From 91d5399c1a681fcd7f673d7b6bd8cbd617489ca3 Mon Sep 17 00:00:00 2001 From: jonbagg Date: Mon, 3 Apr 2023 16:41:03 -0400 Subject: [PATCH 01/26] Initial Push of Salem Integration - playbook to collect Sentinel alerts and forward them to Salem - workbook to view Salem analysis in log analytics --- .../SendAlertToSalem/azuredeploy.json | 205 +++++++++++ .../Workbooks/SalemDashboard.json | 329 ++++++++++++++++++ 2 files changed, 534 insertions(+) create mode 100644 Solutions/Salem AI Cyber Analyst/Playbooks/SendAlertToSalem/azuredeploy.json create mode 100644 Solutions/Salem AI Cyber Analyst/Workbooks/SalemDashboard.json diff --git a/Solutions/Salem AI Cyber Analyst/Playbooks/SendAlertToSalem/azuredeploy.json b/Solutions/Salem AI Cyber Analyst/Playbooks/SendAlertToSalem/azuredeploy.json new file mode 100644 index 00000000000..4792820087f --- /dev/null +++ b/Solutions/Salem AI Cyber Analyst/Playbooks/SendAlertToSalem/azuredeploy.json @@ -0,0 +1,205 @@ +{ + "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", + "contentVersion": "1.0.0.0", + "parameters": { + "PlaybookName": { + "type": "string", + "metadata": { + "description": "A Globally unique name for the integration logic app" + } + }, + "SalemEventHubConnectionString": { + "type": "securestring", + "metadata": { + "description": "The Connection String from the Salem 'alerts' Event Hub" + } + }, + "location": { + "type": "string", + "defaultValue": "", + "metadata": { + "description": "Location for all resources. Leave blank to use location of resource group" + } + } + }, + "variables": { + "location": "[if(empty(parameters('location')), resourceGroup().location, parameters('location'))]", + "SalemEventHubConnectionName": "[concat('SalemEventHub-', parameters('PlaybookName'))]", + "SentinelConnectionName": "[concat('MicrosoftSentinel-', parameters('PlaybookName'))]" + }, + "resources": [ + { + "type": "Microsoft.Logic/workflows", + "apiVersion": "2017-07-01", + "name": "[parameters('PlaybookName')]", + "location": "[variables('location')]", + "properties": { + "state": "Enabled", + "definition": { + "$schema": "https://schema.management.azure.com/providers/Microsoft.Logic/schemas/2016-06-01/workflowdefinition.json#", + "contentVersion": "1.0.0.0", + "parameters": { + "$connections": { + "defaultValue": {}, + "type": "Object" + } + }, + "triggers": { + "Microsoft_Sentinel_alert": { + "type": "ApiConnectionWebhook", + "inputs": { + "body": { + "callback_url": "@{listCallbackUrl()}" + }, + "host": { + "connection": { + "name": "@parameters('$connections')['azuresentinel']['connectionId']" + } + }, + "path": "/subscribe" + } + } + }, + "actions": { + "Alert_-_Get_incident": { + "runAfter": {}, + "type": "ApiConnection", + "inputs": { + "host": { + "connection": { + "name": "@parameters('$connections')['azuresentinel']['connectionId']" + } + }, + "method": "get", + "path": "/Incidents/subscriptions/@{encodeURIComponent(triggerBody()?['WorkspaceSubscriptionId'])}/resourceGroups/@{encodeURIComponent(triggerBody()?['WorkspaceResourceGroup'])}/workspaces/@{encodeURIComponent(triggerBody()?['WorkspaceId'])}/alerts/@{encodeURIComponent(triggerBody()?['SystemAlertId'])}" + } + }, + "Initialize_variable_alert_body": { + "runAfter": { + "Alert_-_Get_incident": [ + "Succeeded" + ] + }, + "type": "InitializeVariable", + "inputs": { + "variables": [ + { + "name": "alert_body", + "type": "object", + "value": { + "custom_details": "@json(coalesce(triggerBody()?['ExtendedProperties']?['Custom Details'],'{}'))", + "earliest": "@triggerBody()['ExtendedProperties']['Query Start Time UTC']", + "entities": "@triggerBody()?['Entities']", + "incident_id": "@body('Alert_-_Get_incident')?['properties']?['incidentNumber']", + "latest": "@triggerBody()['ExtendedProperties']['Query End Time UTC']" + } + } + ] + } + }, + "Initialize_variable_alert": { + "runAfter": { + "Initialize_variable_alert_body": [ + "Succeeded" + ] + }, + "type": "InitializeVariable", + "inputs": { + "variables": [ + { + "name": "alert_formatted", + "type": "object", + "value": { + "alert": "@variables('alert_body')", + "alert_name": "@triggerBody()?['AlertDisplayName']", + "id": "@triggerBody()?['SystemAlertId']", + "source": "sentinel" + } + } + ] + } + }, + "Send_event": { + "runAfter": { + "Initialize_variable_alert": [ + "Succeeded" + ] + }, + "type": "ApiConnection", + "inputs": { + "body": { + "ContentData": "@{base64(variables('alert_formatted'))}" + }, + "host": { + "connection": { + "name": "@parameters('$connections')['eventhubs']['connectionId']" + } + }, + "method": "post", + "path": "/@{encodeURIComponent('alerts')}/events" + } + } + }, + "outputs": {} + }, + "parameters": { + "$connections": { + "value": { + "azuresentinel": { + "connectionId": "[resourceId('Microsoft.Web/connections', variables('SentinelConnectionName'))]", + "connectionName": "[variables('SentinelConnectionName')]", + "id": "[concat('/subscriptions/', subscription().subscriptionId, '/providers/Microsoft.Web/locations/', variables('location'), '/managedApis/azuresentinel')]" + }, + "eventhubs": { + "connectionId": "[resourceId('Microsoft.Web/connections', variables('SalemEventHubConnectionname'))]", + "connectionName": "[variables('SalemEventHubConnectionname')]", + "id": "[concat('/subscriptions/', subscription().subscriptionId, '/providers/Microsoft.Web/locations/', variables('location'), '/managedApis/eventhubs')]" + } + } + } + } + }, + "dependsOn": [ + "[resourceId('Microsoft.Web/connections', variables('SentinelConnectionName'))]", + "[resourceId('Microsoft.Web/connections', variables('SalemEventHubConnectionname'))]" + ] + }, + { + "type": "Microsoft.Web/connections", + "apiVersion": "2016-06-01", + "name": "[variables('SalemEventHubConnectionname')]", + "location": "[variables('location')]", + "kind": "V1", + "properties": { + "displayName": "Salem Event Hubs", + "api": { + "name": "[variables('SalemEventHubConnectionname')]", + "displayName": "Salem Event Hubs", + "description": "Connect to The Salem Event Hub to send alerts.", + "id": "[concat('/subscriptions/', subscription().subscriptionId, '/providers/Microsoft.Web/locations/', variables('location'), '/managedApis/eventhubs')]", + "type": "Microsoft.Web/locations/managedApis" + }, + "parameterValues": { + "connectionString": "[parameters('SalemEventHubConnectionString')]" + } + } + }, + { + "type": "Microsoft.Web/connections", + "apiVersion": "2016-06-01", + "name": "[variables('SentinelConnectionName')]", + "location": "[variables('location')]", + "kind": "V1", + "properties": { + "displayName": "Microsoft Sentinel", + "api": { + "name": "[variables('SentinelConnectionName')]", + "displayName": "Microsoft Sentinel", + "description": "Cloud-native SIEM with a built-in AI so you can focus on what matters most", + "id": "[concat('/subscriptions/', subscription().subscriptionId, '/providers/Microsoft.Web/locations/', variables('location'), '/managedApis/azuresentinel')]", + "type": "Microsoft.Web/locations/managedApis" + } + } + } + ] +} \ No newline at end of file diff --git a/Solutions/Salem AI Cyber Analyst/Workbooks/SalemDashboard.json b/Solutions/Salem AI Cyber Analyst/Workbooks/SalemDashboard.json new file mode 100644 index 00000000000..cbff7370966 --- /dev/null +++ b/Solutions/Salem AI Cyber Analyst/Workbooks/SalemDashboard.json @@ -0,0 +1,329 @@ +{ + "$schema": "https://github.com/Microsoft/Application-Insights-Workbooks/blob/master/schema/workbook.json", + "version": "Notebook/1.0", + "items": [ + { + "type": 9, + "content": { + "version": "KqlParameterItem/1.0", + "parameters": [ + { + "id": "ea0c0933-39f4-4220-9afc-d2aca2b7afc7", + "version": "KqlParameterItem/1.0", + "name": "time_range_picker", + "label": "Time Range Picker", + "type": 4, + "isGlobal": true, + "typeSettings": { + "selectableValues": [ + { + "durationMs": 300000 + }, + { + "durationMs": 1800000 + }, + { + "durationMs": 3600000 + }, + { + "durationMs": 43200000 + }, + { + "durationMs": 86400000 + }, + { + "durationMs": 172800000 + }, + { + "durationMs": 604800000 + }, + { + "durationMs": 2592000000 + }, + { + "durationMs": 7776000000 + } + ], + "allowCustom": true + }, + "timeContext": { + "durationMs": 86400000 + }, + "value": { + "durationMs": 86400000 + } + }, + { + "id": "78694e68-cdb6-4156-9847-b19b75c2b04f", + "version": "KqlParameterItem/1.0", + "name": "row_count", + "label": "Row Count", + "type": 2, + "description": "Number of rows to display", + "isGlobal": true, + "typeSettings": { + "additionalResourceOptions": [], + "showDefault": false + }, + "jsonData": "[\n 1, 5, 25\n]", + "timeContext": { + "durationMs": 86400000 + }, + "value": "5" + } + ], + "style": "pills", + "queryType": 0, + "resourceType": "microsoft.operationalinsights/workspaces" + }, + "name": "parameters - 3" + }, + { + "type": 12, + "content": { + "version": "NotebookGroup/1.0", + "groupType": "editable", + "title": "Top Row", + "items": [ + { + "type": 3, + "content": { + "version": "KqlItem/1.0", + "query": "SalemAlerts_CL \n| extend pred = parse_json(prediction_s)[-1]\n| extend investigation_status = case(incident_s == \"1\", \"Threat\", incident_s == \"0\", \"False Positive\", \"Not Escalated\")\n| where investigation_status == \"Threat\"\n| summarize escalated_threats = count()\n| project Count = escalated_threats", + "size": 3, + "title": "Escalated Threats", + "noDataMessageStyle": 4, + "timeContextFromParameter": "time_range_picker", + "queryType": 0, + "resourceType": "microsoft.operationalinsights/workspaces", + "visualization": "card", + "tileSettings": { + "showBorder": false + }, + "mapSettings": { + "locInfo": "LatLong", + "sizeSettings": "Count", + "sizeAggregation": "Sum", + "legendMetric": "Count", + "legendAggregation": "Sum", + "itemColorSettings": { + "type": "heatmap", + "colorAggregation": "Sum", + "nodeColorField": "Count", + "heatmapPalette": "greenRed" + } + }, + "textSettings": { + "style": "bignumber" + } + }, + "customWidth": "50", + "name": "query - 3" + }, + { + "type": 3, + "content": { + "version": "KqlItem/1.0", + "query": "SalemAlerts_CL\n| summarize Count = count()", + "size": 3, + "title": "Alerts Analyzed", + "timeContextFromParameter": "time_range_picker", + "queryType": 0, + "resourceType": "microsoft.operationalinsights/workspaces", + "visualization": "card", + "gridSettings": { + "rowLimit": 50 + }, + "textSettings": { + "style": "bignumber" + } + }, + "customWidth": "50", + "name": "query - 2" + }, + { + "type": 3, + "content": { + "version": "KqlItem/1.0", + "query": "SalemAlerts_CL \n| extend pred = parse_json(prediction_s)[-1]\n| extend investigation_status = case(incident_s == \"1\", \"Threat\", incident_s == \"0\", \"False Positive\", \"Not Escalated\")\n| where investigation_status == \"Threat\"\n| summarize cnt = count() by alert_name_s\n| order by cnt desc\n| project alert_name = alert_name_s, Count = cnt\n| take {row_count}", + "size": 3, + "title": "Common Escalated Threats", + "timeContextFromParameter": "time_range_picker", + "queryType": 0, + "resourceType": "microsoft.operationalinsights/workspaces", + "tileSettings": { + "showBorder": false, + "titleContent": { + "columnMatch": "alert_name", + "formatter": 1 + }, + "leftContent": { + "columnMatch": "Count", + "formatter": 12, + "formatOptions": { + "palette": "auto" + }, + "numberFormat": { + "unit": 17, + "options": { + "maximumSignificantDigits": 3, + "maximumFractionDigits": 2 + } + } + } + }, + "graphSettings": { + "type": 0, + "topContent": { + "columnMatch": "alert_name", + "formatter": 1 + }, + "centerContent": { + "columnMatch": "Count", + "formatter": 1, + "numberFormat": { + "unit": 17, + "options": { + "maximumSignificantDigits": 3, + "maximumFractionDigits": 2 + } + } + } + } + }, + "customWidth": "50", + "name": "query - 3" + }, + { + "type": 3, + "content": { + "version": "KqlItem/1.0", + "query": "SalemAlerts_CL \n| summarize cnt = count() by alert_name_s\n| order by cnt desc\n| project alert_name = alert_name_s, Count = cnt\n| take {row_count}", + "size": 3, + "title": "Common Alerts", + "timeContextFromParameter": "time_range_picker", + "queryType": 0, + "resourceType": "microsoft.operationalinsights/workspaces" + }, + "customWidth": "50", + "name": "query - 5" + } + ] + }, + "name": "Top Row", + "styleSettings": { + "margin": "5", + "padding": "5", + "showBorder": true + } + }, + { + "type": 12, + "content": { + "version": "NotebookGroup/1.0", + "groupType": "editable", + "title": "Most Targeted", + "items": [ + { + "type": 3, + "content": { + "version": "KqlItem/1.0", + "query": "SalemAlerts_CL \n| extend pred = parse_json(prediction_s)[-1]\n| extend investigation_status = case(incident_s == \"1\", \"Threat\", incident_s == \"0\", \"False Positive\", \"Not Escalated\")\n| where investigation_status == \"Threat\"\n| extend context = parse_json(context_s)\n| mv-expand context.account\n| where isnotempty( context_account) \n| summarize cnt = count() by tostring(context_account)\n| order by cnt desc \n| take 5\n| project Targeted_Accounts = context_account, Count = cnt", + "size": 3, + "timeContextFromParameter": "time_range_picker", + "queryType": 0, + "resourceType": "microsoft.operationalinsights/workspaces", + "sortBy": [] + }, + "customWidth": "50", + "name": "query - 4" + }, + { + "type": 3, + "content": { + "version": "KqlItem/1.0", + "query": "SalemAlerts_CL\n| where incident_s == \"1\"\n| extend context = parse_json(context_s)\n| extend res_context = case(set_has_element(context.dest, \"external_resource\"), context.src, context.dest)\n| mv-expand res_context\n| where res_context !in (\"internal_resource\",\"isHostName\")\n| where isnotempty(res_context)\n| summarize Count = count() by tostring(res_context)\n| order by Count desc\n| project Targeted_Resources = res_context, Count\n| take {row_count}", + "size": 3, + "timeContextFromParameter": "time_range_picker", + "queryType": 0, + "resourceType": "microsoft.operationalinsights/workspaces", + "sortBy": [] + }, + "customWidth": "50", + "name": "query - 4 - Copy" + } + ] + }, + "name": "most_targeted", + "styleSettings": { + "showBorder": true + } + }, + { + "type": 12, + "content": { + "version": "NotebookGroup/1.0", + "groupType": "editable", + "title": "Alert Trend", + "items": [ + { + "type": 3, + "content": { + "version": "KqlItem/1.0", + "query": "range days from {time_range_picker:start} to {time_range_picker:end} step 1d\n| project days, day_only = format_datetime(days, \"MM/dd/yyyy\")\n| join kind=leftouter (\n SalemAlerts_CL\n | summarize alerts = count() by bin(report_time_t, 1d)\n | project report_time_t, alerts\n | join kind=leftouter (\n SalemAlerts_CL\n | where incident_s == \"1\"\n | summarize threats = count() by bin(report_time_t, 1d)\n | project report_time_t, threats\n ) on report_time_t\n | project day_only = format_datetime(report_time_t1, \"MM/dd/yyyy\"), alerts, threats\n) on day_only\n| project days, alerts = case(isempty(alerts), 0, alerts) , threats = case(isempty(threats), 0, threats)\n| order by days asc \n| render timechart", + "size": 0, + "timeContextFromParameter": "time_range_picker", + "queryType": 0, + "resourceType": "microsoft.operationalinsights/workspaces" + }, + "name": "query - 2" + } + ] + }, + "name": "Alert Trend", + "styleSettings": { + "showBorder": true + } + }, + { + "type": 12, + "content": { + "version": "NotebookGroup/1.0", + "groupType": "editable", + "title": "Alerts in Table", + "items": [ + { + "type": 3, + "content": { + "version": "KqlItem/1.0", + "query": "SalemAlerts_CL\n| extend pred = parse_json(prediction_s)[-1]\n| extend treat_level = case(pred > 0.7, \"High\", pred < 0.35, \"Low\", \"Medium\")\n| extend investigation_status = case(incident_s == \"1\", \"Threat\", incident_s == \"0\", \"False Positive\", \"Not Escalated\")\n| project report_time_t, id_s, alert_name_s, treat_level, investigation_status", + "size": 3, + "timeContextFromParameter": "time_range_picker", + "queryType": 0, + "resourceType": "microsoft.operationalinsights/workspaces", + "gridSettings": { + "sortBy": [ + { + "itemKey": "report_time_t", + "sortOrder": 2 + } + ] + }, + "sortBy": [ + { + "itemKey": "report_time_t", + "sortOrder": 2 + } + ] + }, + "name": "query - 2" + } + ] + }, + "name": "group - 5", + "styleSettings": { + "showBorder": true + } + } + ] + } \ No newline at end of file From 860917ec37769dc892783e6446ff06ffe6e43cef Mon Sep 17 00:00:00 2001 From: jonbagg Date: Fri, 28 Apr 2023 16:30:41 -0400 Subject: [PATCH 02/26] Updates to generate solution package Updates including: - Added logo - Added Solution Metadata - Added Input file - Updated playbook API versions in ARM template - Update Directory Name --- Logos/salem_logo.svg | 13 ++++++ .../SendAlertToSalem/azuredeploy.json | 39 +++++++++++----- .../SolutionMetadata.json | 17 +++++++ .../Workbooks/SalemDashboard.json | 7 +-- .../input/Solution_CyberArkEPM.json | 44 ------------------- .../input/Solution_DNS.json | 41 ----------------- .../input/Solution_Salem.json | 16 +++++++ 7 files changed, 75 insertions(+), 102 deletions(-) create mode 100644 Logos/salem_logo.svg rename Solutions/{Salem AI Cyber Analyst => Salem Virtual Cyber Analyst}/Playbooks/SendAlertToSalem/azuredeploy.json (88%) create mode 100644 Solutions/Salem Virtual Cyber Analyst/SolutionMetadata.json rename Solutions/{Salem AI Cyber Analyst => Salem Virtual Cyber Analyst}/Workbooks/SalemDashboard.json (99%) delete mode 100644 Tools/Create-Azure-Sentinel-Solution/input/Solution_CyberArkEPM.json delete mode 100644 Tools/Create-Azure-Sentinel-Solution/input/Solution_DNS.json create mode 100644 Tools/Create-Azure-Sentinel-Solution/input/Solution_Salem.json diff --git a/Logos/salem_logo.svg b/Logos/salem_logo.svg new file mode 100644 index 00000000000..307b2f7d296 --- /dev/null +++ b/Logos/salem_logo.svg @@ -0,0 +1,13 @@ + + + + + + + diff --git a/Solutions/Salem AI Cyber Analyst/Playbooks/SendAlertToSalem/azuredeploy.json b/Solutions/Salem Virtual Cyber Analyst/Playbooks/SendAlertToSalem/azuredeploy.json similarity index 88% rename from Solutions/Salem AI Cyber Analyst/Playbooks/SendAlertToSalem/azuredeploy.json rename to Solutions/Salem Virtual Cyber Analyst/Playbooks/SendAlertToSalem/azuredeploy.json index 4792820087f..b08f9f4fabf 100644 --- a/Solutions/Salem AI Cyber Analyst/Playbooks/SendAlertToSalem/azuredeploy.json +++ b/Solutions/Salem Virtual Cyber Analyst/Playbooks/SendAlertToSalem/azuredeploy.json @@ -1,6 +1,24 @@ { "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", "contentVersion": "1.0.0.0", + "metadata": { + "title": "Send-Sentinel-Alerts-to-Salem", + "description": "Use this playbook to send Sentinel alerts to Salem Virtual Cyber Analyst", + "prerequisites": [ + "Install Salem from the Azure Marketplace", + "Obtain the send key from the Alerts Eventhub in the Salem resrouce gorup" + ], + "author": { + "name": "Salem Cyber" + }, + "releaseNotes": [ + { + "version": "1.0.0", + "title": "Send-Sentinel-Alerts-to-Salem", + "notes": [ "Initial version" ] + } + ] + }, "parameters": { "PlaybookName": { "type": "string", @@ -16,23 +34,22 @@ }, "location": { "type": "string", - "defaultValue": "", + "defaultValue": "[resourceGroup().location]", "metadata": { "description": "Location for all resources. Leave blank to use location of resource group" } } }, "variables": { - "location": "[if(empty(parameters('location')), resourceGroup().location, parameters('location'))]", "SalemEventHubConnectionName": "[concat('SalemEventHub-', parameters('PlaybookName'))]", "SentinelConnectionName": "[concat('MicrosoftSentinel-', parameters('PlaybookName'))]" }, "resources": [ { "type": "Microsoft.Logic/workflows", - "apiVersion": "2017-07-01", + "apiVersion": "2019-05-01", "name": "[parameters('PlaybookName')]", - "location": "[variables('location')]", + "location": "[parameters('location')]", "properties": { "state": "Enabled", "definition": { @@ -40,7 +57,6 @@ "contentVersion": "1.0.0.0", "parameters": { "$connections": { - "defaultValue": {}, "type": "Object" } }, @@ -62,7 +78,6 @@ }, "actions": { "Alert_-_Get_incident": { - "runAfter": {}, "type": "ApiConnection", "inputs": { "host": { @@ -148,12 +163,12 @@ "azuresentinel": { "connectionId": "[resourceId('Microsoft.Web/connections', variables('SentinelConnectionName'))]", "connectionName": "[variables('SentinelConnectionName')]", - "id": "[concat('/subscriptions/', subscription().subscriptionId, '/providers/Microsoft.Web/locations/', variables('location'), '/managedApis/azuresentinel')]" + "id": "[concat('/subscriptions/', subscription().subscriptionId, '/providers/Microsoft.Web/locations/', parameters('location'), '/managedApis/azuresentinel')]" }, "eventhubs": { "connectionId": "[resourceId('Microsoft.Web/connections', variables('SalemEventHubConnectionname'))]", "connectionName": "[variables('SalemEventHubConnectionname')]", - "id": "[concat('/subscriptions/', subscription().subscriptionId, '/providers/Microsoft.Web/locations/', variables('location'), '/managedApis/eventhubs')]" + "id": "[concat('/subscriptions/', subscription().subscriptionId, '/providers/Microsoft.Web/locations/', parameters('location'), '/managedApis/eventhubs')]" } } } @@ -168,7 +183,7 @@ "type": "Microsoft.Web/connections", "apiVersion": "2016-06-01", "name": "[variables('SalemEventHubConnectionname')]", - "location": "[variables('location')]", + "location": "[parameters('location')]", "kind": "V1", "properties": { "displayName": "Salem Event Hubs", @@ -176,7 +191,7 @@ "name": "[variables('SalemEventHubConnectionname')]", "displayName": "Salem Event Hubs", "description": "Connect to The Salem Event Hub to send alerts.", - "id": "[concat('/subscriptions/', subscription().subscriptionId, '/providers/Microsoft.Web/locations/', variables('location'), '/managedApis/eventhubs')]", + "id": "[concat('/subscriptions/', subscription().subscriptionId, '/providers/Microsoft.Web/locations/', parameters('location'), '/managedApis/eventhubs')]", "type": "Microsoft.Web/locations/managedApis" }, "parameterValues": { @@ -188,7 +203,7 @@ "type": "Microsoft.Web/connections", "apiVersion": "2016-06-01", "name": "[variables('SentinelConnectionName')]", - "location": "[variables('location')]", + "location": "[parameters('location')]", "kind": "V1", "properties": { "displayName": "Microsoft Sentinel", @@ -196,7 +211,7 @@ "name": "[variables('SentinelConnectionName')]", "displayName": "Microsoft Sentinel", "description": "Cloud-native SIEM with a built-in AI so you can focus on what matters most", - "id": "[concat('/subscriptions/', subscription().subscriptionId, '/providers/Microsoft.Web/locations/', variables('location'), '/managedApis/azuresentinel')]", + "id": "[concat('/subscriptions/', subscription().subscriptionId, '/providers/Microsoft.Web/locations/', parameters('location'), '/managedApis/azuresentinel')]", "type": "Microsoft.Web/locations/managedApis" } } diff --git a/Solutions/Salem Virtual Cyber Analyst/SolutionMetadata.json b/Solutions/Salem Virtual Cyber Analyst/SolutionMetadata.json new file mode 100644 index 00000000000..7e75ee4ff9b --- /dev/null +++ b/Solutions/Salem Virtual Cyber Analyst/SolutionMetadata.json @@ -0,0 +1,17 @@ +{ + "publisherId": "saleminc1627928803559", + "offerId": "salem-cyber-ai-analyst", + "firstPublishDate": "2023-04-14", + "lastPublishDate": "2023-04-14", + "providers": ["Salem Cyber"], + "categories": { + "domains" : ["Security - Automation (SOAR)", "Security - Insider Threat"], + "verticals": [] + }, + "support": { + "name": "Salem Cyber", + "email": "support@salemcyber.com", + "tier": "Microsoft", + "link": "https://www.salemcyber.com/contact" + } +} \ No newline at end of file diff --git a/Solutions/Salem AI Cyber Analyst/Workbooks/SalemDashboard.json b/Solutions/Salem Virtual Cyber Analyst/Workbooks/SalemDashboard.json similarity index 99% rename from Solutions/Salem AI Cyber Analyst/Workbooks/SalemDashboard.json rename to Solutions/Salem Virtual Cyber Analyst/Workbooks/SalemDashboard.json index cbff7370966..fa9639edb3f 100644 --- a/Solutions/Salem AI Cyber Analyst/Workbooks/SalemDashboard.json +++ b/Solutions/Salem Virtual Cyber Analyst/Workbooks/SalemDashboard.json @@ -62,7 +62,6 @@ "description": "Number of rows to display", "isGlobal": true, "typeSettings": { - "additionalResourceOptions": [], "showDefault": false }, "jsonData": "[\n 1, 5, 25\n]", @@ -232,8 +231,7 @@ "size": 3, "timeContextFromParameter": "time_range_picker", "queryType": 0, - "resourceType": "microsoft.operationalinsights/workspaces", - "sortBy": [] + "resourceType": "microsoft.operationalinsights/workspaces" }, "customWidth": "50", "name": "query - 4" @@ -246,8 +244,7 @@ "size": 3, "timeContextFromParameter": "time_range_picker", "queryType": 0, - "resourceType": "microsoft.operationalinsights/workspaces", - "sortBy": [] + "resourceType": "microsoft.operationalinsights/workspaces" }, "customWidth": "50", "name": "query - 4 - Copy" diff --git a/Tools/Create-Azure-Sentinel-Solution/input/Solution_CyberArkEPM.json b/Tools/Create-Azure-Sentinel-Solution/input/Solution_CyberArkEPM.json deleted file mode 100644 index 359d860881c..00000000000 --- a/Tools/Create-Azure-Sentinel-Solution/input/Solution_CyberArkEPM.json +++ /dev/null @@ -1,44 +0,0 @@ -{ - "Name": "CyberArkEPM", - "Author": "CyberArk Business Development - business_development@cyberark.com", - "Logo": "", - "Description": "Endpoint Privilege Manager, a critical and foundational endpoint control addresses the underlying weaknesses of endpoint defenses against a privileged attacker and helps enterprises defend against these attacks.", -"Data Connectors": [ - "Solutions/CyberArkEPM/DataConnectors/CyberArkEPM_API_FunctionApp.json" -], -"Parsers": [ - "Solutions/CyberArkEPM/Parsers/CyberArkEPM.txt" -], - "Hunting Queries": [ - "Solutions/CyberArkEPM/Hunting Queries/CyberArkEPMElevationRequests.yaml", - "Solutions/CyberArkEPM/Hunting Queries/CyberArkEPMPowershellDownloads.yaml", - "Solutions/CyberArkEPM/Hunting Queries/CyberArkEPMPowershellExecutionParameters.yaml", - "Solutions/CyberArkEPM/Hunting Queries/CyberArkEPMProcessNewHash.yaml", - "Solutions/CyberArkEPM/Hunting Queries/CyberArkEPMProcessesAccessedInternet.yaml", - "Solutions/CyberArkEPM/Hunting Queries/CyberArkEPMProcessesRunAsAdmin.yaml", - "Solutions/CyberArkEPM/Hunting Queries/CyberArkEPMRareProcVendors.yaml", - "Solutions/CyberArkEPM/Hunting Queries/CyberArkEPMRareProcessesRunByUsers.yaml", - "Solutions/CyberArkEPM/Hunting Queries/CyberArkEPMScriptsExecuted.yaml", - "Solutions/CyberArkEPM/Hunting Queries/CyberArkEPMSuspiciousActivityAttempts.yaml" -], -"Analytic Rules": [ - "Solutions/CyberArkEPM/Analytic Rules/CyberArkEPMAttackAttemptNotBlocked.yaml", - "Solutions/CyberArkEPM/Analytic Rules/CyberArkEPMMSBuildLOLBin.yaml", - "Solutions/CyberArkEPM/Analytic Rules/CyberArkEPMMultipleAttackAttempts.yaml", - "Solutions/CyberArkEPM/Analytic Rules/CyberArkEPMNewProcessStartetFromSystem.yaml", - "Solutions/CyberArkEPM/Analytic Rules/CyberArkEPMPossibleExecutionOfPowershellEmpire.yaml", - "Solutions/CyberArkEPM/Analytic Rules/CyberArkEPMProcessChangedStartLocation.yaml", - "Solutions/CyberArkEPM/Analytic Rules/CyberArkEPMRareProcInternetAccess.yaml", - "Solutions/CyberArkEPM/Analytic Rules/CyberArkEPMRenamedWindowsBinary.yaml", - "Solutions/CyberArkEPM/Analytic Rules/CyberArkEPMUnexpectedExecutableExtension.yaml", - "Solutions/CyberArkEPM/Analytic Rules/CyberArkEPMUnexpectedExecutableLocation.yaml" -], -"Workbooks": [ - "Solutions/CyberArkEPM/Workbooks/CyberArkEPM.json" -], -"BasePath": "/Users/Julie.Mauch/Documents/GitHub/Azure-Sentinel/Solutions/CyberArkEPM", -"Version": "2.0.0", -"Metadata": "SolutionMetadata.json", -"TemplateSpec": true, -"Is1PConnector": false -} diff --git a/Tools/Create-Azure-Sentinel-Solution/input/Solution_DNS.json b/Tools/Create-Azure-Sentinel-Solution/input/Solution_DNS.json deleted file mode 100644 index 653dc9821e6..00000000000 --- a/Tools/Create-Azure-Sentinel-Solution/input/Solution_DNS.json +++ /dev/null @@ -1,41 +0,0 @@ -{ - "Name": "DNS Domain Solution for Microsoft Sentinel", - "Author": "Microsoft - support@microsoft.com", - "Logo": "", - "Description": "This is a [domain solution](https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fdocs.microsoft.com%2Fazure%2Fsentinel%2Fsentinel-solutions-catalog%23domain-solutions&data=05%7C01%7Ckavishbakshi%40microsoft.com%7Cbe2a496082b24caa4b8c08da9cefacca%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C637994850502413731%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=OJegu%2B2EqD7rmYmK9pm9QniD6YWp5ooloZ6tHzcwVi0%3D&reserved=0) and does not include any data connectors. The content in this solution requires one of the product solutions below , as well as any other connector or data source normalized to the [ASIM](https://aka.ms/AboutASIM).\n\n**Prerequisite :-**\n\n Install one or more of the listed solutions, or develop your custom ASIM parsers to unlock the value provided by this solution.\n 1. Windows Server DNS \n 2. Azure Firewall \n 3. Cisco Umbrella \n 4. Corelight Zeek \n 5. Google Cloud Platform DNS \n 6. Infoblox NIOS \n 7. ISC Bind \n 8. Vectra AI \n 9. Zscaler Internet Access \n\n**Underlying Microsoft Technologies used:** \n\nThis solution takes a dependency on the following technologies, and some of these dependencies either may be in Preview state or might result in additional ingestion or operational costs: \n 1. Product solutions as described above \n 2. Logic app for data summarization\n\n**Recommendation :-**\n\nIt is highly recommended to use the **Summarize data** logic app playbook provided with this solution as it will significantly improve the performance of the Workbook, Analytic rules & Hunting queries.", - "Workbooks": ["Workbooks/DNSSolutionWorkbook.json"], - "Analytic Rules": [ - "Analytic Rules/DNSRequestToMaliciousDomain.yaml", - "Analytic Rules/ExcessiveNXDOMAINDNSQueriesAnomalyBased.yaml", - "Analytic Rules/ExcessiveNXDOMAINDNSQueriesStaticThresholdBased.yaml", - "Analytic Rules/MultipleErrorsReportedForSameDNSQueryAnomalyBased.yaml", - "Analytic Rules/MultipleErrorsReportedForSameDNSQueryStaticThresholdBased.yaml", - "Analytic Rules/PotentialDGADetectedviaRepetitiveFailuresAnomalyBased.yaml", - "Analytic Rules/PotentialDGADetectedviaRepetitiveFailuresStaticThresholdBased.yaml", - "Analytic Rules/RareClientObservedWithHighReverseDNSLookupCountAnomalyBased.yaml", - "Analytic Rules/RareClientObservedWithHighReverseDNSLookupCountStaticThresholdBased.yaml" - ], - "Playbooks": ["Playbooks/SummarizeData/azuredeploy.json"], - "Hunting Queries": [ - "Hunting Queries/AnomalousIncreaseInDNSActivityByClients.yaml", - "Hunting Queries/ConnectionToUnpopularWebsiteDetected.yaml", - "Hunting Queries/CVE-2020-1350 (SIGRED)ExploitationPattern.yaml", - "Hunting Queries/DNSQueryWithFailuresInLast24Hours.yaml", - "Hunting Queries/DNSRequestsToRiskyDomains.yaml", - "Hunting Queries/DomainsWithLargeNumberOfSubDomains.yaml", - "Hunting Queries/IncreaseInDNSRequestsByClientThanTheDailyAverageCount.yaml", - "Hunting Queries/PossibleDNSTunnelingOrDataExfilterationActivity.yaml", - "Hunting Queries/PotentialBeaconingActivity.yaml", - "Hunting Queries/Sources(Clients)WithHighNumberOfErrors.yaml", - "Hunting Queries/UnexpectedTopLevelDomains.yaml" - ], - "Watchlists": [ - "Watchlists/DNS_Solution_Monitoring_Configuration.json", - "Watchlists/DNS_Solution_Domain_IOCs.json" - ], - "BasePath": "C:\\Users\\vakohl\\Documents\\GitHub\\Azure-Sentinel\\Solutions\\DNS Domain Solution for Microsoft Sentinel", - "Version": "2.0.0", - "Metadata": "SolutionMetadata.json", - "TemplateSpec": true, - "Is1PConnector": false -} \ No newline at end of file diff --git a/Tools/Create-Azure-Sentinel-Solution/input/Solution_Salem.json b/Tools/Create-Azure-Sentinel-Solution/input/Solution_Salem.json new file mode 100644 index 00000000000..8e662538741 --- /dev/null +++ b/Tools/Create-Azure-Sentinel-Solution/input/Solution_Salem.json @@ -0,0 +1,16 @@ +{ + "Name": "Salem Virtual Cyber Analyst", + "Author": "Salem Cyber - support@salemcyber.com", + "Logo": "", + "Description": "Salem, AI Cyber analyst, **automatically investigates** Sentinel alerts and escalates validated threats that require your attention. \n\nThis integration allows you to send new Sentinel alerts to Salem for analysis and reporting.\n\n**Why Salem?