*=p&!1!a31RrIu^=%#Jl ziIB2^ma5Vp*MK7+?&u!}87@5C?@n~uZq7Pcu$y}NHGFE)sWtm8q?<~aA@0*i7)zlt zf6ZT@kP(${N2;qiJnM~hX6-NDzRvnc-AWS=rUxt=SAQm>_IZ85z;7Jy!|@9{{%Ilq z>jbsSk6t{0W#ck`;UC~GX`h35o zeQy+c(x(H$e|8Tj3btiLzTOToI<7|)c*9pkMW9L_GUj8u4j?65F{)GahIZK*aPjSO zF;26dDSwTw94g_`yRRtH$xPs;8?*Q4r-cCMG?&=nsZNkI1*H8GoFkqxTvRn!aT6_3 z!p9}oF*72PnFLQP<+C4f;%z}Rf9i;-B&__Ll`?@5H0z1$sUKT%bRsh$Qj*~|69N6Z z+g#dMxNg5by>MmKM5w=To%L@2+``o>>=zcUet!+0TDWS>ehY<*TveIHssW*`YnV*R zL1__F7uBr#9pEbHDp*vZBP7hEm>p99;3}CxAHjwf?~cw#&7{;mSkH>lufMm>{0La- zH9(yE_^lPatQ9RUuPp`qk?pFcmrJqsVF%`QXB~T`iyzJ6W&qV!K8f#f@xu}OHlO_p z)qk`>!~cCXH69jmQ2sa(RHncBa2Y1iM;X67^8@IhHuj_ced=TTC&mX-)Wf}X@lapA zaYM-R?l_|v@C27Ngel$^uUp109Mj(ESQQ6QL zVGKH!RWHL1Ni%FBnjUG@?9BTVfAIf*P_thN;9(5|ghW?uRm=_~2><|_lT2$?0a=ry MYa|9PYXATM04V4ZA^-pY delta 1611 zcmV-R2DJIe*8$Df0T)n90|XQR000O87=A=oJiUY`DG2}ok+By~1AiJ&oM|84jTy0y z?1mNIvN|p%kj=!MIg0Y(8sOj8-kdCK%}4MB>bcSW&C4+7zr^3Ex#v zuy5k+~ZUb&MML+^0mG2oRZSlpCp1ir7pyoyv?Y3EFUVyO(Rl6 zqur6DXmiMJ*m!#Mp*E$hm0M?`+f>!C4v$Q7lu5**Gg@`OLVmuKWW~T|+__ZLPO;g# z@tB1>xnqKCqJJz#&OI-Ez`PSsc@&~t#2wzq5k>?9Qp<8;1kPmna+rbGzG9K@>qT#Ut^onOPDBIDO z&kvp-1P6Z$4xa5n;l9(YRq8v%)guq^SSJa3krSh{6MytA9ct8Ap@_U64an1xSZWm) zo%V%4AI8}Z(Hkg;Au*=DY9*CIiMLd9RSOa=MA#=n!a9Sd%h|0n^?@Ve@43Q}`vXjP zHY@-+EW%^B*A0NZQFu$_V^-3Q*vqdNwc`+Bhfbe@qbc`r@}n`U)_UMzC%y~Yz zU05+JQGc}ed0O~V@*nG z6O}-_uCfQ(?CinhL0Ppf@U|aK8%4WAG*dhlm(qD{?xhq(OSDz#HWPZkX3x-Qd~#d$ zW@mg{g8CmQ1vgut=&Y!kTcw29k&FuPb)#9{l7Fm6G^xdEy?parwr!mjc2{?e0%VIG zdb>>-GrAEh*ggH7?_x0@MJ;m*tPI24%bXWAzzdqk@Y2O=# zp7iN}@SoiSih^w!k*~KyjE?IO1>W#gQ4y%phm85yt^-I3R}APBy`f!p23&l*Tz?GF ztY=CCD~C$B^zJK)bTSjT>Bj8+`Dq~lI?W|^c&Za5O#x~D1m}pS3>Q@mR@_8Ol<;xM zbl!ALay(kZ z)I~L+eh0V;x(XIm=m-fjDJI4g0JutK&_}T0#k-^PQ8OR457x6{;OpE%+aeb|9{-C4(8>EfrdxEVn8l~3Y(T>MO^t^|9F#vv1eNKpK3s-L^ijqy&-?&7sEz&Tf0g>!{$cTf6!ma#T|CrRZ`=^F zygSZl20TG)%sIH4OJm*eXHGQ$vEeV6Y>dT^IZ8$Kg&$2+;#ZC2jS+|+V^lVDMi_&R zW!1~DL(&YJh^9wcH9PY@#RMPx{~xni3E^Q47=A=oJiUY`DG2}ok&{PjRsmj\n\n**Note:** Please refer to the following before installing the solution: \r \n • Review the solution [Release Notes](https://github.com/Azure/Azure-Sentinel/blob/master/Solutions/Microsoft%20Defender%20for%20Office%20365/ReleaseNotes.md)\r \n • There may be [known issues](https://aka.ms/sentinelsolutionsknownissues) pertaining to this Solution.