Merge pull request #9037 from Azure/v-sabiraj-insiderriskmanagement

Update Solution_InsiderRiskManagement.json

Solutions/MicrosoftPurviewInsiderRiskManagement/Package/createUiDefinition.json

@@ -344,4 +344,4 @@
       "workspace": "[basics('workspace')]"
     }
   }
-}
+}

Solutions/MicrosoftPurviewInsiderRiskManagement/ReleaseNotes.md

@@ -1,4 +1,5 @@
 | **Version** | **Date Modified (DD-MM-YYYY)** | **Change History**                                                       |
 |-------------|--------------------------------|--------------------------------------------------------------------------|
+| 3.0.1       | 20-09-2023                     | Updated **Workbook** template to fix the invaild json issue              |
 | 3.0.0       | 17-07-2023                     | Updating **Analytic Rules** with grouping configuration(Single Alert)    |
 |             |                                |                                                                          |

Solutions/MicrosoftPurviewInsiderRiskManagement/data/Solution_InsiderRiskManagement.json

@@ -28,7 +28,7 @@
   ],
   "Metadata": "SolutionMetadata.json",
   "BasePath": "C:\\GitHub\\Azure-Sentinel\\Solutions\\MicrosoftPurviewInsiderRiskManagement",
-  "Version": "2.0.6",
+  "Version": "3.0.1",
   "TemplateSpec": true,
   "Is1Pconnector": true
 }

Solutions/MicrosoftPurviewInsiderRiskManagement/data/system_generated_metadata.json

@@ -0,0 +1,36 @@
+{
+  "Name": "MicrosoftPurviewInsiderRiskManagement",
+  "Author": "Microsoft - support@microsoft.com",
+  "Logo": "<img src=\"https://raw.githubusercontent.com/Azure/Azure-Sentinel/master/Workbooks/Images/Logos/Azure_Sentinel.svg\" width=\"75px\" height=\"75px\">",
+  "Description": "This solution enables insider risk management teams to investigate risk-based behavior across 25+ Microsoft products. This solution is a better-together story between Microsoft Sentinel and Microsoft Purview Insider Risk Management. The solution includes the Insider Risk Management Workbook, (5) Hunting Queries, (1) Data Connector, (5) Analytics Rules, (1) Playbook automation and the Microsoft Purview Insider Risk Management connector. While only Microsoft Sentinel is required to get started, the solution is enhanced with numerous Microsoft offerings, including, but not limited to:\n\n- [Microsoft Purview Insider Risk Management](https://docs.microsoft.com/microsoft-365/compliance/insider-risk-management-solution-overview?view=o365-worldwide)\n- [Microsoft Purview Communications Compliance](https://docs.microsoft.com/microsoft-365/compliance/communication-compliance-solution-overview?view=o365-worldwide)\n- [Microsoft Purview Advanced eDiscovery](https://docs.microsoft.com/microsoft-365/compliance/ediscovery?view=o365-worldwide)\n- [Microsoft Purview Defender](https://www.microsoft.com/security/business/threat-protection/microsoft-365-defender?rtc=1)\n- [Microsoft Information Protection](https://docs.microsoft.com/microsoft-365/compliance/information-protection?view=o365-worldwide)\n- [Azure Active Directory](https://azure.microsoft.com/services/active-directory/)\n- [Microsoft Defender for Cloud](https://azure.microsoft.com/services/security-center/)\n- [Microsoft Sentinel Notebooks](https://docs.microsoft.com/azure/sentinel/notebooks) [(Bring Your Own Machine Learning)](https://docs.microsoft.com/azure/sentinel/bring-your-own-ml)\n- [Microsoft Defender for Endpoint](https://www.microsoft.com/security/business/threat-protection/endpoint-defender?rtc=1)\n- [Microsoft Defender for Identity](https://www.microsoft.com/security/business/threat-protection/identity-defender?rtc=1)\n- [Microsoft Defender for Cloud Apps](https://www.microsoft.com/security/business/cloud-apps-defender?rtc=1)\n- [Microsoft Defender for Office 365](https://www.microsoft.com/security/business/threat-protection/office-365-defender?rtc=1)\n\nMicrosoft Sentinel Solutions provide a consolidated way to acquire Microsoft Sentinel content like data connectors, workbooks, analytics, and automations in your workspace with a single deployment step.\n\n[Learn more about Microsoft Sentinel](https://aka.ms/azuresentinel) | [Learn more about Solutions](https://aka.ms/azuresentinelsolutionsdoc)",
+  "Metadata": "SolutionMetadata.json",
+  "BasePath": "C:\\GitHub\\Azure-Sentinel\\Solutions\\MicrosoftPurviewInsiderRiskManagement",
+  "Version": "3.0.1",
+  "TemplateSpec": true,
+  "Is1Pconnector": true,
+  "publisherId": "azuresentinel",
+  "offerId": "azure-sentinel-solution-insiderriskmanagement",
+  "providers": [
+    "Microsoft"
+  ],
+  "categories": {
+    "domains": [
+      "Security - Insider Threat",
+      "Security - Automation (SOAR)"
+    ]
+  },
+  "firstPublishDate": "2021-10-20",
+  "support": {
+    "name": "Microsoft Corporation",
+    "email": "support@microsoft.com",
+    "tier": "Microsoft",
+    "link": "https://support.microsoft.com"
+  },
+  "Data Connectors": "[\n  \"Data Connectors/template_OfficeIRM.json\"\n]",
+  "Playbooks": [
+    "Playbooks/Notify_InsiderRiskTeam/Notify_InsiderRiskTeam.json"
+  ],
+  "Workbooks": "[\n  \"Workbooks/InsiderRiskManagement.json\"\n]",
+  "Analytic Rules": "[\n  \"InsiderRiskHighUserAlertsCorrelation.yaml\",\n  \"InsiderRiskHighUserIncidentsCorrelation.yaml\",\n  \"InsiderRiskM365IRMAlertObserved.yaml\",\n  \"InsiderRiskSensitiveDataAccessOutsideOrgGeo.yaml\",\n  \"InsiderRiskyAccessByApplication.yaml\"\n]",
+  "Hunting Queries": "[\n  \"InsiderEntityAnomalyFollowedByIRMAlert.yaml\",\n  \"InsiderISPAnomalyCorrelatedToExfiltrationAlert.yaml\",\n  \"InsiderMultipleEntityAnomalies.yaml\",\n  \"InsiderPossibleSabotage.yaml\",\n  \"InsiderSignInRiskFollowedBySensitiveDataAccessyaml.yaml\"\n]"
+}