** \n\nMost alerts are false positives. Salem automatically triages noisy cyber alerts to find a small number of threats that require your attention. \n\nSalem scales the impact of your cyber team by helping you respond well 24/7 to a wide range of security threats. \n\nSalem's AI learns from your team and customizes its analysis to your cyber relevant business context. \n\n**Get Started with Salem** \n\nYou can find and install Salem, AI cyber analyst in the [Azure Marketplace](https%3A%2F%2Fazuremarketplace.microsoft.com%2Fen-us%2Fmarketplace%2Fapps%2Fsaleminc1627928803559.salemcyber%3Ftab%3DOverview)", + "Workbooks": ["Workbooks/SalemDashboard.json"], + "Analytic Rules": [], + "Playbooks": ["Playbooks/SendAlertToSalem/azuredeploy.json"], + "Hunting Queries": [], + "Watchlists": [], + "BasePath": "C:\\Users\\jonwb\\github\\Azure-Sentinel\\Solutions\\Salem Virtual Cyber Analyst", + "Version": "1.0.0", + "Metadata": "SolutionMetadata.json", + "TemplateSpec": true, + "Is1PConnector": false +} \ No newline at end of file From 0122dbcedac7b4f4d5b8625760dcdf5ed52edb1d Mon Sep 17 00:00:00 2001 From: jonbagg Date: Tue, 6 Jun 2023 11:54:23 -0400 Subject: [PATCH 03/26] Update to remove default location In reading the templates, default location might get set in a higher level template in the final package --- .../SendAlertToSalem/azuredeploy.json | 1 - .../MigratedContent/DetectionsMigrated.json | 1700 ------ .../HuntingQueriesMigrated.json | 1220 ---- .../V2/MigratedContent/PlaybooksMigrated.json | 250 - .../WorkbookMetadata/WorkbooksMetadata.json | 4997 ----------------- .../V2/input/Solution_CyberArkEPM.json | 44 - ...n_MicrosoftDefenderThreatIntelligence.json | 17 - .../V2/input/Solution_Salem.json | 16 + 8 files changed, 16 insertions(+), 8229 deletions(-) delete mode 100644 Tools/Create-Azure-Sentinel-Solution/V2/MigratedContent/DetectionsMigrated.json delete mode 100644 Tools/Create-Azure-Sentinel-Solution/V2/MigratedContent/HuntingQueriesMigrated.json delete mode 100644 Tools/Create-Azure-Sentinel-Solution/V2/MigratedContent/PlaybooksMigrated.json delete mode 100644 Tools/Create-Azure-Sentinel-Solution/V2/WorkbookMetadata/WorkbooksMetadata.json delete mode 100644 Tools/Create-Azure-Sentinel-Solution/V2/input/Solution_CyberArkEPM.json delete mode 100644 Tools/Create-Azure-Sentinel-Solution/V2/input/Solution_MicrosoftDefenderThreatIntelligence.json create mode 100644 Tools/Create-Azure-Sentinel-Solution/V2/input/Solution_Salem.json diff --git a/Solutions/Salem Virtual Cyber Analyst/Playbooks/SendAlertToSalem/azuredeploy.json b/Solutions/Salem Virtual Cyber Analyst/Playbooks/SendAlertToSalem/azuredeploy.json index b08f9f4fabf..bb470384cd1 100644 --- a/Solutions/Salem Virtual Cyber Analyst/Playbooks/SendAlertToSalem/azuredeploy.json +++ b/Solutions/Salem Virtual Cyber Analyst/Playbooks/SendAlertToSalem/azuredeploy.json @@ -34,7 +34,6 @@ }, "location": { "type": "string", - "defaultValue": "[resourceGroup().location]", "metadata": { "description": "Location for all resources. Leave blank to use location of resource group" } diff --git a/Tools/Create-Azure-Sentinel-Solution/V2/MigratedContent/DetectionsMigrated.json b/Tools/Create-Azure-Sentinel-Solution/V2/MigratedContent/DetectionsMigrated.json deleted file mode 100644 index 9acc9e59d70..00000000000 --- a/Tools/Create-Azure-Sentinel-Solution/V2/MigratedContent/DetectionsMigrated.json +++ /dev/null @@ -1,1700 +0,0 @@ -[ - { - "FileName": "AVSpringShell.yaml", - "DetectionId": "3bd33158-3f0b-47e3-a50f-7c20a1b88038", - "OldPath": "https://github.com/Azure/Azure-Sentinel/blob/master/Detections/SecurityAlert/", - "NewPath": "https://github.com/Azure/Azure-Sentinel/blob/master/Solutions/Microsoft%20365%20Defender/Analytic%20Rules/" - }, - { - "FileName": "AVTarrask.yaml", - "DetectionId": "1785d372-b9fe-4283-96a6-3a1d83cabfd1", - "OldPath": "https://github.com/Azure/Azure-Sentinel/blob/master/Detections/SecurityAlert/", - "NewPath": "https://github.com/Azure/Azure-Sentinel/blob/master/Solutions/Microsoft%20365%20Defender/Analytic%20Rules/" - }, - { - "FileName": "AVdetectionsrelatedtoUkrainebasedthreats.yaml", - "DetectionId": "b6685757-3ed1-4b05-a5bd-2cacadc86c2a", - "OldPath": "https://github.com/Azure/Azure-Sentinel/blob/master/Detections/SecurityAlert/", - "NewPath": "https://github.com/Azure/Azure-Sentinel/blob/master/Solutions/Microsoft%20365%20Defender/Analytic%20Rules/" - }, - { - "FileName": "PotentialBuildProcessCompromiseMDE.yaml", - "DetectionId": "1bf6e165-5e32-420e-ab4f-0da8558a8be2", - "OldPath": "https://github.com/Azure/Azure-Sentinel/blob/master/Detections/MultipleDataSources/", - "NewPath": "https://github.com/Azure/Azure-Sentinel/blob/master/Solutions/Microsoft%20365%20Defender/Analytic%20Rules/" - }, - { - "FileName": "SUNSPOTHashes.yaml", - "DetectionId": "53e936c6-6c30-4d12-8343-b8a0456e8429", - "OldPath": "https://github.com/Azure/Azure-Sentinel/blob/master/Detections/MultipleDataSources/", - "NewPath": "https://github.com/Azure/Azure-Sentinel/blob/master/Solutions/Microsoft%20365%20Defender/Analytic%20Rules/" - }, - { - "FileName": "SolarWinds_SUNBURST_&_SUPERNOVA_File-IOCs.yaml", - "DetectionId": "a3c144f9-8051-47d4-ac29-ffb0c312c910", - "OldPath": "https://github.com/Azure/Azure-Sentinel/blob/master/Detections/DeviceFileEvents/", - "NewPath": "https://github.com/Azure/Azure-Sentinel/blob/master/Solutions/Microsoft%20365%20Defender/Analytic%20Rules/" - }, - { - "FileName": "SolarWinds_SUNBURST_Network-IOCs.yaml", - "DetectionId": "a3c144f9-8051-47d4-ac29-ffb0c312c910", - "OldPath": "https://github.com/Azure/Azure-Sentinel/blob/master/Detections/DeviceNetworkEvents/", - "NewPath": "https://github.com/Azure/Azure-Sentinel/blob/master/Solutions/Microsoft%20365%20Defender/Analytic%20Rules/" - }, - { - "FileName": "SolarWinds_TEARDROP_Process-IOCs.yaml", - "DetectionId": "738702fd-0a66-42c7-8586-e30f0583f8fe", - "OldPath": "https://github.com/Azure/Azure-Sentinel/blob/master/Detections/DeviceEvents/", - "NewPath": "https://github.com/Azure/Azure-Sentinel/blob/master/Solutions/Microsoft%20365%20Defender/Analytic%20Rules/" - }, - { - "FileName": "ActiniumAVHits.yaml", - "DetectionId": "96c8f92e-a617-4158-94ea-dea51557b40e", - "OldPath": "https://github.com/Azure/Azure-Sentinel/blob/master/Detections/SecurityAlert/", - "NewPath": "https://github.com/Azure/Azure-Sentinel/blob/master/Solutions/MicrosoftDefenderForEndpoint/Analytic%20Rules/" - }, - { - "FileName": "HighNumberofVulnDetectedV2.yaml", - "DetectionId": "089e2363-8a7a-4899-9ac4-23fcad3104c1", - "OldPath": "https://github.com/Azure/Azure-Sentinel/blob/master/Detections/QualysVMV2/", - "NewPath": "https://github.com/Azure/Azure-Sentinel/blob/master/Solutions/QualysVM/Analytic%20Rules/" - }, - { - "FileName": "NewHighSeverityVulnDetectedAcrossMulitpleHostsV2.yaml", - "DetectionId": "da498ea0-f3bd-437f-9f36-eaf5ba5e0a6c", - "OldPath": "https://github.com/Azure/Azure-Sentinel/blob/master/Detections/QualysVMV2/", - "NewPath": "https://github.com/Azure/Azure-Sentinel/blob/master/Solutions/QualysVM/Analytic%20Rules" - }, - { - "FileName": "SeveralDenyActionsRegistered.yaml", - "DetectionId": "f8dad4e9-3f19-4d70-ab7f-8f19ccd43a3e", - "OldPath": "https://github.com/Azure/Azure-Sentinel/blob/master/Detections/AzureFirewall/", - "NewPath": "https://github.com/Azure/Azure-Sentinel/blob/master/Solutions/Azure%20Firewall/Analytic%20Rules" - }, - { - "FileName": "AccountCreatedandDeletedinShortTimeframe.yaml", - "DetectionId": "bb616d82-108f-47d3-9dec-9652ea0d3bf6", - "OldPath": "https://github.com/Azure/Azure-Sentinel/blob/master/Detections/AuditLogs/", - "NewPath": "https://github.com/Azure/Azure-Sentinel/blob/master/Solutions/Azure%20Active%20Directory/Analytic%20Rules" - }, - { - "FileName": "AccountCreatedDeletedByNonApprovedUser.yaml", - "DetectionId": "6d63efa6-7c25-4bd4-a486-aa6bf50fde8a", - "OldPath": "https://github.com/Azure/Azure-Sentinel/blob/master/Detections/AuditLogs/", - "NewPath": "https://github.com/Azure/Azure-Sentinel/blob/master/Solutions/Azure%20Active%20Directory/Analytic%20Rules" - }, - { - "FileName": "ADFSDomainTrustMods.yaml", - "DetectionId": "95dc4ae3-e0f2-48bd-b996-cdd22b90f9af", - "OldPath": "https://github.com/Azure/Azure-Sentinel/blob/master/Detections/AuditLogs/", - "NewPath": "https://github.com/Azure/Azure-Sentinel/blob/master/Solutions/Azure%20Active%20Directory/Analytic%20Rules" - }, - { - "FileName": "AdminPromoAfterRoleMgmtAppPermissionGrant.yaml", - "DetectionId": "f80d951a-eddc-4171-b9d0-d616bb83efdc", - "OldPath": "https://github.com/Azure/Azure-Sentinel/blob/master/Detections/AuditLogs/", - "NewPath": "https://github.com/Azure/Azure-Sentinel/blob/master/Solutions/Azure%20Active%20Directory/Analytic%20Rules" - }, - { - "FileName": "AzureADRoleManagementPermissionGrant.yaml", - "DetectionId": "1ff56009-db01-4615-8211-d4fda21da02d", - "OldPath": "https://github.com/Azure/Azure-Sentinel/blob/master/Detections/AuditLogs/", - "NewPath": "https://github.com/Azure/Azure-Sentinel/blob/master/Solutions/Azure%20Active%20Directory/Analytic%20Rules" - }, - { - "FileName": "BulkChangestoPrivilegedAccountPermissions.yaml", - "DetectionId": "218f60de-c269-457a-b882-9966632b9dc6", - "OldPath": "https://github.com/Azure/Azure-Sentinel/blob/master/Detections/AuditLogs/", - "NewPath": "https://github.com/Azure/Azure-Sentinel/blob/master/Solutions/Azure%20Active%20Directory/Analytic%20Rules" - }, - { - "FileName": "CredentialAddedAfterAdminConsent.yaml", - "DetectionId": "707494a5-8e44-486b-90f8-155d1797a8eb", - "OldPath": "https://github.com/Azure/Azure-Sentinel/blob/master/Detections/AuditLogs/", - "NewPath": "https://github.com/Azure/Azure-Sentinel/blob/master/Solutions/Azure%20Active%20Directory/Analytic%20Rules" - }, - { - "FileName": "FirstAppOrServicePrincipalCredential.yaml", - "DetectionId": "2cfc3c6e-f424-4b88-9cc9-c89f482d016a", - "OldPath": "https://github.com/Azure/Azure-Sentinel/blob/master/Detections/AuditLogs/", - "NewPath": "https://github.com/Azure/Azure-Sentinel/blob/master/Solutions/Azure%20Active%20Directory/Analytic%20Rules" - }, - { - "FileName": "MailPermissionsAddedToApplication.yaml", - "DetectionId": "2560515c-07d1-434e-87fb-ebe3af267760", - "OldPath": "https://github.com/Azure/Azure-Sentinel/blob/master/Detections/AuditLogs/", - "NewPath": "https://github.com/Azure/Azure-Sentinel/blob/master/Solutions/Azure%20Active%20Directory/Analytic%20Rules" - }, - { - "FileName": "MaliciousOAuthApp_O365AttackToolkit.yaml", - "DetectionId": "f948a32f-226c-4116-bddd-d95e91d97eb9", - "OldPath": "https://github.com/Azure/Azure-Sentinel/blob/master/Detections/AuditLogs/", - "NewPath": "https://github.com/Azure/Azure-Sentinel/blob/master/Solutions/Azure%20Active%20Directory/Analytic%20Rules" - }, - { - "FileName": "MaliciousOAuthApp_PwnAuth.yaml", - "DetectionId": "39198934-62a0-4781-8416-a81265c03fd6", - "OldPath": "https://github.com/Azure/Azure-Sentinel/blob/master/Detections/AuditLogs/", - "NewPath": "https://github.com/Azure/Azure-Sentinel/blob/master/Solutions/Azure%20Active%20Directory/Analytic%20Rules" - }, - { - "FileName": "MultipleAdmin_membership_removals_from_NewAdmin.yaml", - "DetectionId": "cda5928c-2c1e-4575-9dfa-07568bc27a4f", - "OldPath": "https://github.com/Azure/Azure-Sentinel/blob/master/Detections/AuditLogs/", - "NewPath": "https://github.com/Azure/Azure-Sentinel/blob/master/Solutions/Azure%20Active%20Directory/Analytic%20Rules" - }, - { - "FileName": "NewAppOrServicePrincipalCredential.yaml", - "DetectionId": "79566f41-df67-4e10-a703-c38a6213afd8", - "OldPath": "https://github.com/Azure/Azure-Sentinel/blob/master/Detections/AuditLogs/", - "NewPath": "https://github.com/Azure/Azure-Sentinel/blob/master/Solutions/Azure%20Active%20Directory/Analytic%20Rules" - }, - { - "FileName": "NRT_ADFSDomainTrustMods.yaml", - "DetectionId": "8540c842-5bbc-4a24-9fb2-a836c0e55a51", - "OldPath": "https://github.com/Azure/Azure-Sentinel/blob/master/Detections/AuditLogs/", - "NewPath": "https://github.com/Azure/Azure-Sentinel/blob/master/Solutions/Azure%20Active%20Directory/Analytic%20Rules" - }, - { - "FileName": "NRT_NewAppOrServicePrincipalCredential.yaml", - "DetectionId": "e42e889a-caaf-4dbb-aec6-371b37d64298", - "OldPath": "https://github.com/Azure/Azure-Sentinel/blob/master/Detections/AuditLogs/", - "NewPath": "https://github.com/Azure/Azure-Sentinel/blob/master/Solutions/Azure%20Active%20Directory/Analytic%20Rules" - }, - { - "FileName": "NRT_PIMElevationRequestRejected.yaml", - "DetectionId": "5db427b2-f406-4274-b413-e9fcb29412f8", - "OldPath": "https://github.com/Azure/Azure-Sentinel/blob/master/Detections/AuditLogs/", - "NewPath": "https://github.com/Azure/Azure-Sentinel/blob/master/Solutions/Azure%20Active%20Directory/Analytic%20Rules" - }, - { - "FileName": "NRT_PrivlegedRoleAssignedOutsidePIM.yaml", - "DetectionId": "14f6da04-2f96-44ee-9210-9ccc1be6401e", - "OldPath": "https://github.com/Azure/Azure-Sentinel/blob/master/Detections/AuditLogs/", - "NewPath": "https://github.com/Azure/Azure-Sentinel/blob/master/Solutions/Azure%20Active%20Directory/Analytic%20Rules" - }, - { - "FileName": "NRT_UseraddedtoPrivilgedGroups.yaml", - "DetectionId": "70fc7201-f28e-4ba7-b9ea-c04b96701f13", - "OldPath": "https://github.com/Azure/Azure-Sentinel/blob/master/Detections/AuditLogs/", - "NewPath": "https://github.com/Azure/Azure-Sentinel/blob/master/Solutions/Azure%20Active%20Directory/Analytic%20Rules" - }, - { - "FileName": "PIMElevationRequestRejected.yaml", - "DetectionId": "7d7e20f8-3384-4b71-811c-f5e950e8306c", - "OldPath": "https://github.com/Azure/Azure-Sentinel/blob/master/Detections/AuditLogs/", - "NewPath": "https://github.com/Azure/Azure-Sentinel/blob/master/Solutions/Azure%20Active%20Directory/Analytic%20Rules" - }, - { - "FileName": "PrivlegedRoleAssignedOutsidePIM.yaml", - "DetectionId": "269435e3-1db8-4423-9dfc-9bf59997da1c", - "OldPath": "https://github.com/Azure/Azure-Sentinel/blob/master/Detections/AuditLogs/", - "NewPath": "https://github.com/Azure/Azure-Sentinel/blob/master/Solutions/Azure%20Active%20Directory/Analytic%20Rules" - }, - { - "FileName": "RareApplicationConsent.yaml", - "DetectionId": "83ba3057-9ea3-4759-bf6a-933f2e5bc7ee", - "OldPath": "https://github.com/Azure/Azure-Sentinel/blob/master/Detections/AuditLogs/", - "NewPath": "https://github.com/Azure/Azure-Sentinel/blob/master/Solutions/Azure%20Active%20Directory/Analytic%20Rules" - }, - { - "FileName": "SuspiciousOAuthApp_OfflineAccess.yaml", - "DetectionId": "3533f74c-9207-4047-96e2-0eb9383be587", - "OldPath": "https://github.com/Azure/Azure-Sentinel/blob/master/Detections/AuditLogs/", - "NewPath": "https://github.com/Azure/Azure-Sentinel/blob/master/Solutions/Azure%20Active%20Directory/Analytic%20Rules" - }, - { - "FileName": "SuspiciousServicePrincipalcreationactivity.yaml", - "DetectionId": "6852d9da-8015-4b95-8ecf-d9572ee0395d", - "OldPath": "https://github.com/Azure/Azure-Sentinel/blob/master/Detections/AuditLogs/", - "NewPath": "https://github.com/Azure/Azure-Sentinel/blob/master/Solutions/Azure%20Active%20Directory/Analytic%20Rules" - }, - { - "FileName": "UseraddedtoPrivilgedGroups.yaml", - "DetectionId": "4d94d4a9-dc96-410a-8dea-4d4d4584188b", - "OldPath": "https://github.com/Azure/Azure-Sentinel/blob/master/Detections/AuditLogs/", - "NewPath": "https://github.com/Azure/Azure-Sentinel/blob/master/Solutions/Azure%20Active%20Directory/Analytic%20Rules" - }, - { - "FileName": "UserAssignedPrivilegedRole.yaml", - "DetectionId": "050b9b3d-53d0-4364-a3da-1b678b8211ec", - "OldPath": "https://github.com/Azure/Azure-Sentinel/blob/master/Detections/AuditLogs/", - "NewPath": "https://github.com/Azure/Azure-Sentinel/blob/master/Solutions/Azure%20Active%20Directory/Analytic%20Rules" - }, - { - "FileName": "AuthenticationMethodsChangedforPrivilegedAccount.yaml", - "DetectionId": "694c91ee-d606-4ba9-928e-405a2dd0ff0f", - "OldPath": "https://github.com/Azure/Azure-Sentinel/blob/master/Detections/MultipleDataSources/", - "NewPath": "https://github.com/Azure/Azure-Sentinel/blob/master/Solutions/Azure%20Active%20Directory/Analytic%20Rules" - }, - { - "FileName": "PrivilegedAccountsSigninFailureSpikes.yaml", - "DetectionId": "34c5aff9-a8c2-4601-9654-c7e46342d03b", - "OldPath": "https://github.com/Azure/Azure-Sentinel/blob/master/Detections/MultipleDataSources/", - "NewPath": "https://github.com/Azure/Azure-Sentinel/blob/master/Solutions/Azure%20Active%20Directory/Analytic%20Rules" - }, - { - "FileName": "UnusualGuestActivity.yaml", - "DetectionId": "acc4c247-aaf7-494b-b5da-17f18863878a", - "OldPath": "https://github.com/Azure/Azure-Sentinel/blob/master/Detections/MultipleDataSources/", - "NewPath": "https://github.com/Azure/Azure-Sentinel/blob/master/Solutions/Azure%20Active%20Directory/Analytic%20Rules" - }, - { - "FileName": "ADFSSignInLogsPasswordSpray.yaml", - "DetectionId": "5170c3c4-b8c9-485c-910d-a21d965ee181", - "OldPath": "https://github.com/Azure/Azure-Sentinel/blob/master/Detections/SigninLogs/", - "NewPath": "https://github.com/Azure/Azure-Sentinel/blob/master/Solutions/Azure%20Active%20Directory/Analytic%20Rules" - }, - { - "FileName": "AnomalousUserAppSigninLocationIncrease-detection.yaml", - "DetectionId": "7cb8f77d-c52f-4e46-b82f-3cf2e106224a", - "OldPath": "https://github.com/Azure/Azure-Sentinel/blob/master/Detections/SigninLogs/", - "NewPath": "https://github.com/Azure/Azure-Sentinel/blob/master/Solutions/Azure%20Active%20Directory/Analytic%20Rules" - }, - { - "FileName": "AzureAADPowerShellAnomaly.yaml", - "DetectionId": "50574fac-f8d1-4395-81c7-78a463ff0c52", - "OldPath": "https://github.com/Azure/Azure-Sentinel/blob/master/Detections/SigninLogs/", - "NewPath": "https://github.com/Azure/Azure-Sentinel/blob/master/Solutions/Azure%20Active%20Directory/Analytic%20Rules" - }, - { - "FileName": "AzurePortalSigninfromanotherAzureTenant.yaml", - "DetectionId": "87210ca1-49a4-4a7d-bb4a-4988752f978c", - "OldPath": "https://github.com/Azure/Azure-Sentinel/blob/master/Detections/SigninLogs/", - "NewPath": "https://github.com/Azure/Azure-Sentinel/blob/master/Solutions/Azure%20Active%20Directory/Analytic%20Rules" - }, - { - "FileName": "BruteForceCloudPC.yaml", - "DetectionId": "3fbc20a4-04c4-464e-8fcb-6667f53e4987", - "OldPath": "https://github.com/Azure/Azure-Sentinel/blob/master/Detections/SigninLogs/", - "NewPath": "https://github.com/Azure/Azure-Sentinel/blob/master/Solutions/Azure%20Active%20Directory/Analytic%20Rules" - }, - { - "FileName": "BypassCondAccessRule.yaml", - "DetectionId": "3af9285d-bb98-4a35-ad29-5ea39ba0c628", - "OldPath": "https://github.com/Azure/Azure-Sentinel/blob/master/Detections/SigninLogs/", - "NewPath": "https://github.com/Azure/Azure-Sentinel/blob/master/Solutions/Azure%20Active%20Directory/Analytic%20Rules" - }, - { - "FileName": "DisabledAccountSigninsAcrossManyApplications.yaml", - "DetectionId": "75ea5c39-93e5-489b-b1e1-68fa6c9d2d04", - "OldPath": "https://github.com/Azure/Azure-Sentinel/blob/master/Detections/SigninLogs/", - "NewPath": "https://github.com/Azure/Azure-Sentinel/blob/master/Solutions/Azure%20Active%20Directory/Analytic%20Rules" - }, - { - "FileName": "DistribPassCrackAttempt.yaml", - "DetectionId": "bfb1c90f-8006-4325-98be-c7fffbc254d6", - "OldPath": "https://github.com/Azure/Azure-Sentinel/blob/master/Detections/SigninLogs/", - "NewPath": "https://github.com/Azure/Azure-Sentinel/blob/master/Solutions/Azure%20Active%20Directory/Analytic%20Rules" - }, - { - "FileName": "ExplicitMFADeny.yaml", - "DetectionId": "a22740ec-fc1e-4c91-8de6-c29c6450ad00", - "OldPath": "https://github.com/Azure/Azure-Sentinel/blob/master/Detections/SigninLogs/", - "NewPath": "https://github.com/Azure/Azure-Sentinel/blob/master/Solutions/Azure%20Active%20Directory/Analytic%20Rules" - }, - { - "FileName": "FailedLogonToAzurePortal.yaml", - "DetectionId": "223db5c1-1bf8-47d8-8806-bed401b356a4", - "OldPath": "https://github.com/Azure/Azure-Sentinel/blob/master/Detections/SigninLogs/", - "NewPath": "https://github.com/Azure/Azure-Sentinel/blob/master/Solutions/Azure%20Active%20Directory/Analytic%20Rules" - }, - { - "FileName": "MFARejectedbyUser.yaml", - "DetectionId": "d99cf5c3-d660-436c-895b-8a8f8448da23", - "OldPath": "https://github.com/Azure/Azure-Sentinel/blob/master/Detections/SigninLogs/", - "NewPath": "https://github.com/Azure/Azure-Sentinel/blob/master/Solutions/Azure%20Active%20Directory/Analytic%20Rules" - }, - { - "FileName": "NRT_MFARejectedbyUser.yaml", - "DetectionId": "3617d76d-b15e-4c6f-985e-a1dac73c592d", - "OldPath": "https://github.com/Azure/Azure-Sentinel/blob/master/Detections/SigninLogs/", - "NewPath": "https://github.com/Azure/Azure-Sentinel/blob/master/Solutions/Azure%20Active%20Directory/Analytic%20Rules" - }, - { - "FileName": "SeamlessSSOPasswordSpray.yaml", - "DetectionId": "fb7ca1c9-e14c-40a3-856e-28f3c14ea1ba", - "OldPath": "https://github.com/Azure/Azure-Sentinel/blob/master/Detections/SigninLogs/", - "NewPath": "https://github.com/Azure/Azure-Sentinel/blob/master/Solutions/Azure%20Active%20Directory/Analytic%20Rules" - }, - { - "FileName": "SigninAttemptsByIPviaDisabledAccounts.yaml", - "DetectionId": "500c103a-0319-4d56-8e99-3cec8d860757", - "OldPath": "https://github.com/Azure/Azure-Sentinel/blob/master/Detections/SigninLogs/", - "NewPath": "https://github.com/Azure/Azure-Sentinel/blob/master/Solutions/Azure%20Active%20Directory/Analytic%20Rules" - }, - { - "FileName": "SigninBruteForce-AzurePortal.yaml", - "DetectionId": "28b42356-45af-40a6-a0b4-a554cdfd5d8a", - "OldPath": "https://github.com/Azure/Azure-Sentinel/blob/master/Detections/SigninLogs/", - "NewPath": "https://github.com/Azure/Azure-Sentinel/blob/master/Solutions/Azure%20Active%20Directory/Analytic%20Rules" - }, - { - "FileName": "SigninPasswordSpray.yaml", - "DetectionId": "48607a29-a26a-4abf-8078-a06dbdd174a4", - "OldPath": "https://github.com/Azure/Azure-Sentinel/blob/master/Detections/SigninLogs/", - "NewPath": "https://github.com/Azure/Azure-Sentinel/blob/master/Solutions/Azure%20Active%20Directory/Analytic%20Rules" - }, - { - "FileName": "SuccessThenFail_DiffIP_SameUserandApp.yaml", - "DetectionId": "02ef8d7e-fc3a-4d86-a457-650fa571d8d2", - "OldPath": "https://github.com/Azure/Azure-Sentinel/blob/master/Detections/SigninLogs/", - "NewPath": "https://github.com/Azure/Azure-Sentinel/blob/master/Solutions/Azure%20Active%20Directory/Analytic%20Rules" - }, - { - "FileName": "UserAccounts-CABlockedSigninSpikes.yaml", - "DetectionId": "3a9d5ede-2b9d-43a2-acc4-d272321ff77c", - "OldPath": "https://github.com/Azure/Azure-Sentinel/blob/master/Detections/SigninLogs/", - "NewPath": "https://github.com/Azure/Azure-Sentinel/blob/master/Solutions/Azure%20Active%20Directory/Analytic%20Rules" - }, - { - "FileName": "ChiaCryptoMining_WindowsEvent.yaml", - "DetectionId": "7916a17d-d1d1-4ede-af52-46de56a4c467", - "OldPath": "https://github.com/Azure/Azure-Sentinel/blob/master/Detections/WindowsEvents/", - "NewPath": "https://github.com/Azure/Azure-Sentinel/blob/master/Solutions/Windows%20Forwarded%20Events/Analytic%20Rules" - }, - { - "FileName": "SOURGUM_IOC_WindowsEvent.yaml", - "DetectionId": "5c798a48-df20-4cc0-8b56-1e0878be29b0", - "OldPath": "https://github.com/Azure/Azure-Sentinel/blob/master/Detections/WindowsEvents/", - "NewPath": "https://github.com/Azure/Azure-Sentinel/blob/master/Solutions/Windows%20Forwarded%20Events/Analytic%20Rules" - }, - { - "FileName": "AdditionalFilesUploadedByActor.yaml", - "DetectionId": "b9e3b9f8-a406-4151-9891-e5ff1ddd8c1d", - "OldPath": "https://github.com/Azure/Azure-Sentinel/blob/master/Detections/MultipleDataSources/", - "NewPath": "https://github.com/Azure/Azure-Sentinel/blob/master/Solutions/Microsoft%20Defender%20for%20Cloud%20Apps/Analytic%20Rules" - }, - { - "FileName": "KeyVaultSensitiveOperations.yaml", - "DetectionId": "d6491be0-ab2d-439d-95d6-ad8ea39277c5", - "OldPath": "https://github.com/Azure/Azure-Sentinel/blob/master/Detections/AzureDiagnostics/", - "NewPath": "https://github.com/Azure/Azure-Sentinel/blob/master/Solutions/Azure%20Key%20Vault/Analytic%20Rules" - }, - { - "FileName": "KeyvaultMassSecretRetrieval.yaml", - "DetectionId": "24f8c234-d1ff-40ec-8b73-96b17a3a9c1c", - "OldPath": "https://github.com/Azure/Azure-Sentinel/blob/master/Detections/AzureDiagnostics/", - "NewPath": "https://github.com/Azure/Azure-Sentinel/blob/master/Solutions/Azure%20Key%20Vault/Analytic%20Rules" - }, - { - "FileName": "NRT_KeyVaultSensitiveOperations.yaml", - "DetectionId": "884ead54-cb3f-4676-a1eb-b26532d6cbfd", - "OldPath": "https://github.com/Azure/Azure-Sentinel/blob/master/Detections/AzureDiagnostics/", - "NewPath": "https://github.com/Azure/Azure-Sentinel/blob/master/Solutions/Azure%20Key%20Vault/Analytic%20Rules" - }, - { - "FileName": "TimeSeriesKeyvaultAccessAnomaly.yaml", - "DetectionId": "0914adab-90b5-47a3-a79f-7cdcac843aa7", - "OldPath": "https://github.com/Azure/Azure-Sentinel/blob/master/Detections/AzureDiagnostics/", - "NewPath": "https://github.com/Azure/Azure-Sentinel/blob/master/Solutions/Azure%20Key%20Vault/Analytic%20Rules" - }, - { - "FileName": "CorrelateIPC_Unfamiliar-Atypical.yaml", - "DetectionId": "fa6cfcf1-b267-46d4-b348-ae7870325507", - "OldPath": "https://github.com/Azure/Azure-Sentinel/blob/master/Detections/SecurityAlert/", - "NewPath": "https://github.com/Azure/Azure-Sentinel/blob/master/Solutions/Azure%20Active%20Directory%20Identity%20Protection/Analytic%20Rules" - }, - { - "FileName": "ADOAgentPoolCreatedDeleted.yaml", - "DetectionId": "acfdee3f-b794-404a-aeba-ef6a1fa08ad1", - "OldPath": "https://github.com/Azure/Azure-Sentinel/blob/master/Detections/AzureDevOpsAuditing/", - "NewPath": "https://github.com/Azure/Azure-Sentinel/blob/master/Solutions/AzureDevOpsAuditing/Analytic%20Rules" - }, - { - "FileName": "ADOAuditStreamDisabled.yaml", - "DetectionId": "4e8238bd-ff4f-4126-a9f6-09b3b6801b3d", - "OldPath": "https://github.com/Azure/Azure-Sentinel/blob/master/Detections/AzureDevOpsAuditing/", - "NewPath": "https://github.com/Azure/Azure-Sentinel/blob/master/Solutions/AzureDevOpsAuditing/Analytic%20Rules" - }, - { - "FileName": "ADONewExtensionAdded.yaml", - "DetectionId": "bf07ca9c-e408-443a-8939-6860a45a929e", - "OldPath": "https://github.com/Azure/Azure-Sentinel/blob/master/Detections/AzureDevOpsAuditing/", - "NewPath": "https://github.com/Azure/Azure-Sentinel/blob/master/Solutions/AzureDevOpsAuditing/Analytic%20Rules" - }, - { - "FileName": "ADOPATUsedWithBrowser.yaml", - "DetectionId": "5f0d80db-3415-4265-9d52-8466b7372e3a", - "OldPath": "https://github.com/Azure/Azure-Sentinel/blob/master/Detections/AzureDevOpsAuditing/", - "NewPath": "https://github.com/Azure/Azure-Sentinel/blob/master/Solutions/AzureDevOpsAuditing/Analytic%20Rules" - }, - { - "FileName": "ADOPipelineModifiedbyNewUser.yaml", - "DetectionId": "155e9134-d5ad-4a6f-88f3-99c220040b66", - "OldPath": "https://github.com/Azure/Azure-Sentinel/blob/master/Detections/AzureDevOpsAuditing/", - "NewPath": "https://github.com/Azure/Azure-Sentinel/blob/master/Solutions/AzureDevOpsAuditing/Analytic%20Rules" - }, - { - "FileName": "ADORetentionReduced.yaml", - "DetectionId": "71d374e0-1cf8-4e50-aecd-ab6c519795c2", - "OldPath": "https://github.com/Azure/Azure-Sentinel/blob/master/Detections/AzureDevOpsAuditing/", - "NewPath": "https://github.com/Azure/Azure-Sentinel/blob/master/Solutions/AzureDevOpsAuditing/Analytic%20Rules" - }, - { - "FileName": "ADOSecretNotSecured.yaml", - "DetectionId": "4ca74dc0-8352-4ac5-893c-73571cc78331", - "OldPath": "https://github.com/Azure/Azure-Sentinel/blob/master/Detections/AzureDevOpsAuditing/", - "NewPath": "https://github.com/Azure/Azure-Sentinel/blob/master/Solutions/AzureDevOpsAuditing/Analytic%20Rules" - }, - { - "FileName": "ADOVariableModifiedByNewUser.yaml", - "DetectionId": "3b9a44d7-c651-45ed-816c-eae583a6f2f1", - "OldPath": "https://github.com/Azure/Azure-Sentinel/blob/master/Detections/AzureDevOpsAuditing/", - "NewPath": "https://github.com/Azure/Azure-Sentinel/blob/master/Solutions/AzureDevOpsAuditing/Analytic%20Rules" - }, - { - "FileName": "AzDOAdminGroupAdditions.yaml", - "DetectionId": "89e6adbd-612c-4fbe-bc3d-32f81baf3b6c", - "OldPath": "https://github.com/Azure/Azure-Sentinel/blob/master/Detections/AzureDevOpsAuditing/", - "NewPath": "https://github.com/Azure/Azure-Sentinel/blob/master/Solutions/AzureDevOpsAuditing/Analytic%20Rules" - }, - { - "FileName": "AzDOHistoricPrPolicyBypassing.yaml", - "DetectionId": "4d8de9e6-263e-4845-8618-cd23a4f58b70", - "OldPath": "https://github.com/Azure/Azure-Sentinel/blob/master/Detections/AzureDevOpsAuditing/", - "NewPath": "https://github.com/Azure/Azure-Sentinel/blob/master/Solutions/AzureDevOpsAuditing/Analytic%20Rules" - }, - { - "FileName": "AzDOHistoricServiceConnectionAdds.yaml", - "DetectionId": "5efb0cfd-063d-417a-803b-562eae5b0301", - "OldPath": "https://github.com/Azure/Azure-Sentinel/blob/master/Detections/AzureDevOpsAuditing/", - "NewPath": "https://github.com/Azure/Azure-Sentinel/blob/master/Solutions/AzureDevOpsAuditing/Analytic%20Rules" - }, - { - "FileName": "AzDOPatSessionMisuse.yaml", - "DetectionId": "ac891683-53c3-4f86-86b4-c361708e2b2b", - "OldPath": "https://github.com/Azure/Azure-Sentinel/blob/master/Detections/AzureDevOpsAuditing/", - "NewPath": "https://github.com/Azure/Azure-Sentinel/blob/master/Solutions/AzureDevOpsAuditing/Analytic%20Rules" - }, - { - "FileName": "AzDOPipelineCreatedDeletedOneDay.yaml", - "DetectionId": "17f23fbe-bb73-4324-8ecf-a18545a5dc26", - "OldPath": "https://github.com/Azure/Azure-Sentinel/blob/master/Detections/AzureDevOpsAuditing/", - "NewPath": "https://github.com/Azure/Azure-Sentinel/blob/master/Solutions/AzureDevOpsAuditing/Analytic%20Rules" - }, - { - "FileName": "AzDOServiceConnectionUsage.yaml", - "DetectionId": "d564ff12-8f53-41b8-8649-44f76b37b99f", - "OldPath": "https://github.com/Azure/Azure-Sentinel/blob/master/Detections/AzureDevOpsAuditing/", - "NewPath": "https://github.com/Azure/Azure-Sentinel/blob/master/Solutions/AzureDevOpsAuditing/Analytic%20Rules" - }, - { - "FileName": "ExternalUpstreamSourceAddedtoAzureDevOpsFeed.yaml", - "DetectionId": "adc32a33-1cd6-46f5-8801-e3ed8337885f", - "OldPath": "https://github.com/Azure/Azure-Sentinel/blob/master/Detections/AzureDevOpsAuditing/", - "NewPath": "https://github.com/Azure/Azure-Sentinel/blob/master/Solutions/AzureDevOpsAuditing/Analytic%20Rules" - }, - { - "FileName": "NewAgentAddedToPoolbyNewUserorofNewOS.yaml", - "DetectionId": "4ce177b3-56b1-4f0e-b83e-27eed4cb0b16", - "OldPath": "https://github.com/Azure/Azure-Sentinel/blob/master/Detections/AzureDevOpsAuditing/", - "NewPath": "https://github.com/Azure/Azure-Sentinel/blob/master/Solutions/AzureDevOpsAuditing/Analytic%20Rules" - }, - { - "FileName": "NewPAPCAPCASaddedtoADO.yaml", - "DetectionId": "35ce9aff-1708-45b8-a295-5e9a307f5f17", - "OldPath": "https://github.com/Azure/Azure-Sentinel/blob/master/Detections/AzureDevOpsAuditing/", - "NewPath": "https://github.com/Azure/Azure-Sentinel/blob/master/Solutions/AzureDevOpsAuditing/Analytic%20Rules" - }, - { - "FileName": "NRT_ADOAuditStreamDisabled.yaml", - "DetectionId": "74ed028d-e392-40b7-baef-e69627bf89d1", - "OldPath": "https://github.com/Azure/Azure-Sentinel/blob/master/Detections/AzureDevOpsAuditing/", - "NewPath": "https://github.com/Azure/Azure-Sentinel/blob/master/Solutions/AzureDevOpsAuditing/Analytic%20Rules" - }, - { - "FileName": "DNS_HighNXDomainCount_detection.yaml", - "DetectionId": "a0907abe-6925-4d90-af2b-c7e89dc201a6", - "OldPath": "https://github.com/Azure/Azure-Sentinel/blob/master/Detections/DnsEvents/", - "NewPath": "https://github.com/Azure/Azure-Sentinel/blob/master/Solutions/Windows%20Server%20DNS/Analytic%20Rules" - }, - { - "FileName": "DNS_HighReverseDNSCount_detection.yaml", - "DetectionId": "15ae38a2-2e29-48f7-883f-863fb25a5a06", - "OldPath": "https://github.com/Azure/Azure-Sentinel/blob/master/Detections/DnsEvents/", - "NewPath": "https://github.com/Azure/Azure-Sentinel/blob/master/Solutions/Windows%20Server%20DNS/Analytic%20Rules" - }, - { - "FileName": "DNS_Miners.yaml", - "DetectionId": "0d76e9cf-788d-4a69-ac7d-f234826b5bed", - "OldPath": "https://github.com/Azure/Azure-Sentinel/blob/master/Detections/DnsEvents/", - "NewPath": "https://github.com/Azure/Azure-Sentinel/blob/master/Solutions/Windows%20Server%20DNS/Analytic%20Rules" - }, - { - "FileName": "DNS_TorProxies.yaml", - "DetectionId": "a83ef0f4-dace-4767-bce3-ebd32599d2a0", - "OldPath": "https://github.com/Azure/Azure-Sentinel/blob/master/Detections/DnsEvents/", - "NewPath": "https://github.com/Azure/Azure-Sentinel/blob/master/Solutions/Windows%20Server%20DNS/Analytic%20Rules" - }, - { - "FileName": "NRT_DNS_Related_To_Mining_Pools.yaml", - "DetectionId": "d5b32cd4-2328-43da-ab47-cd289c1f5efc", - "OldPath": "https://github.com/Azure/Azure-Sentinel/blob/master/Detections/DnsEvents/", - "NewPath": "https://github.com/Azure/Azure-Sentinel/blob/master/Solutions/Windows%20Server%20DNS/Analytic%20Rules" - }, - { - "FileName": "CoreBackupDeletionwithSecurityAlert.yaml", - "DetectionId": "011c84d8-85f0-4370-b864-24c13455aa94", - "OldPath": "https://github.com/Azure/Azure-Sentinel/blob/master/Detections/SecurityAlert/", - "NewPath": "https://github.com/Azure/Azure-Sentinel/blob/master/Solutions/Microsoft%20Defender%20for%20Cloud/Analytic%20Rules" - }, - { - "FileName": "ADFSDBNamedPipeConnection.yaml", - "DetectionId": "dcdf9bfc-c239-4764-a9f9-3612e6dff49c", - "OldPath": "https://github.com/Azure/Azure-Sentinel/blob/master/Detections/SecurityEvent/", - "NewPath": "https://github.com/Azure/Azure-Sentinel/blob/master/Solutions/Windows%20Security%20Events/Analytic%20Rules" - }, - { - "FileName": "ADFSRemoteAuthSyncConnection.yaml", - "DetectionId": "2f4165a6-c4fb-4e94-861e-37f1b4d6c0e6", - "OldPath": "https://github.com/Azure/Azure-Sentinel/blob/master/Detections/SecurityEvent/", - "NewPath": "https://github.com/Azure/Azure-Sentinel/blob/master/Solutions/Windows%20Security%20Events/Analytic%20Rules" - }, - { - "FileName": "ADFSRemoteHTTPNetworkConnection.yaml", - "DetectionId": "d57c33a9-76b9-40e0-9dfa-ff0404546410", - "OldPath": "https://github.com/Azure/Azure-Sentinel/blob/master/Detections/SecurityEvent/", - "NewPath": "https://github.com/Azure/Azure-Sentinel/blob/master/Solutions/Windows%20Security%20Events/Analytic%20Rules" - }, - { - "FileName": "ExcessiveLogonFailures.yaml", - "DetectionId": "2391ce61-8c8d-41ac-9723-d945b2e90720", - "OldPath": "https://github.com/Azure/Azure-Sentinel/blob/master/Detections/SecurityEvent/", - "NewPath": "https://github.com/Azure/Azure-Sentinel/blob/master/Solutions/Windows%20Security%20Events/Analytic%20Rules" - }, - { - "FileName": "ExchangeOABVirtualDirectoryAttributeContainingPotentialWebshell.yaml", - "DetectionId": "faf1a6ff-53b5-4f92-8c55-4b20e9957594", - "OldPath": "https://github.com/Azure/Azure-Sentinel/blob/master/Detections/SecurityEvent/", - "NewPath": "https://github.com/Azure/Azure-Sentinel/blob/master/Solutions/Windows%20Security%20Events/Analytic%20Rules" - }, - { - "FileName": "GainCodeExecutionADFSViaSMB.yaml", - "DetectionId": "12dcea64-bec2-41c9-9df2-9f28461b1295", - "OldPath": "https://github.com/Azure/Azure-Sentinel/blob/master/Detections/SecurityEvent/", - "NewPath": "https://github.com/Azure/Azure-Sentinel/blob/master/Solutions/Windows%20Security%20Events/Analytic%20Rules" - }, - { - "FileName": "LocalDeviceJoinInfoAndTransportKeyRegKeysAccess.yaml", - "DetectionId": "a356c8bd-c81d-428b-aa36-83be706be034", - "OldPath": "https://github.com/Azure/Azure-Sentinel/blob/master/Detections/SecurityEvent/", - "NewPath": "https://github.com/Azure/Azure-Sentinel/blob/master/Solutions/Windows%20Security%20Events/Analytic%20Rules" - }, - { - "FileName": "MultipleFailedFollowedBySuccess.yaml", - "DetectionId": "cf3ede88-a429-493b-9108-3e46d3c741f7", - "OldPath": "https://github.com/Azure/Azure-Sentinel/blob/master/Detections/SecurityEvent/", - "NewPath": "https://github.com/Azure/Azure-Sentinel/blob/master/Solutions/Windows%20Security%20Events/Analytic%20Rules" - }, - { - "FileName": "NewEXEdeployedviaDefaultDomainorDefaultDomainControllerPolicies.yaml", - "DetectionId": "05b4bccd-dd12-423d-8de4-5a6fb526bb4f", - "OldPath": "https://github.com