\n\nThe [Microsoft Defender for Office 365](https://www.microsoft.com/security/business/threat-protection/office-365-defender) solution for Microsoft Sentinel enables you to ingest security alerts from the Defender for Office 365 platform, providing visibility into threats within email messages, links (URLs) and collaboration tools.\n\n**Underlying Microsoft Technologies used:**\n\nThis solution is dependent on the following technologies, and some of these dependencies either may be in [Preview](https://azure.microsoft.com/support/legal/preview-supplemental-terms/) state or might result in additional ingestion or operational costs:\n\na. [Codeless Connector Platform/Native Sentinel Polling](https://docs.microsoft.com/azure/sentinel/create-codeless-connector?tabs=deploy-via-arm-template%2Cconnect-via-the-azure-portal)\n\n**Data Connectors:** 1, **Workbooks:** 1, **Function Apps:** 1, **Playbooks:** 5\n\n[Learn more about Microsoft Sentinel](https://aka.ms/azuresentinel) | [Learn more about Solutions](https://aka.ms/azuresentinelsolutionsdoc)", + "description": "\n\n**Note:** Please refer to the following before installing the solution: \r \n • Review the solution [Release Notes](https://github.com/Azure/Azure-Sentinel/blob/master/Solutions/Microsoft%20Defender%20for%20Office%20365/ReleaseNotes.md)\r \n • There may be [known issues](https://aka.ms/sentinelsolutionsknownissues) pertaining to this Solution.\n\nThe [Microsoft Defender for Office 365](https://www.microsoft.com/security/business/threat-protection/office-365-defender) solution for Microsoft Sentinel enables you to ingest security alerts from the Defender for Office 365 platform, providing visibility into threats within email messages, links (URLs) and collaboration tools.\n\n**Underlying Microsoft Technologies used:**\n\nThis solution is dependent on the following technologies, and some of these dependencies either may be in [Preview](https://azure.microsoft.com/support/legal/preview-supplemental-terms/) state or might result in additional ingestion or operational costs:\n\na. [Codeless Connector Platform/Native Microsoft Sentinel Polling](https://docs.microsoft.com/azure/sentinel/create-codeless-connector?tabs=deploy-via-arm-template%2Cconnect-via-the-azure-portal)\n\n**Data Connectors:** 1, **Workbooks:** 1, **Function Apps:** 1, **Playbooks:** 5\n\n[Learn more about Microsoft Sentinel](https://aka.ms/azuresentinel) | [Learn more about Solutions](https://aka.ms/azuresentinelsolutionsdoc)", "subscription": { "resourceProviders": [ "Microsoft.OperationsManagement/solutions",