/Azure/Azure-Sentinel/blob/master/Detections/SecurityEvent/", - "NewPath": "https://github.com/Azure/Azure-Sentinel/blob/master/Solutions/Windows%20Security%20Events/Analytic%20Rules" - }, - { - "FileName": "NonDCActiveDirectoryReplication.yaml", - "DetectionId": "b9d2eebc-5dcb-4888-8165-900db44443ab", - "OldPath": "https://github.com/Azure/Azure-Sentinel/blob/master/Detections/SecurityEvent/", - "NewPath": "https://github.com/Azure/Azure-Sentinel/blob/master/Solutions/Windows%20Security%20Events/Analytic%20Rules" - }, - { - "FileName": "NRT_base64_encoded_pefile.yaml", - "DetectionId": "c3e5dbaa-a540-408c-8b36-68bdfb3df088", - "OldPath": "https://github.com/Azure/Azure-Sentinel/blob/master/Detections/SecurityEvent/", - "NewPath": "https://github.com/Azure/Azure-Sentinel/blob/master/Solutions/Windows%20Security%20Events/Analytic%20Rules" - }, - { - "FileName": "NRT_execute_base64_decodedpayload.yaml", - "DetectionId": "7ad4c32b-d0d2-411c-a0e8-b557afa12fce", - "OldPath": "https://github.com/Azure/Azure-Sentinel/blob/master/Detections/SecurityEvent/", - "NewPath": "https://github.com/Azure/Azure-Sentinel/blob/master/Solutions/Windows%20Security%20Events/Analytic%20Rules" - }, - { - "FileName": "NRT_SecurityEventLogCleared.yaml", - "DetectionId": "508cef41-2cd8-4d40-a519-b04826a9085f", - "OldPath": "https://github.com/Azure/Azure-Sentinel/blob/master/Detections/SecurityEvent/", - "NewPath": "https://github.com/Azure/Azure-Sentinel/blob/master/Solutions/Windows%20Security%20Events/Analytic%20Rules" - }, - { - "FileName": "password_not_set.yaml", - "DetectionId": "62085097-d113-459f-9ea7-30216f2ee6af", - "OldPath": "https://github.com/Azure/Azure-Sentinel/blob/master/Detections/SecurityEvent/", - "NewPath": "https://github.com/Azure/Azure-Sentinel/blob/master/Solutions/Windows%20Security%20Events/Analytic%20Rules" - }, - { - "FileName": "PotentialFodhelperUACBypass.yaml", - "DetectionId": "56f3f35c-3aca-4437-a1fb-b7a84dc4af00", - "OldPath": "https://github.com/Azure/Azure-Sentinel/blob/master/Detections/SecurityEvent/", - "NewPath": "https://github.com/Azure/Azure-Sentinel/blob/master/Solutions/Windows%20Security%20Events/Analytic%20Rules" - }, - { - "FileName": "Potentialre-namedsdeleteusage.yaml", - "DetectionId": "720d12c6-a08c-44c4-b18f-2236412d59b0", - "OldPath": "https://github.com/Azure/Azure-Sentinel/blob/master/Detections/SecurityEvent/", - "NewPath": "https://github.com/Azure/Azure-Sentinel/blob/master/Solutions/Windows%20Security%20Events/Analytic%20Rules" - }, - { - "FileName": "ScheduleTaskHide.yaml", - "DetectionId": "6dd2629c-534b-4275-8201-d7968b4fa77e", - "OldPath": "https://github.com/Azure/Azure-Sentinel/blob/master/Detections/SecurityEvent/", - "NewPath": "https://github.com/Azure/Azure-Sentinel/blob/master/Solutions/Windows%20Security%20Events/Analytic%20Rules" - }, - { - "FileName": "SdeletedeployedviaGPOandrunrecursively.yaml", - "DetectionId": "d9f28fdf-abc8-4f1a-a7e7-1aaec87a2fc5", - "OldPath": "https://github.com/Azure/Azure-Sentinel/blob/master/Detections/SecurityEvent/", - "NewPath": "https://github.com/Azure/Azure-Sentinel/blob/master/Solutions/Windows%20Security%20Events/Analytic%20Rules" - }, - { - "FileName": "StartStopHealthService.yaml", - "DetectionId": "2bc7b4ae-eeaa-4538-ba15-ef298ec1ffae", - "OldPath": "https://github.com/Azure/Azure-Sentinel/blob/master/Detections/SecurityEvent/", - "NewPath": "https://github.com/Azure/Azure-Sentinel/blob/master/Solutions/Windows%20Security%20Events/Analytic%20Rules" - }, - { - "FileName": "TimeSeriesAnomaly-ProcessExecutions.yaml", - "DetectionId": "2c55fe7a-b06f-4029-a5b9-c54a2320d7b8", - "OldPath": "https://github.com/Azure/Azure-Sentinel/blob/master/Detections/SecurityEvent/", - "NewPath": "https://github.com/Azure/Azure-Sentinel/blob/master/Solutions/Windows%20Security%20Events/Analytic%20Rules" - }, - { - "FileName": "AWS_ChangeToRDSDatabase.yaml", - "DetectionId": "8c2ef238-67a0-497d-b1dd-5c8a0f533e25", - "OldPath": "https://github.com/Azure/Azure-Sentinel/blob/master/Detections/AWSCloudTrail/", - "NewPath": "https://github.com/Azure/Azure-Sentinel/blob/master/Solutions/Amazon%20Web%20Services/Analytic%20Rules" - }, - { - "FileName": "AWS_ChangeToVPC.yaml", - "DetectionId": "65360bb0-8986-4ade-a89d-af3cf44d28aa", - "OldPath": "https://github.com/Azure/Azure-Sentinel/blob/master/Detections/AWSCloudTrail/", - "NewPath": "https://github.com/Azure/Azure-Sentinel/blob/master/Solutions/Amazon%20Web%20Services/Analytic%20Rules" - }, - { - "FileName": "AWS_ClearStopChangeTrailLogs.yaml", - "DetectionId": "610d3850-c26f-4f20-8d86-f10fdf2425f5", - "OldPath": "https://github.com/Azure/Azure-Sentinel/blob/master/Detections/AWSCloudTrail/", - "NewPath": "https://github.com/Azure/Azure-Sentinel/blob/master/Solutions/Amazon%20Web%20Services/Analytic%20Rules" - }, - { - "FileName": "AWS_ConsoleLogonWithoutMFA.yaml", - "DetectionId": "d25b1998-a592-4bc5-8a3a-92b39eedb1bc", - "OldPath": "https://github.com/Azure/Azure-Sentinel/blob/master/Detections/AWSCloudTrail/", - "NewPath": "https://github.com/Azure/Azure-Sentinel/blob/master/Solutions/Amazon%20Web%20Services/Analytic%20Rules" - }, - { - "FileName": "AWS_CredentialHijack.yaml", - "DetectionId": "32555639-b639-4c2b-afda-c0ae0abefa55", - "OldPath": "https://github.com/Azure/Azure-Sentinel/blob/master/Detections/AWSCloudTrail/", - "NewPath": "https://github.com/Azure/Azure-Sentinel/blob/master/Solutions/Amazon%20Web%20Services/Analytic%20Rules" - }, - { - "FileName": "AWS_FullAdminPolicyAttachedToRolesUsersGroups.yaml", - "DetectionId": "826bb2f8-7894-4785-9a6b-a8a855d8366f", - "OldPath": "https://github.com/Azure/Azure-Sentinel/blob/master/Detections/AWSCloudTrail/", - "NewPath": "https://github.com/Azure/Azure-Sentinel/blob/master/Solutions/Amazon%20Web%20Services/Analytic%20Rules" - }, - { - "FileName": "AWS_GuardDuty_template.yaml", - "DetectionId": "bf0cde21-0c41-48f6-a40c-6b5bd71fa106", - "OldPath": "https://github.com/Azure/Azure-Sentinel/blob/master/Detections/AWSGuardDuty/", - "NewPath": "https://github.com/Azure/Azure-Sentinel/blob/master/Solutions/Amazon%20Web%20Services/Analytic%20Rules" - }, - { - "FileName": "AWS_IngressEgressSecurityGroupChange.yaml", - "DetectionId": "4f19d4e3-ec5f-4abc-9e61-819eb131758c", - "OldPath": "https://github.com/Azure/Azure-Sentinel/blob/master/Detections/AWSCloudTrail/", - "NewPath": "https://github.com/Azure/Azure-Sentinel/blob/master/Solutions/Amazon%20Web%20Services/Analytic%20Rules" - }, - { - "FileName": "AWS_LoadBalancerSecGroupChange.yaml", - "DetectionId": "c7bfadd4-34a6-4fa5-82f8-3691a32261e8", - "OldPath": "https://github.com/Azure/Azure-Sentinel/blob/master/Detections/AWSCloudTrail/", - "NewPath": "https://github.com/Azure/Azure-Sentinel/blob/master/Solutions/Amazon%20Web%20Services/Analytic%20Rules" - }, - { - "FileName": "NRT_AWS_ConsoleLogonWithoutMFA.yaml", - "DetectionId": "0ee2aafb-4500-4e36-bcb1-e90eec2f0b9b", - "OldPath": "https://github.com/Azure/Azure-Sentinel/blob/master/Detections/AWSCloudTrail/", - "NewPath": "https://github.com/Azure/Azure-Sentinel/blob/master/Solutions/Amazon%20Web%20Services/Analytic%20Rules" - }, - { - "FileName": "AzureWAFmatching_log4j_vuln.yaml", - "DetectionId": "2de8abd6-a613-450e-95ed-08e503369fb3", - "OldPath": "https://github.com/Azure/Azure-Sentinel/blob/master/Detections/AzureDiagnostics/", - "NewPath": "https://github.com/Azure/Azure-Sentinel/blob/master/Solutions/Apache%20Log4j%20Vulnerability%20Detection/Analytic%20Rules" - }, - { - "FileName": "Log4jVulnerableMachines.yaml", - "DetectionId": "3d71fc38-f249-454e-8479-0a358382ef9a", - "OldPath": "https://github.com/Azure/Azure-Sentinel/tree/master/Detections/SecurityNestedRecommendation/", - "NewPath": "https://github.com/Azure/Azure-Sentinel/blob/master/Solutions/Apache%20Log4j%20Vulnerability%20Detection/Analytic%20Rules" - }, - { - "FileName": "Log4J_IPIOC_Dec112021.yaml", - "DetectionId": "6e575295-a7e6-464c-8192-3e1d8fd6a990", - "OldPath": "https://github.com/Azure/Azure-Sentinel/blob/master/Detections/MultipleDataSources/", - "NewPath": "https://github.com/Azure/Azure-Sentinel/blob/master/Solutions/Apache%20Log4j%20Vulnerability%20Detection/Analytic%20Rules" - }, - { - "FileName": "UserAgentSearch_log4j.yaml", - "DetectionId": "29283b22-a1c0-4d16-b0a9-3460b655a46a", - "OldPath": "https://github.com/Azure/Azure-Sentinel/blob/master/Detections/MultipleDataSources/", - "NewPath": "https://github.com/Azure/Azure-Sentinel/blob/master/Solutions/Apache%20Log4j%20Vulnerability%20Detection/Analytic%20Rules" - }, - { - "FileName": "MFADisable.yaml", - "DetectionId": "65c78944-930b-4cae-bd79-c3664ae30ba7", - "OldPath": "https://github.com/Azure/Azure-Sentinel/blob/master/Detections/MultipleDataSources/", - "NewPath": "https://github.com/Azure/Azure-Sentinel/blob/master/Solutions/Cloud%20Identity%20Threat%20Protection%20Essentials/Analytic%20Rules" - }, - { - "FileName": "NewExtUserGrantedAdmin.yaml", - "DetectionId": "d7424fd9-abb3-4ded-a723-eebe023aaa0b", - "OldPath": "https://github.com/Azure/Azure-Sentinel/blob/master/Detections/AuditLogs/", - "NewPath": "https://github.com/Azure/Azure-Sentinel/blob/master/Solutions/Cloud%20Identity%20Threat%20Protection%20Essentials/Analytic%20Rules" - }, - { - "FileName": "exchange_auditlogdisabled.yaml", - "DetectionId": "194dd92e-d6e7-4249-85a5-273350a7f5ce", - "OldPath": "https://github.com/Azure/Azure-Sentinel/blob/master/Detections/OfficeActivity/", - "NewPath": "https://github.com/Azure/Azure-Sentinel/blob/master/Solutions/Microsoft%20365/Analytic%20Rules" - }, - { - "FileName": "External User added to Team and immediately uploads file.yaml", - "DetectionId": "bff058b2-500e-4ae5-bb49-a5b1423cbd5b", - "OldPath": "https://github.com/Azure/Azure-Sentinel/blob/master/Detections/OfficeActivity/", - "NewPath": "https://github.com/Azure/Azure-Sentinel/blob/master/Solutions/Microsoft%20365/Analytic%20Rules" - }, - { - "FileName": "ExternalUserAddedRemovedInTeams.yaml", - "DetectionId": "bff093b2-500e-4ae5-bb49-a5b1423cbd5b", - "OldPath": "https://github.com/Azure/Azure-Sentinel/blob/master/Detections/OfficeActivity/", - "NewPath": "https://github.com/Azure/Azure-Sentinel/blob/master/Solutions/Microsoft%20365/Analytic%20Rules" - }, - { - "FileName": "Mail_redirect_via_ExO_transport_rule.yaml", - "DetectionId": "500415fb-bba7-4227-a08a-9857fb61b6a7", - "OldPath": "https://github.com/Azure/Azure-Sentinel/blob/master/Detections/OfficeActivity/", - "NewPath": "https://github.com/Azure/Azure-Sentinel/blob/master/Solutions/Microsoft%20365/Analytic%20Rules" - }, - { - "FileName": "MailItemsAccessedTimeSeries.yaml", - "DetectionId": "b4ceb583-4c44-4555-8ecf-39f572e827ba", - "OldPath": "https://github.com/Azure/Azure-Sentinel/blob/master/Detections/OfficeActivity/", - "NewPath": "https://github.com/Azure/Azure-Sentinel/blob/master/Solutions/Microsoft%20365/Analytic%20Rules" - }, - { - "FileName": "Malicious_Inbox_Rule.yaml", - "DetectionId": "7b907bf7-77d4-41d0-a208-5643ff75bf9a", - "OldPath": "https://github.com/Azure/Azure-Sentinel/blob/master/Detections/OfficeActivity/", - "NewPath": "https://github.com/Azure/Azure-Sentinel/blob/master/Solutions/Microsoft%20365/Analytic%20Rules" - }, - { - "FileName": "MultipleTeamsDeletes.yaml", - "DetectionId": "173f8699-6af5-484a-8b06-8c47ba89b380", - "OldPath": "https://github.com/Azure/Azure-Sentinel/blob/master/Detections/OfficeActivity/", - "NewPath": "https://github.com/Azure/Azure-Sentinel/blob/master/Solutions/Microsoft%20365/Analytic%20Rules" - }, - { - "FileName": "Office_MailForwarding.yaml", - "DetectionId": "871ba14c-88ef-48aa-ad38-810f26760ca3", - "OldPath": "https://github.com/Azure/Azure-Sentinel/blob/master/Detections/OfficeActivity/", - "NewPath": "https://github.com/Azure/Azure-Sentinel/blob/master/Solutions/Microsoft%20365/Analytic%20Rules" - }, - { - "FileName": "office_policytampering.yaml", - "DetectionId": "fbd72eb8-087e-466b-bd54-1ca6ea08c6d3", - "OldPath": "https://github.com/Azure/Azure-Sentinel/blob/master/Detections/OfficeActivity/", - "NewPath": "https://github.com/Azure/Azure-Sentinel/blob/master/Solutions/Microsoft%20365/Analytic%20Rules" - }, - { - "FileName": "Office_Uploaded_Executables.yaml", - "DetectionId": "d722831e-88f5-4e25-b106-4ef6e29f8c13", - "OldPath": "https://github.com/Azure/Azure-Sentinel/blob/master/Detections/OfficeActivity/", - "NewPath": "https://github.com/Azure/Azure-Sentinel/blob/master/Solutions/Microsoft%20365/Analytic%20Rules" - }, - { - "FileName": "RareOfficeOperations.yaml", - "DetectionId": "957cb240-f45d-4491-9ba5-93430a3c08be", - "OldPath": "https://github.com/Azure/Azure-Sentinel/blob/master/Detections/OfficeActivity/", - "NewPath": "https://github.com/Azure/Azure-Sentinel/blob/master/Solutions/Microsoft%20365/Analytic%20Rules" - }, - { - "FileName": "SharePoint_Downloads_byNewIP.yaml", - "DetectionId": "4b11568b-3f5f-4ba1-80c8-7f1dc8390eb7", - "OldPath": "https://github.com/Azure/Azure-Sentinel/blob/master/Detections/OfficeActivity/", - "NewPath": "https://github.com/Azure/Azure-Sentinel/blob/master/Solutions/Microsoft%20365/Analytic%20Rules" - }, - { - "FileName": "SharePoint_Downloads_byNewUserAgent.yaml", - "DetectionId": "5dd76a87-9f87-4576-bab3-268b0e2b338b", - "OldPath": "https://github.com/Azure/Azure-Sentinel/blob/master/Detections/OfficeActivity/", - "NewPath": "https://github.com/Azure/Azure-Sentinel/blob/master/Solutions/Microsoft%20365/Analytic%20Rules" - }, - { - "FileName": "StrontiumCredHarvesting.yaml", - "DetectionId": "04384937-e927-4595-8f3c-89ff58ed231f", - "OldPath": "https://github.com/Azure/Azure-Sentinel/blob/master/Detections/OfficeActivity/", - "NewPath": "https://github.com/Azure/Azure-Sentinel/blob/master/Solutions/Microsoft%20365/Analytic%20Rules" - }, - { - "FileName": "AdFind_Usage.yaml", - "DetectionId": "c63ae777-d5e0-4113-8c9a-c2c9d3d09fcd", - "OldPath": "https://github.com/Azure/Azure-Sentinel/blob/master/Detections/DeviceProcessEvents/", - "NewPath": "https://github.com/Azure/Azure-Sentinel/blob/master/Solutions/Attacker%20Tools%20Threat%20Protection%20Essentials/Analytic%20Rules" - }, - { - "FileName": "CredentialDumpingServiceInstallation.yaml", - "DetectionId": "4ebbb5c2-8802-11ec-a8a3-0242ac120002", - "OldPath": "https://github.com/Azure/Azure-Sentinel/blob/master/Detections/SecurityEvent/", - "NewPath": "https://github.com/Azure/Azure-Sentinel/blob/master/Solutions/Attacker%20Tools%20Threat%20Protection%20Essentials/Analytic%20Rules" - }, - { - "FileName": "CredentialDumpingToolsFileArtifacts.yaml", - "DetectionId": "32ffb19e-8ed8-40ed-87a0-1adb4746b7c4", - "OldPath": "https://github.com/Azure/Azure-Sentinel/blob/master/Detections/SecurityEvent/", - "NewPath": "https://github.com/Azure/Azure-Sentinel/blob/master/Solutions/Attacker%20Tools%20Threat%20Protection%20Essentials/Analytic%20Rules" - }, - { - "FileName": "powershell_empire.yaml", - "DetectionId": "ef88eb96-861c-43a0-ab16-f3835a97c928", - "OldPath": "https://github.com/Azure/Azure-Sentinel/blob/master/Detections/SecurityEvent/", - "NewPath": "https://github.com/Azure/Azure-Sentinel/blob/master/Solutions/Attacker%20Tools%20Threat%20Protection%20Essentials/Analytic%20Rules" - }, - { - "FileName": "DomainEntity_CommonSecurityLog.yaml", - "DetectionId": "dd0a6029-ecef-4507-89c4-fc355ac52111", - "OldPath": "https://github.com/Azure/Azure-Sentinel/blob/master/Detections/ThreatIntelligenceIndicator/", - "NewPath": "https://github.com/Azure/Azure-Sentinel/blob/master/Solutions/Threat%20Intelligence/Analytic%20Rules" - }, - { - "FileName": "DomainEntity_DnsEvents.yaml", - "DetectionId": "85aca4d1-5d15-4001-abd9-acb86ca1786a", - "OldPath": "https://github.com/Azure/Azure-Sentinel/blob/master/Detections/ThreatIntelligenceIndicator/", - "NewPath": "https://github.com/Azure/Azure-Sentinel/blob/master/Solutions/Threat%20Intelligence/Analytic%20Rules" - }, - { - "FileName": "DomainEntity_PaloAlto.yaml", - "DetectionId": "ec21493c-2684-4acd-9bc2-696dbad72426", - "OldPath": "https://github.com/Azure/Azure-Sentinel/blob/master/Detections/ThreatIntelligenceIndicator/", - "NewPath": "https://github.com/Azure/Azure-Sentinel/blob/master/Solutions/Threat%20Intelligence/Analytic%20Rules" - }, - { - "FileName": "DomainEntity_SecurityAlert.yaml", - "DetectionId": "87890d78-3e05-43ec-9ab9-ba32f4e01250", - "OldPath": "https://github.com/Azure/Azure-Sentinel/blob/master/Detections/ThreatIntelligenceIndicator/", - "NewPath": "https://github.com/Azure/Azure-Sentinel/blob/master/Solutions/Threat%20Intelligence/Analytic%20Rules" - }, - { - "FileName": "DomainEntity_Syslog.yaml", - "DetectionId": "532f62c1-fba6-4baa-bbb6-4a32a4ef32fa", - "OldPath": "https://github.com/Azure/Azure-Sentinel/blob/master/Detections/ThreatIntelligenceIndicator/", - "NewPath": "https://github.com/Azure/Azure-Sentinel/blob/master/Solutions/Threat%20Intelligence/Analytic%20Rules" - }, - { - "FileName": "DomainEntity_imWebSession.yaml", - "DetectionId": "b1832f60-6c3d-4722-a0a5-3d564ee61a63", - "OldPath": "https://github.com/Azure/Azure-Sentinel/blob/master/Detections/ThreatIntelligenceIndicator/", - "NewPath": "https://github.com/Azure/Azure-Sentinel/blob/master/Solutions/Threat%20Intelligence/Analytic%20Rules" - }, - { - "FileName": "EmailEntity_AzureActivity.yaml", - "DetectionId": "cca3b4d9-ac39-4109-8b93-65bb284003e6", - "OldPath": "https://github.com/Azure/Azure-Sentinel/blob/master/Detections/ThreatIntelligenceIndicator/", - "NewPath": "https://github.com/Azure/Azure-Sentinel/blob/master/Solutions/Threat%20Intelligence/Analytic%20Rules" - }, - { - "FileName": "EmailEntity_OfficeActivity.yaml", - "DetectionId": "4a3f5ed7-8da5-4ce2-af6f-c9ada45060f2", - "OldPath": "https://github.com/Azure/Azure-Sentinel/blob/master/Detections/ThreatIntelligenceIndicator/", - "NewPath": "https://github.com/Azure/Azure-Sentinel/blob/master/Solutions/Threat%20Intelligence/Analytic%20Rules" - }, - { - "FileName": "EmailEntity_PaloAlto.yaml", - "DetectionId": "ffcd575b-3d54-482a-a6d8-d0de13b6ac63", - "OldPath": "https://github.com/Azure/Azure-Sentinel/blob/master/Detections/ThreatIntelligenceIndicator/", - "NewPath": "https://github.com/Azure/Azure-Sentinel/blob/master/Solutions/Threat%20Intelligence/Analytic%20Rules" - }, - { - "FileName": "EmailEntity_SecurityAlert.yaml", - "DetectionId": "a2e36ce0-da4d-4b6e-88c6-4e40161c5bfc", - "OldPath": "https://github.com/Azure/Azure-Sentinel/blob/master/Detections/ThreatIntelligenceIndicator/", - "NewPath": "https://github.com/Azure/Azure-Sentinel/blob/master/Solutions/Threat%20Intelligence/Analytic%20Rules" - }, - { - "FileName": "EmailEntity_SecurityEvent.yaml", - "DetectionId": "2fc5d810-c9cc-491a-b564-841427ae0e50", - "OldPath": "https://github.com/Azure/Azure-Sentinel/blob/master/Detections/ThreatIntelligenceIndicator/", - "NewPath": "https://github.com/Azure/Azure-Sentinel/blob/master/Solutions/Threat%20Intelligence/Analytic%20Rules" - }, - { - "FileName": "EmailEntity_SigninLogs.yaml", - "DetectionId": "30fa312c-31eb-43d8-b0cc-bcbdfb360822", - "OldPath": "https://github.com/Azure/Azure-Sentinel/blob/master/Detections/ThreatIntelligenceIndicator/", - "NewPath": "https://github.com/Azure/Azure-Sentinel/blob/master/Solutions/Threat%20Intelligence/Analytic%20Rules" - }, - { - "FileName": "FileHashEntity_CommonSecurityLog.yaml", - "DetectionId": "5d33fc63-b83b-4913-b95e-94d13f0d379f", - "OldPath": "https://github.com/Azure/Azure-Sentinel/blob/master/Detections/ThreatIntelligenceIndicator/", - "NewPath": "https://github.com/Azure/Azure-Sentinel/blob/master/Solutions/Threat%20Intelligence/Analytic%20Rules" - }, - { - "FileName": "FileHashEntity_SecurityEvent.yaml", - "DetectionId": "a7427ed7-04b4-4e3b-b323-08b981b9b4bf", - "OldPath": "https://github.com/Azure/Azure-Sentinel/blob/master/Detections/ThreatIntelligenceIndicator/", - "NewPath": "https://github.com/Azure/Azure-Sentinel/blob/master/Solutions/Threat%20Intelligence/Analytic%20Rules" - }, - { - "FileName": "IPEntity_AWSCloudTrail.yaml", - "DetectionId": "f110287e-1358-490d-8147-ed804b328514", - "OldPath": "https://github.com/Azure/Azure-Sentinel/blob/master/Detections/ThreatIntelligenceIndicator/", - "NewPath": "https://github.com/Azure/Azure-Sentinel/blob/master/Solutions/Threat%20Intelligence/Analytic%20Rules" - }, - { - "FileName": "IPEntity_AppServiceHTTPLogs.yaml", - "DetectionId": "f9949656-473f-4503-bf43-a9d9890f7d08", - "OldPath": "https://github.com/Azure/Azure-Sentinel/blob/master/Detections/ThreatIntelligenceIndicator/", - "NewPath": "https://github.com/Azure/Azure-Sentinel/blob/master/Solutions/Threat%20Intelligence/Analytic%20Rules" - }, - { - "FileName": "IPEntity_AzureActivity.yaml", - "DetectionId": "2441bce9-02e4-407b-8cc7-7d597f38b8b0", - "OldPath": "https://github.com/Azure/Azure-Sentinel/blob/master/Detections/ThreatIntelligenceIndicator/", - "NewPath": "https://github.com/Azure/Azure-Sentinel/blob/master/Solutions/Threat%20Intelligence/Analytic%20Rules" - }, - { - "FileName": "IPEntity_AzureFirewall.yaml", - "DetectionId": "0b904747-1336-4363-8d84-df2710bfe5e7", - "OldPath": "https://github.com/Azure/Azure-Sentinel/blob/master/Detections/ThreatIntelligenceIndicator/", - "NewPath": "https://github.com/Azure/Azure-Sentinel/blob/master/Solutions/Threat%20Intelligence/Analytic%20Rules" - }, - { - "FileName": "IPEntity_AzureKeyVault.yaml", - "DetectionId": "57c7e832-64eb-411f-8928-4133f01f4a25", - "OldPath": "https://github.com/Azure/Azure-Sentinel/blob/master/Detections/ThreatIntelligenceIndicator/", - "NewPath": "https://github.com/Azure/Azure-Sentinel/blob/master/Solutions/Threat%20Intelligence/Analytic%20Rules" - }, - { - "FileName": "IPEntity_AzureNetworkAnalytics.yaml", - "DetectionId": "a4025a76-6490-4e6b-bb69-d02be4b03f07", - "OldPath": "https://github.com/Azure/Azure-Sentinel/blob/master/Detections/ThreatIntelligenceIndicator/", - "NewPath": "https://github.com/Azure/Azure-Sentinel/blob/master/Solutions/Threat%20Intelligence/Analytic%20Rules" - }, - { - "FileName": "IPEntity_AzureSQL.yaml", - "DetectionId": "d0aa8969-1bbe-4da3-9e76-09e5f67c9d85", - "OldPath": "https://github.com/Azure/Azure-Sentinel/blob/master/Detections/ThreatIntelligenceIndicator/", - "NewPath": "https://github.com/Azure/Azure-Sentinel/blob/master/Solutions/Threat%20Intelligence/Analytic%20Rules" - }, - { - "FileName": "IPEntity_CustomSecurityLog.yaml", - "DetectionId": "66c81ae2-1f89-4433-be00-2fbbd9ba5ebe", - "OldPath": "https://github.com/Azure/Azure-Sentinel/blob/master/Detections/ThreatIntelligenceIndicator/", - "NewPath": "https://github.com/Azure/Azure-Sentinel/blob/master/Solutions/Threat%20Intelligence/Analytic%20Rules" - }, - { - "FileName": "IPEntity_DnsEvents.yaml", - "DetectionId": "69b7723c-2889-469f-8b55-a2d355ed9c87", - "OldPath": "https://github.com/Azure/Azure-Sentinel/blob/master/Detections/ThreatIntelligenceIndicator/", - "NewPath": "https://github.com/Azure/Azure-Sentinel/blob/master/Solutions/Threat%20Intelligence/Analytic%20Rules" - }, - { - "FileName": "IPEntity_OfficeActivity.yaml", - "DetectionId": "f15370f4-c6fa-42c5-9be4-1d308f40284e", - "OldPath": "https://github.com/Azure/Azure-Sentinel/blob/master/Detections/ThreatIntelligenceIndicator/", - "NewPath": "https://github.com/Azure/Azure-Sentinel/blob/master/Solutions/Threat%20Intelligence/Analytic%20Rules" - }, - { - "FileName": "IPEntity_VMConnection.yaml", - "DetectionId": "9713e3c0-1410-468d-b79e-383448434b2d", - "OldPath": "https://github.com/Azure/Azure-Sentinel/blob/master/Detections/ThreatIntelligenceIndicator/", - "NewPath": "https://github.com/Azure/Azure-Sentinel/blob/master/Solutions/Threat%20Intelligence/Analytic%20Rules" - }, - { - "FileName": "IPEntity_W3CIISLog.yaml", - "DetectionId": "5e45930c-09b1-4430-b2d1-cc75ada0dc0f", - "OldPath": "https://github.com/Azure/Azure-Sentinel/blob/master/Detections/ThreatIntelligenceIndicator/", - "NewPath": "https://github.com/Azure/Azure-Sentinel/blob/master/Solutions/Threat%20Intelligence/Analytic%20Rules" - }, - { - "FileName": "IPEntity_imWebSession.yaml", - "DetectionId": "e2559891-383c-4caf-ae67-55a008b9f89e", - "OldPath": "https://github.com/Azure/Azure-Sentinel/blob/master/Detections/ThreatIntelligenceIndicator/", - "NewPath": "https://github.com/Azure/Azure-Sentinel/blob/master/Solutions/Threat%20Intelligence/Analytic%20Rules" - }, - { - "FileName": "IPentity_SigninLogs.yaml", - "DetectionId": "f2eb15bd-8a88-4b24-9281-e133edfba315", - "OldPath": "https://github.com/Azure/Azure-Sentinel/blob/master/Detections/ThreatIntelligenceIndicator/", - "NewPath": "https://github.com/Azure/Azure-Sentinel/blob/master/Solutions/Threat%20Intelligence/Analytic%20Rules" - }, - { - "FileName": "URLEntity_AuditLogs.yaml", - "DetectionId": "712fab52-2a7d-401e-a08c-ff939cc7c25e", - "OldPath": "https://github.com/Azure/Azure-Sentinel/blob/master/Detections/ThreatIntelligenceIndicator/", - "NewPath": "https://github.com/Azure/Azure-Sentinel/blob/master/Solutions/Threat%20Intelligence/Analytic%20Rules" - }, - { - "FileName": "URLEntity_OfficeActivity.yaml", - "DetectionId": "36a9c9e5-3dc1-4ed9-afaa-1d13617bfc2b", - "OldPath": "https://github.com/Azure/Azure-Sentinel/blob/master/Detections/ThreatIntelligenceIndicator/", - "NewPath": "https://github.com/Azure/Azure-Sentinel/blob/master/Solutions/Threat%20Intelligence/Analytic%20Rules" - }, - { - "FileName": "URLEntity_PaloAlto.yaml", - "DetectionId": "106813db-679e-4382-a51b-1bfc463befc3", - "OldPath": "https://github.com/Azure/Azure-Sentinel/blob/master/Detections/ThreatIntelligenceIndicator/", - "NewPath": "https://github.com/Azure/Azure-Sentinel/blob/master/Solutions/Threat%20Intelligence/Analytic%20Rules" - }, - { - "FileName": "URLEntity_SecurityAlerts.yaml", - "DetectionId": "f30a47c1-65fb-42b1-a7f4-00941c12550b", - "OldPath": "https://github.com/Azure/Azure-Sentinel/blob/master/Detections/ThreatIntelligenceIndicator/", - "NewPath": "https://github.com/Azure/Azure-Sentinel/blob/master/Solutions/Threat%20Intelligence/Analytic%20Rules" - }, - { - "FileName": "URLEntity_Syslog.yaml", - "DetectionId": "b31037ea-6f68-4fbd-bab2-d0d0f44c2fcf", - "OldPath": "https://github.com/Azure/Azure-Sentinel/blob/master/Detections/ThreatIntelligenceIndicator/", - "NewPath": "https://github.com/Azure/Azure-Sentinel/blob/master/Solutions/Threat%20Intelligence/Analytic%20Rules" - }, - { - "FileName": "NRT_Creation_of_Expensive_Computes_in_Azure.yaml", - "DetectionId": "56fe0db0-6779-46fa-b3c5-006082a53064", - "OldPath": "https://github.com/Azure/Azure-Sentinel/blob/master/Detections/AzureActivity/", - "NewPath": "https://github.com/Azure/Azure-Sentinel/master/Solutions/Azure%20Activity/Analytic%20Rules" - }, - { - "FileName": "NRT-AADHybridHealthADFSNewServer.yaml", - "DetectionId": "ec491363-5fe7-4eff-b68e-f42dcb76fcf6", - "OldPath": "https://github.com/Azure/Azure-Sentinel/blob/master/Detections/AzureActivity/", - "NewPath": "https://github.com/Azure/Azure-Sentinel/master/Solutions/Azure%20Activity/Analytic%20Rules" - }, - { - "FileName": "RareOperations.yaml", - "DetectionId": "23de46ea-c425-4a77-b456-511ae4855d69", - "OldPath": "https://github.com/Azure/Azure-Sentinel/blob/master/Detections/AzureActivity/", - "NewPath": "https://github.com/Azure/Azure-Sentinel/master/Solutions/Azure%20Activity/Analytic%20Rules" - }, - { - "FileName": "TimeSeriesAnomaly_Mass_Cloud_Resource_Deletions.yaml", - "DetectionId": "ed43bdb7-eaab-4ea4-be52-6951fcfa7e3b", - "OldPath": "https://github.com/Azure/Azure-Sentinel/blob/master/Detections/AzureActivity/", - "NewPath": "https://github.com/Azure/Azure-Sentinel/master/Solutions/Azure%20Activity/Analytic%20Rules" - }, - { - "FileName": "AADHybridHealthADFSNewServer.yaml", - "DetectionId": "88f453ff-7b9e-45bb-8c12-4058ca5e44ee", - "OldPath": "https://github.com/Azure/Azure-Sentinel/blob/master/Detections/AzureActivity/", - "NewPath": "https://github.com/Azure/Azure-Sentinel/master/Solutions/Azure%20Activity/Analytic%20Rules" - }, - { - "FileName": "AADHybridHealthADFSServiceDelete.yaml", - "DetectionId": "86a036b2-3686-42eb-b417-909fc0867771", - "OldPath": "https://github.com/Azure/Azure-Sentinel/blob/master/Detections/AzureActivity/", - "NewPath": "https://github.com/Azure/Azure-Sentinel/master/Solutions/Azure%20Activity/Analytic%20Rules" - }, - { - "FileName": "AADHybridHealthADFSSuspApp.yaml", - "DetectionId": "d9938c3b-16f9-444d-bc22-ea9a9110e0fd", - "OldPath": "https://github.com/Azure/Azure-Sentinel/blob/master/Detections/AzureActivity/", - "NewPath": "https://github.com/Azure/Azure-Sentinel/master/Solutions/Azure%20Activity/Analytic%20Rules" - }, - { - "FileName": "Creating_Anomalous_Number_Of_Resources_detection.yaml", - "DetectionId": "361dd1e3-1c11-491e-82a3-bb2e44ac36ba", - "OldPath": "https://github.com/Azure/Azure-Sentinel/blob/master/Detections/AzureActivity/", - "NewPath": "https://github.com/Azure/Azure-Sentinel/master/Solutions/Azure%20Activity/Analytic%20Rules" - }, - { - "FileName": "Creation_of_Expensive_Computes_in_Azure.yaml", - "DetectionId": "9736e5f1-7b6e-4bfb-a708-e53ff1d182c3", - "OldPath": "https://github.com/Azure/Azure-Sentinel/blob/master/Detections/AzureActivity/", - "NewPath": "https://github.com/Azure/Azure-Sentinel/master/Solutions/Azure%20Activity/Analytic%20Rules" - }, - { - "FileName": "Granting_Permissions_To_Account_detection.yaml", - "DetectionId": "b2c15736-b9eb-4dae-8b02-3016b6a45a32", - "OldPath": "https://github.com/Azure/Azure-Sentinel/blob/master/Detections/AzureActivity/", - "NewPath": "https://github.com/Azure/Azure-Sentinel/master/Solutions/Azure%20Activity/Analytic%20Rules" - }, - { - "FileName": "New-CloudShell-User.yaml", - "DetectionId": "6d7214d9-4a28-44df-aafb-0910b9e6ae3e", - "OldPath": "https://github.com/Azure/Azure-Sentinel/blob/master/Detections/AzureActivity/", - "NewPath": "https://github.com/Azure/Azure-Sentinel/master/Solutions/Azure%20Activity/Analytic%20Rules" - }, - { - "FileName": "NewResourceGroupsDeployedTo.yaml", - "DetectionId": "9fb57e58-3ed8-4b89-afcf-c8e786508b1c", - "OldPath": "https://github.com/Azure/Azure-Sentinel/blob/master/Detections/AzureActivity/", - "NewPath": "https://github.com/Azure/Azure-Sentinel/master/Solutions/Azure%20Activity/Analytic%20Rules" - }, - { - "FileName": "Dev-0270PowershellSep2022.yaml", - "DetectionId": "422ca2bf-598b-4872-82bb-5f7e8fa731e7", - "OldPath": "https://github.com/Azure/Azure-Sentinel/blob/master/Detections/MultipleDataSources/", - "NewPath": "https://github.com/Azure/Azure-Sentinel/blob/master/Solutions/Dev%200270%20Detection%20and%20Hunting/Analytic%20Rules" - }, - { - "FileName": "Dev-0270RegistryIOCSep2022.yaml", - "DetectionId": "2566e99f-ad0f-472a-b9ac-d3899c9283e6", - "OldPath": "https://github.com/Azure/Azure-Sentinel/blob/master/Detections/MultipleDataSources/", - "NewPath": "https://github.com/Azure/Azure-Sentinel/blob/master/Solutions/Dev%200270%20Detection%20and%20Hunting/Analytic%20Rules" - }, - { - "FileName": "Dev-0270WMICDiscoverySep2022.yaml", - "DetectionId": "6b652b4f-9810-4eec-9027-7aa88ce4db23", - "OldPath": "https://github.com/Azure/Azure-Sentinel/blob/master/Detections/MultipleDataSources/", - "NewPath": "https://github.com/Azure/Azure-Sentinel/blob/master/Solutions/Dev%200270%20Detection%20and%20Hunting/Analytic%20Rules" - }, - { - "FileName": "ProofpointPODBinaryInAttachment.yaml", - "DetectionId": "eb68b129-5f17-4f56-bf6d-dde48d5e615a", - "OldPath": "https://github.com/Azure/Azure-Sentinel/blob/master/Detections/ProofpointPOD/", - "NewPath": "https://github.com/Azure/Azure-Sentinel/blob/master/Solutions/Proofpoint On demand(POD) Email Security/Analytic%20Rules" - }, - { - "FileName": "ProofpointPODDataExfiltrationToPrivateEmail.yaml", - "DetectionId": "aedc5b33-2d7c-42cb-a692-f25ef637cbb1", - "OldPath": "https://github.com/Azure/Azure-Sentinel/blob/master/Detections/ProofpointPOD/", - "NewPath": "https://github.com/Azure/Azure-Sentinel/blob/master/Solutions/Proofpoint On demand(POD) Email Security/Analytic%20Rules" - }, - { - "FileName": "ProofpointPODHighRiskNotDiscarded.yaml", - "DetectionId": "c7cd6073-6d2c-4284-a5c8-da27605bdfde", - "OldPath": "https://github.com/Azure/Azure-Sentinel/blob/master/Detections/ProofpointPOD/", - "NewPath": "https://github.com/Azure/Azure-Sentinel/blob/master/Solutions/Proofpoint On demand(POD) Email Security/Analytic%20Rules" - }, - { - "FileName": "ProofpointPODMultipleArchivedAttachmentsToSameRecipient.yaml", - "DetectionId": "bda5a2bd-979b-4828-a91f-27c2a5048f7f", - "OldPath": "https://github.com/Azure/Azure-Sentinel/blob/master/Detections/ProofpointPOD/", - "NewPath": "https://github.com/Azure/Azure-Sentinel/blob/master/Solutions/Proofpoint On demand(POD) Email Security/Analytic%20Rules" - }, - { - "FileName": "ProofpointPODMultipleLargeEmailsToSameRecipient.yaml", - "DetectionId": "d1aba9a3-5ab1-45ef-8ed4-da57dc3c0d32", - "OldPath": "https://github.com/Azure/Azure-Sentinel/blob/master/Detections/ProofpointPOD/", - "NewPath": "https://github.com/Azure/Azure-Sentinel/blob/master/Solutions/Proofpoint On demand(POD) Email Security/Analytic%20Rules" - }, - { - "FileName": "ProofpointPODMultipleProtectedEmailsToUnknownRecipient.yaml", - "DetectionId": "f8127962-7739-4211-a4a9-390a7a00e91f", - "OldPath": "https://github.com/Azure/Azure-Sentinel/blob/master/Detections/ProofpointPOD/", - "NewPath": "https://github.com/Azure/Azure-Sentinel/blob/master/Solutions/Proofpoint On demand(POD) Email Security/Analytic%20Rules" - }, - { - "FileName": "ProofpointPODSuspiciousAttachment.yaml", - "DetectionId": "f6a51e2c-2d6a-4f92-a090-cfb002ca611f", - "OldPath": "https://github.com/Azure/Azure-Sentinel/blob/master/Detections/ProofpointPOD/", - "NewPath": "https://github.com/Azure/Azure-Sentinel/blob/master/Solutions/Proofpoint On demand(POD) Email Security/Analytic%20Rules" - }, - { - "FileName": "ProofpointPODWeakCiphers.yaml", - "DetectionId": "56b0a0cd-894e-4b38-a0a1-c41d9f96649a", - "OldPath": "https://github.com/Azure/Azure-Sentinel/blob/master/Detections/ProofpointPOD/", - "NewPath": "https://github.com/Azure/Azure-Sentinel/blob/master/Solutions/Proofpoint On demand(POD) Email Security/Analytic%20Rules" - }, - { - "FileName": "ZincOctober2022_AVHits_IOC.yaml", - "DetectionId": "3705158d-e008-49c9-92dd-e538e1549090", - "OldPath": "https://github.com/Azure/Azure-Sentinel/blob/master/Detections/MultipleDataSources/", - "NewPath": "https://github.com/Azure/Azure-Sentinel/blob/master/Solutions/Zinc%20Open%20Source/Analytic%20Rules" - }, - { - "FileName": "ZincOctober2022_Filename_Commandline_IOC.yaml", - "DetectionId": "9a7f6651-801b-491c-a548-8b454b356eaa", - "OldPath": "https://github.com/Azure/Azure-Sentinel/blob/master/Detections/MultipleDataSources/", - "NewPath": "https://github.com/Azure/Azure-Sentinel/blob/master/Solutions/Zinc%20Open%20Source/Analytic%20Rules" - }, - { - "FileName": "ZincOctober2022_IP_Domain_Hash_IOC.yaml", - "DetectionId": "95543d6d-f00d-4193-a63f-4edeefb7ec36", - "OldPath": "https://github.com/Azure/Azure-Sentinel/blob/master/Detections/MultipleDataSources/", - "NewPath": "https://github.com/Azure/Azure-Sentinel/blob/master/Solutions/Zinc%20Open%20Source/Analytic%20Rules" - }, - { - "FileName": "IPEntity_DuoSecurity.yaml", - "DetectionId": "d23ed927-5be3-4902-a9c1-85f841eb4fa1", - "OldPath": "https://github.com/Azure/Azure-Sentinel/blob/master/Detections/DuoSecurity/", - "NewPath": "https://github.com/Azure/Azure-Sentinel/blob/master/Solutions/Threat%20Intelligence/Analytic%20Rules" - }, - { - "FileName": "NetworkEndpointCorrelation.yaml", - "DetectionId": "01f64465-b1ef-41ea-a7f5-31553a11ad43", - "OldPath": "https://github.com/Azure/Azure-Sentinel/blob/master/Detections/MultipleDataSources/", - "NewPath": "https://github.com/Azure/Azure-Sentinel/blob/master/Solutions/Network%20Threat%20Protection%20Essentials/Analytic%20Rules" - }, - { - "FileName": "NewUserAgentLast24h.yaml", - "DetectionId": "b725d62c-eb77-42ff-96f6-bdc6745fc6e0", - "OldPath": "https://github.com/Azure/Azure-Sentinel/blob/master/Detections/MultipleDataSources/", - "NewPath": "https://github.com/Azure/Azure-Sentinel/blob/master/Solutions/Network%20Threat%20Protection%20Essentials/Analytic%20Rules" - }, - { - "FileName": "FailedLogonAttempts_UnknownUser.yaml", - "DetectionId": "e7ec9fa6-e7f7-41ed-a34b-b956837a3ee6", - "OldPath": "https://github.com/Azure/Azure-Sentinel/blob/master/Detections/Syslog/", - "NewPath": "https://github.com/Azure/Azure-Sentinel/blob/master/Solutions/Syslog/Analytic%20Rules" - }, - { - "FileName": "NRT_squid_events_for_mining_pools.yaml", - "DetectionId": "dd03057e-4347-4853-bf1e-2b2d21eb4e59", - "OldPath": "https://github.com/Azure/Azure-Sentinel/blob/master/Detections/Syslog/", - "NewPath": "https://github.com/Azure/Azure-Sentinel/blob/master/Solutions/Syslog/Analytic%20Rules" - }, - { - "FileName": "squid_cryptomining_pools.yaml", - "DetectionId": "80733eb7-35b2-45b6-b2b8-3c51df258206", - "OldPath": "https://github.com/Azure/Azure-Sentinel/blob/master/Detections/Syslog/", - "NewPath": "https://github.com/Azure/Azure-Sentinel/blob/master/Solutions/Syslog/Analytic%20Rules" - }, - { - "FileName": "squid_tor_proxies.yaml", - "DetectionId": "90d3f6ec-80fb-48e0-9937-2c70c9df9bad", - "OldPath": "https://github.com/Azure/Azure-Sentinel/blob/master/Detections/Syslog/", - "NewPath": "https://github.com/Azure/Azure-Sentinel/blob/master/Solutions/Syslog/Analytic%20Rules" - }, - { - "FileName": "ssh_potentialBruteForce.yaml", - "DetectionId": "e1ce0eab-10d1-4aae-863f-9a383345ba88", - "OldPath": "https://github.com/Azure/Azure-Sentinel/blob/master/Detections/Syslog/", - "NewPath": "https://github.com/Azure/Azure-Sentinel/blob/master/Solutions/Syslog/Analytic%20Rules" - }, - { - "FileName": "ActiniumFeb2022.yaml", - "DetectionId": "825991eb-ea39-4590-9de2-ee97ef42eb93", - "OldPath": "https://github.com/Azure/Azure-Sentinel/blob/master/Detections/MultipleDataSources/", - "NewPath": "https://github.com/Azure/Azure-Sentinel/blob/master/Solutions/Legacy%20IOC%20based%20Threat%20Protection/Analytic%20Rules" - }, - { - "FileName": "BariumDomainIOC112020.yaml", - "DetectionId": "70b12a3b-4899-42cb-910c-5ffaf9d7997d", - "OldPath": "https://github.com/Azure/Azure-Sentinel/blob/master/Detections/MultipleDataSources/", - "NewPath": "https://github.com/Azure/Azure-Sentinel/blob/master/Solutions/Legacy%20IOC%20based%20Threat%20Protection/Analytic%20Rules" - }, - { - "FileName": "BariumIPIOC112020.yaml", - "DetectionId": "6ee72a9e-2e54-459c-bc9a-9c09a6502a63", - "OldPath": "https://github.com/Azure/Azure-Sentinel/blob/master/Detections/MultipleDataSources/", - "NewPath": "https://github.com/Azure/Azure-Sentinel/blob/master/Solutions/Legacy%20IOC%20based%20Threat%20Protection/Analytic%20Rules" - }, - { - "FileName": "CERIUMOct292020IOCs.yaml", - "DetectionId": "c87fb346-ea3a-4c64-ba92-3dd383e0f0b5", - "OldPath": "https://github.com/Azure/Azure-Sentinel/blob/master/Detections/MultipleDataSources/", - "NewPath": "https://github.com/Azure/Azure-Sentinel/blob/master/Solutions/Legacy%20IOC%20based%20Threat%20Protection/Analytic%20Rules" - }, - { - "FileName": "ChiaCryptoMining.yaml", - "DetectionId": "595a10c9-91be-4abb-bbc7-ae9c57848bef", - "OldPath": "https://github.com/Azure/Azure-Sentinel/blob/master/Detections/MultipleDataSources/", - "NewPath": "https://github.com/Azure/Azure-Sentinel/blob/master/Solutions/Legacy%20IOC%20based%20Threat%20Protection/Analytic%20Rules" - }, - { - "FileName": "DEV-0322_SolarWinds_Serv-U_IOC.yaml", - "DetectionId": "4759ddb4-2daf-43cb-b34e-d85b85b4e4a5", - "OldPath": "https://github.com/Azure/Azure-Sentinel/blob/master/Detections/MultipleDataSources/", - "NewPath": "https://github.com/Azure/Azure-Sentinel/blob/master/Solutions/Legacy%20IOC%20based%20Threat%20Protection/Analytic%20Rules" - }, - { - "FileName": "Dev-0530_July2022.yaml", - "DetectionId": "a172107d-794c-48c0-bc26-d3349fe10b4d", - "OldPath": "https://github.com/Azure/Azure-Sentinel/blob/master/Detections/MultipleDataSources/", - "NewPath": "https://github.com/Azure/Azure-Sentinel/blob/master/Solutions/Legacy%20IOC%20based%20Threat%20Protection/Analytic%20Rules" - }, - { - "FileName": "Dev-0586_Jan2022_IOC.yaml", - "DetectionId": "961b6a81-5c53-40b6-9800-4f661a8faea7", - "OldPath": "https://github.com/Azure/Azure-Sentinel/blob/master/Detections/MultipleDataSources/", - "NewPath": "https://github.com/Azure/Azure-Sentinel/blob/master/Solutions/Legacy%20IOC%20based%20Threat%20Protection/Analytic%20Rules" - }, - { - "FileName": "ExchangeServerVulnerabilitiesMarch2021IoCs.yaml", - "DetectionId": "d804b39c-03a4-417c-a949-bdbf21fa3305", - "OldPath": "https://github.com/Azure/Azure-Sentinel/blob/master/Detections/MultipleDataSources/", - "NewPath": "https://github.com/Azure/Azure-Sentinel/blob/master/Solutions/Legacy%20IOC%20based%20Threat%20Protection/Analytic%20Rules" - }, - { - "FileName": "GalliumIOCs.yaml", - "DetectionId": "26a3b261-b997-4374-94ea-6c37f67f4f39", - "OldPath": "https://github.com/Azure/Azure-Sentinel/blob/master/Detections/MultipleDataSources/", - "NewPath": "https://github.com/Azure/Azure-Sentinel/blob/master/Solutions/Legacy%20IOC%20based%20Threat%20Protection/Analytic%20Rules" - }, - { - "FileName": "HAFNIUMUmServiceSuspiciousFile.yaml", - "DetectionId": "7d6d8a8e-b08a-4082-8dbb-d7fd2cbbc35e", - "OldPath": "https://github.com/Azure/Azure-Sentinel/blob/master/Detections/MultipleDataSources/", - "NewPath": "https://github.com/Azure/Azure-Sentinel/blob/master/Solutions/Legacy%20IOC%20based%20Threat%20Protection/Analytic%20Rules" - }, - { - "FileName": "HiveRansomwareJuly2022.yaml", - "DetectionId": "b2199398-8942-4b8c-91a9-b0a707c5d147", - "OldPath": "https://github.com/Azure/Azure-Sentinel/blob/master/Detections/MultipleDataSources/", - "NewPath": "https://github.com/Azure/Azure-Sentinel/blob/master/Solutions/Legacy%20IOC%20based%20Threat%20Protection/Analytic%20Rules" - }, - { - "FileName": "IridiumIOCs.yaml", - "DetectionId": "7ee72a9e-2e54-459c-bc8a-8c08a6532a63", - "OldPath": "https://github.com/Azure/Azure-Sentinel/blob/master/Detections/MultipleDataSources/", - "NewPath": "https://github.com/Azure/Azure-Sentinel/blob/master/Solutions/Legacy%20IOC%20based%20Threat%20Protection/Analytic%20Rules" - }, - { - "FileName": "KNOTWEEDAVDetection.yaml", - "DetectionId": "9f9c1e51-4fb1-4510-a675-c7c2fb32f47e", - "OldPath": "https://github.com/Azure/Azure-Sentinel/blob/master/Detections/MultipleDataSources/", - "NewPath": "https://github.com/Azure/Azure-Sentinel/blob/master/Solutions/Legacy%20IOC%20based%20Threat%20Protection/Analytic%20Rules" - }, - { - "FileName": "KNOTWEEDC2DomainsJuly2022.yaml", - "DetectionId": "ce02935c-cc67-4b77-9b96-93d9947e119a", - "OldPath": "https://github.com/Azure/Azure-Sentinel/blob/master/Detections/MultipleDataSources/", - "NewPath": "https://github.com/Azure/Azure-Sentinel/blob/master/Solutions/Legacy%20IOC%20based%20Threat%20Protection/Analytic%20Rules" - }, - { - "FileName": "KNOTWEEDFileHashesJuly2022.yaml", - "DetectionId": "a779e2d5-9109-4f0a-a75e-f3d4f3c58560", - "OldPath": "https://github.com/Azure/Azure-Sentinel/blob/master/Detections/MultipleDataSources/", - "NewPath": "https://github.com/Azure/Azure-Sentinel/blob/master/Solutions/Legacy%20IOC%20based%20Threat%20Protection/Analytic%20Rules" - }, - { - "FileName": "KnownPHOSPHORUSDomainsIP-October2020.yaml", - "DetectionId": "7249500f-3038-4b83-8549-9cd8dfa2d498", - "OldPath": "https://github.com/Azure/Azure-Sentinel/blob/master/Detections/MultipleDataSources/", - "NewPath": "https://github.com/Azure/Azure-Sentinel/blob/master/Solutions/Legacy%20IOC%20based%20Threat%20Protection/Analytic%20Rules" - }, - { - "FileName": "MSHTMLVuln.yaml", - "DetectionId": "972c89fa-c969-4d12-932f-04d55d145299", - "OldPath": "https://github.com/Azure/Azure-Sentinel/blob/master/Detections/MultipleDataSources/", - "NewPath": "https://github.com/Azure/Azure-Sentinel/blob/master/Solutions/Legacy%20IOC%20based%20Threat%20Protection/Analytic%20Rules" - }, - { - "FileName": "Manganese_VPN-IOCs.yaml", - "DetectionId": "a04cf847-a832-4c60-b687-b0b6147da219", - "OldPath": "https://github.com/Azure/Azure-Sentinel/blob/master/Detections/MultipleDataSources/", - "NewPath": "https://github.com/Azure/Azure-Sentinel/blob/master/Solutions/Legacy%20IOC%20based%20Threat%20Protection/Analytic%20Rules" - }, - { - "FileName": "NICKELIOCsNov2021.yaml", - "DetectionId": "9122a9cb-916b-4d98-a199-1b7b0af8d598", - "OldPath": "https://github.com/Azure/Azure-Sentinel/blob/master/Detections/MultipleDataSources/", - "NewPath": "https://github.com/Azure/Azure-Sentinel/blob/master/Solutions/Legacy%20IOC%20based%20Threat%20Protection/Analytic%20Rules" - }, - { - "FileName": "NOBELIUM_DomainIOCsMarch2021.yaml", - "DetectionId": "bb8a3481-dd14-4e76-8dcc-bbec8776d695", - "OldPath": "https://github.com/Azure/Azure-Sentinel/blob/master/Detections/MultipleDataSources/", - "NewPath": "https://github.com/Azure/Azure-Sentinel/blob/master/Solutions/Legacy%20IOC%20based%20Threat%20Protection/Analytic%20Rules" - }, - { - "FileName": "NOBELIUM_IOCsMay2021.yaml", - "DetectionId": "677da133-e487-4108-a150-5b926591a92b", - "OldPath": "https://github.com/Azure/Azure-Sentinel/blob/master/Detections/MultipleDataSources/", - "NewPath": "https://github.com/Azure/Azure-Sentinel/blob/master/Solutions/Legacy%20IOC%20based%20Threat%20Protection/Analytic%20Rules" - }, - { - "FileName": "Nobelium_FoggyWeb.yaml", - "DetectionId": "c37711a4-5f44-4472-8afc-0679bc0ef966", - "OldPath": "https://github.com/Azure/Azure-Sentinel/blob/master/Detections/MultipleDataSources/", - "NewPath": "https://github.com/Azure/Azure-Sentinel/blob/master/Solutions/Legacy%20IOC%20based%20Threat%20Protection/Analytic%20Rules" - }, - { - "FileName": "PHOSPHORUSMarch2019IOCs.yaml", - "DetectionId": "155f40c6-610d-497d-85fc-3cf06ec13256", - "OldPath": "https://github.com/Azure/Azure-Sentinel/blob/master/Detections/MultipleDataSources/", - "NewPath": "https://github.com/Azure/Azure-Sentinel/blob/master/Solutions/Legacy%20IOC%20based%20Threat%20Protection/Analytic%20Rules" - }, - { - "FileName": "POLONIUMIPIoC.yaml", - "DetectionId": "95407904-0131-4918-bc49-ebf282ce149a", - "OldPath": "https://github.com/Azure/Azure-Sentinel/blob/master/Detections/MultipleDataSources/", - "NewPath": "https://github.com/Azure/Azure-Sentinel/blob/master/Solutions/Legacy%20IOC%20based%20Threat%20Protection/Analytic%20Rules" - }, - { - "FileName": "SOURGUM_IOC.yaml", - "DetectionId": "94749332-1ad9-49dd-a5ab-5ff2170788fc", - "OldPath": "https://github.com/Azure/Azure-Sentinel/blob/master/Detections/MultipleDataSources/", - "NewPath": "https://github.com/Azure/Azure-Sentinel/blob/master/Solutions/Legacy%20IOC%20based%20Threat%20Protection/Analytic%20Rules" - }, - { - "FileName": "STRONTIUMOct292020IOCs.yaml", - "DetectionId": "68271db2-cbe9-4009-b1d3-bb3b5fe5713c", - "OldPath": "https://github.com/Azure/Azure-Sentinel/blob/master/Detections/MultipleDataSources/", - "NewPath": "https://github.com/Azure/Azure-Sentinel/blob/master/Solutions/Legacy%20IOC%20based%20Threat%20Protection/Analytic%20Rules" - }, - { - "FileName": "SUNSPOTLogFile.yaml", - "DetectionId": "c0e84221-f240-4dd7-ab1e-37e034ea2a4e", - "OldPath": "https://github.com/Azure/Azure-Sentinel/blob/master/Detections/MultipleDataSources/", - "NewPath": "https://github.com/Azure/Azure-Sentinel/blob/master/Solutions/Legacy%20IOC%20based%20Threat%20Protection/Analytic%20Rules" - }, - { - "FileName": "Solorigate-Network-Beacon.yaml", - "DetectionId": "cecdbd4c-4902-403c-8d4b-32eb1efe460b", - "OldPath": "https://github.com/Azure/Azure-Sentinel/blob/master/Detections/MultipleDataSources/", - "NewPath": "https://github.com/Azure/Azure-Sentinel/blob/master/Solutions/Legacy%20IOC%20based%20Threat%20Protection/Analytic%20Rules" - }, - { - "FileName": "Solorigate-VM-Network.yaml", - "DetectionId": "ab4b6944-a20d-42ab-8b63-238426525801", - "OldPath": "https://github.com/Azure/Azure-Sentinel/blob/master/Detections/MultipleDataSources/", - "NewPath": "https://github.com/Azure/Azure-Sentinel/blob/master/Solutions/Legacy%20IOC%20based%20Threat%20Protection/Analytic%20Rules" - }, - { - "FileName": "TarraskHashIoC.yaml", - "DetectionId": "caf78b95-d886-4ac3-957a-a7a3691ff4ed", - "OldPath": "https://github.com/Azure/Azure-Sentinel/blob/master/Detections/MultipleDataSources/", - "NewPath": "https://github.com/Azure/Azure-Sentinel/blob/master/Solutions/Legacy%20IOC%20based%20Threat%20Protection/Analytic%20Rules" - }, - { - "FileName": "ThalliumIOCs.yaml", - "DetectionId": "70b12a3b-4896-42cb-910c-5ffaf8d7987d", - "OldPath": "https://github.com/Azure/Azure-Sentinel/blob/master/Detections/MultipleDataSources/", - "NewPath": "https://github.com/Azure/Azure-Sentinel/blob/master/Solutions/Legacy%20IOC%20based%20Threat%20Protection/Analytic%20Rules" - }, - { - "FileName": "WSLMalwareCorrelation.yaml", - "DetectionId": "d992b87b-eb49-4a9d-aa96-baacf9d26247", - "OldPath": "https://github.com/Azure/Azure-Sentinel/blob/master/Detections/MultipleDataSources/", - "NewPath": "https://github.com/Azure/Azure-Sentinel/blob/master/Solutions/Legacy%20IOC%20based%20Threat%20Protection/Analytic%20Rules" - }, - { - "FileName": "ZincJan272021IOCs.yaml", - "DetectionId": "09551db0-e147-4a0c-9e7b-918f88847605", - "OldPath": "https://github.com/Azure/Azure-Sentinel/blob/master/Detections/MultipleDataSources/", - "NewPath": "https://github.com/Azure/Azure-Sentinel/blob/master/Solutions/Legacy%20IOC%20based%20Threat%20Protection/Analytic%20Rules" - }, - { - "FileName": "ZincOct292020IOCs.yaml", - "DetectionId": "3174a9ec-d0ad-4152-8307-94ed04fa450a", - "OldPath": "https://github.com/Azure/Azure-Sentinel/blob/master/Detections/MultipleDataSources/", - "NewPath": "https://github.com/Azure/Azure-Sentinel/blob/master/Solutions/Legacy%20IOC%20based%20Threat%20Protection/Analytic%20Rules" - }, - { - "FileName": "MaliciousWAFSessions.yaml", - "DetectionId": "46ac55ae-47b8-414a-8f94-89ccd1962178", - "OldPath": "https://github.com/Azure/Azure-Sentinel/blob/master/Detections/AzureDiagnostics/", - "NewPath": "https://github.com/Azure/Azure-Sentinel/blob/master/Solutions/Azure%20Web%20Application%20Firewall%20(WAF)/Analytic%20Rules" - }, - { - "FileName": "DumpingLSASSProcessIntoaFile.yaml", - "DetectionId": "a7b9df32-1367-402d-b385-882daf6e3020", - "OldPath": "https://github.com/Azure/Azure-Sentinel/blob/master/Detections/SecurityEvent/", - "NewPath": "https://github.com/Azure/Azure-Sentinel/blob/master/Solutions/Endpoint%20Threat%20Protection%20Essentials/Analytic%20Rules" - }, - { - "FileName": "LateralMovementViaDCOM.yaml", - "DetectionId": "50cbf34a-4cdd-45d7-b3f5-8b53a1d0d14f", - "OldPath": "https://github.com/Azure/Azure-Sentinel/blob/master/Detections/SecurityEvent/", - "NewPath": "https://github.com/Azure/Azure-Sentinel/blob/master/Solutions/Endpoint%20Threat%20Protection%20Essentials/Analytic%20Rules" - }, - { - "FileName": "MacroInvokingShellBrowserWindowCOMObjects.yaml", - "DetectionId": "e7470b35-0128-4508-bfc9-e01cfb3c2eb7", - "OldPath": "https://github.com/Azure/Azure-Sentinel/blob/master/Detections/SecurityEvent/", - "NewPath": "https://github.com/Azure/Azure-Sentinel/blob/master/Solutions/Endpoint%20Threat%20Protection%20Essentials/Analytic%20Rules" - }, - { - "FileName": "PotentialRemoteDesktopTunneling.yaml", - "DetectionId": "d2e8fd50-8d66-11ec-b909-0242ac120002", - "OldPath": "https://github.com/Azure/Azure-Sentinel/blob/master/Detections/SecurityEvent/", - "NewPath": "https://github.com/Azure/Azure-Sentinel/blob/master/Solutions/Endpoint%20Threat%20Protection%20Essentials/Analytic%20Rules" - }, - { - "FileName": "RegistryPersistenceViaAppCertDLLModification.yaml", - "DetectionId": "c61ad0ac-ad68-4ebb-b41a-74296d3e0044", - "OldPath": "https://github.com/Azure/Azure-Sentinel/blob/master/Detections/SecurityEvent/", - "NewPath": "https://github.com/Azure/Azure-Sentinel/blob/master/Solutions/Endpoint%20Threat%20Protection%20Essentials/Analytic%20Rules" - }, - { - "FileName": "RegistryPersistenceViaAppInt_DLLsModification.yaml", - "DetectionId": "9367dff0-941d-44e2-8875-cb48570c7add", - "OldPath": "https://github.com/Azure/Azure-Sentinel/blob/master/Detections/SecurityEvent/", - "NewPath": "https://github.com/Azure/Azure-Sentinel/blob/master/Solutions/Endpoint%20Threat%20Protection%20Essentials/Analytic%20Rules" - }, - { - "FileName": "SecurityEventLogCleared.yaml", - "DetectionId": "80da0a8f-cfe1-4cd0-a895-8bc1771a720e", - "OldPath": "https://github.com/Azure/Azure-Sentinel/blob/master/Detections/SecurityEvent/", - "NewPath": "https://github.com/Azure/Azure-Sentinel/blob/master/Solutions/Endpoint%20Threat%20Protection%20Essentials/Analytic%20Rules" - }, - { - "FileName": "WDigestDowngradeAttack.yaml", - "DetectionId": "f6502545-ae3a-4232-a8b0-79d87e5c98d7", - "OldPath": "https://github.com/Azure/Azure-Sentinel/blob/master/Detections/SecurityEvent/", - "NewPath": "https://github.com/Azure/Azure-Sentinel/blob/master/Solutions/Endpoint%20Threat%20Protection%20Essentials/Analytic%20Rules" - }, - { - "FileName": "WindowsBinariesExecutedfromNon-DefaultDirectory.yaml", - "DetectionId": "15049017-527f-4d3b-b011-b0e99e68ef45", - "OldPath": "https://github.com/Azure/Azure-Sentinel/blob/master/Detections/SecurityEvent/", - "NewPath": "https://github.com/Azure/Azure-Sentinel/blob/master/Solutions/Endpoint%20Threat%20Protection%20Essentials/Analytic%20Rules" - }, - { - "FileName": "WindowsBinariesLolbinsRenamed.yaml", - "DetectionId": "cbf6ad48-fa5c-4bf7-b205-28dbadb91255", - "OldPath": "https://github.com/Azure/Azure-Sentinel/blob/master/Detections/SecurityEvent/", - "NewPath": "https://github.com/Azure/Azure-Sentinel/blob/master/Solutions/Endpoint%20Threat%20Protection%20Essentials/Analytic%20Rules" - }, - { - "FileName": "base64_encoded_pefile.yaml", - "DetectionId": "ca67c83e-7fff-4127-a3e3-1af66d6d4cad", - "OldPath": "https://github.com/Azure/Azure-Sentinel/blob/master/Detections/SecurityEvent/", - "NewPath": "https://github.com/Azure/Azure-Sentinel/blob/master/Solutions/Endpoint%20Threat%20Protection%20Essentials/Analytic%20Rules" - }, - { - "FileName": "execute_base64_decodedpayload.yaml", - "DetectionId": "d6190dde-8fd2-456a-ac5b-0a32400b0464", - "OldPath": "https://github.com/Azure/Azure-Sentinel/blob/master/Detections/SecurityEvent/", - "NewPath": "https://github.com/Azure/Azure-Sentinel/blob/master/Solutions/Endpoint%20Threat%20Protection%20Essentials/Analytic%20Rules" - }, - { - "FileName": "malware_in_recyclebin.yaml", - "DetectionId": "75bf9902-0789-47c1-a5d8-f57046aa72df", - "OldPath": "https://github.com/Azure/Azure-Sentinel/blob/master/Detections/SecurityEvent/", - "NewPath": "https://github.com/Azure/Azure-Sentinel/blob/master/Solutions/Endpoint%20Threat%20Protection%20Essentials/Analytic%20Rules" - }, - { - "FileName": "ExcessiveHTTPFailuresFromSource.yaml", - "DetectionId": "4902eddb-34f7-44a8-ac94-8486366e9494", - "OldPath": "https://github.com/Azure/Azure-Sentinel/blob/master/Detections/ASimNetworkSession/", - "NewPath": "https://github.com/Azure/Azure-Sentinel/blob/master/Solutions/Network%20Session%20Essentials/Analytic%20Rules" - }, - { - "FileName": "PortScan.yaml", - "DetectionId": "1da9853f-3dea-4ea9-b7e5-26730da3d537", - "OldPath": "https://github.com/Azure/Azure-Sentinel/blob/master/Detections/ASimNetworkSession/", - "NewPath": "https://github.com/Azure/Azure-Sentinel/blob/master/Solutions/Network%20Session%20Essentials/Analytic%20Rules" - }, - { - "FileName": "PossibleBeaconingActivity.yaml", - "DetectionId": "fcb9d75c-c3c1-4910-8697-f136bfef2363", - "OldPath": "https://github.com/Azure/Azure-Sentinel/blob/master/Detections/ASimNetworkSession/", - "NewPath": "https://github.com/Azure/Azure-Sentinel/blob/master/Solutions/Network%20Session%20Essentials/Analytic%20Rules" - }, - { - "FileName": "ProofpointPODEmailSenderInTIList.yaml", - "DetectionId": "35a0792a-1269-431e-ac93-7ae2980d4dde", - "OldPath": "https://github.com/Azure/Azure-Sentinel/tree/master/Detections/ProofpointPOD", - "NewPath": "https://github.com/Azure/Azure-Sentinel/tree/master/Solutions/Proofpoint%20On%20demand(POD)%20Email%20Security/Analytic%20Rules" - }, - { - "FileName": "ProofpointPODEmailSenderIPinTIList.yaml", - "DetectionId": "78979d32-e63f-4740-b206-cfb300c735e0", - "OldPath": "https://github.com/Azure/Azure-Sentinel/tree/master/Detections/ProofpointPOD", - "NewPath": "https://github.com/Azure/Azure-Sentinel/tree/master/Solutions/Proofpoint%20On%20demand(POD)%20Email%20Security/Analytic%20Rules" - }, - { - "FileName": "Cross-tenantAccessSettingsOrganizationAdded.yaml", - "DetectionId": "757e6a79-6d23-4ae6-9845-4dac170656b5", - "OldPath": "https://github.com/Azure/Azure-Sentinel/blob/master/Detections/AuditLogs/", - "NewPath": "https://github.com/Azure/Azure-Sentinel/blob/master/Solutions/Azure%20Active%20Directory/Analytic%20Rules" - }, - { - "FileName": "Cross-tenantAccessSettingsOrganizationDeleted.yaml", - "DetectionId": "eb8a9c1c-f532-4630-817c-1ecd8a60ed80", - "OldPath": "https://github.com/Azure/Azure-Sentinel/blob/master/Detections/AuditLogs/", - "NewPath": "https://github.com/Azure/Azure-Sentinel/blob/master/Solutions/Azure%20Active%20Directory/Analytic%20Rules" - }, - { - "FileName": "Cross-tenantAccessSettingsOrganizationInboundCollaborationSettingsChanged.yaml", - "DetectionId": "c895c5b9-0fc6-40ce-9830-e8818862f2d5", - "OldPath": "https://github.com/Azure/Azure-Sentinel/blob/master/Detections/AuditLogs/", - "NewPath": "https://github.com/Azure/Azure-Sentinel/blob/master/Solutions/Azure%20Active%20Directory/Analytic%20Rules" - }, - { - "FileName": "Cross-tenantAccessSettingsOrganizationInboundDirectSettingsChanged.yaml", - "DetectionId": "276d5190-38de-4eb2-9933-b3b72f4a5737", - "OldPath": "https://github.com/Azure/Azure-Sentinel/blob/master/Detections/AuditLogs/", - "NewPath": "https://github.com/Azure/Azure-Sentinel/blob/master/Solutions/Azure%20Active%20Directory/Analytic%20Rules" - }, - { - "FileName": "Cross-tenantAccessSettingsOrganizationOutboundCollaborationSettingsChanged.yaml", - "DetectionId": "229f71ba-d83b-42a5-b83b-11a641049ed1", - "OldPath": "https://github.com/Azure/Azure-Sentinel/blob/master/Detections/AuditLogs/", - "NewPath": "https://github.com/Azure/Azure-Sentinel/blob/master/Solutions/Azure%20Active%20Directory/Analytic%20Rules" - }, - { - "FileName": "Cross-tenantAccessSettingsOrganizationOutboundDirectSettingsChanged.yaml", - "DetectionId": "0101e08d-99cd-4a97-a9e0-27649c4369ad", - "OldPath": "https://github.com/Azure/Azure-Sentinel/blob/master/Detections/AuditLogs/", - "NewPath": "https://github.com/Azure/Azure-Sentinel/blob/master/Solutions/Azure%20Active%20Directory/Analytic%20Rules" - }, - { - "FileName": "GuestAccountsAddedinAADGroupsOtherThanTheOnesSpecified.yaml", - "DetectionId": "6ab1f7b2-61b8-442f-bc81-96afe7ad8c53", - "OldPath": "https://github.com/Azure/Azure-Sentinel/blob/master/Detections/AuditLogs/", - "NewPath": "https://github.com/Azure/Azure-Sentinel/blob/master/Solutions/Azure%20Active%20Directory/Analytic%20Rules" - }, - { - "FileName": "NRT_AuthenticationMethodsChangedforVIPUsers.yaml", - "DetectionId": "29e99017-e28d-47be-8b9a-c8c711f8a903", - "OldPath": "https://github.com/Azure/Azure-Sentinel/blob/master/Detections/AuditLogs/", - "NewPath": "https://github.com/Azure/Azure-Sentinel/blob/master/Solutions/Azure%20Active%20Directory/Analytic%20Rules" - }, - { - "FileName": "nrt_FirstAppOrServicePrincipalCredential.yaml", - "DetectionId": "b6988c32-4f3b-4a45-8313-b46b33061a74", - "OldPath": "https://github.com/Azure/Azure-Sentinel/blob/master/Detections/AuditLogs/", - "NewPath": "https://github.com/Azure/Azure-Sentinel/blob/master/Solutions/Azure%20Active%20Directory/Analytic%20Rules" - }, - { - "FileName": "AFD-Premium-WAF-XSSDetection.yaml", - "DetectionId": "b7643904-5081-4920-917e-a559ddc3448f", - "OldPath": "https://github.com/Azure/Azure-Sentinel/blob/master/Detections/AzureWAF/", - "NewPath": "https://github.com/Azure/Azure-Sentinel/tree/master/Solutions/Azure%20Web%20Application%20Firewall%20(WAF)/Analytic%20Rules/" - }, - { - "FileName": "AFD-Premium-WAF-SQLiDetection.yaml", - "DetectionId": "16da3a2a-af29-48a0-8606-d467c180fe18", - "OldPath": "https://github.com/Azure/Azure-Sentinel/blob/master/Detections/AzureWAF/", - "NewPath": "https://github.com/Azure/Azure-Sentinel/tree/master/Solutions/Azure%20Web%20Application%20Firewall%20(WAF)/Analytic%20Rules/" - }, - { - "FileName": "NRT Two Factor Authentication Disabled.yaml", - "DetectionId": "594c653d-719a-4c23-b028-36e3413e632e", - "OldPath": "https://github.com/Azure/Azure-Sentinel/blob/master/Detections/GitHub/", - "NewPath": "https://github.com/Azure/Azure-Sentinel/tree/master/Solutions/GitHub/Analytic%20Rules/" - }, - { - "FileName": "Security Vulnerability in Repo.yaml", - "DetectionId": "5436f471-b03d-41cb-b333-65891f887c43", - "OldPath": "https://github.com/Azure/Azure-Sentinel/blob/master/Detections/GitHub/", - "NewPath": "https://github.com/Azure/Azure-Sentinel/tree/master/Solutions/GitHub/Analytic%20Rules/" - }, - { - "FileName": "Dev-0270NewUserSep2022.yaml", - "DetectionId": "7965f0be-c039-4d18-8ee8-9a6add8aecf3", - "OldPath": "https://github.com/Azure/Azure-Sentinel/tree/master/Detections/MultipleDataSources", - "NewPath": "https://github.com/Azure/Azure-Sentinel/tree/master/Solutions/Dev%200270%20Detection%20and%20Hunting/Analytic%20Rules" - }, - { - "FileName": "IPEntity_imNetworkSession.yaml", - "DetectionId": "e2399891-383c-4caf-ae67-68a008b9f89e", - "OldPath": "https://github.com/Azure/Azure-Sentinel/tree/master/Detections/ASimNetworkSession", - "NewPath": "https://github.com/Azure/Azure-Sentinel/tree/master/Solutions/Threat%20Intelligence/Analytic%20Rules" - }, - { - "FileName": "Threat Intel Matches to GitHub Audit Logs.yaml", - "DetectionId": "aac495a9-feb1-446d-b08e-a1164a539452", - "OldPath": "https://github.com/Azure/Azure-Sentinel/tree/master/Detections/GitHub", - "NewPath": "https://github.com/Azure/Azure-Sentinel/tree/master/Solutions/Threat%20Intelligence/Analytic%20Rules" - }, - { - "FileName": "imDns_DomainEntity_DnsEvents.yaml", - "DetectionId": "999e9f5d-db4a-4b07-a206-29c4e667b7e8", - "OldPath": "https://github.com/Azure/Azure-Sentinel/tree/master/Detections/ASimDNS", - "NewPath": "https://github.com/Azure/Azure-Sentinel/tree/master/Solutions/Threat%20Intelligence/Analytic%20Rules" - }, - { - "FileName": "imDns_IPEntity_DnsEvents.yaml", - "DetectionId": "67775878-7f8b-4380-ac54-115e1e828901", - "OldPath": "https://github.com/Azure/Azure-Sentinel/tree/master/Detections/ASimDNS", - "NewPath": "https://github.com/Azure/Azure-Sentinel/tree/master/Solutions/Threat%20Intelligence/Analytic%20Rules" - } -] \ No newline at end of file diff --git a/Tools/Create-Azure-Sentinel-Solution/V2/MigratedContent/HuntingQueriesMigrated.json b/Tools/Create-Azure-Sentinel-Solution/V2/MigratedContent/HuntingQueriesMigrated.json deleted file mode 100644 index 2e6db4b5a01..00000000000 --- a/Tools/Create-Azure-Sentinel-Solution/V2/MigratedContent/HuntingQueriesMigrated.json +++ /dev/null @@ -1,1220 +0,0 @@ -[ - { - "FileName": "EnterHuntingQueryYAMLFileNameHere.yaml", - "DetectionId": "Enter-hunting-query-GUID-hEre", - "OldPath": "Enter/Oldpath/here/Like/https://github.com/Azure/Azure-Sentinel/blob/master/Hunting%20Queries/SecurityAlert/", - "NewPath": "Enter/NEWPath/here/Like/https://github.com/Azure/Azure-Sentinel/tree/master/Solutions/UEBA%20Essentials/Hunting%20Queries/" - }, - { - "FileName": "Anomalous AAD Account Manipulation.yaml", - "DetectionId": "8741deeb-332e-4061-8873-5086040920e3", - "OldPath": "https://github.com/Azure/Azure-Sentinel/blob/master/Hunting%20Queries/", - "NewPath": "https://github.com/Azure/Azure-Sentinel/tree/master/Solutions/UEBA%20Essentials/Hunting%20Queries/" - }, - { - "FileName": "Anomalous Account Creation.yaml", - "DetectionId": "0454c8d8-d0a6-42a4-8d03-f5b4fdcbd173", - "OldPath": "https://github.com/Azure/Azure-Sentinel/blob/master/Hunting%20Queries/", - "NewPath": "https://github.com/Azure/Azure-Sentinel/tree/master/Solutions/UEBA%20Essentials/Hunting%20Queries/" - }, - { - "FileName": "Anomalous Activity Role Assignment.yaml", - "DetectionId": "bd6fda76-c0df-41b0-b8cd-808190e1ded0", - "OldPath": "https://github.com/Azure/Azure-Sentinel/blob/master/Hunting%20Queries/", - "NewPath": "https://github.com/Azure/Azure-Sentinel/tree/master/Solutions/UEBA%20Essentials/Hunting%20Queries/" - }, - { - "FileName": "Anomalous Code Execution.yaml", - "DetectionId": "f8ab176c-1f3f-4cb5-8dc1-f50d30bcae0d", - "OldPath": "https://github.com/Azure/Azure-Sentinel/blob/master/Hunting%20Queries/", - "NewPath": "https://github.com/Azure/Azure-Sentinel/tree/master/Solutions/UEBA%20Essentials/Hunting%20Queries/" - }, - { - "FileName": "Anomalous Data Access.yaml", - "DetectionId": "8cf3c78e-cd10-4bfb-bd69-d62dc7f375f1", - "OldPath": "https://github.com/Azure/Azure-Sentinel/blob/master/Hunting%20Queries/", - "NewPath": "https://github.com/Azure/Azure-Sentinel/tree/master/Solutions/UEBA%20Essentials/Hunting%20Queries/" - }, - { - "FileName": "Anomalous Defensive Mechanism Modification.yaml", - "DetectionId": "fcb704ae-ac17-400a-9ed9-3c46bd0a3960", - "OldPath": "https://github.com/Azure/Azure-Sentinel/blob/master/Hunting%20Queries/", - "NewPath": "https://github.com/Azure/Azure-Sentinel/tree/master/Solutions/UEBA%20Essentials/Hunting%20Queries/" - }, - { - "FileName": "Anomalous Failed Logon.yaml", - "DetectionId": "77a58c08-bc8e-48b3-8fe9-6c38fd011cd9", - "OldPath": "https://github.com/Azure/Azure-Sentinel/blob/master/Hunting%20Queries/", - "NewPath": "https://github.com/Azure/Azure-Sentinel/tree/master/Solutions/UEBA%20Essentials/Hunting%20Queries/" - }, - { - "FileName": "Anomalous Geo Location Logon.yaml", - "DetectionId": "eeea7fb9-21cf-4023-91dc-3f55d7548d14", - "OldPath": "https://github.com/Azure/Azure-Sentinel/blob/master/Hunting%20Queries/", - "NewPath": "https://github.com/Azure/Azure-Sentinel/tree/master/Solutions/UEBA%20Essentials/Hunting%20Queries/" - }, - { - "FileName": "Anomalous Login to Devices.yaml", - "DetectionId": "2e20ec77-8d50-4959-a70d-79c341ee2c37", - "OldPath": "https://github.com/Azure/Azure-Sentinel/blob/master/Hunting%20Queries/", - "NewPath": "https://github.com/Azure/Azure-Sentinel/tree/master/Solutions/UEBA%20Essentials/Hunting%20Queries/" - }, - { - "FileName": "Anomalous Password Reset.yaml", - "DetectionId": "22b0262c-b6b5-4f15-82a4-93663e9965d7", - "OldPath": "https://github.com/Azure/Azure-Sentinel/blob/master/Hunting%20Queries/", - "NewPath": "https://github.com/Azure/Azure-Sentinel/tree/master/Solutions/UEBA%20Essentials/Hunting%20Queries/" - }, - { - "FileName": "Anomalous RDP Activity.yaml", - "DetectionId": "c01d95d3-ee85-4e7f-9aed-e62356f1de76", - "OldPath": "https://github.com/Azure/Azure-Sentinel/blob/master/Hunting%20Queries/", - "NewPath": "https://github.com/Azure/Azure-Sentinel/tree/master/Solutions/UEBA%20Essentials/Hunting%20Queries/" - }, - { - "FileName": "Anomalous Resource Access.yaml", - "DetectionId": "782f3bad-31f7-468f-8f58-3b74fc931914", - "OldPath": "https://github.com/Azure/Azure-Sentinel/blob/master/Hunting%20Queries/", - "NewPath": "https://github.com/Azure/Azure-Sentinel/tree/master/Solutions/UEBA%20Essentials/Hunting%20Queries/" - }, - { - "FileName": "Anomalous Role Assignment.yaml", - "DetectionId": "5aa5083c-1de6-42bb-a128-2ec2aba1de39", - "OldPath": "https://github.com/Azure/Azure-Sentinel/blob/master/Hunting%20Queries/", - "NewPath": "https://github.com/Azure/Azure-Sentinel/tree/master/Solutions/UEBA%20Essentials/Hunting%20Queries/" - }, - { - "FileName": "Anomalous Sign-in Activity.yaml", - "DetectionId": "bb3bb9da-9598-4d1f-af78-7cc2fd413b0b", - "OldPath": "https://github.com/Azure/Azure-Sentinel/blob/master/Hunting%20Queries/", - "NewPath": "https://github.com/Azure/Azure-Sentinel/tree/master/Solutions/UEBA%20Essentials/Hunting%20Queries/" - }, - { - "FileName": "WAF_log4j_vulnerability.yaml", - "DetectionId": "1d4d383e-0ca6-4d3a-a861-8f37aeef18cb", - "OldPath": "https://github.com/Azure/Azure-Sentinel/blob/master/Hunting%20Queries/AzureDiagnostics/", - "NewPath": "https://github.com/Azure/Azure-Sentinel/tree/master/Solutions/Apache%20Log4j%20Vulnerability%20Detection/Hunting%20Queries/" - }, - { - "FileName": "NetworkConnectionToNewExternalLDAPServer.yaml", - "DetectionId": "bf094505-fd2e-484f-b72a-acd79ee00ce8", - "OldPath": "https://github.com/Azure/Azure-Sentinel/blob/master/Hunting%20Queries/CommonSecurityLog/", - "NewPath": "https://github.com/Azure/Azure-Sentinel/tree/master/Solutions/Apache%20Log4j%20Vulnerability%20Detection/Hunting%20Queries/" - }, - { - "FileName": "NetworkConnectionldap_log4j.yaml", - "DetectionId": "19abc034-139e-4e64-a05d-cb07ce8b003b", - "OldPath": "https://github.com/Azure/Azure-Sentinel/blob/master/Hunting%20Queries/MultipleDataSources/", - "NewPath": "https://github.com/Azure/Azure-Sentinel/tree/master/Solutions/Apache%20Log4j%20Vulnerability%20Detection/Hunting%20Queries/" - }, - { - "FileName": "Apache_log4j_Vulnerability.yaml", - "DetectionId": "38cc38c3-bd6c-470e-ae1a-3136a9ded97f", - "OldPath": "https://github.com/Azure/Azure-Sentinel/blob/master/Hunting%20Queries/Syslog/", - "NewPath": "https://github.com/Azure/Azure-Sentinel/tree/master/Solutions/Apache%20Log4j%20Vulnerability%20Detection/Hunting%20Queries/" - }, - { - "FileName": "Base64_Download_Activity.yaml", - "DetectionId": "78882f9a-f3ef-4010-973c-3f6336f5bef7", - "OldPath": "https://github.com/Azure/Azure-Sentinel/blob/master/Hunting%20Queries/Syslog/", - "NewPath": "https://github.com/Azure/Azure-Sentinel/tree/master/Solutions/Apache%20Log4j%20Vulnerability%20Detection/Hunting%20Queries/" - }, - { - "FileName": "Container_Miner_Activity.yaml", - "DetectionId": "6fee32b3-3271-4a3f-9b01-dbd9432a1707", - "OldPath": "https://github.com/Azure/Azure-Sentinel/blob/master/Hunting%20Queries/Syslog/", - "NewPath": "https://github.com/Azure/Azure-Sentinel/tree/master/Solutions/Apache%20Log4j%20Vulnerability%20Detection/Hunting%20Queries/" - }, - { - "FileName": "Firewall_Disable_Activity.yaml", - "DetectionId": "e178baf5-3cf3-4960-8ca4-8da6d90d8206", - "OldPath": "https://github.com/Azure/Azure-Sentinel/blob/master/Hunting%20Queries/Syslog/", - "NewPath": "https://github.com/Azure/Azure-Sentinel/tree/master/Solutions/Apache%20Log4j%20Vulnerability%20Detection/Hunting%20Queries/" - }, - { - "FileName": "Linux_Toolkit_Detected.yaml", - "DetectionId": "09e45ec6-ac42-4b5a-be69-54623c4aa062", - "OldPath": "https://github.com/Azure/Azure-Sentinel/blob/master/Hunting%20Queries/Syslog/", - "NewPath": "https://github.com/Azure/Azure-Sentinel/tree/master/Solutions/Apache%20Log4j%20Vulnerability%20Detection/Hunting%20Queries/" - }, - { - "FileName": "Process_Termination_Activity.yaml", - "DetectionId": "020b05d3-6447-402c-87b6-f8faff7c7e19", - "OldPath": "https://github.com/Azure/Azure-Sentinel/blob/master/Hunting%20Queries/Syslog/", - "NewPath": "https://github.com/Azure/Azure-Sentinel/tree/master/Solutions/Apache%20Log4j%20Vulnerability%20Detection/Hunting%20Queries/" - }, - { - "FileName": "Suspicious_ShellScript_Activity.yaml", - "DetectionId": "3e43fe23-c6c0-45ca-b680-263e8afada95", - "OldPath": "https://github.com/Azure/Azure-Sentinel/blob/master/Hunting%20Queries/Syslog/", - "NewPath": "https://github.com/Azure/Azure-Sentinel/tree/master/Solutions/Apache%20Log4j%20Vulnerability%20Detection/Hunting%20Queries/" - }, - { - "FileName": "AAD Conditional Access Disabled.yaml", - "DetectionId": "c78a3845-37d9-448e-a8cd-e9543f00bcc5", - "OldPath": "https://github.com/Azure/Azure-Sentinel/blob/master/Hunting%20Queries/AzureDevOpsAuditing/", - "NewPath": "https://github.com/Azure/Azure-Sentinel/tree/master/Solutions/AzureDevOpsAuditing/Hunting%20Queries/" - }, - { - "FileName": "Addtional Org Admin Added.yaml", - "DetectionId": "7b634263-9971-4887-8ecf-0d83ab9c7370", - "OldPath": "https://github.com/Azure/Azure-Sentinel/blob/master/Hunting%20Queries/AzureDevOpsAuditing/", - "NewPath": "https://github.com/Azure/Azure-Sentinel/tree/master/Solutions/AzureDevOpsAuditing/Hunting%20Queries/" - }, - { - "FileName": "ADOBuildCheckDeleted.yaml", - "DetectionId": "940386c3-4b2c-4147-ac8e-dcddedaaae52", - "OldPath": "https://github.com/Azure/Azure-Sentinel/blob/master/Hunting%20Queries/AzureDevOpsAuditing/", - "NewPath": "https://github.com/Azure/Azure-Sentinel/tree/master/Solutions/AzureDevOpsAuditing/Hunting%20Queries/" - }, - { - "FileName": "ADOBuildDeletedAfterPipelineMod.yaml", - "DetectionId": "47857f1f-f8e6-470d-b132-03a8a606b3f4", - "OldPath": "https://github.com/Azure/Azure-Sentinel/blob/master/Hunting%20Queries/AzureDevOpsAuditing/", - "NewPath": "https://github.com/Azure/Azure-Sentinel/tree/master/Solutions/AzureDevOpsAuditing/Hunting%20Queries/" - }, - { - "FileName": "ADOInternalUpstreamPacakgeFeedAdded.yaml", - "DetectionId": "20be967c-4923-4c4b-8e1d-e1c95d537dc3", - "OldPath": "https://github.com/Azure/Azure-Sentinel/blob/master/Hunting%20Queries/AzureDevOpsAuditing/", - "NewPath": "https://github.com/Azure/Azure-Sentinel/tree/master/Solutions/AzureDevOpsAuditing/Hunting%20Queries/" - }, - { - "FileName": "ADONewAgentPoolCreated.yaml", - "DetectionId": "76f626e0-4c78-47d4-aeb6-eaa59f4f2ecb", - "OldPath": "https://github.com/Azure/Azure-Sentinel/blob/master/Hunting%20Queries/AzureDevOpsAuditing/", - "NewPath": "https://github.com/Azure/Azure-Sentinel/tree/master/Solutions/AzureDevOpsAuditing/Hunting%20Queries/" - }, - { - "FileName": "ADONewPackageFeedCreated.yaml", - "DetectionId": "3d1aa540-b4c7-4789-8c4c-4174b3c2371f", - "OldPath": "https://github.com/Azure/Azure-Sentinel/blob/master/Hunting%20Queries/AzureDevOpsAuditing/", - "NewPath": "https://github.com/Azure/Azure-Sentinel/tree/master/Solutions/AzureDevOpsAuditing/Hunting%20Queries/" - }, - { - "FileName": "ADONewPATOperation.yaml", - "DetectionId": "5b6ab1d9-018b-46c6-993b-3198626fc54e", - "OldPath": "https://github.com/Azure/Azure-Sentinel/blob/master/Hunting%20Queries/AzureDevOpsAuditing/", - "NewPath": "https://github.com/Azure/Azure-Sentinel/tree/master/Solutions/AzureDevOpsAuditing/Hunting%20Queries/" - }, - { - "FileName": "ADONewReleaseApprover.yaml", - "DetectionId": "0c149cc9-78ba-4be1-9f7b-018288e3a829", - "OldPath": "https://github.com/Azure/Azure-Sentinel/blob/master/Hunting%20Queries/AzureDevOpsAuditing/", - "NewPath": "https://github.com/Azure/Azure-Sentinel/tree/master/Solutions/AzureDevOpsAuditing/Hunting%20Queries/" - }, - { - "FileName": "ADOReleasePipelineCreated.yaml", - "DetectionId": "2dfa9c23-1590-4589-995a-d1486be66028", - "OldPath": "https://github.com/Azure/Azure-Sentinel/blob/master/Hunting%20Queries/AzureDevOpsAuditing/", - "NewPath": "https://github.com/Azure/Azure-Sentinel/tree/master/Solutions/AzureDevOpsAuditing/Hunting%20Queries/" - }, - { - "FileName": "ADOVariableCreatedDeleted.yaml", - "DetectionId": "0fa523de-ce23-49d0-87a4-e890028e1e50", - "OldPath": "https://github.com/Azure/Azure-Sentinel/blob/master/Hunting%20Queries/AzureDevOpsAuditing/", - "NewPath": "https://github.com/Azure/Azure-Sentinel/tree/master/Solutions/AzureDevOpsAuditing/Hunting%20Queries/" - }, - { - "FileName": "AzDODisplayNameSwapping.yaml", - "DetectionId": "cf0c493b-a8af-4b32-8c7e-d4303f3a406f", - "OldPath": "https://github.com/Azure/Azure-Sentinel/blob/master/Hunting%20Queries/AzureDevOpsAuditing/", - "NewPath": "https://github.com/Azure/Azure-Sentinel/tree/master/Solutions/AzureDevOpsAuditing/Hunting%20Queries/" - }, - { - "FileName": "AzDOPrPolicyBypassers.yaml", - "DetectionId": "df205daf-fcf3-4b95-a7fd-043b70f6c209", - "OldPath": "https://github.com/Azure/Azure-Sentinel/blob/master/Hunting%20Queries/AzureDevOpsAuditing/", - "NewPath": "https://github.com/Azure/Azure-Sentinel/tree/master/Solutions/AzureDevOpsAuditing/Hunting%20Queries/" - }, - { - "FileName": "Guest users access enabled.yaml", - "DetectionId": "2380670e-e168-4a99-9529-6c4d127b3ce6", - "OldPath": "https://github.com/Azure/Azure-Sentinel/blob/master/Hunting%20Queries/AzureDevOpsAuditing/", - "NewPath": "https://github.com/Azure/Azure-Sentinel/tree/master/Solutions/AzureDevOpsAuditing/Hunting%20Queries/" - }, - { - "FileName": "Project visibility changed to public.yaml", - "DetectionId": "42e69ff6-719d-4853-95a5-2b211e2bb031", - "OldPath": "https://github.com/Azure/Azure-Sentinel/blob/master/Hunting%20Queries/AzureDevOpsAuditing/", - "NewPath": "https://github.com/Azure/Azure-Sentinel/tree/master/Solutions/AzureDevOpsAuditing/Hunting%20Queries/" - }, - { - "FileName": "Public project created.yaml", - "DetectionId": "3cdc5404-15ed-4656-8eb9-60bc8b495934", - "OldPath": "https://github.com/Azure/Azure-Sentinel/blob/master/Hunting%20Queries/AzureDevOpsAuditing/", - "NewPath": "https://github.com/Azure/Azure-Sentinel/tree/master/Solutions/AzureDevOpsAuditing/Hunting%20Queries/" - }, - { - "FileName": "Public Projects enabled.yaml", - "DetectionId": "800ae9c9-0280-4296-821f-c6e0a473fb41", - "OldPath": "https://github.com/Azure/Azure-Sentinel/blob/master/Hunting%20Queries/AzureDevOpsAuditing/", - "NewPath": "https://github.com/Azure/Azure-Sentinel/tree/master/Solutions/AzureDevOpsAuditing/Hunting%20Queries/" - }, - { - "FileName": "DNS_CommonlyAbusedTLDs.yaml", - "DetectionId": "8e9c4680-8c0b-4885-b183-3b09efd8fc2c", - "OldPath": "https://github.com/Azure/Azure-Sentinel/blob/master/Hunting%20Queries/DnsEvents/", - "NewPath": "https://github.com/Azure/Azure-Sentinel/tree/master/Solutions/Windows%20Server%20DNS/Hunting%20Queries/" - }, - { - "FileName": "DNS_DomainAnomalousLookupIncrease.yaml", - "DetectionId": "1d9951b7-51f0-4aa7-af0c-654359aadfff", - "OldPath": "https://github.com/Azure/Azure-Sentinel/blob/master/Hunting%20Queries/DnsEvents/", - "NewPath": "https://github.com/Azure/Azure-Sentinel/tree/master/Solutions/Windows%20Server%20DNS/Hunting%20Queries/" - }, - { - "FileName": "DNS_FullNameAnomalousLookupIncrease.yaml", - "DetectionId": "81b478a7-46e2-4f7f-a1aa-aba5e541232b", - "OldPath": "https://github.com/Azure/Azure-Sentinel/blob/master/Hunting%20Queries/DnsEvents/", - "NewPath": "https://github.com/Azure/Azure-Sentinel/tree/master/Solutions/Windows%20Server%20DNS/Hunting%20Queries/" - }, - { - "FileName": "DNS_HighPercentNXDomainCount.yaml", - "DetectionId": "543e1ec6-ee5e-4368-aaa6-405f0551ba5c", - "OldPath": "https://github.com/Azure/Azure-Sentinel/blob/master/Hunting%20Queries/DnsEvents/", - "NewPath": "https://github.com/Azure/Azure-Sentinel/tree/master/Solutions/Windows%20Server%20DNS/Hunting%20Queries/" - }, - { - "FileName": "DNS_HighReverseDNSCount.yaml", - "DetectionId": "fda90754-4e22-4bb1-8b99-2bb49a991eae", - "OldPath": "https://github.com/Azure/Azure-Sentinel/blob/master/Hunting%20Queries/DnsEvents/", - "NewPath": "https://github.com/Azure/Azure-Sentinel/tree/master/Solutions/Windows%20Server%20DNS/Hunting%20Queries/" - }, - { - "FileName": "DNS_LongURILookup.yaml", - "DetectionId": "a0954a17-cc66-4d47-9651-8bf524bbdcc8", - "OldPath": "https://github.com/Azure/Azure-Sentinel/blob/master/Hunting%20Queries/DnsEvents/", - "NewPath": "https://github.com/Azure/Azure-Sentinel/tree/master/Solutions/Windows%20Server%20DNS/Hunting%20Queries/" - }, - { - "FileName": "DNS_WannaCry.yaml", - "DetectionId": "aaf84b80-7764-420c-98eb-239b5e194b3d", - "OldPath": "https://github.com/Azure/Azure-Sentinel/blob/master/Hunting%20Queries/DnsEvents/", - "NewPath": "https://github.com/Azure/Azure-Sentinel/tree/master/Solutions/Windows%20Server%20DNS/Hunting%20Queries/" - }, - { - "FileName": "Solorigate-DNS-Pattern.yaml", - "DetectionId": "0fb54a5c-5599-4ff9-80a2-f788c3ed285e", - "OldPath": "https://github.com/Azure/Azure-Sentinel/blob/master/Hunting%20Queries/DnsEvents/", - "NewPath": "https://github.com/Azure/Azure-Sentinel/tree/master/Solutions/Windows%20Server%20DNS/Hunting%20Queries/" - }, - { - "FileName": "Solorigate-Encoded-Domain-URL.yaml", - "DetectionId": "29a1815a-3ada-4182-a178-e52c483d2f95", - "OldPath": "https://github.com/Azure/Azure-Sentinel/blob/master/Hunting%20Queries/DnsEvents/", - "NewPath": "https://github.com/Azure/Azure-Sentinel/tree/master/Solutions/Windows%20Server%20DNS/Hunting%20Queries/" - }, - { - "FileName": "CommandsexecutedbyWMIonnewhosts-potentialImpacket.yaml", - "DetectionId": "9ce755c1-d2e6-4e2f-82d5-7871ec1aef91", - "OldPath": "https://github.com/Azure/Azure-Sentinel/blob/master/Hunting%20Queries/SecurityEvent/", - "NewPath": "https://github.com/Azure/Azure-Sentinel/tree/master/Solutions/Windows%20Security%20Events/Hunting%20Queries/" - }, - { - "FileName": "Crashdumpdisabledonhost.yaml", - "DetectionId": "5a3615af-21c9-427e-8bf1-ed2350992bb4", - "OldPath": "https://github.com/Azure/Azure-Sentinel/blob/master/Hunting%20Queries/SecurityEvent/", - "NewPath": "https://github.com/Azure/Azure-Sentinel/tree/master/Solutions/Windows%20Security%20Events/Hunting%20Queries/" - }, - { - "FileName": "cscript_summary.yaml", - "DetectionId": "36abe031-962d-482e-8e1e-a556ed99d5a3", - "OldPath": "https://github.com/Azure/Azure-Sentinel/blob/master/Hunting%20Queries/SecurityEvent/", - "NewPath": "https://github.com/Azure/Azure-Sentinel/tree/master/Solutions/Windows%20Security%20Events/Hunting%20Queries/" - }, - { - "FileName": "CustomUserList_FailedLogons.yaml", - "DetectionId": "892cd37e-f9e1-49c3-b0b2-d74f52ac7b71", - "OldPath": "https://github.com/Azure/Azure-Sentinel/blob/master/Hunting%20Queries/SecurityEvent/", - "NewPath": "https://github.com/Azure/Azure-Sentinel/tree/master/Solutions/Windows%20Security%20Events/Hunting%20Queries/" - }, - { - "FileName": "DecoyUserAccountAuthenticationAttempt.yaml", - "DetectionId": "a4dbc292-87eb-11ec-a8a3-0242ac120002", - "OldPath": "https://github.com/Azure/Azure-Sentinel/blob/master/Hunting%20Queries/SecurityEvent/", - "NewPath": "https://github.com/Azure/Azure-Sentinel/tree/master/Solutions/Windows%20Security%20Events/Hunting%20Queries/" - }, - { - "FileName": "Discorddownloadinvokedfromcmdline.yaml", - "DetectionId": "e7dd442a-0af8-48eb-8358-9e91f4911849", - "OldPath": "https://github.com/Azure/Azure-Sentinel/blob/master/Hunting%20Queries/SecurityEvent/", - "NewPath": "https://github.com/Azure/Azure-Sentinel/tree/master/Solutions/Windows%20Security%20Events/Hunting%20Queries/" - }, - { - "FileName": "enumeration_user_and_group.yaml", - "DetectionId": "a1e993de-770a-4434-83e9-9e3b47a6e470", - "OldPath": "https://github.com/Azure/Azure-Sentinel/blob/master/Hunting%20Queries/SecurityEvent/", - "NewPath": "https://github.com/Azure/Azure-Sentinel/tree/master/Solutions/Windows%20Security%20Events/Hunting%20Queries/" - }, - { - "FileName": "ExchangePowerShellSnapin.yaml", - "DetectionId": "8afd1086-fc9a-4d26-b3ff-5c794c79a59a", - "OldPath": "https://github.com/Azure/Azure-Sentinel/blob/master/Hunting%20Queries/SecurityEvent/", - "NewPath": "https://github.com/Azure/Azure-Sentinel/tree/master/Solutions/Windows%20Security%20Events/Hunting%20Queries/" - }, - { - "FileName": "FailedUserLogons.yaml", - "DetectionId": "e7642e6e-cf27-46ec-a4b9-e4475228fead", - "OldPath": "https://github.com/Azure/Azure-Sentinel/blob/master/Hunting%20Queries/SecurityEvent/", - "NewPath": "https://github.com/Azure/Azure-Sentinel/tree/master/Solutions/Windows%20Security%20Events/Hunting%20Queries/" - }, - { - "FileName": "GroupAddedToPrivlegeGroup.yaml", - "DetectionId": "cb47a115-2616-4d56-890d-b28c14bc83e4", - "OldPath": "https://github.com/Azure/Azure-Sentinel/blob/master/Hunting%20Queries/SecurityEvent/", - "NewPath": "https://github.com/Azure/Azure-Sentinel/tree/master/Solutions/Windows%20Security%20Events/Hunting%20Queries/" - }, - { - "FileName": "HostExportingMailboxAndRemovingExport.yaml", - "DetectionId": "2e2fab4b-83dd-4cf8-b2dd-063d0fd15513", - "OldPath": "https://github.com/Azure/Azure-Sentinel/blob/master/Hunting%20Queries/SecurityEvent/", - "NewPath": "https://github.com/Azure/Azure-Sentinel/tree/master/Solutions/Windows%20Security%20Events/Hunting%20Queries/" - }, - { - "FileName": "HostsWithNewLogons.yaml", - "DetectionId": "62e2df59-1535-4c8e-ac6c-c91faeed0179", - "OldPath": "https://github.com/Azure/Azure-Sentinel/blob/master/Hunting%20Queries/SecurityEvent/", - "NewPath": "https://github.com/Azure/Azure-Sentinel/tree/master/Solutions/Windows%20Security%20Events/Hunting%20Queries/" - }, - { - "FileName": "Invoke-PowerShellTcpOneLine.yaml", - "DetectionId": "a344e28e-095d-47fb-84a8-d06edd31d2cb", - "OldPath": "https://github.com/Azure/Azure-Sentinel/blob/master/Hunting%20Queries/SecurityEvent/", - "NewPath": "https://github.com/Azure/Azure-Sentinel/tree/master/Solutions/Windows%20Security%20Events/Hunting%20Queries/" - }, - { - "FileName": "Least_Common_Parent_Child_Process.yaml", - "DetectionId": "3712595d-6f47-416b-963a-605201ed2764", - "OldPath": "https://github.com/Azure/Azure-Sentinel/blob/master/Hunting%20Queries/SecurityEvent/", - "NewPath": "https://github.com/Azure/Azure-Sentinel/tree/master/Solutions/Windows%20Security%20Events/Hunting%20Queries/" - }, - { - "FileName": "Least_Common_Process_Command_Lines.yaml", - "DetectionId": "088d30e9-c02b-46b1-bd1f-d5b6d6b782f0", - "OldPath": "https://github.com/Azure/Azure-Sentinel/blob/master/Hunting%20Queries/SecurityEvent/", - "NewPath": "https://github.com/Azure/Azure-Sentinel/tree/master/Solutions/Windows%20Security%20Events/Hunting%20Queries/" - }, - { - "FileName": "Least_Common_Process_With_Depth.yaml", - "DetectionId": "6d04a1ef-1b4d-4ff8-a76c-ad7d1a396136", - "OldPath": "https://github.com/Azure/Azure-Sentinel/blob/master/Hunting%20Queries/SecurityEvent/", - "NewPath": "https://github.com/Azure/Azure-Sentinel/tree/master/Solutions/Windows%20Security%20Events/Hunting%20Queries/" - }, - { - "FileName": "masquerading_files.yaml", - "DetectionId": "60304ebf-ebdd-4869-a702-e0216d90ab46", - "OldPath": "https://github.com/Azure/Azure-Sentinel/blob/master/Hunting%20Queries/SecurityEvent/", - "NewPath": "https://github.com/Azure/Azure-Sentinel/tree/master/Solutions/Windows%20Security%20Events/Hunting%20Queries/" - }, - { - "FileName": "MSRPRN_Printer_Bug_Exploitation.yaml", - "DetectionId": "c29a03c6-d074-4934-afae-df1aeb30da70", - "OldPath": "https://github.com/Azure/Azure-Sentinel/blob/master/Hunting%20Queries/SecurityEvent/", - "NewPath": "https://github.com/Azure/Azure-Sentinel/tree/master/Solutions/Windows%20Security%20Events/Hunting%20Queries/" - }, - { - "FileName": "MultipleExplicitCredentialUsage4648Events.yaml", - "DetectionId": "9e3fab4b-94dd-4cf9-b2aa-063d0fd25513", - "OldPath": "https://github.com/Azure/Azure-Sentinel/blob/master/Hunting%20Queries/SecurityEvent/", - "NewPath": "https://github.com/Azure/Azure-Sentinel/tree/master/Solutions/Windows%20Security%20Events/Hunting%20Queries/" - }, - { - "FileName": "new_processes.yaml", - "DetectionId": "513e3a11-e1bb-4cfc-8af9-451da0407e6b", - "OldPath": "https://github.com/Azure/Azure-Sentinel/blob/master/Hunting%20Queries/SecurityEvent/", - "NewPath": "https://github.com/Azure/Azure-Sentinel/tree/master/Solutions/Windows%20Security%20Events/Hunting%20Queries/" - }, - { - "FileName": "NewChildProcessOfW3WP.yaml", - "DetectionId": "f885fb16-dfd3-4c90-83d9-7a66b9d9b654", - "OldPath": "https://github.com/Azure/Azure-Sentinel/blob/master/Hunting%20Queries/SecurityEvent/", - "NewPath": "https://github.com/Azure/Azure-Sentinel/tree/master/Solutions/Windows%20Security%20Events/Hunting%20Queries/" - }, - { - "FileName": "NishangReverseTCPShellBase64.yaml", - "DetectionId": "87c1f90a-f868-4528-a9c1-15520249cae6", - "OldPath": "https://github.com/Azure/Azure-Sentinel/blob/master/Hunting%20Queries/SecurityEvent/", - "NewPath": "https://github.com/Azure/Azure-Sentinel/tree/master/Solutions/Windows%20Security%20Events/Hunting%20Queries/" - }, - { - "FileName": "persistence_create_account.yaml", - "DetectionId": "5e76eaf9-79a7-448c-bace-28e5b53b8396", - "OldPath": "https://github.com/Azure/Azure-Sentinel/blob/master/Hunting%20Queries/SecurityEvent/", - "NewPath": "https://github.com/Azure/Azure-Sentinel/tree/master/Solutions/Windows%20Security%20Events/Hunting%20Queries/" - }, - { - "FileName": "PowerCatDownload.yaml", - "DetectionId": "c2112ca3-aae0-4079-9bff-d74c54bb5fe5", - "OldPath": "https://github.com/Azure/Azure-Sentinel/blob/master/Hunting%20Queries/SecurityEvent/", - "NewPath": "https://github.com/Azure/Azure-Sentinel/tree/master/Solutions/Windows%20Security%20Events/Hunting%20Queries/" - }, - { - "FileName": "powershell_downloads.yaml", - "DetectionId": "d83f40fc-bbcc-4020-8d45-ad2d82355cb2", - "OldPath": "https://github.com/Azure/Azure-Sentinel/blob/master/Hunting%20Queries/SecurityEvent/", - "NewPath": "https://github.com/Azure/Azure-Sentinel/tree/master/Solutions/Windows%20Security%20Events/Hunting%20Queries/" - }, - { - "FileName": "powershell_newencodedscipts.yaml", - "DetectionId": "4e78daf1-8bba-4b5d-8a8b-c75fe9bbc2d9", - "OldPath": "https://github.com/Azure/Azure-Sentinel/blob/master/Hunting%20Queries/SecurityEvent/", - "NewPath": "https://github.com/Azure/Azure-Sentinel/tree/master/Solutions/Windows%20Security%20Events/Hunting%20Queries/" - }, - { - "FileName": "ProcessEntropy.yaml", - "DetectionId": "05208917-82de-46f7-a190-a65739a690f4", - "OldPath": "https://github.com/Azure/Azure-Sentinel/blob/master/Hunting%20Queries/SecurityEvent/", - "NewPath": "https://github.com/Azure/Azure-Sentinel/tree/master/Solutions/Windows%20Security%20Events/Hunting%20Queries/" - }, - { - "FileName": "RareProcbyServiceAccount.yaml", - "DetectionId": "af02987c-949d-47d5-b0ae-64d8e1b674e2", - "OldPath": "https://github.com/Azure/Azure-Sentinel/blob/master/Hunting%20Queries/SecurityEvent/", - "NewPath": "https://github.com/Azure/Azure-Sentinel/tree/master/Solutions/Windows%20Security%20Events/Hunting%20Queries/" - }, - { - "FileName": "RareProcess_forWinHost.yaml", - "DetectionId": "82e04ff9-a289-4005-9fcd-f1deec72e3fc", - "OldPath": "https://github.com/Azure/Azure-Sentinel/blob/master/Hunting%20Queries/SecurityEvent/", - "NewPath": "https://github.com/Azure/Azure-Sentinel/tree/master/Solutions/Windows%20Security%20Events/Hunting%20Queries/" - }, - { - "FileName": "RareProcessPath.yaml", - "DetectionId": "0ff22697-dc58-4623-b844-a767629840cd", - "OldPath": "https://github.com/Azure/Azure-Sentinel/blob/master/Hunting%20Queries/SecurityEvent/", - "NewPath": "https://github.com/Azure/Azure-Sentinel/tree/master/Solutions/Windows%20Security%20Events/Hunting%20Queries/" - }, - { - "FileName": "RareProcessWithCmdLine.yaml", - "DetectionId": "5550b630-7b8a-444e-a585-ec8c7533c028", - "OldPath": "https://github.com/Azure/Azure-Sentinel/blob/master/Hunting%20Queries/SecurityEvent/", - "NewPath": "https://github.com/Azure/Azure-Sentinel/tree/master/Solutions/Windows%20Security%20Events/Hunting%20Queries/" - }, - { - "FileName": "ServiceInstallationFromUsersWritableDirectory.yaml", - "DetectionId": "5a9ccb48-1316-46e1-89d1-aca0355c305e", - "OldPath": "https://github.com/Azure/Azure-Sentinel/blob/master/Hunting%20Queries/SecurityEvent/", - "NewPath": "https://github.com/Azure/Azure-Sentinel/tree/master/Solutions/Windows%20Security%20Events/Hunting%20Queries/" - }, - { - "FileName": "SuspectedLSASSDump.yaml", - "DetectionId": "58fe8fc8-54fa-48cd-bac3-197f8d862429", - "OldPath": "https://github.com/Azure/Azure-Sentinel/blob/master/Hunting%20Queries/SecurityEvent/", - "NewPath": "https://github.com/Azure/Azure-Sentinel/tree/master/Solutions/Windows%20Security%20Events/Hunting%20Queries/" - }, - { - "FileName": "Suspicious_enumeration_using_adfind.yaml", - "DetectionId": "dd6fb889-43ef-44e1-a01d-093ab4bb12b2", - "OldPath": "https://github.com/Azure/Azure-Sentinel/blob/master/Hunting%20Queries/SecurityEvent/", - "NewPath": "https://github.com/Azure/Azure-Sentinel/tree/master/Solutions/Windows%20Security%20Events/Hunting%20Queries/" - }, - { - "FileName": "Suspicious_Windows_Login_outside_normal_hours.yaml", - "DetectionId": "e7bfbc3f-98c7-4aaa-a64c-de9c058b86b2", - "OldPath": "https://github.com/Azure/Azure-Sentinel/blob/master/Hunting%20Queries/SecurityEvent/", - "NewPath": "https://github.com/Azure/Azure-Sentinel/tree/master/Solutions/Windows%20Security%20Events/Hunting%20Queries/" - }, - { - "FileName": "uncommon_processes.yaml", - "DetectionId": "2ff4b10c-7056-4898-83fd-774104189fd5", - "OldPath": "https://github.com/Azure/Azure-Sentinel/blob/master/Hunting%20Queries/SecurityEvent/", - "NewPath": "https://github.com/Azure/Azure-Sentinel/tree/master/Solutions/Windows%20Security%20Events/Hunting%20Queries/" - }, - { - "FileName": "User Logons By Logon Type.yaml", - "DetectionId": "d0f13bb9-e713-4f89-b610-1806326a1dea", - "OldPath": "https://github.com/Azure/Azure-Sentinel/blob/master/Hunting%20Queries/SecurityEvent/", - "NewPath": "https://github.com/Azure/Azure-Sentinel/tree/master/Solutions/Windows%20Security%20Events/Hunting%20Queries/" - }, - { - "FileName": "UserAccountAddedToPrivlegeGroup.yaml", - "DetectionId": "8d69a665-074a-443b-aae6-5dd9bdd5cfb1", - "OldPath": "https://github.com/Azure/Azure-Sentinel/blob/master/Hunting%20Queries/SecurityEvent/", - "NewPath": "https://github.com/Azure/Azure-Sentinel/tree/master/Solutions/Windows%20Security%20Events/Hunting%20Queries/" - }, - { - "FileName": "UserAccountCreatedDeleted.yaml", - "DetectionId": "6135a90e-ba30-4f36-9b6a-3a350050704b", - "OldPath": "https://github.com/Azure/Azure-Sentinel/blob/master/Hunting%20Queries/SecurityEvent/", - "NewPath": "https://github.com/Azure/Azure-Sentinel/tree/master/Solutions/Windows%20Security%20Events/Hunting%20Queries/" - }, - { - "FileName": "UserAdd_RemToGroupByUnauthorizedUser.yaml", - "DetectionId": "d57f675c-ad6c-44d0-95fb-3bf707e70155", - "OldPath": "https://github.com/Azure/Azure-Sentinel/blob/master/Hunting%20Queries/SecurityEvent/", - "NewPath": "https://github.com/Azure/Azure-Sentinel/tree/master/Solutions/Windows%20Security%20Events/Hunting%20Queries/" - }, - { - "FileName": "UserCreatedByUnauthorizedUser.yaml", - "DetectionId": "42ae9690-89ce-4063-9a90-465badad5395", - "OldPath": "https://github.com/Azure/Azure-Sentinel/blob/master/Hunting%20Queries/SecurityEvent/", - "NewPath": "https://github.com/Azure/Azure-Sentinel/tree/master/Solutions/Windows%20Security%20Events/Hunting%20Queries/" - }, - { - "FileName": "VIPAccountFailedLogons.yaml", - "DetectionId": "e8d36582-c403-4466-bd44-ebede5b6fa6e", - "OldPath": "https://github.com/Azure/Azure-Sentinel/blob/master/Hunting%20Queries/SecurityEvent/", - "NewPath": "https://github.com/Azure/Azure-Sentinel/tree/master/Solutions/Windows%20Security%20Events/Hunting%20Queries/" - }, - { - "FileName": "WindowsSystemTimeChange.yaml", - "DetectionId": "9fd6f61d-2cc3-48de-acf5-7194e78d6ea1", - "OldPath": "https://github.com/Azure/Azure-Sentinel/blob/master/Hunting%20Queries/SecurityEvent/", - "NewPath": "https://github.com/Azure/Azure-Sentinel/tree/master/Solutions/Windows%20Security%20Events/Hunting%20Queries/" - }, - { - "FileName": "AWS_IAM_PolicyChange.yaml", - "DetectionId": "e0a67cd7-b4e5-4468-aae0-26cb16a1bbd2", - "OldPath": "https://github.com/Azure/Azure-Sentinel/blob/master/Hunting%20Queries/AWSCloudTrail/", - "NewPath": "https://github.com/Azure/Azure-Sentinel/tree/master/Solutions/Amazon%20Web%20Services/Hunting%20Queries/" - }, - { - "FileName": "AWS_IAM_PrivilegeEscalationbyAttachment.yaml", - "DetectionId": "e1a91db8-f2b3-4531-bff6-da133d4f4f1a", - "OldPath": "https://github.com/Azure/Azure-Sentinel/blob/master/Hunting%20Queries/AWSCloudTrail/", - "NewPath": "https://github.com/Azure/Azure-Sentinel/tree/master/Solutions/Amazon%20Web%20Services/Hunting%20Queries/" - }, - { - "FileName": "AWS_PrivilegedRoleAttachedToInstance.yaml", - "DetectionId": "0db42a94-e7c8-4bf1-99a7-1a2fb4158212", - "OldPath": "https://github.com/Azure/Azure-Sentinel/blob/master/Hunting%20Queries/AWSCloudTrail/", - "NewPath": "https://github.com/Azure/Azure-Sentinel/tree/master/Solutions/Amazon%20Web%20Services/Hunting%20Queries/" - }, - { - "FileName": "AWS_SuspiciousCredentialTokenAccessOfValid_IAM_Roles.yaml", - "DetectionId": "5b6ee21d-da53-46eb-827c-eab2a9ba3d2f", - "OldPath": "https://github.com/Azure/Azure-Sentinel/blob/master/Hunting%20Queries/AWSCloudTrail/", - "NewPath": "https://github.com/Azure/Azure-Sentinel/tree/master/Solutions/Amazon%20Web%20Services/Hunting%20Queries/" - }, - { - "FileName": "AWS_Unused_UnsupportedCloudRegions.yaml", - "DetectionId": "e0d57543-acbd-428b-bb96-24a67506f84d", - "OldPath": "https://github.com/Azure/Azure-Sentinel/blob/master/Hunting%20Queries/AWSCloudTrail/", - "NewPath": "https://github.com/Azure/Azure-Sentinel/tree/master/Solutions/Amazon%20Web%20Services/Hunting%20Queries/" - }, - { - "FileName": "ApplicationGrantedEWSPermissions.yaml", - "DetectionId": "c7941212-4ff9-4d2d-b38d-54d78fa087cc", - "OldPath": "https://github.com/Azure/Azure-Sentinel/blob/master/Hunting%20Queries/MultipleDataSources/", - "NewPath": "https://github.com/Azure/Azure-Sentinel/blob/master/Solutions/Cloud%20Identity%20Threat%20Protection%20Essentials/Hunting%20Queries/" - }, - { - "FileName": "DisabledAccountSigninAttempts.yaml", - "DetectionId": "b00f127c-46fa-40bd-9ab6-b266974d29cc", - "OldPath": "https://github.com/Azure/Azure-Sentinel/blob/master/Hunting%20Queries/SigninLogs/", - "NewPath": "https://github.com/Azure/Azure-Sentinel/blob/master/Solutions/Cloud%20Identity%20Threat%20Protection%20Essentials/Hunting%20Queries/" - }, - { - "FileName": "DisabledAccountSigninAttemptsByIP.yaml", - "DetectionId": "0cd51b2e-d3b2-4001-8e3f-5cbb604f69b2", - "OldPath": "https://github.com/Azure/Azure-Sentinel/blob/master/Hunting%20Queries/SigninLogs/", - "NewPath": "https://github.com/Azure/Azure-Sentinel/blob/master/Solutions/Cloud%20Identity%20Threat%20Protection%20Essentials/Hunting%20Queries/" - }, - { - "FileName": "Signins-From-VPS-Providers.yaml", - "DetectionId": "86490334-5371-40a2-971a-3749c2654954", - "OldPath": "https://github.com/Azure/Azure-Sentinel/blob/master/Hunting%20Queries/SigninLogs/", - "NewPath": "https://github.com/Azure/Azure-Sentinel/blob/master/Solutions/Cloud%20Identity%20Threat%20Protection%20Essentials/Hunting%20Queries/" - }, - { - "FileName": "Signins-from-NordVPN-Providers.yaml", - "DetectionId": "cdc9b092-8a16-4559-9e5e-831877e8209a", - "OldPath": "https://github.com/Azure/Azure-Sentinel/blob/master/Hunting%20Queries/SigninLogs/", - "NewPath": "https://github.com/Azure/Azure-Sentinel/blob/master/Solutions/Cloud%20Identity%20Threat%20Protection%20Essentials/Hunting%20Queries/" - }, - { - "FileName": "StsRefreshTokenModification.yaml", - "DetectionId": "4696e072-aca8-4a4f-bf05-89fddc5ac3c9", - "OldPath": "https://github.com/Azure/Azure-Sentinel/blob/master/Hunting%20Queries/AuditLogs/", - "NewPath": "https://github.com/Azure/Azure-Sentinel/blob/master/Solutions/Cloud%20Identity%20Threat%20Protection%20Essentials/Hunting%20Queries/" - }, - { - "FileName": "SuspiciousSignintoPrivilegedAccount.yaml", - "DetectionId": "a73c52f2-b3a5-4fe4-be7d-4d59b8558590", - "OldPath": "https://github.com/Azure/Azure-Sentinel/blob/master/Hunting%20Queries/SigninLogs/", - "NewPath": "https://github.com/Azure/Azure-Sentinel/blob/master/Solutions/Cloud%20Identity%20Threat%20Protection%20Essentials/Hunting%20Queries/" - }, - { - "FileName": "UserGrantedAccess_GrantsOthersAccess.yaml", - "DetectionId": "2b6a3882-d601-4298-983b-880f6dc7acdb", - "OldPath": "https://github.com/Azure/Azure-Sentinel/blob/master/Hunting%20Queries/AuditLogs/", - "NewPath": "https://github.com/Azure/Azure-Sentinel/blob/master/Solutions/Cloud%20Identity%20Threat%20Protection%20Essentials/Hunting%20Queries/" - }, - { - "FileName": "ExternalUserAddedRemovedInTeams_HuntVersion.yaml", - "DetectionId": "119d9e1c-afcc-4d23-b239-cdb4e7bf851c", - "OldPath": "https://github.com/Azure/Azure-Sentinel/blob/master/Hunting%20Queries/OfficeActivity/", - "NewPath": "https://github.com/Azure/Azure-Sentinel/blob/master/Solutions/Microsoft%20365/Hunting%20Queries" - }, - { - "FileName": "AnomolousUserAccessingOtherUsersMailbox.yaml", - "DetectionId": "271e8881-3044-4332-a5f4-42264c2e0315", - "OldPath": "https://github.com/Azure/Azure-Sentinel/blob/master/Hunting%20Queries/OfficeActivity/", - "NewPath": "https://github.com/Azure/Azure-Sentinel/blob/master/Solutions/Microsoft%20365/Hunting%20Queries" - }, - { - "FileName": "WindowsReservedFileNamesOnOfficeFileServices.yaml", - "DetectionId": "61c28cd7-3139-4731-8ea7-2cbbeabb4684", - "OldPath": "https://github.com/Azure/Azure-Sentinel/blob/master/Hunting%20Queries/OfficeActivity/", - "NewPath": "https://github.com/Azure/Azure-Sentinel/blob/master/Solutions/Microsoft%20365/Hunting%20Queries" - }, - { - "FileName": "UserAddToTeamsAndUploadsFile.yaml", - "DetectionId": "3d6d0c04-7337-40cf-ace6-c471d442356d", - "OldPath": "https://github.com/Azure/Azure-Sentinel/blob/master/Hunting%20Queries/OfficeActivity/", - "NewPath": "https://github.com/Azure/Azure-Sentinel/blob/master/Solutions/Microsoft%20365/Hunting%20Queries" - }, - { - "FileName": "TeamsFilesUploaded.yaml", - "DetectionId": "90e198a9-efb6-4719-ad89-81b8e93633a7", - "OldPath": "https://github.com/Azure/Azure-Sentinel/blob/master/Hunting%20Queries/OfficeActivity/", - "NewPath": "https://github.com/Azure/Azure-Sentinel/blob/master/Solutions/Microsoft%20365/Hunting%20Queries" - }, - { - "FileName": "double_file_ext_exes.yaml", - "DetectionId": "d12580c2-1474-4125-a8a3-553f50d91215", - "OldPath": "https://github.com/Azure/Azure-Sentinel/blob/master/Hunting%20Queries/OfficeActivity/", - "NewPath": "https://github.com/Azure/Azure-Sentinel/blob/master/Solutions/Microsoft%20365/Hunting%20Queries" - }, - { - "FileName": "sharepoint_downloads.yaml", - "DetectionId": "e8ae1375-4640-430c-ae8e-2514d09c71eb", - "OldPath": "https://github.com/Azure/Azure-Sentinel/blob/master/Hunting%20Queries/OfficeActivity/", - "NewPath": "https://github.com/Azure/Azure-Sentinel/blob/master/Solutions/Microsoft%20365/Hunting%20Queries" - }, - { - "FileName": "powershell_or_nonbrowser_MailboxLogin.yaml", - "DetectionId": "49a4f65a-fe18-408e-afec-042fde93d3ce", - "OldPath": "https://github.com/Azure/Azure-Sentinel/blob/master/Hunting%20Queries/OfficeActivity/", - "NewPath": "https://github.com/Azure/Azure-Sentinel/blob/master/Solutions/Microsoft%20365/Hunting%20Queries" - }, - { - "FileName": "OfficeMailRuleCreationWithMailMoveActivity.yaml", - "DetectionId": "f50a26d7-ffdb-4471-90b9-3be78c60e4f2", - "OldPath": "https://github.com/Azure/Azure-Sentinel/blob/master/Hunting%20Queries/OfficeActivity/", - "NewPath": "https://github.com/Azure/Azure-Sentinel/blob/master/Solutions/Microsoft%20365/Hunting%20Queries" - }, - { - "FileName": "OfficeMailForwarding_hunting.yaml", - "DetectionId": "d49fc965-aef3-49f6-89ad-10cc4697eb5b", - "OldPath": "https://github.com/Azure/Azure-Sentinel/blob/master/Hunting%20Queries/OfficeActivity/", - "NewPath": "https://github.com/Azure/Azure-Sentinel/blob/master/Solutions/Microsoft%20365/Hunting%20Queries" - }, - { - "FileName": "ExternalUserFromNewOrgAddedToTeams.yaml", - "DetectionId": "6fce5baf-bfc2-4c56-a6b7-9c4733fc5a45", - "OldPath": "https://github.com/Azure/Azure-Sentinel/blob/master/Hunting%20Queries/OfficeActivity/", - "NewPath": "https://github.com/Azure/Azure-Sentinel/blob/master/Solutions/Microsoft%20365/Hunting%20Queries" - }, - { - "FileName": "Mail_redirect_via_ExO_transport_rule_hunting.yaml", - "DetectionId": "9891684a-1e3a-4546-9403-3439513cbc70", - "OldPath": "https://github.com/Azure/Azure-Sentinel/blob/master/Hunting%20Queries/OfficeActivity/", - "NewPath": "https://github.com/Azure/Azure-Sentinel/blob/master/Solutions/Microsoft%20365/Hunting%20Queries" - }, - { - "FileName": "MultipleTeamsDeletes.yaml", - "DetectionId": "64990414-b015-4edf-bef0-343b741e68c5", - "OldPath": "https://github.com/Azure/Azure-Sentinel/blob/master/Hunting%20Queries/OfficeActivity/", - "NewPath": "https://github.com/Azure/Azure-Sentinel/blob/master/Solutions/Microsoft%20365/Hunting%20Queries" - }, - { - "FileName": "MultiTeamBot.yaml", - "DetectionId": "9eb64924-ec8d-44d0-b1f2-10665150fb74", - "OldPath": "https://github.com/Azure/Azure-Sentinel/blob/master/Hunting%20Queries/OfficeActivity/", - "NewPath": "https://github.com/Azure/Azure-Sentinel/blob/master/Solutions/Microsoft%20365/Hunting%20Queries" - }, - { - "FileName": "MultiTeamOwner.yaml", - "DetectionId": "558f15dd-3171-4b11-bf24-31c0610a20e0", - "OldPath": "https://github.com/Azure/Azure-Sentinel/blob/master/Hunting%20Queries/OfficeActivity/", - "NewPath": "https://github.com/Azure/Azure-Sentinel/blob/master/Solutions/Microsoft%20365/Hunting%20Queries" - }, - { - "FileName": "new_adminaccountactivity.yaml", - "DetectionId": "723c5f46-133f-4f1e-ada6-5c138f811d75", - "OldPath": "https://github.com/Azure/Azure-Sentinel/blob/master/Hunting%20Queries/OfficeActivity/", - "NewPath": "https://github.com/Azure/Azure-Sentinel/blob/master/Solutions/Microsoft%20365/Hunting%20Queries" - }, - { - "FileName": "new_sharepoint_downloads_by_IP.yaml", - "DetectionId": "e8ae1375-4640-430c-ae8e-2514d09c71eb", - "OldPath": "https://github.com/Azure/Azure-Sentinel/blob/master/Hunting%20Queries/OfficeActivity/", - "NewPath": "https://github.com/Azure/Azure-Sentinel/blob/master/Solutions/Microsoft%20365/Hunting%20Queries" - }, - { - "FileName": "new_sharepoint_downloads_by_UserAgent.yaml", - "DetectionId": "f2367171-1514-4c67-88ef-27434b6a1093", - "OldPath": "https://github.com/Azure/Azure-Sentinel/blob/master/Hunting%20Queries/OfficeActivity/", - "NewPath": "https://github.com/Azure/Azure-Sentinel/blob/master/Solutions/Microsoft%20365/Hunting%20Queries" - }, - { - "FileName": "New_WindowsReservedFileNamesOnOfficeFileServices.yaml", - "DetectionId": "641ecd2d-27c9-4f05-8433-8205096b09fc", - "OldPath": "https://github.com/Azure/Azure-Sentinel/blob/master/Hunting%20Queries/OfficeActivity/", - "NewPath": "https://github.com/Azure/Azure-Sentinel/blob/master/Solutions/Microsoft%20365/Hunting%20Queries" - }, - { - "FileName": "NewBotAddedToTeams.yaml", - "DetectionId": "bf76e508-9282-4cf1-9cc1-5c20c3dea2ee", - "OldPath": "https://github.com/Azure/Azure-Sentinel/blob/master/Hunting%20Queries/OfficeActivity/", - "NewPath": "https://github.com/Azure/Azure-Sentinel/blob/master/Solutions/Microsoft%20365/Hunting%20Queries" - }, - { - "FileName": "nonowner_MailboxLogin.yaml", - "DetectionId": "0a8f410d-38b5-4d75-90da-32b472b97230", - "OldPath": "https://github.com/Azure/Azure-Sentinel/blob/master/Hunting%20Queries/OfficeActivity/", - "NewPath": "https://github.com/Azure/Azure-Sentinel/blob/master/Solutions/Microsoft%20365/Hunting%20Queries" - }, - { - "FileName": "AzureKeyVaultAccessManipulation.yaml", - "DetectionId": "8eff7055-9138-4edc-b8f0-48ea27e23c3c", - "OldPath": "https://github.com/Azure/Azure-Sentinel/blob/master/Hunting%20Queries/AzureDiagnostics/", - "NewPath": "https://github.com/Azure/Azure-Sentinel/tree/master/Solutions/Cloud%20Service%20Threat%20Protection%20Essentials/Hunting%20Queries/" - }, - { - "FileName": "AzureResourceAssignedPublicIP.yaml", - "DetectionId": "8d5996b2-7d4c-4dcf-bb0d-0d7fdf0e2c75", - "OldPath": "https://github.com/Azure/Azure-Sentinel/blob/master/Hunting%20Queries/MultipleDataSources/", - "NewPath": "https://github.com/Azure/Azure-Sentinel/tree/master/Solutions/Cloud%20Service%20Threat%20Protection%20Essentials/Hunting%20Queries/" - }, - { - "FileName": "CobaltDNSBeacon.yaml", - "DetectionId": "dde206fc-3f0b-4175-bb5d-42d2aae9d4c9", - "OldPath": "https://github.com/Azure/Azure-Sentinel/blob/master/Hunting%20Queries/MultipleDataSources/", - "NewPath": "https://github.com/Azure/Azure-Sentinel/tree/master/Solutions/Attacker%20Tools%20Threat%20Protection%20Essentials/Hunting%20Queries/" - }, - { - "FileName": "PotentialImpacketExecution.yaml", - "DetectionId": "24ae555c-5e33-4b5d-827a-44206e39f6b4", - "OldPath": "https://github.com/Azure/Azure-Sentinel/blob/master/Hunting%20Queries/SecurityEvent/", - "NewPath": "https://github.com/Azure/Azure-Sentinel/tree/master/Solutions/Attacker%20Tools%20Threat%20Protection%20Essentials/Hunting%20Queries/" - }, - { - "FileName": "FileEntity_OfficeActivity.yaml", - "DetectionId": "410da56d-4a63-4d22-b68c-9fb1a303be6d", - "OldPath": "https://github.com/Azure/Azure-Sentinel/blob/master/Hunting%20Queries/ThreatIntelligenceIndicator/", - "NewPath": "https://github.com/Azure/Azure-Sentinel/blob/master/Solutions/Threat%20Intelligence/Hunting%20Queries" - }, - { - "FileName": "FileEntity_SecurityEvent.yaml", - "DetectionId": "233441b9-cc92-4c9b-87fa-73b855fcd4b8", - "OldPath": "https://github.com/Azure/Azure-Sentinel/blob/master/Hunting%20Queries/ThreatIntelligenceIndicator/", - "NewPath": "https://github.com/Azure/Azure-Sentinel/blob/master/Solutions/Threat%20Intelligence/Hunting%20Queries" - }, - { - "FileName": "FileEntity_Syslog.yaml", - "DetectionId": "18f7de84-de55-4983-aca3-a18bc846b4e0", - "OldPath": "https://github.com/Azure/Azure-Sentinel/blob/master/Hunting%20Queries/ThreatIntelligenceIndicator/", - "NewPath": "https://github.com/Azure/Azure-Sentinel/blob/master/Solutions/Threat%20Intelligence/Hunting%20Queries" - }, - { - "FileName": "FileEntity_VMConnection.yaml", - "DetectionId": "172a321b-c46b-4508-87c6-e2691c778107", - "OldPath": "https://github.com/Azure/Azure-Sentinel/blob/master/Hunting%20Queries/ThreatIntelligenceIndicator/", - "NewPath": "https://github.com/Azure/Azure-Sentinel/blob/master/Solutions/Threat%20Intelligence/Hunting%20Queries" - }, - { - "FileName": "FileEntity_WireData.yaml", - "DetectionId": "689a9475-440b-4e69-8ab1-a5e241685f39", - "OldPath": "https://github.com/Azure/Azure-Sentinel/blob/master/Hunting%20Queries/ThreatIntelligenceIndicator/", - "NewPath": "https://github.com/Azure/Azure-Sentinel/blob/master/Solutions/Threat%20Intelligence/Hunting%20Queries" - }, - { - "FileName": "B64IPInURL.yaml", - "DetectionId": "39156a1d-c9e3-439e-967b-be7dcba918d9", - "OldPath": "https://github.com/Azure/Azure-Sentinel/blob/master/Hunting%20Queries/CommonSecurityLog/", - "NewPath": "https://github.com/Azure/Azure-Sentinel/blob/master/Solutions/Network%20Threat%20Protection%20Essentials/Hunting%20Queries" - }, - { - "FileName": "RiskyCommandB64EncodedInUrl.yaml", - "DetectionId": "c46eeb45-c324-4a84-9df1-248c6d1507bb", - "OldPath": "https://github.com/Azure/Azure-Sentinel/blob/master/Hunting%20Queries/CommonSecurityLog/", - "NewPath": "https://github.com/Azure/Azure-Sentinel/blob/master/Solutions/Network%20Threat%20Protection%20Essentials/Hunting%20Queries" - }, - { - "FileName": "UseragentExploitPentest.yaml", - "DetectionId": "df75ac6c-7b0b-40d2-82e4-191c012f1a07", - "OldPath": "https://github.com/Azure/Azure-Sentinel/blob/master/Hunting%20Queries/MultipleDataSources/", - "NewPath": "https://github.com/Azure/Azure-Sentinel/blob/master/Solutions/Network%20Threat%20Protection%20Essentials/Hunting%20Queries" - }, - { - "FileName": "SQL-Failed SQL Logons.yaml", - "DetectionId": "d98256d5-0c9a-4ffc-8618-66a3404412f8", - "OldPath": "https://github.com/Azure/Azure-Sentinel/blob/master/Hunting%20Queries/SQLServer/", - "NewPath": "https://github.com/Azure/Azure-Sentinel/blob/master/Solutions/Microsoft%20Windows%20SQL%20Server%20Database%20Audit/Hunting%20Queries" - }, - { - "FileName": "SQL-MultipleFailedLogon_FromSameIP.yaml", - "DetectionId": "72727649-6445-46a3-b249-997a009fad89", - "OldPath": "https://github.com/Azure/Azure-Sentinel/blob/master/Hunting%20Queries/SQLServer/", - "NewPath": "https://github.com/Azure/Azure-Sentinel/blob/master/Solutions/Microsoft%20Windows%20SQL%20Server%20Database%20Audit/Hunting%20Queries" - }, - { - "FileName": "SQL-MultipleFailedLogon_InShortSpan.yaml", - "DetectionId": "aef212b5-c770-42e1-9abf-bc513e4e749c", - "OldPath": "https://github.com/Azure/Azure-Sentinel/blob/master/Hunting%20Queries/SQLServer/", - "NewPath": "https://github.com/Azure/Azure-Sentinel/blob/master/Solutions/Microsoft%20Windows%20SQL%20Server%20Database%20Audit/Hunting%20Queries" - }, - { - "FileName": "SQL-New_UserCreated.yaml", - "DetectionId": "2b96760d-5307-44f0-94bd-8cf0ec52b1fb", - "OldPath": "https://github.com/Azure/Azure-Sentinel/blob/master/Hunting%20Queries/SQLServer/", - "NewPath": "https://github.com/Azure/Azure-Sentinel/blob/master/Solutions/Microsoft%20Windows%20SQL%20Server%20Database%20Audit/Hunting%20Queries" - }, - { - "FileName": "QL-UserAdded_to_SecurityAdmin.yaml", - "DetectionId": "363ea6d1-b30d-4a44-b56a-63c3c8a99621", - "OldPath": "https://github.com/Azure/Azure-Sentinel/blob/master/Hunting%20Queries/SQLServer/", - "NewPath": "https://github.com/Azure/Azure-Sentinel/blob/master/Solutions/Microsoft%20Windows%20SQL%20Server%20Database%20Audit/Hunting%20Queries" - }, - { - "FileName": "SQL-UserDeletedFromDatabase.yaml", - "DetectionId": "7b8fa5f5-4f5b-4698-a4cf-720bbb215bea", - "OldPath": "https://github.com/Azure/Azure-Sentinel/blob/master/Hunting%20Queries/SQLServer/", - "NewPath": "https://github.com/Azure/Azure-Sentinel/blob/master/Solutions/Microsoft%20Windows%20SQL%20Server%20Database%20Audit/Hunting%20Queries" - }, - { - "FileName": "SQL-UserRemovedFromSecurityAdmin.yaml", - "DetectionId": "f35b879c-c836-4502-94f2-c76b7f06f02d", - "OldPath": "https://github.com/Azure/Azure-Sentinel/blob/master/Hunting%20Queries/SQLServer/", - "NewPath": "https://github.com/Azure/Azure-Sentinel/blob/master/Solutions/Microsoft%20Windows%20SQL%20Server%20Database%20Audit/Hunting%20Queries" - }, - { - "FileName": "SQL-UserRemovedFromServerRole.yaml", - "DetectionId": "5dd79877-8066-4ce4-ae03-eedd8ebf04f8", - "OldPath": "https://github.com/Azure/Azure-Sentinel/blob/master/Hunting%20Queries/SQLServer/", - "NewPath": "https://github.com/Azure/Azure-Sentinel/blob/master/Solutions/Microsoft%20Windows%20SQL%20Server%20Database%20Audit/Hunting%20Queries" - }, - { - "FileName": "SQL-UserRoleChanged.yaml", - "DetectionId": "80a420b3-6a97-4b8f-9d86-4b43ee522fb2", - "OldPath": "https://github.com/Azure/Azure-Sentinel/blob/master/Hunting%20Queries/SQLServer/", - "NewPath": "https://github.com/Azure/Azure-Sentinel/blob/master/Solutions/Microsoft%20Windows%20SQL%20Server%20Database%20Audit/Hunting%20Queries" - }, - { - "FileName": "Granting_Permissions_to_Account.yaml", - "DetectionId": "860cda84-765b-4273-af44-958b7cca85f7", - "OldPath": "https://github.com/Azure/Azure-Sentinel/blob/master/Hunting%20Queries/AzureActivity/", - "NewPath": "https://github.com/Azure/Azure-Sentinel/master/Solutions/Azure%20Activity/Hunting%20Queries" - }, - { - "FileName": "PortOpenedForAzureResource.yaml", - "DetectionId": "9e146876-e303-49af-b847-b029d1a66852", - "OldPath": "https://github.com/Azure/Azure-Sentinel/blob/master/Hunting%20Queries/AzureActivity/", - "NewPath": "https://github.com/Azure/Azure-Sentinel/master/Solutions/Azure%20Activity/Hunting%20Queries" - }, - { - "FileName": "AzureSentinelWorkbooks_AdministrativeOperation.yaml", - "DetectionId": "5a1f9655-c893-4091-8dc0-7f11d7676506", - "OldPath": "https://github.com/Azure/Azure-Sentinel/blob/master/Hunting%20Queries/AzureActivity/", - "NewPath": "https://github.com/Azure/Azure-Sentinel/master/Solutions/Azure%20Activity/Hunting%20Queries" - }, - { - "FileName": "AzureVirtualNetworkSubnets_AdministrativeOperationset.yaml", - "DetectionId": "57784ba5-7791-422e-916f-65ef94fe1dbb", - "OldPath": "https://github.com/Azure/Azure-Sentinel/blob/master/Hunting%20Queries/AzureActivity/", - "NewPath": "https://github.com/Azure/Azure-Sentinel/master/Solutions/Azure%20Activity/Hunting%20Queries" - }, - { - "FileName": "Common_Deployed_Resources.yaml", - "DetectionId": "0278e3b8-9899-45c5-8928-700cd80d2d80", - "OldPath": "https://github.com/Azure/Azure-Sentinel/blob/master/Hunting%20Queries/AzureActivity/", - "NewPath": "https://github.com/Azure/Azure-Sentinel/master/Solutions/Azure%20Activity/Hunting%20Queries" - }, - { - "FileName": "Creating_Anomalous_Number_Of_Resources.yaml", - "DetectionId": "a09e6368-065b-4f1e-a4ce-b1b3a64b493b", - "OldPath": "https://github.com/Azure/Azure-Sentinel/blob/master/Hunting%20Queries/AzureActivity/", - "NewPath": "https://github.com/Azure/Azure-Sentinel/master/Solutions/Azure%20Activity/Hunting%20Queries" - }, - { - "FileName": "AnalyticsRulesAdministrativeOperations.yaml", - "DetectionId": "ef7ef44e-6129-4d8e-94fe-b5530415d8e5", - "OldPath": "https://github.com/Azure/Azure-Sentinel/blob/master/Hunting%20Queries/AzureActivity/", - "NewPath": "https://github.com/Azure/Azure-Sentinel/master/Solutions/Azure%20Activity/Hunting%20Queries" - }, - { - "FileName": "Anomalous_Listing_Of_Storage_Keys.yaml", - "DetectionId": "5d2399f9-ea5c-4e67-9435-1fba745f3a39", - "OldPath": "https://github.com/Azure/Azure-Sentinel/blob/master/Hunting%20Queries/AzureActivity/", - "NewPath": "https://github.com/Azure/Azure-Sentinel/master/Solutions/Azure%20Activity/Hunting%20Queries" - }, - { - "FileName": "AnomalousAzureOperationModel.yaml", - "DetectionId": "43cb0347-bdcc-4e83-af5a-cebbd03971d8", - "OldPath": "https://github.com/Azure/Azure-Sentinel/blob/master/Hunting%20Queries/AzureActivity/", - "NewPath": "https://github.com/Azure/Azure-Sentinel/master/Solutions/Azure%20Activity/Hunting%20Queries" - }, - { - "FileName": "AzureAdministrationFromVPS.yaml", - "DetectionId": "1b8779c9-abf2-444f-a21f-437b8f90ac4a", - "OldPath": "https://github.com/Azure/Azure-Sentinel/blob/master/Hunting%20Queries/AzureActivity/", - "NewPath": "https://github.com/Azure/Azure-Sentinel/master/Solutions/Azure%20Activity/Hunting%20Queries" - }, - { - "FileName": "AzureNSG_AdministrativeOperations.yaml", - "DetectionId": "e94d6756-981c-4f02-9a81-d006d80c8b41", - "OldPath": "https://github.com/Azure/Azure-Sentinel/blob/master/Hunting%20Queries/AzureActivity/", - "NewPath": "https://github.com/Azure/Azure-Sentinel/master/Solutions/Azure%20Activity/Hunting%20Queries" - }, - { - "FileName": "AzureRunCommandFromAzureIP.yaml", - "DetectionId": "efe843ca-3ce7-4896-9f8b-f2c374ae6527", - "OldPath": "https://github.com/Azure/Azure-Sentinel/blob/master/Hunting%20Queries/AzureActivity/", - "NewPath": "https://github.com/Azure/Azure-Sentinel/master/Solutions/Azure%20Activity/Hunting%20Queries" - }, - { - "FileName": "AzureSentinelConnectors_AdministrativeOperations.yaml", - "DetectionId": "17201aa8-0916-4078-a020-7ea3a9262889", - "OldPath": "https://github.com/Azure/Azure-Sentinel/blob/master/Hunting%20Queries/AzureActivity/", - "NewPath": "https://github.com/Azure/Azure-Sentinel/master/Solutions/Azure%20Activity/Hunting%20Queries" - }, - { - "FileName": "Rare_Custom_Script_Extension.yaml", - "DetectionId": "81fd68a2-9ad6-4a1c-7bd7-18efe5c99081", - "OldPath": "https://github.com/Azure/Azure-Sentinel/blob/master/Hunting%20Queries/AzureActivity/", - "NewPath": "https://github.com/Azure/Azure-Sentinel/master/Solutions/Azure%20Activity/Hunting%20Queries" - }, - { - "FileName": "ProofpointPODHighScoreSuspectValue.yaml", - "DetectionId": "bc619ce8-0807-4b13-93ea-0d7b79c7ee68", - "OldPath": "https://github.com/Azure/Azure-Sentinel/blob/master/Hunting%20Queries/ProofPointPOD/", - "NewPath": "https://github.com/Azure/Azure-Sentinel/blob/master/Solutions/Proofpoint On demand(POD) Email Security/Hunting%20Queries" - }, - { - "FileName": "ProofpointPODLargeOutboundEmails.yaml", - "DetectionId": "dd9674cf-898b-4c80-96f1-f70bec66e6fc", - "OldPath": "https://github.com/Azure/Azure-Sentinel/blob/master/Hunting%20Queries/ProofPointPOD/", - "NewPath": "https://github.com/Azure/Azure-Sentinel/blob/master/Solutions/Proofpoint On demand(POD) Email Security/Hunting%20Queries" - }, - { - "FileName": "ProofpointPODRecipientsHighNumberDiscardReject.yaml", - "DetectionId": "d324e435-31d3-4aa3-907c-76f4917820a9", - "OldPath": "https://github.com/Azure/Azure-Sentinel/blob/master/Hunting%20Queries/ProofPointPOD/", - "NewPath": "https://github.com/Azure/Azure-Sentinel/blob/master/Solutions/Proofpoint On demand(POD) Email Security/Hunting%20Queries" - }, - { - "FileName": "ProofpointPODRecipientsLargeNumberOfCorruptedEmails.yaml", - "DetectionId": "c334e1e8-a7da-4c23-a9c0-fdda26b07606", - "OldPath": "https://github.com/Azure/Azure-Sentinel/blob/master/Hunting%20Queries/ProofPointPOD/", - "NewPath": "https://github.com/Azure/Azure-Sentinel/blob/master/Solutions/Proofpoint On demand(POD) Email Security/Hunting%20Queries" - }, - { - "FileName": "ProofpointPODSendersLargeNumberOfCorruptedEmails.yaml", - "DetectionId": "af7f133a-5fed-4ebf-8272-4330c884c7ca", - "OldPath": "https://github.com/Azure/Azure-Sentinel/blob/master/Hunting%20Queries/ProofPointPOD/", - "NewPath": "https://github.com/Azure/Azure-Sentinel/blob/master/Solutions/Proofpoint On demand(POD) Email Security/Hunting%20Queries" - }, - { - "FileName": "ProofpointPODSuspiciousFileTypesInAttachments.yaml", - "DetectionId": "7b281f4a-6a9a-439f-8b4f-f08eb24f2fb7", - "OldPath": "https://github.com/Azure/Azure-Sentinel/blob/master/Hunting%20Queries/ProofPointPOD/", - "NewPath": "https://github.com/Azure/Azure-Sentinel/blob/master/Solutions/Proofpoint On demand(POD) Email Security/Hunting%20Queries" - }, - { - "FileName": "ProofpointPODHighScoreAdultValue.yaml", - "DetectionId": "0794a162-8635-43fd-81ed-2cf2604575b1", - "OldPath": "https://github.com/Azure/Azure-Sentinel/blob/master/Hunting%20Queries/ProofPointPOD/", - "NewPath": "https://github.com/Azure/Azure-Sentinel/blob/master/Solutions/Proofpoint On demand(POD) Email Security/Hunting%20Queries" - }, - { - "FileName": "ProofpointPODHighScoreMalwareValue.yaml", - "DetectionId": "eb74aaab-ebf4-4763-9b03-b1a33fe48600", - "OldPath": "https://github.com/Azure/Azure-Sentinel/blob/master/Hunting%20Queries/ProofPointPOD/", - "NewPath": "https://github.com/Azure/Azure-Sentinel/blob/master/Solutions/Proofpoint On demand(POD) Email Security/Hunting%20Queries" - }, - { - "FileName": "ProofpointPODHighScorePhishValue.yaml", - "DetectionId": "a0d56fcd-edb3-46f1-aaa3-12d606a48ff1", - "OldPath": "https://github.com/Azure/Azure-Sentinel/blob/master/Hunting%20Queries/ProofPointPOD/", - "NewPath": "https://github.com/Azure/Azure-Sentinel/blob/master/Solutions/Proofpoint On demand(POD) Email Security/Hunting%20Queries" - }, - { - "FileName": "ProofpointPODHighScoreSpamValue.yaml", - "DetectionId": "c9ff3690-b754-4c91-b866-4d07098da074", - "OldPath": "https://github.com/Azure/Azure-Sentinel/blob/master/Hunting%20Queries/ProofPointPOD/", - "NewPath": "https://github.com/Azure/Azure-Sentinel/blob/master/Solutions/Proofpoint On demand(POD) Email Security/Hunting%20Queries" - }, - { - "FileName": "CryptoCurrencyMiners.yaml", - "DetectionId": "1ef1c38f-26dd-4e28-b884-5b3665352648", - "OldPath": "https://github.com/Azure/Azure-Sentinel/blob/master/Hunting%20Queries/Syslog/", - "NewPath": "https://github.com/Azure/Azure-Sentinel/blob/master/Solutions/Syslog/Hunting%20Queries" - }, - { - "FileName": "CryptoThreatActivity.yaml", - "DetectionId": " 005d6e3c-7453-46f6-aef3-f59695594545", - "OldPath": "https://github.com/Azure/Azure-Sentinel/blob/master/Hunting%20Queries/Syslog/", - "NewPath": "https://github.com/Azure/Azure-Sentinel/blob/master/Solutions/Syslog/Hunting%20Queries" - }, - { - "FileName": "RareProcess_ForLxHost.yaml", - "DetectionId": "d0ae35df-0eaf-491f-b23e-8190e4f3ffe9", - "OldPath": "https://github.com/Azure/Azure-Sentinel/blob/master/Hunting%20Queries/Syslog/", - "NewPath": "https://github.com/Azure/Azure-Sentinel/blob/master/Solutions/Syslog/Hunting%20Queries" - }, - { - "FileName": "SCXExecuteRunAsProviders.yaml", - "DetectionId": "0d298a1d-1a08-4f4b-8b28-687bfe0012e8", - "OldPath": "https://github.com/Azure/Azure-Sentinel/blob/master/Hunting%20Queries/Syslog/", - "NewPath": "https://github.com/Azure/Azure-Sentinel/blob/master/Solutions/Syslog/Hunting%20Queries" - }, - { - "FileName": "SchedTaskAggregation.yaml", - "DetectionId": "eb09da09-6f6c-4502-bf74-f7b9f1343539", - "OldPath": "https://github.com/Azure/Azure-Sentinel/blob/master/Hunting%20Queries/Syslog/", - "NewPath": "https://github.com/Azure/Azure-Sentinel/blob/master/Solutions/Syslog/Hunting%20Queries" - }, - { - "FileName": "SchedTaskEditViaCrontab.yaml", - "DetectionId": "6f0f1821-5981-408a-930b-8b2ca60e9e6c", - "OldPath": "https://github.com/Azure/Azure-Sentinel/blob/master/Hunting%20Queries/Syslog/", - "NewPath": "https://github.com/Azure/Azure-Sentinel/blob/master/Solutions/Syslog/Hunting%20Queries" - }, - { - "FileName": "squid_abused_tlds.yaml", - "DetectionId": "7aaa7675-1580-47d8-a404-039cb7284279", - "OldPath": "https://github.com/Azure/Azure-Sentinel/blob/master/Hunting%20Queries/Syslog/", - "NewPath": "https://github.com/Azure/Azure-Sentinel/blob/master/Solutions/Syslog/Hunting%20Queries" - }, - { - "FileName": "squid_malformed_requests.yaml", - "DetectionId": "edbeec9f-86b9-475d-8a42-cc7b95ad2baa", - "OldPath": "https://github.com/Azure/Azure-Sentinel/blob/master/Hunting%20Queries/Syslog/", - "NewPath": "https://github.com/Azure/Azure-Sentinel/blob/master/Solutions/Syslog/Hunting%20Queries" - }, - { - "FileName": "squid_volume_anomalies.yaml", - "DetectionId": "e472c490-4792-4f12-8b6b-6ab3e0404d35", - "OldPath": "https://github.com/Azure/Azure-Sentinel/blob/master/Hunting%20Queries/Syslog/", - "NewPath": "https://github.com/Azure/Azure-Sentinel/blob/master/Solutions/Syslog/Hunting%20Queries" - }, - { - "FileName": "BackupDeletion.yaml", - "DetectionId": "56ebae61-89cf-42d9-99f4-3dff8ba33885", - "OldPath": "https://github.com/Azure/Azure-Sentinel/blob/master/Hunting%20Queries/MultipleDataSources/", - "NewPath": "https://github.com/Azure/Azure-Sentinel/blob/master/Solutions/Endpoint%20Threat%20Protection%20Essentials/Hunting%20Queries" - }, - { - "FileName": "Certutil-LOLBins.yaml", - "DetectionId": "0e429446-2798-49e4-924d-c37338f24e23", - "OldPath": "https://github.com/Azure/Azure-Sentinel/blob/master/Hunting%20Queries/SecurityEvent/", - "NewPath": "https://github.com/Azure/Azure-Sentinel/blob/master/Solutions/Endpoint%20Threat%20Protection%20Essentials/Hunting%20Queries" - }, - { - "FileName": "FileExecutionWithOneCharacterInTheName.yaml", - "DetectionId": "299472c4-8382-4c5b-82d9-718cda193393", - "OldPath": "https://github.com/Azure/Azure-Sentinel/blob/master/Hunting%20Queries/SecurityEvent/", - "NewPath": "https://github.com/Azure/Azure-Sentinel/blob/master/Solutions/Endpoint%20Threat%20Protection%20Essentials/Hunting%20Queries" - }, - { - "FileName": "PersistViaIFEORegistryKey.yaml", - "DetectionId": "f82c89fa-c969-4d12-832f-04d55d14522c", - "OldPath": "https://github.com/Azure/Azure-Sentinel/blob/master/Hunting%20Queries/MultipleDataSources/", - "NewPath": "https://github.com/Azure/Azure-Sentinel/blob/master/Solutions/Endpoint%20Threat%20Protection%20Essentials/Hunting%20Queries" - }, - { - "FileName": "PotentialMicrosoftSecurityServicesTampering.yaml", - "DetectionId": "e10e1d2f-265d-4d90-9037-7f3a6ed8a91e", - "OldPath": "https://github.com/Azure/Azure-Sentinel/blob/master/Hunting%20Queries/MultipleDataSources/", - "NewPath": "https://github.com/Azure/Azure-Sentinel/blob/master/Solutions/Endpoint%20Threat%20Protection%20Essentials/Hunting%20Queries" - }, - { - "FileName": "RemoteLoginPerformedwithWMI.yaml", - "DetectionId": "8f658a80-7fa9-4524-a95b-d9ab608e8850", - "OldPath": "https://github.com/Azure/Azure-Sentinel/blob/master/Hunting%20Queries/SecurityEvent/", - "NewPath": "https://github.com/Azure/Azure-Sentinel/blob/master/Solutions/Endpoint%20Threat%20Protection%20Essentials/Hunting%20Queries" - }, - { - "FileName": "RemoteScheduledTaskCreationUpdateUsingATSVCNamedPipe.yaml", - "DetectionId": "7aad876a-a6fe-4c11-879e-8b29d35ff739", - "OldPath": "https://github.com/Azure/Azure-Sentinel/blob/master/Hunting%20Queries/SecurityEvent/", - "NewPath": "https://github.com/Azure/Azure-Sentinel/blob/master/Solutions/Endpoint%20Threat%20Protection%20Essentials/Hunting%20Queries" - }, - { - "FileName": "ScheduledTaskCreationUpdateFromUserWritableDrectory.yaml", - "DetectionId": "0b827a49-427e-4721-b05e-b151a8af524e", - "OldPath": "https://github.com/Azure/Azure-Sentinel/blob/master/Hunting%20Queries/SecurityEvent/", - "NewPath": "https://github.com/Azure/Azure-Sentinel/blob/master/Solutions/Endpoint%20Threat%20Protection%20Essentials/Hunting%20Queries" - }, - { - "FileName": "SignedBinaryProxyExecutionRundll32.yaml", - "DetectionId": "c2074fce-b5ba-4c0a-9332-d08b8fc43c53", - "OldPath": "https://github.com/Azure/Azure-Sentinel/blob/master/Hunting%20Queries/SecurityEvent/", - "NewPath": "https://github.com/Azure/Azure-Sentinel/blob/master/Solutions/Endpoint%20Threat%20Protection%20Essentials/Hunting%20Queries" - }, - { - "FileName": "UnicodeObfuscationInCommandLine.yaml", - "DetectionId": "a953f304-12e4-48ae-bedc-d58fb1b0c6a6", - "OldPath": "https://github.com/Azure/Azure-Sentinel/blob/master/Hunting%20Queries/MultipleDataSources/", - "NewPath": "https://github.com/Azure/Azure-Sentinel/blob/master/Solutions/Endpoint%20Threat%20Protection%20Essentials/Hunting%20Queries" - }, - { - "FileName": "Dev-0056CommandLineActivityNovember2021.yaml", - "DetectionId": "e2629949-2043-4421-8064-bca23c8491dd", - "OldPath": "https://github.com/Azure/Azure-Sentinel/blob/master/Hunting%20Queries/MultipleDataSources/", - "NewPath": "https://github.com/Azure/Azure-Sentinel/blob/master/Solutions/Legacy%20IOC%20based%20Threat%20Protection/Hunting%20Queries" - }, - { - "FileName": "Dev-0322CommandLineActivityNovember2021(ASIMVersion).yaml", - "DetectionId": "6bfea14f-2122-46b3-8f8b-3947e0fb6d92", - "OldPath": "https://github.com/Azure/Azure-Sentinel/blob/master/Hunting%20Queries/MultipleDataSources/", - "NewPath": "https://github.com/Azure/Azure-Sentinel/blob/master/Solutions/Legacy%20IOC%20based%20Threat%20Protection/Hunting%20Queries" - }, - { - "FileName": "Dev-0322CommandLineActivityNovember2021.yaml", - "DetectionId": "78fa22f9-0c13-4847-bbe6-6a7aa1b47547", - "OldPath": "https://github.com/Azure/Azure-Sentinel/blob/master/Hunting%20Queries/MultipleDataSources/", - "NewPath": "https://github.com/Azure/Azure-Sentinel/blob/master/Solutions/Legacy%20IOC%20based%20Threat%20Protection/Hunting%20Queries" - }, - { - "FileName": "Dev-0322FileDropActivityNovember2021(ASIMVersion).yaml", - "DetectionId": "9b72769e-6ab1-4736-988b-018d92dc5e62", - "OldPath": "https://github.com/Azure/Azure-Sentinel/blob/master/Hunting%20Queries/MultipleDataSources/", - "NewPath": "https://github.com/Azure/Azure-Sentinel/blob/master/Solutions/Legacy%20IOC%20based%20Threat%20Protection/Hunting%20Queries" - }, - { - "FileName": "Dev-0322FileDropActivityNovember2021.yaml", - "DetectionId": "5bf2d4d8-ea03-4673-aaf8-716a61446022", - "OldPath": "https://github.com/Azure/Azure-Sentinel/blob/master/Hunting%20Queries/MultipleDataSources/", - "NewPath": "https://github.com/Azure/Azure-Sentinel/blob/master/Solutions/Legacy%20IOC%20based%20Threat%20Protection/Hunting%20Queries" - }, - { - "FileName": "NICKELCommandLineActivity-Nov2021.yaml", - "DetectionId": "bb30abbc-9af6-4a37-9536-e9207e023989", - "OldPath": "https://github.com/Azure/Azure-Sentinel/blob/master/Hunting%20Queries/MultipleDataSources/", - "NewPath": "https://github.com/Azure/Azure-Sentinel/blob/master/Solutions/Legacy%20IOC%20based%20Threat%20Protection/Hunting%20Queries" - }, - { - "FileName": "NetworkConnectiontoOMIPorts.yaml", - "DetectionId": "767b8f6d-8029-4c92-afe1-282167d9d49a", - "OldPath": "https://github.com/Azure/Azure-Sentinel/blob/master/Hunting%20Queries/MultipleDataSources/", - "NewPath": "https://github.com/Azure/Azure-Sentinel/blob/master/Solutions/Legacy%20IOC%20based%20Threat%20Protection/Hunting%20Queries" - }, - { - "FileName": "NickelRegIOCPatterns.yaml", - "DetectionId": "f090f8f4a-b986-42d2-b536-e0795c723e25", - "OldPath": "https://github.com/Azure/Azure-Sentinel/blob/master/Hunting%20Queries/MultipleDataSources/", - "NewPath": "https://github.com/Azure/Azure-Sentinel/blob/master/Solutions/Legacy%20IOC%20based%20Threat%20Protection/Hunting%20Queries" - }, - { - "FileName": "STRONTIUM_IOC_RetroHunt.yaml", - "DetectionId": "b8b7574f-1cd6-4308-822a-ab07256106f8", - "OldPath": "https://github.com/Azure/Azure-Sentinel/blob/master/Hunting%20Queries/MultipleDataSources/", - "NewPath": "https://github.com/Azure/Azure-Sentinel/blob/master/Solutions/Legacy%20IOC%20based%20Threat%20Protection/Hunting%20Queries" - }, - { - "FileName": "SolarWindsInventory.yaml", - "DetectionId": "278592b5-612b-48a4-bb38-4c01ff8ee2a5", - "OldPath": "https://github.com/Azure/Azure-Sentinel/blob/master/Hunting%20Queries/MultipleDataSources/", - "NewPath": "https://github.com/Azure/Azure-Sentinel/blob/master/Solutions/Legacy%20IOC%20based%20Threat%20Protection/Hunting%20Queries" - }, - { - "FileName": "MultipleUsersEmailForwardedToSameDestination.yaml", - "DetectionId": "a1551ae4-f61c-4bca-9c57-4d0d681db2e9", - "OldPath": "https://github.com/Azure/Azure-Sentinel/blob/master/Hunting%20Queries/MultipleUsersEmailForwardedToSameDestination/", - "NewPath": "https://github.com/Azure/Azure-Sentinel/blob/master/Solutions/Microsoft%20365/Hunting%20Queries/" - } -] \ No newline at end of file diff --git a/Tools/Create-Azure-Sentinel-Solution/V2/MigratedContent/PlaybooksMigrated.json b/Tools/Create-Azure-Sentinel-Solution/V2/MigratedContent/PlaybooksMigrated.json deleted file mode 100644 index fcde9c00bdc..00000000000 --- a/Tools/Create-Azure-Sentinel-Solution/V2/MigratedContent/PlaybooksMigrated.json +++ /dev/null @@ -1,250 +0,0 @@ -[ - { - "OldPath": "Playbooks/Get-VirusTotalDomainReport", - "NewPath": "Solutions/VirusTotal/Playbooks/Get-VirusTotalDomainReport" - }, - { - "OldPath": "Playbooks/Get-VirusTotalFileInfo", - "NewPath": "Solutions/VirusTotal/Playbooks/Get-VirusTotalFileInfo" - }, - { - "OldPath": "Playbooks/Get-VirusTotalURLReport", - "NewPath": "Solutions/VirusTotal/Playbooks/Get-VirusTotalURLReport" - }, - { - "OldPath": "Playbooks/Get-VirusTotalIPReport", - "NewPath": "Solutions/VirusTotal/Playbooks/Get-VirusTotalIPReport" - }, - { - "OldPath": "Playbooks/Watchlist-Add-HostToWatchList", - "NewPath": "Solutions/Watchlists Utilities/Playbooks/Watchlist-Add-HostToWatchList" - }, - { - "OldPath": "Playbooks/Watchlist-Add-IPToWatchList", - "NewPath": "Solutions/Watchlists Utilities/Playbooks/Watchlist-Add-IPToWatchList" - }, - { - "OldPath": "Playbooks/Watchlist-Add-URLToWatchList", - "NewPath": "Solutions/Watchlists Utilities/Playbooks/Watchlist-Add-URLToWatchList" - }, - { - "OldPath": "Playbooks/Watchlist-Add-UserToWatchList", - "NewPath": "Solutions/Watchlists Utilities/Playbooks/Watchlist-Add-UserToWatchList" - }, - { - "OldPath": "Playbooks/Watchlist-ChangeIncidentSeverityandTitleIFUserVIP", - "NewPath": "Solutions/Watchlists Utilities/Playbooks/Watchlist-ChangeIncidentSeverityandTitleIFUserVIP" - }, - { - "OldPath": "Playbooks/Watchlist-CloseIncidentKnownIPs", - "NewPath": "Solutions/Watchlists Utilities/Playbooks/Watchlist-CloseIncidentKnownIPs" - }, - { - "OldPath": "Playbooks/Watchlist-InformSubowner-IncidentTrigger", - "NewPath": "Solutions/Watchlists Utilities/Playbooks/Watchlist-InformSubowner-IncidentTrigger" - }, - { - "OldPath": "Playbooks/Create-SNOW-record", - "NewPath": "Solutions/Servicenow/Playbooks/Create-SNOW-record" - }, - { - "OldPath": "Playbooks/SNOW-CreateAndUpdateIncident", - "NewPath": "Solutions/Servicenow/Playbooks/SNOW-CreateAndUpdateIncident" - }, - { - "OldPath": "Playbooks/AzureFirewall/AzureFirewall-AddIPtoTIAllowList", - "NewPath": "Solutions/Azure Firewall/Playbooks/AzureFirewall-AddIPtoTIAllowList" - }, - { - "OldPath": "Playbooks/CrowdStrike/Playbooks/CrowdStrike_Base", - "NewPath": "Solutions/CrowdStrike Falcon Endpoint Protection/Playbooks/CrowdStrike_Base" - }, - { - "OldPath": "Playbooks/CrowdStrike/Playbooks/CrowdStrike_ContainHost", - "NewPath": "Solutions/CrowdStrike Falcon Endpoint Protection/Playbooks/CrowdStrike_ContainHost" - }, - { - "OldPath": "Playbooks/CrowdStrike/Playbooks/CrowdStrike_Enrichment_GetDeviceInformation", - "NewPath": "Solutions/CrowdStrike Falcon Endpoint Protection/Playbooks/CrowdStrike_Enrichment_GetDeviceInformation" - }, - { - "OldPath": "Playbooks/Incident-Assignment-Shifts", - "NewPath": "Solutions/SentinelSOARessentials/Playbooks/Incident-Assignment-Shifts" - }, - { - "OldPath": "Playbooks/Notify-IncidentClosed", - "NewPath": "Solutions/SentinelSOARessentials/Playbooks/Notify-IncidentClosed" - }, - { - "OldPath": "Playbooks/Notify-IncidentReopened", - "NewPath": "Solutions/SentinelSOARessentials/Playbooks/Notify-IncidentReopened" - }, - { - "OldPath": "Playbooks/Notify-IncidentSeverityChanged", - "NewPath": "Solutions/SentinelSOARessentials/Playbooks/Notify-IncidentSeverityChanged" - }, - { - "OldPath": "Playbooks/Notify-Owner", - "NewPath": "Solutions/SentinelSOARessentials/Playbooks/Notify-Owner" - }, - { - "OldPath": "Playbooks/Post-Message-Slack", - "NewPath": "Solutions/SentinelSOARessentials/Playbooks/Post-Message-Slack" - }, - { - "OldPath": "Playbooks/Post-Message-Teams", - "NewPath": "Solutions/SentinelSOARessentials/Playbooks/Post-Message-Teams" - }, - { - "OldPath": "Playbooks/Send-basic-email", - "NewPath": "Solutions/SentinelSOARessentials/Playbooks/Send-basic-email" - }, - { - "OldPath": "Playbooks/Send-email-with-formatted-incident-report", - "NewPath": "Solutions/SentinelSOARessentials/Playbooks/Send-email-with-formatted-incident-report" - }, - { - "OldPath": "Playbooks/relateAlertsToIncident-basedOnIP", - "NewPath": "Solutions/SentinelSOARessentials/Playbooks/relateAlertsToIncident-basedOnIP" - }, - { - "OldPath": "Playbooks/Isolate-MDEMachine", - "NewPath": "Solutions/MicrosoftDefenderForEndpoint/Playbooks/Isolate-MDEMachine" - }, - { - "OldPath": "Playbooks/Restrict-MDEAppExecution", - "NewPath": "Solutions/MicrosoftDefenderForEndpoint/Playbooks/Restrict-MDEAppExecution" - }, - { - "OldPath": "Playbooks/Restrict-MDEDomain", - "NewPath": "Solutions/MicrosoftDefenderForEndpoint/Playbooks/Restrict-MDEDomain" - }, - { - "OldPath": "Playbooks/Restrict-MDEFileHash", - "NewPath": "Solutions/MicrosoftDefenderForEndpoint/Playbooks/Restrict-MDEFileHash" - }, - { - "OldPath": "Playbooks/Restrict-MDEIPAddress", - "NewPath": "Solutions/MicrosoftDefenderForEndpoint/Playbooks/Restrict-MDEIPAddress" - }, - { - "OldPath": "Playbooks/Restrict-MDEUrl", - "NewPath": "Solutions/MicrosoftDefenderForEndpoint/Playbooks/Restrict-MDEUrl" - }, - { - "OldPath": "Playbooks/Run-MDEAntivirus", - "NewPath": "Solutions/MicrosoftDefenderForEndpoint/Playbooks/Run-MDEAntivirus" - }, - { - "OldPath": "Playbooks/Unisolate-MDEMachine", - "NewPath": "Solutions/MicrosoftDefenderForEndpoint/Playbooks/Unisolate-MDEMachine" - }, - { - "OldPath": "Playbooks/AzureFirewall/AzureFirewall-BlockIP-addNewRule", - "NewPath": "Solutions/Azure Firewall/Playbooks/AzureFirewall-BlockIP-addNewRule" - }, - { - "OldPath": "Playbooks/AzureFirewall/AzureFirewall-BlockIP-addToIPGroup", - "NewPath": "Solutions/Azure Firewall/Playbooks/AzureFirewall-BlockIP-addToIPGroup" - }, - { - "OldPath": "Playbooks/AzureFirewall/AzureFirewallConnector", - "NewPath": "Solutions/Azure Firewall/Playbooks/AzureFirewallConnector" - }, - { - "OldPath": "Playbooks/Advanced-SNOW-Teams-Integration", - "NewPath": "Solutions/Teams/Playbooks/Advanced-SNOW-Teams-Integration" - }, - { - "OldPath": "Playbooks/IdentityProtection-TeamsBotResponse", - "NewPath": "Solutions/Teams/Playbooks/IdentityProtection-TeamsBotResponse" - }, - { - "OldPath": "Playbooks/Send-Teams-adaptive-card-on-incident-creation", - "NewPath": "Solutions/Teams/Playbooks/Send-Teams-adaptive-card-on-incident-creation" - }, - { - "OldPath": "Playbooks/CiscoFirepower/CustomConnector", - "NewPath": "Solutions/Cisco Firepower EStreamer/Playbooks/CustomConnector" - }, - { - "OldPath": "Playbooks/CiscoFirepower/CiscoFirepower-BlockFQDN-NetworkGroup", - "NewPath": "Solutions/Cisco Firepower EStreamer/Playbooks/CiscoFirepower-BlockFQDN-NetworkGroup" - }, - { - "OldPath": "Playbooks/CiscoFirepower/CiscoFirepower-BlockIP-NetworkGroup", - "NewPath": "Solutions/Cisco Firepower EStreamer/Playbooks/CiscoFirepower-BlockIP-NetworkGroup" - }, - { - "OldPath": "Playbooks/CiscoFirepower/CiscoFirepower-BlockIP-Teams", - "NewPath": "Solutions/Cisco Firepower EStreamer/Playbooks/CiscoFirepower-BlockIP-Teams" - }, - { - "OldPath": "Playbooks/Confirm-AADRiskyUser", - "NewPath": "Solutions/Azure Active directory Identity Protection/Playbooks/Confirm-AADRiskyUser" - }, - { - "OldPath": "Playbooks/Dismiss-AADRiskyUser", - "NewPath": "Solutions/Azure Active directory Identity Protection/Playbooks/Dismiss-AADRiskyUser" - }, - { - "OldPath": "Playbooks/IdentityProtection-TeamsBotResponse", - "NewPath": "Solutions/Azure Active directory Identity Protection/Playbooks/IdentityProtection-TeamsBotResponse" - }, - { - "OldPath": "Playbooks/Block-AADUser", - "NewPath": "Solutions/Azure Active Directory/Playbooks/Block-AADUser" - }, - { - "OldPath": "Playbooks/Prompt-User", - "NewPath": "Solutions/Azure Active Directory/Playbooks/Prompt-User" - }, - { - "OldPath": "Playbooks/Reset-AADUserPassword", - "NewPath": "Solutions/Azure Active Directory/Playbooks/Reset-AADUserPassword" - }, - { - "OldPath": "Playbooks/Create-Jira-Issue", - "NewPath": "Solutions/AtlassianJiraAudit/Playbooks/Create-Jira-Issue" - }, - { - "OldPath": "Playbooks/Jira-CreateAndUpdateIssue", - "NewPath": "Solutions/AtlassianJiraAudit/Playbooks/Jira-CreateAndUpdateIssue" - }, - { - "OldPath": "Playbooks/Sync-IncidentsWithJira/Sync-AssignedUser", - "NewPath": "Solutions/AtlassianJiraAudit/Playbooks/Sync-AssignedUser" - }, - { - "OldPath": "Playbooks/Sync-IncidentsWithJira/Sync-Incidents", - "NewPath": "Solutions/AtlassianJiraAudit/Playbooks/Sync-Incidents" - }, - { - "OldPath": "Playbooks/CarbonBlack/Playbooks/CarbonBlack-DeviceEnrichment", - "NewPath": "Solutions/CarbonBlack/Playbooks/CarbonBlack-DeviceEnrichment" - }, - { - "OldPath": "Playbooks/CarbonBlack/Playbooks/CarbonBlack-QuarantineDevice", - "NewPath": "Solutions/CarbonBlack/Playbooks/CarbonBlack-QuarantineDevice" - }, - { - "OldPath": "Playbooks/CarbonBlack/Playbooks/CarbonBlack-TakeDeviceActionFromTeams", - "NewPath": "Solutions/CarbonBlack/Playbooks/CarbonBlack-TakeDeviceActionFromTeams" - }, - { - "OldPath": "Playbooks/CarbonBlack/CarbonBlackConnector", - "NewPath": "Solutions/CarbonBlack/Playbooks/CarbonBlackConnector" - }, - { - "OldPath": "Playbooks/Sync-IncidentsWithJira/Add-JiraLinkComment", - "NewPath": "Solutions/AtlassianJiraAudit/Playbooks/Add-JiraLinkComment" - }, - { - "OldPath": "Playbooks/Sync-IncidentsWithJira/Sync-Comments", - "NewPath": "Solutions/AtlassianJiraAudit/Playbooks/Sync-CommentsFunctionApp" - }, - { - "OldPath": "Playbooks/Sync-IncidentsWithJira/Sync-Status", - "NewPath": "Solutions/AtlassianJiraAudit/Playbooks/Sync-Status" - } -] \ No newline at end of file diff --git a/Tools/Create-Azure-Sentinel-Solution/V2/WorkbookMetadata/WorkbooksMetadata.json b/Tools/Create-Azure-Sentinel-Solution/V2/WorkbookMetadata/WorkbooksMetadata.json deleted file mode 100644 index 03b5f3591cf..00000000000 --- a/Tools/Create-Azure-Sentinel-Solution/V2/WorkbookMetadata/WorkbooksMetadata.json +++ /dev/null @@ -1,4997 +0,0 @@ -[ - { - "workbookKey": "42CrunchAPIProtectionWorkbook", - "logoFileName": "42CrunchLogo.svg", - "description": "Monitor and protect APIs using the 42Crunch API microfirewall", - "dataTypesDependencies": [ "apifirewall_log_1_CL" ], - "dataConnectorsDependencies": [ "42CrunchAPIProtection" ], - "previewImagesFileNames": [ "42CrunchInstancesBlack.png", "42CrunchInstancesWhite.png", "42CrunchRequestsBlack.png", "42CrunchRequestsWhite.png", "42CrunchStatusBlack.png", "42CrunchStatusWhite.png" ], - "version": "1.0.0", - "title": "42Crunch API Protection Workbook", - "templateRelativePath": "42CrunchAPIProtectionWorkbook.json", - "subtitle": "", - "provider": "42Crunch" - }, - { - "workbookKey": "ForcepointNGFWAdvanced", - "logoFileName": "FPAdvLogo.svg", - "description": "Gain threat intelligence correlated security and application insights on Forcepoint NGFW (Next Generation Firewall). Monitor Forcepoint logging servers health.", - "dataTypesDependencies": [ - "CommonSecurityLog", - "ThreatIntelligenceIndicator" - ], - "dataConnectorsDependencies": [ - "ForcepointNgfw", - "ThreatIntelligence" - ], - "previewImagesFileNames": [ - "ForcepointNGFWAdvancedWhite.png", - "ForcepointNGFWAdvancedBlack.png" - ], - "version": "1.0.0", - "title": "Forcepoint Next Generation Firewall (NGFW) Advanced Workbook", - "templateRelativePath": "ForcepointNGFWAdvanced.json", - "subtitle": "", - "provider": "Forcepoint" - }, - { - "workbookKey": "AzureActivityWorkbook", - "logoFileName": "azureactivity_logo.svg", - "description": "Gain extensive insight into your organization's Azure Activity by analyzing, and correlating all user operations and events.\nYou can learn about all user operations, trends, and anomalous changes over time.\nThis workbook gives you the ability to drill down into caller activities and summarize detected failure and warning events.", - "dataTypesDependencies": [ - "AzureActivity" - ], - "dataConnectorsDependencies": [ - "AzureActivity" - ], - "previewImagesFileNames": [ - "AzureActivityWhite1.png", - "AzureActivityBlack1.png" - ], - "version": "2.0.0", - "title": "Azure Activity", - "templateRelativePath": "AzureActivity.json", - "subtitle": "", - "provider": "Microsoft" - }, - { - "workbookKey": "IdentityAndAccessWorkbook", - "logoFileName": "Microsoft_logo.svg", - "description": "Gain insights into Identity and access operations by collecting and analyzing security logs, using the audit and sign-in logs to gather insights into use of Microsoft products.\nYou can view anomalies and trends across login events from all users and machines. This workbook also identifies suspicious entities from login and access events.", - "dataTypesDependencies": [ - "SecurityEvent" - ], - "dataConnectorsDependencies": [ - "SecurityEvents", - "WindowsSecurityEvents" - ], - "previewImagesFileNames": [ - "IdentityAndAccessWhite.png", - "IdentityAndAccessBlack.png" - ], - "version": "1.1.0", - "title": "Identity & Access", - "templateRelativePath": "IdentityAndAccess.json", - "subtitle": "", - "provider": "Microsoft" - }, - { - "workbookKey": "CheckPointWorkbook", - "logoFileName": "checkpoint_logo.svg", - "description": "Gain insights into Check Point network activities, including number of gateways and servers, security incidents, and identify infected hosts.", - "dataTypesDependencies": [ - "CommonSecurityLog" - ], - "dataConnectorsDependencies": [ - "CheckPoint" - ], - "previewImagesFileNames": [ - "CheckPointWhite.png", - "CheckPointBlack.png" - ], - "version": "1.0.0", - "title": "Check Point Software Technologies", - "templateRelativePath": "CheckPoint.json", - "subtitle": "", - "provider": "Check Point" - }, - { - "workbookKey": "CiscoWorkbook", - "logoFileName": "cisco_logo.svg", - "description": "Gain insights into your Cisco ASA firewalls by analyzing traffic, events, and firewall operations.\nThis workbook analyzes Cisco ASA threat events and identifies suspicious ports, users, protocols and IP addresses.\nYou can learn about trends across user and data traffic directions, and drill down into the Cisco filter results.\nEasily detect attacks on your organization by monitoring management operations, such as configuration and logins.", - "dataTypesDependencies": [ - "CommonSecurityLog" - ], - "dataConnectorsDependencies": [ - "CiscoASA" - ], - "previewImagesFileNames": [ - "CiscoWhite.png", - "CiscoBlack.png" - ], - "version": "1.1.0", - "title": "Cisco - ASA", - "templateRelativePath": "Cisco.json", - "subtitle": "", - "provider": "Microsoft" - }, - { - "workbookKey": "ExchangeOnlineWorkbook", - "logoFileName": "office365_logo.svg", - "description": "Gain insights into Microsoft Exchange online by tracing and analyzing all Exchange operations and user activities.\nThis workbook let you monitor user activities, including logins, account operations, permission changes, and mailbox creations to discover suspicious trends among them.", - "dataTypesDependencies": [ - "OfficeActivity" - ], - "dataConnectorsDependencies": [ - "Office365" - ], - "previewImagesFileNames": [ - "ExchangeOnlineWhite.png", - "ExchangeOnlineBlack.png" - ], - "version": "2.0.0", - "title": "Exchange Online", - "templateRelativePath": "ExchangeOnline.json", - "subtitle": "", - "provider": "Microsoft" - }, - { - "workbookKey": "PaloAltoOverviewWorkbook", - "logoFileName": "paloalto_logo.svg", - "description": "Gain insights and comprehensive monitoring into Palo Alto firewalls by analyzing traffic and activities.\nThis workbook correlates all Palo Alto data with threat events to identify suspicious entities and relationships.\nYou can learn about trends across user and data traffic, and drill down into Palo Alto Wildfire and filter results.", - "dataTypesDependencies": [ - "CommonSecurityLog" - ], - "dataConnectorsDependencies": [ - "PaloAltoNetworks" - ], - "previewImagesFileNames": [ - "PaloAltoOverviewWhite1.png", - "PaloAltoOverviewBlack1.png", - "PaloAltoOverviewWhite2.png", - "PaloAltoOverviewBlack2.png", - "PaloAltoOverviewWhite3.png", - "PaloAltoOverviewBlack3.png" - ], - "version": "1.2.0", - "title": "Palo Alto overview", - "templateRelativePath": "PaloAltoOverview.json", - "subtitle": "", - "provider": "Microsoft" - }, - { - "workbookKey": "PaloAltoNetworkThreatWorkbook", - "logoFileName": "paloalto_logo.svg", - "description": "Gain insights into Palo Alto network activities by analyzing threat events.\nYou can extract meaningful security information by correlating data between threats, applications, and time.\nThis workbook makes it easy to track malware, vulnerability, and virus log events.", - "dataTypesDependencies": [ - "CommonSecurityLog" - ], - "dataConnectorsDependencies": [ - "PaloAltoNetworks" - ], - "previewImagesFileNames": [ - "PaloAltoNetworkThreatWhite1.png", - "PaloAltoNetworkThreatBlack1.png", - "PaloAltoNetworkThreatWhite2.png", - "PaloAltoNetworkThreatBlack2.png" - ], - "version": "1.1.0", - "title": "Palo Alto Network Threat", - "templateRelativePath": "PaloAltoNetworkThreat.json", - "subtitle": "", - "provider": "Palo Alto Networks" - }, - { - "workbookKey": "EsetSMCWorkbook", - "logoFileName": "eset-logo.svg", - "description": "Visualize events and threats from Eset Security Management Center.", - "dataTypesDependencies": [ - "eset_CL" - ], - "dataConnectorsDependencies": [ - "EsetSMC" - ], - "previewImagesFileNames": [ - "esetSMCWorkbook-black.png", - "esetSMCWorkbook-white.png" - ], - "version": "1.0.0", - "title": "Eset Security Management Center Overview", - "templateRelativePath": "esetSMCWorkbook.json", - "subtitle": "", - "provider": "Community" - }, - { - "workbookKey": "FortigateWorkbook", - "logoFileName": "fortinet_logo.svg", - "description": "Gain insights into Fortigate firewalls by analyzing traffic and activities.\nThis workbook finds correlations in Fortigate threat events and identifies suspicious ports, users, protocols and IP addresses.\nYou can learn about trends across user and data traffic, and drill down into the Fortigate filter results.\nEasily detect attacks on your organization by monitoring management operations such as configuration and logins.", - "dataTypesDependencies": [ - "CommonSecurityLog" - ], - "dataConnectorsDependencies": [ - "Fortinet" - ], - "previewImagesFileNames": [ - "FortigateWhite.png", - "FortigateBlack.png" - ], - "version": "1.1.0", - "title": "FortiGate", - "templateRelativePath": "Fortigate.json", - "subtitle": "", - "provider": "Microsoft" - }, - { - "workbookKey": "DnsWorkbook", - "logoFileName": "dns_logo.svg", - "description": "Gain extensive insight into your organization's DNS by analyzing, collecting and correlating all DNS events.\nThis workbook exposes a variety of information about suspicious queries, malicious IP addresses and domain operations.", - "dataTypesDependencies": [ - "DnsInventory", - "DnsEvents" - ], - "dataConnectorsDependencies": [ - "DNS" - ], - "previewImagesFileNames": [ - "DnsWhite.png", - "DnsBlack.png" - ], - "version": "1.3.0", - "title": "DNS", - "templateRelativePath": "Dns.json", - "subtitle": "", - "provider": "Microsoft" - }, - { - "workbookKey": "Office365Workbook", - "logoFileName": "office365_logo.svg", - "description": "Gain insights into Office 365 by tracing and analyzing all operations and activities. You can drill down into your SharePoint, OneDrive, and Exchange.\nThis workbook lets you find usage trends across users, files, folders, and mailboxes, making it easier to identify anomalies in your network.", - "dataTypesDependencies": [ - "OfficeActivity" - ], - "dataConnectorsDependencies": [ - "Office365" - ], - "previewImagesFileNames": [ - "Office365White1.png", - "Office365Black1.png", - "Office365White2.png", - "Office365Black2.png", - "Office365White3.png", - "Office365Black3.png" - ], - "version": "2.0.1", - "title": "Office 365", - "templateRelativePath": "Office365.json", - "subtitle": "", - "provider": "Microsoft" - }, - { - "workbookKey": "SharePointAndOneDriveWorkbook", - "logoFileName": "office365_logo.svg", - "description": "Gain insights into SharePoint and OneDrive by tracing and analyzing all operations and activities.\nYou can view trends across user operation, find correlations between users and files, and identify interesting information such as user IP addresses.", - "dataTypesDependencies": [ - "OfficeActivity" - ], - "dataConnectorsDependencies": [ - "Office365" - ], - "previewImagesFileNames": [ - "SharePointAndOneDriveBlack1.png", - "SharePointAndOneDriveBlack2.png", - "SharePointAndOneDriveWhite1.png", - "SharePointAndOneDriveWhite2.png" - ], - "version": "2.0.0", - "title": "SharePoint & OneDrive", - "templateRelativePath": "SharePointAndOneDrive.json", - "subtitle": "", - "provider": "Microsoft" - }, - { - "workbookKey": "AzureActiveDirectorySigninLogsWorkbook", - "logoFileName": "azureactivedirectory_logo.svg", - "description": "Gain insights into Azure Active Directory by connecting Microsoft Sentinel and using the sign-in logs to gather insights around Azure AD scenarios. \nYou can learn about sign-in operations, such as user sign-ins and locations, email addresses, and IP addresses of your users, as well as failed activities and the errors that triggered the failures.", - "dataTypesDependencies": [ - "SigninLogs" - ], - "dataConnectorsDependencies": [ - "AzureActiveDirectory" - ], - "previewImagesFileNames": [ - "AADsigninBlack1.png", - "AADsigninBlack2.png", - "AADsigninWhite1.png", - "AADsigninWhite2.png" - ], - "version": "2.4.0", - "title": "Azure AD Sign-in logs", - "templateRelativePath": "AzureActiveDirectorySignins.json", - "subtitle": "", - "provider": "Microsoft" - }, - { - "workbookKey": "VirtualMachinesInsightsWorkbook", - "logoFileName": "azurevirtualmachine_logo.svg", - "description": "Gain rich insight into your organization's virtual machines from Azure Monitor, which analyzes and correlates data in your VM network. \nYou will get visibility on your VM parameters and behavior, and will be able to trace sent and received data. \nIdentify malicious attackers and their targets, and drill down into the protocols, source and destination IP addresses, countries, and ports the attacks occur across.", - "dataTypesDependencies": [ - "VMConnection", - "ServiceMapComputer_CL", - "ServiceMapProcess_CL" - ], - "dataConnectorsDependencies": [], - "previewImagesFileNames": [ - "VMInsightBlack1.png", - "VMInsightWhite1.png" - ], - "version": "1.3.0", - "title": "VM insights", - "templateRelativePath": "VirtualMachinesInsights.json", - "subtitle": "", - "provider": "Microsoft" - }, - { - "workbookKey": "AzureActiveDirectoryAuditLogsWorkbook", - "logoFileName": "azureactivedirectory_logo.svg", - "description": "Gain insights into Azure Active Directory by connecting Microsoft Sentinel and using the audit logs to gather insights around Azure AD scenarios. \nYou can learn about user operations, including password and group management, device activities, and top active users and apps.", - "dataTypesDependencies": [ - "AuditLogs" - ], - "dataConnectorsDependencies": [ - "AzureActiveDirectory" - ], - "previewImagesFileNames": [ - "AzureADAuditLogsBlack1.png", - "AzureADAuditLogsWhite1.png" - ], - "version": "1.2.0", - "title": "Azure AD Audit logs", - "templateRelativePath": "AzureActiveDirectoryAuditLogs.json", - "subtitle": "", - "provider": "Microsoft" - }, - { - "workbookKey": "ThreatIntelligenceWorkbook", - "logoFileName": "", - "description": "Gain insights into threat indicators ingestion and search for indicators at scale across Microsoft 1st Party, 3rd Party, On-Premises, Hybrid, and Multi-Cloud Workloads. Indicators Search facilitates a simple interface for finding IP, File, Hash, Sender and more across your data. Seamless pivots to correlate indicators with Microsoft Sentinel: Incidents to make your threat intelligence actionable.", - "dataTypesDependencies": [ - "ThreatIntelligenceIndicator", - "SecurityIncident" - ], - "dataConnectorsDependencies": [ - "ThreatIntelligence", - "ThreatIntelligenceTaxii" - ], - "previewImagesFileNames": [ - "ThreatIntelligenceWhite.png", - "ThreatIntelligenceBlack.png" - ], - "version": "5.0.0", - "title": "Threat Intelligence", - "templateRelativePath": "ThreatIntelligence.json", - "subtitle": "", - "provider": "Microsoft" - }, - { - "workbookKey": "WebApplicationFirewallOverviewWorkbook", - "logoFileName": "waf_logo.svg", - "description": "Gain insights into your organization's Azure web application firewall (WAF). You will get a general overview of your application gateway firewall and application gateway access events.", - "dataTypesDependencies": [ - "AzureDiagnostics" - ], - "dataConnectorsDependencies": [ - "WAF" - ], - "previewImagesFileNames": [ - "WAFOverviewBlack.png", - "WAFOverviewWhite.png" - ], - "version": "1.1.0", - "title": "Microsoft Web Application Firewall (WAF) - overview", - "templateRelativePath": "WebApplicationFirewallOverview.json", - "subtitle": "", - "provider": "Microsoft" - }, - { - "workbookKey": "WebApplicationFirewallFirewallEventsWorkbook", - "logoFileName": "waf_logo.svg", - "description": "Gain insights into your organization's Azure web application firewall (WAF). You will get visibility in to your application gateway firewall. You can view anomalies and trends across all firewall event triggers, attack events, blocked URL addresses and more.", - "dataTypesDependencies": [ - "AzureDiagnostics" - ], - "dataConnectorsDependencies": [ - "WAF" - ], - "previewImagesFileNames": [ - "WAFFirewallEventsBlack1.png", - "WAFFirewallEventsBlack2.png", - "WAFFirewallEventsWhite1.png", - "WAFFirewallEventsWhite2.png" - ], - "version": "1.1.0", - "title": "Microsoft Web Application Firewall (WAF) - firewall events", - "templateRelativePath": "WebApplicationFirewallFirewallEvents.json", - "subtitle": "", - "provider": "Microsoft" - }, - { - "workbookKey": "WebApplicationFirewallGatewayAccessEventsWorkbook", - "logoFileName": "waf_logo.svg", - "description": "Gain insights into your organization's Azure web application firewall (WAF). You will get visibility in to your application gateway access events. You can view anomalies and trends across received and sent data, client IP addresses, URL addresses and more, and drill down into details.", - "dataTypesDependencies": [ - "AzureDiagnostics" - ], - "dataConnectorsDependencies": [ - "WAF" - ], - "previewImagesFileNames": [ - "WAFGatewayAccessEventsBlack1.png", - "WAFGatewayAccessEventsBlack2.png", - "WAFGatewayAccessEventsWhite1.png", - "WAFGatewayAccessEventsWhite2.png" - ], - "version": "1.2.0", - "title": "Microsoft Web Application Firewall (WAF) - gateway access events", - "templateRelativePath": "WebApplicationFirewallGatewayAccessEvents.json", - "subtitle": "", - "provider": "Microsoft" - }, - { - "workbookKey": "LinuxMachinesWorkbook", - "logoFileName": "azurevirtualmachine_logo.svg", - "description": "Gain insights into your workspaces' Linux machines by connecting Microsoft Sentinel and using the logs to gather insights around Linux events and errors.", - "dataTypesDependencies": [ - "Syslog" - ], - "dataConnectorsDependencies": [ - "Syslog" - ], - "previewImagesFileNames": [ - "LinuxMachinesWhite.png", - "LinuxMachinesBlack.png" - ], - "version": "1.1.0", - "title": "Linux machines", - "templateRelativePath": "LinuxMachines.json", - "subtitle": "", - "provider": "Microsoft" - }, - { - "workbookKey": "AzureFirewallWorkbook", - "logoFileName": "AzFirewalls.svg", - "description": "Gain insights into Azure Firewall events. You can learn about your application and network rules, see metrics for firewall activities across URLs, ports, and addresses across multiple workspaces.", - "dataTypesDependencies": [ - "AzureDiagnostics" - ], - "dataConnectorsDependencies": [ - "AzureFirewall" - ], - "previewImagesFileNames": [ - "AzureFirewallWorkbookWhite1.PNG", - "AzureFirewallWorkbookBlack1.PNG", - "AzureFirewallWorkbookWhite2.PNG", - "AzureFirewallWorkbookBlack2.PNG", - "AzureFirewallWorkbookWhite3.PNG", - "AzureFirewallWorkbookBlack3.PNG", - "AzureFirewallWorkbookWhite4.PNG", - "AzureFirewallWorkbookBlack4.PNG", - "AzureFirewallWorkbookWhite5.PNG", - "AzureFirewallWorkbookBlack5.PNG" - ], - "version": "1.3.0", - "title": "Azure Firewall", - "templateRelativePath": "AzureFirewallWorkbook.json", - "subtitle": "", - "provider": "Microsoft" - }, - { - "workbookKey": "AzureDDoSStandardProtection", - "logoFileName": "AzDDoS.svg", - "description": "This workbook visualizes security-relevant Azure DDoS events across several filterable panels. Offering a summary tab, metrics and a investigate tabs across multiple workspaces.", - "dataTypesDependencies": [ - "AzureDiagnostics" - ], - "dataConnectorsDependencies": [ - "DDOS" - ], - "previewImagesFileNames": [ - "AzureDDoSWhite1.PNG", - "AzureDDoSBlack1.PNG", - "AzureDDoSWhite2.PNG", - "AzureDDoSBlack2.PNG", - "AzureDDoSWhite2.PNG", - "AzureDDoSBlack2.PNG" - ], - "version": "1.0.2", - "title": "Azure DDoS Protection Workbook", - "templateRelativePath": "AzDDoSStandardWorkbook.json", - "subtitle": "", - "provider": "Microsoft" - }, - { - "workbookKey": "MicrosoftCloudAppSecurityWorkbook", - "logoFileName": "Microsoft_logo.svg", - "description": "Using this workbook, you can identify which cloud apps are being used in your organization, gain insights from usage trends and drill down to a specific user and application.", - "dataTypesDependencies": [ - "McasShadowItReporting" - ], - "dataConnectorsDependencies": [ - "MicrosoftCloudAppSecurity" - ], - "previewImagesFileNames": [ - "McasDiscoveryBlack.png", - "McasDiscoveryWhite.png" - ], - "version": "1.2.0", - "title": "Microsoft Cloud App Security - discovery logs", - "templateRelativePath": "MicrosoftCloudAppSecurity.json", - "subtitle": "", - "provider": "Microsoft" - }, - { - "workbookKey": "F5BIGIPSytemMetricsWorkbook", - "logoFileName": "f5_logo.svg", - "description": "Gain insight into F5 BIG-IP health and performance. This workbook provides visibility of various metrics including CPU, memory, connectivity, throughput and disk utilization.", - "dataTypesDependencies": [ - "F5Telemetry_system_CL", - "F5Telemetry_AVR_CL" - ], - "dataConnectorsDependencies": [ - "F5BigIp" - ], - "previewImagesFileNames": [ - "F5SMBlack.png", - "F5SMWhite.png" - ], - "version": "1.1.0", - "title": "F5 BIG-IP System Metrics", - "templateRelativePath": "F5BIGIPSystemMetrics.json", - "subtitle": "", - "provider": "F5 Networks" - }, - { - "workbookKey": "F5NetworksWorkbook", - "logoFileName": "f5_logo.svg", - "description": "Gain insights into F5 BIG-IP Application Security Manager (ASM), by analyzing traffic and activities.\nThis workbook provides insight into F5's web application firewall events and identifies attack traffic patterns across multiple ASM instances as well as overall BIG-IP health.", - "dataTypesDependencies": [ - "F5Telemetry_LTM_CL", - "F5Telemetry_system_CL", - "F5Telemetry_ASM_CL" - ], - "dataConnectorsDependencies": [ - "F5BigIp" - ], - "previewImagesFileNames": [ - "F5White.png", - "F5Black.png" - ], - "version": "1.1.0", - "title": "F5 BIG-IP ASM", - "templateRelativePath": "F5Networks.json", - "subtitle": "", - "provider": "F5 Networks" - }, - { - "workbookKey": "AzureNetworkWatcherWorkbook", - "logoFileName": "networkwatcher_logo.svg", - "description": "Gain deeper understanding of your organization's Azure network traffic by analyzing, and correlating Network Security Group flow logs. \nYou can trace malicious traffic flows, and drill down into their protocols, source and destination IP addresses, machines, countries, and subnets. \nThis workbook also helps you protect your network by identifying weak NSG rules.", - "dataTypesDependencies": [ - "AzureNetworkAnalytics_CL" - ], - "dataConnectorsDependencies": [], - "previewImagesFileNames": [ - "AzureNetworkWatcherWhite.png", - "AzureNetworkWatcherBlack.png" - ], - "version": "1.1.0", - "title": "Azure Network Watcher", - "templateRelativePath": "AzureNetworkWatcher.json", - "subtitle": "", - "provider": "Microsoft" - }, - { - "workbookKey": "ZscalerFirewallWorkbook", - "logoFileName": "zscaler_logo.svg", - "description": "Gain insights into your ZIA cloud firewall logs by connecting to Microsoft Sentinel.\nThe Zscaler firewall overview workbook provides an overview and ability to drill down into all cloud firewall activity in your Zscaler instance including non-web related networking events, security events, firewall rules, and bandwidth consumption", - "dataTypesDependencies": [ - "CommonSecurityLog" - ], - "dataConnectorsDependencies": [ - "Zscaler" - ], - "previewImagesFileNames": [ - "ZscalerFirewallWhite1.png", - "ZscalerFirewallBlack1.png", - "ZscalerFirewallWhite2.png", - "ZscalerFirewallBlack2.png" - ], - "version": "1.1.0", - "title": "Zscaler Firewall", - "templateRelativePath": "ZscalerFirewall.json", - "subtitle": "", - "provider": "Zscaler" - }, - { - "workbookKey": "ZscalerWebOverviewWorkbook", - "logoFileName": "zscaler_logo.svg", - "description": "Gain insights into your ZIA web logs by connecting to Microsoft Sentinel.\nThe Zscaler web overview workbook provides a bird's eye view and ability to drill down into all the security and networking events related to web transactions, types of devices, and bandwidth consumption.", - "dataTypesDependencies": [ - "CommonSecurityLog" - ], - "dataConnectorsDependencies": [ - "Zscaler" - ], - "previewImagesFileNames": [ - "ZscalerWebOverviewWhite.png", - "ZscalerWebOverviewBlack.png" - ], - "version": "1.1.0", - "title": "Zscaler Web Overview", - "templateRelativePath": "ZscalerWebOverview.json", - "subtitle": "", - "provider": "Zscaler" - }, - { - "workbookKey": "ZscalerThreatsOverviewWorkbook", - "logoFileName": "zscaler_logo.svg", - "description": "Gain insights into threats blocked by Zscaler Internet access on your network.\nThe Zscaler threat overview workbook shows your entire threat landscape including blocked malware, IPS/AV rules, and blocked cloud apps. Threats are displayed by threat categories, filetypes, inbound vs outbound threats, usernames, user location, and more.", - "dataTypesDependencies": [ - "CommonSecurityLog" - ], - "dataConnectorsDependencies": [ - "Zscaler" - ], - "previewImagesFileNames": [ - "ZscalerThreatsWhite.png", - "ZscalerThreatsBlack.png" - ], - "version": "1.2.0", - "title": "Zscaler Threats", - "templateRelativePath": "ZscalerThreats.json", - "subtitle": "", - "provider": "Zscaler" - }, - { - "workbookKey": "ZscalerOffice365AppsWorkbook", - "logoFileName": "zscaler_logo.svg", - "description": "Gain insights into Office 365 use on your network.\nThe Zscaler Office 365 overview workbook shows you the Microsoft apps running on your network and their individual bandwidth consumption. It also helps identify phishing attempts in which attackers disguised themselves as Microsoft services.", - "dataTypesDependencies": [ - "CommonSecurityLog" - ], - "dataConnectorsDependencies": [ - "Zscaler" - ], - "previewImagesFileNames": [ - "ZscalerOffice365White.png", - "ZscalerOffice365Black.png" - ], - "version": "1.1.0", - "title": "Zscaler Office365 Apps", - "templateRelativePath": "ZscalerOffice365Apps.json", - "subtitle": "", - "provider": "Zscaler" - }, - { - "workbookKey": "InsecureProtocolsWorkbook", - "logoFileName": "Microsoft_logo.svg", - "description": "Gain insights into insecure protocol traffic by collecting and analyzing security events from Microsoft products.\nYou can view analytics and quickly identify use of weak authentication as well as sources of legacy protocol traffic, like NTLM and SMBv1.\nYou will also have the ability to monitor use of weak ciphers, allowing you to find weak spots in your organization's security.", - "dataTypesDependencies": [ - "SecurityEvent", - "Event", - "SigninLogs" - ], - "dataConnectorsDependencies": [ - "SecurityEvents", - "AzureActiveDirectory", - "WindowsSecurityEvents" - ], - "previewImagesFileNames": [ - "InsecureProtocolsWhite1.png", - "InsecureProtocolsBlack1.png", - "InsecureProtocolsWhite2.png", - "InsecureProtocolsBlack2.png" - ], - "version": "2.1.0", - "title": "Insecure Protocols", - "templateRelativePath": "InsecureProtocols.json", - "subtitle": "", - "provider": "Microsoft" - }, - { - "workbookKey": "AmazonWebServicesNetworkActivitiesWorkbook", - "logoFileName": "amazon_web_services_Logo.svg", - "description": "Gain insights into AWS network related resource activities, including the creation, update, and deletions of security groups, network ACLs and routes, gateways, elastic load balancers, VPCs, subnets, and network interfaces.", - "dataTypesDependencies": [ - "AWSCloudTrail" - ], - "dataConnectorsDependencies": [ - "AWS" - ], - "previewImagesFileNames": [ - "AwsNetworkActivitiesWhite.png", - "AwsNetworkActivitiesBlack.png" - ], - "version": "1.0.0", - "title": "AWS Network Activities", - "templateRelativePath": "AmazonWebServicesNetworkActivities.json", - "subtitle": "", - "provider": "Microsoft" - }, - { - "workbookKey": "AmazonWebServicesUserActivitiesWorkbook", - "logoFileName": "amazon_web_services_Logo.svg", - "description": "Gain insights into AWS user activities, including failed sign-in attempts, IP addresses, regions, user agents, and identity types, as well as potential malicious user activities with assumed roles.", - "dataTypesDependencies": [ - "AWSCloudTrail" - ], - "dataConnectorsDependencies": [ - "AWS" - ], - "previewImagesFileNames": [ - "AwsUserActivitiesWhite.png", - "AwsUserActivitiesBlack.png" - ], - "version": "1.0.0", - "title": "AWS User Activities", - "templateRelativePath": "AmazonWebServicesUserActivities.json", - "subtitle": "", - "provider": "Microsoft" - }, - { - "workbookKey": "TrendMicroDeepSecurityAttackActivityWorkbook", - "logoFileName": "trendmicro_logo.svg", - "description": "Visualize and gain insights into the MITRE ATT&CK related activity detected by Trend Micro Deep Security.", - "dataTypesDependencies": [ - "CommonSecurityLog" - ], - "dataConnectorsDependencies": [ - "TrendMicro" - ], - "previewImagesFileNames": [ - "TrendMicroDeepSecurityAttackActivityWhite.png", - "TrendMicroDeepSecurityAttackActivityBlack.png" - ], - "version": "1.0.0", - "title": "Trend Micro Deep Security ATT&CK Related Activity", - "templateRelativePath": "TrendMicroDeepSecurityAttackActivity.json", - "subtitle": "", - "provider": "Trend Micro" - }, - { - "workbookKey": "TrendMicroDeepSecurityOverviewWorkbook", - "logoFileName": "trendmicro_logo.svg", - "description": "Gain insights into your Trend Micro Deep Security security event data by visualizing your Deep Security Anti-Malware, Firewall, Integrity Monitoring, Intrusion Prevention, Log Inspection, and Web Reputation event data.", - "dataTypesDependencies": [ - "CommonSecurityLog" - ], - "dataConnectorsDependencies": [ - "TrendMicro" - ], - "previewImagesFileNames": [ - "TrendMicroDeepSecurityOverviewWhite1.png", - "TrendMicroDeepSecurityOverviewBlack1.png", - "TrendMicroDeepSecurityOverviewWhite2.png", - "TrendMicroDeepSecurityOverviewBlack2.png" - ], - "version": "1.0.0", - "title": "Trend Micro Deep Security Events", - "templateRelativePath": "TrendMicroDeepSecurityOverview.json", - "subtitle": "", - "provider": "Trend Micro" - }, - { - "workbookKey": "ExtraHopDetectionSummaryWorkbook", - "logoFileName": "extrahop_logo.svg", - "description": "Gain insights into ExtraHop Reveal(x) detections by analyzing traffic and activities.\nThis workbook provides an overview of security detections in your organization's network, including high-risk detections and top participants.", - "dataTypesDependencies": [ - "CommonSecurityLog" - ], - "dataConnectorsDependencies": [ - "ExtraHopNetworks" - ], - "previewImagesFileNames": [ - "ExtrahopWhite.png", - "ExtrahopBlack.png" - ], - "version": "1.0.0", - "title": "ExtraHop", - "templateRelativePath": "ExtraHopDetectionSummary.json", - "subtitle": "", - "provider": "ExtraHop Networks" - }, - { - "workbookKey": "BarracudaCloudFirewallWorkbook", - "logoFileName": "barracuda_logo.svg", - "description": "Gain insights into your Barracuda CloudGen Firewall by analyzing firewall operations and events.\nThis workbook provides insights into rule enforcement, network activities, including number of connections, top users, and helps you identify applications that are popular on your network.", - "dataTypesDependencies": [ - "CommonSecurityLog", - "Syslog" - ], - "dataConnectorsDependencies": [ - "BarracudaCloudFirewall" - ], - "previewImagesFileNames": [ - "BarracudaWhite1.png", - "BarracudaBlack1.png", - "BarracudaWhite2.png", - "BarracudaBlack2.png" - ], - "version": "1.0.0", - "title": "Barracuda CloudGen FW", - "templateRelativePath": "Barracuda.json", - "subtitle": "", - "provider": "Barracuda" - }, - { - "workbookKey": "CitrixWorkbook", - "logoFileName": "citrix_logo.svg", - "description": "Citrix Analytics for Security aggregates and correlates information across network traffic, users, files and endpoints in Citrix environments. This generates actionable insights that enable Citrix administrators and security teams to remediate user security threats through automation while optimizing IT operations. Machine learning and artificial intelligence empowers Citrix Analytics for Security to identify and take automated action to prevent data exfiltration. While delivered as a cloud service, Citrix Analytics for Security can generate insights from resources located on-premises, in the cloud, or in hybrid architectures. The Citrix Analytics Workbook further enhances the value of both your Citrix Analytics for Security and Microsoft Sentinel. The Workbook enables you to integrate data sources together, helping you gain even richer insights. It also gives Security Operations (SOC) teams the ability to correlate data from disparate logs, helping you identify and proactively remediate security risk quickly. Additionally, valuable dashboards that were unique to the Citrix Analytics for Security can now be implemented in Sentinel. You can also create new custom Workbooks that were not previously available, helping extend the value of both investments.", - "dataTypesDependencies": [ - "CitrixAnalytics_userProfile_CL", - "CitrixAnalytics_riskScoreChange_CL", - "CitrixAnalytics_indicatorSummary_CL", - "CitrixAnalytics_indicatorEventDetails_CL" - ], - "dataConnectorsDependencies": [ - "Citrix" - ], - "previewImagesFileNames": [ - "CitrixWhite.png", - "CitrixBlack.png" - ], - "version": "2.1.0", - "title": "Citrix Analytics", - "templateRelativePath": "Citrix.json", - "subtitle": "", - "provider": "Citrix Systems Inc." - }, - { - "workbookKey": "OneIdentityWorkbook", - "logoFileName": "oneIdentity_logo.svg", - "description": "This simple workbook gives an overview of sessions going through your SafeGuard for Privileged Sessions device.", - "dataTypesDependencies": [ - "CommonSecurityLog" - ], - "dataConnectorsDependencies": [ - "OneIdentity" - ], - "previewImagesFileNames": [ - "OneIdentityWhite.png", - "OneIdentityBlack.png" - ], - "version": "1.0.0", - "title": "One Identity", - "templateRelativePath": "OneIdentity.json", - "subtitle": "", - "provider": "One Identity LLC." - }, - { - "workbookKey": "SecurityStatusWorkbook", - "logoFileName": "", - "description": "This workbook gives an overview of Security Settings for VMs and Azure Arc.", - "dataTypesDependencies": [ - "CommonSecurityLog", - "SecurityEvent", - "Syslog" - ], - "dataConnectorsDependencies": [], - "previewImagesFileNames": [ - "AzureSentinelSecurityStatusBlack.png", - "AzureSentinelSecurityStatusWhite.png" - ], - "version": "1.3.0", - "title": "Security Status", - "templateRelativePath": "SecurityStatus.json", - "subtitle": "", - "provider": "Microsoft" - }, - { - "workbookKey": "AzureSentinelSecurityAlertsWorkbook", - "logoFileName": "Azure_Sentinel.svg", - "description": "Security Alerts dashboard for alerts in your Microsoft Sentinel environment.", - "dataTypesDependencies": [ - "SecurityAlert" - ], - "dataConnectorsDependencies": [], - "previewImagesFileNames": [ - "AzureSentinelSecurityAlertsWhite.png", - "AzureSentinelSecurityAlertsBlack.png" - ], - "version": "1.1.0", - "title": "Security Alerts", - "templateRelativePath": "AzureSentinelSecurityAlerts.json", - "subtitle": "", - "provider": "Microsoft" - }, - { - "workbookKey": "SquadraTechnologiesSecRMMWorkbook", - "logoFileName": "SquadraTechnologiesLogo.svg", - "description": "This workbook gives an overview of security data for removable storage activity such as USB thumb drives and USB connected mobile devices.", - "dataTypesDependencies": [ - "secRMM_CL" - ], - "dataConnectorsDependencies": [ - "SquadraTechnologiesSecRmm" - ], - "previewImagesFileNames": [ - "SquadraTechnologiesSecRMMWhite.PNG", - "SquadraTechnologiesSecRMMBlack.PNG" - ], - "version": "1.0.0", - "title": "Squadra Technologies SecRMM - USB removable storage security", - "templateRelativePath": "SquadraTechnologiesSecRMM.json", - "subtitle": "", - "provider": "Squadra Technologies" - }, - { - "workbookKey": "IoT-Alerts", - "logoFileName": "IoTIcon.svg", - "description": "Gain insights into your IoT data workloads from Azure IoT Hub managed deployments, monitor alerts across all your IoT Hub deployments, detect devices at risk and act upon potential threats.", - "dataTypesDependencies": [ - "SecurityAlert" - ], - "dataConnectorsDependencies": [ - "IoT" - ], - "previewImagesFileNames": [ - "IOTBlack1.png", - "IOTWhite1.png" - ], - "version": "1.2.0", - "title": "Azure Defender for IoT Alerts", - "templateRelativePath": "IOT_Alerts.json", - "subtitle": "", - "provider": "Microsoft" - }, - { - "workbookKey": "IoTAssetDiscovery", - "logoFileName": "IoTIcon.svg", - "description": "IoT Devices asset discovery from Firewall logs By Azure Defender for IoT", - "dataTypesDependencies": [ - "CommonSecurityLog" - ], - "dataConnectorsDependencies": [ - "Fortinet" - ], - "previewImagesFileNames": [ - "workbook-iotassetdiscovery-screenshot-Black.PNG", - "workbook-iotassetdiscovery-screenshot-White.PNG" - ], - "version": "1.0.0", - "title": "IoT Asset Discovery", - "templateRelativePath": "IoTAssetDiscovery.json", - "subtitle": "", - "provider": "Microsoft" - }, - { - "workbookKey": "ForcepointCASBWorkbook", - "logoFileName": "FP_Green_Emblem_RGB-01.svg", - "description": "Get insights on user risk with the Forcepoint CASB (Cloud Access Security Broker) workbook.", - "dataTypesDependencies": [ - "CommonSecurityLog" - ], - "dataConnectorsDependencies": [ - "ForcepointCasb" - ], - "previewImagesFileNames": [ - "ForcepointCASBWhite.png", - "ForcepointCASBBlack.png" - ], - "version": "1.0.0", - "title": "Forcepoint Cloud Access Security Broker (CASB)", - "templateRelativePath": "ForcepointCASB.json", - "subtitle": "", - "provider": "Forcepoint" - }, - { - "workbookKey": "ForcepointNGFWWorkbook", - "logoFileName": "FP_Green_Emblem_RGB-01.svg", - "description": "Get insights on firewall activities with the Forcepoint NGFW (Next Generation Firewall) workbook.", - "dataTypesDependencies": [ - "CommonSecurityLog" - ], - "dataConnectorsDependencies": [ - "ForcepointNgfw" - ], - "previewImagesFileNames": [ - "ForcepointNGFWWhite.png", - "ForcepointNGFWBlack.png" - ], - "version": "1.0.0", - "title": "Forcepoint Next Generation Firewall (NGFW)", - "templateRelativePath": "ForcepointNGFW.json", - "subtitle": "", - "provider": "Forcepoint" - }, - { - "workbookKey": "ForcepointDLPWorkbook", - "logoFileName": "FP_Green_Emblem_RGB-01.svg", - "description": "Get insights on DLP incidents with the Forcepoint DLP (Data Loss Prevention) workbook.", - "dataTypesDependencies": [ - "ForcepointDLPEvents_CL" - ], - "dataConnectorsDependencies": [ - "ForcepointDlp" - ], - "previewImagesFileNames": [ - "ForcepointDLPWhite.png", - "ForcepointDLPBlack.png" - ], - "version": "1.0.0", - "title": "Forcepoint Data Loss Prevention (DLP)", - "templateRelativePath": "ForcepointDLP.json", - "subtitle": "", - "provider": "Forcepoint" - }, - { - "workbookKey": "ZimperiumMTDWorkbook", - "logoFileName": "ZIMPERIUM-logo_square2.svg", - "description": "This workbook provides insights on Zimperium Mobile Threat Defense (MTD) threats and mitigations.", - "dataTypesDependencies": [ - "ZimperiumThreatLog_CL", - "ZimperiumMitigationLog_CL" - ], - "dataConnectorsDependencies": [ - "ZimperiumMtdAlerts" - ], - "previewImagesFileNames": [ - "ZimperiumWhite.png", - "ZimperiumBlack.png" - ], - "version": "1.0.0", - "title": "Zimperium Mobile Threat Defense (MTD)", - "templateRelativePath": "ZimperiumWorkbooks.json", - "subtitle": "", - "provider": "Zimperium" - }, - { - "workbookKey": "AzureAuditActivityAndSigninWorkbook", - "logoFileName": "azureactivedirectory_logo.svg", - "description": "Gain insights into Azure Active Directory Audit, Activity and Signins with one workbook. This workbook can be used by Security and Azure administrators.", - "dataTypesDependencies": [ - "AzureActivity", - "AuditLogs", - "SigninLogs" - ], - "dataConnectorsDependencies": [ - "AzureActiveDirectory" - ], - "previewImagesFileNames": [ - "AzureAuditActivityAndSigninWhite1.png", - "AzureAuditActivityAndSigninWhite2.png", - "AzureAuditActivityAndSigninBlack1.png", - "AzureAuditActivityAndSigninBlack2.png" - ], - "version": "1.2.0", - "title": "Azure AD Audit, Activity and Sign-in logs", - "templateRelativePath": "AzureAuditActivityAndSignin.json", - "subtitle": "", - "provider": "Microsoft Sentinel community" - }, - { - "workbookKey": "WindowsFirewall", - "logoFileName": "Microsoft_logo.svg", - "description": "Gain insights into Windows Firewall logs in combination with security and Azure signin logs", - "dataTypesDependencies": [ - "WindowsFirewall", - "SecurityEvent", - "SigninLogs" - ], - "dataConnectorsDependencies": [ - "SecurityEvents", - "WindowsFirewall", - "WindowsSecurityEvents" - ], - "previewImagesFileNames": [ - "WindowsFirewallWhite1.png", - "WindowsFirewallWhite2.png", - "WindowsFirewallBlack1.png", - "WindowsFirewallBlack2.png" - ], - "version": "1.0.0", - "title": "Windows Firewall", - "templateRelativePath": "WindowsFirewall.json", - "subtitle": "", - "provider": "Microsoft Sentinel community" - }, - { - "workbookKey": "EventAnalyzerwWorkbook", - "logoFileName": "", - "description": "The Event Analyzer workbook allows to explore, audit and speed up analysis of Windows Event Logs, including all event details and attributes, such as security, application, system, setup, directory service, DNS and others.", - "dataTypesDependencies": [ - "SecurityEvent" - ], - "dataConnectorsDependencies": [ - "SecurityEvents", - "WindowsSecurityEvents" - ], - "previewImagesFileNames": [ - "EventAnalyzer-Workbook-White.png", - "EventAnalyzer-Workbook-Black.png" - ], - "version": "1.0.0", - "title": "Event Analyzer", - "templateRelativePath": "EventAnalyzer.json", - "subtitle": "", - "provider": "Microsoft Sentinel community" - }, - { - "workbookKey": "ASC-ComplianceandProtection", - "logoFileName": "", - "description": "Gain insight into regulatory compliance, alert trends, security posture, and more with this workbook based on Azure Security Center data.", - "dataTypesDependencies": [ - "SecurityAlert", - "ProtectionStatus", - "SecurityRecommendation", - "SecurityBaseline", - "SecurityBaselineSummary", - "Update", - "ConfigurationChange" - ], - "dataConnectorsDependencies": [ - "AzureSecurityCenter" - ], - "previewImagesFileNames": [ - "ASCCaPBlack.png", - "ASCCaPWhite.png" - ], - "version": "1.2.0", - "title": "ASC Compliance and Protection", - "templateRelativePath": "ASC-ComplianceandProtection.json", - "subtitle": "", - "provider": "Microsoft Sentinel community" - }, - { - "workbookKey": "AIVectraDetectWorkbook", - "logoFileName": "AIVectraDetect.svg", - "description": "Start investigating network attacks surfaced by Vectra Detect directly from Sentinel. View critical hosts, accounts, campaigns and detections. Also monitor Vectra system health and audit logs.", - "dataTypesDependencies": [ - "CommonSecurityLog" - ], - "dataConnectorsDependencies": [ - "AIVectraDetect" - ], - "previewImagesFileNames": [ - "AIVectraDetectWhite1.png", - "AIVectraDetectBlack1.png" - ], - "version": "1.1.1", - "title": "Vectra AI Detect", - "templateRelativePath": "AIVectraDetectWorkbook.json", - "subtitle": "", - "provider": "Vectra AI" - }, - { - "workbookKey": "Perimeter81OverviewWorkbook", - "logoFileName": "Perimeter81_Logo.svg", - "description": "Gain insights and comprehensive monitoring into your Perimeter 81 account by analyzing activities.", - "dataTypesDependencies": [ - "Perimeter81_CL" - ], - "dataConnectorsDependencies": [ - "Perimeter81ActivityLogs" - ], - "previewImagesFileNames": [ - "Perimeter81OverviewWhite1.png", - "Perimeter81OverviewBlack1.png", - "Perimeter81OverviewWhite2.png", - "Perimeter81OverviewBlack2.png" - ], - "version": "1.0.0", - "title": "Perimeter 81 Overview", - "templateRelativePath": "Perimeter81OverviewWorkbook.json", - "subtitle": "", - "provider": "Perimeter 81" - }, - { - "workbookKey": "SymantecProxySGWorkbook", - "logoFileName": "symantec_logo.svg", - "description": "Gain insight into Symantec ProxySG by analyzing, collecting and correlating proxy data.\nThis workbook provides visibility into ProxySG Access logs", - "dataTypesDependencies": [ - "Syslog" - ], - "dataConnectorsDependencies": [ - "SymantecProxySG" - ], - "previewImagesFileNames": [ - "SymantecProxySGWhite.png", - "SymantecProxySGBlack.png" - ], - "version": "1.0.0", - "title": "Symantec ProxySG", - "templateRelativePath": "SymantecProxySG.json", - "subtitle": "", - "provider": "Symantec" - }, - { - "workbookKey": "IllusiveASMWorkbook", - "logoFileName": "illusive_logo_workbook.svg", - "description": "Gain insights into your organization's Cyber Hygiene and Attack Surface risk.\nIllusive ASM automates discovery and clean-up of credential violations, allows drill-down inspection of pathways to critical assets, and provides risk insights that inform intelligent decision-making to reduce attacker mobility.", - "dataTypesDependencies": [ - "CommonSecurityLog" - ], - "dataConnectorsDependencies": [ - "illusiveAttackManagementSystem" - ], - "previewImagesFileNames": [ - "IllusiveASMWhite.png", - "IllusiveASMBlack.png" - ], - "version": "1.0.0", - "title": "Illusive ASM Dashboard", - "templateRelativePath": "IllusiveASM.json", - "subtitle": "", - "provider": "Illusive" - }, - { - "workbookKey": "IllusiveADSWorkbook", - "logoFileName": "illusive_logo_workbook.svg", - "description": "Gain insights into unauthorized lateral movement in your organization's network.\nIllusive ADS is designed to paralyzes attackers and eradicates in-network threats by creating a hostile environment for the attackers across all the layers of the attack surface.", - "dataTypesDependencies": [ - "CommonSecurityLog" - ], - "dataConnectorsDependencies": [ - "illusiveAttackManagementSystem" - ], - "previewImagesFileNames": [ - "IllusiveADSWhite.png", - "IllusiveADSBlack.png" - ], - "version": "1.0.0", - "title": "Illusive ADS Dashboard", - "templateRelativePath": "IllusiveADS.json", - "subtitle": "", - "provider": "Illusive" - }, - { - "workbookKey": "PulseConnectSecureWorkbook", - "logoFileName": "", - "description": "Gain insight into Pulse Secure VPN by analyzing, collecting and correlating vulnerability data.\nThis workbook provides visibility into user VPN activities", - "dataTypesDependencies": [ - "Syslog" - ], - "dataConnectorsDependencies": [ - "PulseConnectSecure" - ], - "previewImagesFileNames": [ - "PulseConnectSecureWhite.png", - "PulseConnectSecureBlack.png" - ], - "version": "1.0.0", - "title": "Pulse Connect Secure", - "templateRelativePath": "PulseConnectSecure.json", - "subtitle": "", - "provider": "Pulse Secure" - }, - { - "workbookKey": "InfobloxNIOSWorkbook", - "logoFileName": "infoblox_logo.svg", - "description": "Gain insight into Infoblox NIOS by analyzing, collecting and correlating DHCP and DNS data.\nThis workbook provides visibility into DHCP and DNS traffic", - "dataTypesDependencies": [ - "Syslog" - ], - "dataConnectorsDependencies": [ - "InfobloxNIOS" - ], - "previewImagesFileNames": [], - "version": "1.1.0", - "title": "Infoblox NIOS", - "templateRelativePath": "Infoblox-Workbook-V2.json", - "subtitle": "", - "provider": "Infoblox" - }, - { - "workbookKey": "SymantecVIPWorkbook", - "logoFileName": "symantec_logo.svg", - "description": "Gain insight into Symantec VIP by analyzing, collecting and correlating strong authentication data.\nThis workbook provides visibility into user authentications", - "dataTypesDependencies": [ - "Syslog" - ], - "dataConnectorsDependencies": [ - "SymantecVIP" - ], - "previewImagesFileNames": [ - "SymantecVIPWhite.png", - "SymantecVIPBlack.png" - ], - "version": "1.0.0", - "title": "Symantec VIP", - "templateRelativePath": "SymantecVIP.json", - "subtitle": "", - "provider": "Symantec" - }, - { - "workbookKey": "ProofPointTAPWorkbook", - "logoFileName": "proofpointlogo.svg", - "description": "Gain extensive insight into Proofpoint Targeted Attack Protection (TAP) by analyzing, collecting and correlating TAP log events.\nThis workbook provides visibility into message and click events that were permitted, delivered, or blocked", - "dataTypesDependencies": [ - "ProofPointTAPMessagesBlocked_CL", - "ProofPointTAPMessagesDelivered_CL", - "ProofPointTAPClicksPermitted_CL", - "ProofPointTAPClicksBlocked_CL" - ], - "dataConnectorsDependencies": [ - "ProofpointTAP" - ], - "previewImagesFileNames": [ - "ProofpointTAPWhite.png", - "ProofpointTAPBlack.png" - ], - "version": "1.0.0", - "title": "Proofpoint TAP", - "templateRelativePath": "ProofpointTAP.json", - "subtitle": "", - "provider": "Proofpoint" - }, - { - "workbookKey": "QualysVMWorkbook", - "logoFileName": "qualys_logo.svg", - "description": "Gain insight into Qualys Vulnerability Management by analyzing, collecting and correlating vulnerability data.\nThis workbook provides visibility into vulnerabilities detected from vulnerability scans", - "dataTypesDependencies": [ - "QualysHostDetection_CL" - ], - "dataConnectorsDependencies": [ - "QualysVulnerabilityManagement" - ], - "previewImagesFileNames": [ - "QualysVMWhite.png", - "QualysVMBlack.png" - ], - "version": "1.0.0", - "title": "Qualys Vulnerability Management", - "templateRelativePath": "QualysVM.json", - "subtitle": "", - "provider": "Qualys" - }, - { - "workbookKey": "QualysVMV2Workbook", - "logoFileName": "qualys_logo.svg", - "description": "Gain insight into Qualys Vulnerability Management by analyzing, collecting and correlating vulnerability data.\nThis workbook provides visibility into vulnerabilities detected from vulnerability scans", - "dataTypesDependencies": [ - "QualysHostDetectionV2_CL" - ], - "dataConnectorsDependencies": [ - "QualysVulnerabilityManagement" - ], - "previewImagesFileNames": [ - "QualysVMWhite.png", - "QualysVMBlack.png" - ], - "version": "1.0.0", - "title": "Qualys Vulnerability Management", - "templateRelativePath": "QualysVMv2.json", - "subtitle": "", - "provider": "Qualys" - }, - { - "workbookKey": "GitHubSecurityWorkbook", - "logoFileName": "GitHub.svg", - "description": "Gain insights to GitHub activities that may be interesting for security.", - "dataTypesDependencies": [ - "Github_CL", - "GitHubRepoLogs_CL" - ], - "dataConnectorsDependencies": [], - "previewImagesFileNames": [ - "GitHubSecurityWhite.png", - "GitHubSecurityBlack.png" - ], - "version": "1.0.0", - "title": "GitHub Security", - "templateRelativePath": "GitHubSecurityWorkbook.json", - "subtitle": "", - "provider": "Microsoft Sentinel community" - }, - { - "workbookKey": "VisualizationDemo", - "logoFileName": "", - "description": "Learn and explore the many ways of displaying information within Microsoft Sentinel workbooks", - "dataTypesDependencies": [ - "SecurityAlert" - ], - "dataConnectorsDependencies": [], - "previewImagesFileNames": [ - "VisualizationDemoBlack.png", - "VisualizationDemoWhite.png" - ], - "version": "1.0.0", - "title": "Visualizations Demo", - "templateRelativePath": "VisualizationDemo.json", - "subtitle": "", - "provider": "Microsoft Sentinel Community" - }, - { - "workbookKey": "SophosXGFirewallWorkbook", - "logoFileName": "sophos_logo.svg", - "description": "Gain insight into Sophos XG Firewall by analyzing, collecting and correlating firewall data.\nThis workbook provides visibility into network traffic", - "dataTypesDependencies": [ - "Syslog" - ], - "dataConnectorsDependencies": [ - "SophosXGFirewall" - ], - "previewImagesFileNames": [ - "SophosXGFirewallWhite.png", - "SophosXGFirewallBlack.png" - ], - "version": "1.0.0", - "title": "Sophos XG Firewall", - "templateRelativePath": "SophosXGFirewall.json", - "subtitle": "", - "provider": "Sophos" - }, - { - "workbookKey": "SysmonThreatHuntingWorkbook", - "logoFileName": "", - "description": "Simplify your threat hunts using Sysmon data mapped to MITRE ATT&CK data. This workbook gives you the ability to drilldown into system activity based on known ATT&CK techniques as well as other threat hunting entry points such as user activity, network connections or virtual machine Sysmon events.\nPlease note that for this workbook to work you must have deployed Sysmon on your virtual machines in line with the instructions at https://github.com/BlueTeamLabs/sentinel-attack/wiki/Onboarding-sysmon-data-to-Azure-Sentinel", - "dataTypesDependencies": [ - "Event" - ], - "dataConnectorsDependencies": [], - "previewImagesFileNames": [ - "SysmonThreatHuntingWhite1.png", - "SysmonThreatHuntingBlack1.png" - ], - "version": "1.4.0", - "title": "Sysmon Threat Hunting", - "templateRelativePath": "SysmonThreatHunting.json", - "subtitle": "", - "provider": "Microsoft Sentinel community" - }, - { - "workbookKey": "WebApplicationFirewallWAFTypeEventsWorkbook", - "logoFileName": "webapplicationfirewall(WAF)_logo.svg", - "description": "Gain insights into your organization's Azure web application firewall (WAF) across various services such as Azure Front Door Service and Application Gateway. You can view event triggers, full messages, attacks over time, among other data. Several aspects of the workbook are interactable to allow users to further understand their data", - "dataTypesDependencies": [ - "AzureDiagnostics" - ], - "dataConnectorsDependencies": [ - "WAF" - ], - "previewImagesFileNames": [ - "WAFFirewallWAFTypeEventsBlack1.PNG", - "WAFFirewallWAFTypeEventsBlack2.PNG", - "WAFFirewallWAFTypeEventsBlack3.PNG", - "WAFFirewallWAFTypeEventsBlack4.PNG", - "WAFFirewallWAFTypeEventsWhite1.png", - "WAFFirewallWAFTypeEventsWhite2.PNG", - "WAFFirewallWAFTypeEventsWhite3.PNG", - "WAFFirewallWAFTypeEventsWhite4.PNG" - ], - "version": "1.1.0", - "title": "Microsoft Web Application Firewall (WAF) - Azure WAF", - "templateRelativePath": "WebApplicationFirewallWAFTypeEvents.json", - "subtitle": "", - "provider": "Microsoft" - }, - { - "workbookKey": "OrcaAlertsOverviewWorkbook", - "logoFileName": "Orca_logo.svg", - "description": "A visualized overview of Orca security alerts.\nExplore, analize and learn about your security posture using Orca alerts Overview", - "dataTypesDependencies": [ - "OrcaAlerts_CL" - ], - "dataConnectorsDependencies": [ - "OrcaSecurityAlerts" - ], - "previewImagesFileNames": [ - "OrcaAlertsWhite.png", - "OrcaAlertsBlack.png" - ], - "version": "1.1.0", - "title": "Orca alerts overview", - "templateRelativePath": "OrcaAlerts.json", - "subtitle": "", - "provider": "Orca Security" - }, - { - "workbookKey": "CyberArkWorkbook", - "logoFileName": "CyberArk_Logo.svg", - "description": "The CyberArk Syslog connector allows you to easily connect all your CyberArk security solution logs with your Microsoft Sentinel, to view dashboards, create custom alerts, and improve investigation. Integration between CyberArk and Microsoft Sentinel makes use of the CEF Data Connector to properly parse and display CyberArk Syslog messages.", - "dataTypesDependencies": [ - "CommonSecurityLog" - ], - "dataConnectorsDependencies": [ - "CyberArk" - ], - "previewImagesFileNames": [ - "CyberArkActivitiesWhite.PNG", - "CyberArkActivitiesBlack.PNG" - ], - "version": "1.1.0", - "title": "CyberArk EPV Events", - "templateRelativePath": "CyberArkEPV.json", - "subtitle": "", - "provider": "CyberArk" - }, - { - "workbookKey": "UserEntityBehaviorAnalyticsWorkbook", - "logoFileName": "Azure_Sentinel.svg", - "description": "Identify compromised users and insider threats using User and Entity Behavior Analytics. Gain insights into anomalous user behavior from baselines learned from behavior patterns", - "dataTypesDependencies": [ - "BehaviorAnalytics" - ], - "dataConnectorsDependencies": [], - "previewImagesFileNames": [ - "UserEntityBehaviorAnalyticsBlack1.png", - "UserEntityBehaviorAnalyticsWhite1.png" - ], - "version": "1.2.0", - "title": "User And Entity Behavior Analytics", - "templateRelativePath": "UserEntityBehaviorAnalytics.json", - "subtitle": "", - "provider": "Microsoft" - }, - { - "workbookKey": "CitrixWAF", - "logoFileName": "citrix_logo.svg", - "description": "Gain insight into the Citrix WAF logs", - "dataTypesDependencies": [ - "CommonSecurityLog" - ], - "dataConnectorsDependencies": [ - "CitrixWAF" - ], - "previewImagesFileNames": [ - "CitrixWAFBlack.png", - "CitrixWAFWhite.png" - ], - "version": "1.0.0", - "title": "Citrix WAF (Web App Firewall)", - "templateRelativePath": "CitrixWAF.json", - "subtitle": "", - "provider": "Citrix Systems Inc." - }, - { - "workbookKey": "UnifiSGWorkbook", - "logoFileName": "", - "description": "Gain insights into Unifi Security Gateways analyzing traffic and activities.", - "dataTypesDependencies": [ - "CommonSecurityLog" - ], - "dataConnectorsDependencies": [], - "previewImagesFileNames": [ - "UnifiSGBlack.png", - "UnifiSGWhite.png" - ], - "version": "1.0.0", - "title": "Unifi Security Gateway", - "templateRelativePath": "UnfiSG.json", - "subtitle": "", - "provider": "Microsoft Sentinel community" - }, - { - "workbookKey": "UnifiSGNetflowWorkbook", - "logoFileName": "", - "description": "Gain insights into Unifi Security Gateways analyzing traffic and activities using Netflow.", - "dataTypesDependencies": [ - "netflow_CL" - ], - "dataConnectorsDependencies": [], - "previewImagesFileNames": [ - "UnifiSGNetflowBlack.png", - "UnifiSGNetflowWhite.png" - ], - "version": "1.0.0", - "title": "Unifi Security Gateway - NetFlow", - "templateRelativePath": "UnfiSGNetflow.json", - "subtitle": "", - "provider": "Microsoft Sentinel community" - }, - { - "workbookKey": "NormalizedNetworkEventsWorkbook", - "logoFileName": "Azure_Sentinel.svg", - "description": "See insights on multiple networking appliances and other network sessions, that have been parsed or mapped to the normalized networking sessions table. Note this requires enabling parsers for the different products - to learn more, visit https://aka.ms/sentinelnormalizationdocs", - "dataTypesDependencies": [], - "dataConnectorsDependencies": [], - "previewImagesFileNames": [ - "NormalizedNetworkEventsWhite.png", - "NormalizedNetworkEventsBlack.png" - ], - "version": "1.0.0", - "title": "Normalized network events", - "templateRelativePath": "NormalizedNetworkEvents.json", - "subtitle": "", - "provider": "Microsoft" - }, - { - "workbookKey": "WorkspaceAuditingWorkbook", - "logoFileName": "Azure_Sentinel.svg", - "description": "Workspace auditing report\r\nUse this report to understand query runs across your workspace.", - "dataTypesDependencies": [ - "LAQueryLogs" - ], - "dataConnectorsDependencies": [], - "previewImagesFileNames": [ - "WorkspaceAuditingWhite.png", - "WorkspaceAuditingBlack.png" - ], - "version": "1.0.0", - "title": "Workspace audit", - "templateRelativePath": "WorkspaceAuditing.json", - "subtitle": "", - "provider": "Microsoft Sentinel community" - }, - { - "workbookKey": "MITREATTACKWorkbook", - "logoFileName": "Azure_Sentinel.svg", - "description": "Workbook to showcase MITRE ATT&CK Coverage for Microsoft Sentinel", - "dataTypesDependencies": [], - "dataConnectorsDependencies": [], - "previewImagesFileNames": [ - "MITREATTACKWhite1.PNG", - "MITREATTACKWhite2.PNG", - "MITREATTACKBlack1.PNG", - "MITREATTACKBlack2.PNG" - ], - "version": "1.0.0", - "title": "MITRE ATT&CK Workbook", - "templateRelativePath": "MITREAttack.json", - "subtitle": "", - "provider": "Microsoft Sentinel community" - }, - { - "workbookKey": "BETTERMTDWorkbook", - "logoFileName": "BETTER_MTD_logo.svg", - "description": "Workbook using the BETTER Mobile Threat Defense (MTD) connector, to give insights into your mobile devices, installed application and overall device security posture.", - "dataTypesDependencies": [ - "BetterMTDDeviceLog_CL", - "BetterMTDAppLog_CL", - "BetterMTDIncidentLog_CL", - "BetterMTDNetflowLog_CL" - ], - "dataConnectorsDependencies": [ - "BetterMTD" - ], - "previewImagesFileNames": [ - "BetterMTDWorkbookPreviewWhite1.png", - "BetterMTDWorkbookPreviewWhite2.png", - "BetterMTDWorkbookPreviewWhite3.png", - "BetterMTDWorkbookPreviewBlack1.png", - "BetterMTDWorkbookPreviewBlack2.png", - "BetterMTDWorkbookPreviewBlack3.png" - ], - "version": "1.1.0", - "title": "BETTER Mobile Threat Defense (MTD)", - "templateRelativePath": "BETTER_MTD_Workbook.json", - "subtitle": "", - "provider": "BETTER Mobile" - }, - { - "workbookKey": "AlsidIoEWorkbook", - "logoFileName": "Alsid.svg", - "description": "Workbook showcasing the state and evolution of your Alsid for AD Indicators of Exposures alerts.", - "dataTypesDependencies": [ - "AlsidForADLog_CL" - ], - "dataConnectorsDependencies": [ - "AlsidForAD" - ], - "previewImagesFileNames": [ - "AlsidIoEBlack1.png", - "AlsidIoEBlack2.png", - "AlsidIoEBlack3.png", - "AlsidIoEWhite1.png", - "AlsidIoEWhite2.png", - "AlsidIoEWhite3.png" - ], - "version": "1.0.0", - "title": "Alsid for AD | Indicators of Exposure", - "templateRelativePath": "AlsidIoE.json", - "subtitle": "", - "provider": "Alsid" - }, - { - "workbookKey": "AlsidIoAWorkbook", - "logoFileName": "Alsid.svg", - "description": "Workbook showcasing the state and evolution of your Alsid for AD Indicators of Attack alerts.", - "dataTypesDependencies": [ - "AlsidForADLog_CL" - ], - "dataConnectorsDependencies": [ - "AlsidForAD" - ], - "previewImagesFileNames": [ - "AlsidIoABlack1.png", - "AlsidIoABlack2.png", - "AlsidIoABlack3.png", - "AlsidIoAWhite1.png", - "AlsidIoAWhite2.png", - "AlsidIoAWhite3.png" - ], - "version": "1.0.0", - "title": "Alsid for AD | Indicators of Attack", - "templateRelativePath": "AlsidIoA.json", - "subtitle": "", - "provider": "Alsid" - }, - { - "workbookKey": "InvestigationInsightsWorkbook", - "logoFileName": "Microsoft_logo.svg", - "description": "Help analysts gain insight into incident, bookmark and entity data through the Investigation Insights Workbook. This workbook provides common queries and detailed visualizations to help an analyst investigate suspicious activities quickly with an easy to use interface. Analysts can start their investigation from a Sentinel incident, bookmark, or by simply entering the entity data into the workbook manually.", - "dataTypesDependencies": [ - "AuditLogs", - "AzureActivity", - "CommonSecurityLog", - "OfficeActivity", - "SecurityEvent", - "SigninLogs", - "ThreatIntelligenceIndicator" - ], - "dataConnectorsDependencies": [ - "AzureActivity", - "SecurityEvents", - "Office365", - "AzureActiveDirectory", - "ThreatIntelligence", - "ThreatIntelligenceTaxii", - "WindowsSecurityEvents" - ], - "previewImagesFileNames": [ - "InvestigationInsightsWhite1.png", - "InvestigationInsightsBlack1.png", - "InvestigationInsightsWhite2.png", - "InvestigationInsightsBlack2.png" - ], - "version": "1.4.0", - "title": "Investigation Insights", - "templateRelativePath": "InvestigationInsights.json", - "subtitle": "", - "provider": "Microsoft Sentinel community" - }, - { - "workbookKey": "AksSecurityWorkbook", - "logoFileName": "Kubernetes_services.svg", - "description": "See insights about the security of your AKS clusters. The workbook helps to identify sensitive operations in the clusters and get insights based on Azure Defender alerts.", - "dataTypesDependencies": [ - "SecurityAlert", - "AzureDiagnostics" - ], - "dataConnectorsDependencies": [ - "AzureSecurityCenter", - "AzureKubernetes" - ], - "previewImagesFileNames": [ - "AksSecurityWhite.png", - "AksSecurityBlack.png" - ], - "version": "1.5.0", - "title": "Azure Kubernetes Service (AKS) Security", - "templateRelativePath": "AksSecurity.json", - "subtitle": "", - "provider": "Microsoft" - }, - { - "workbookKey": "AzureKeyVaultWorkbook", - "logoFileName": "KeyVault.svg", - "description": "See insights about the security of your Azure key vaults. The workbook helps to identify sensitive operations in the key vaults and get insights based on Azure Defender alerts.", - "dataTypesDependencies": [ - "SecurityAlert", - "AzureDiagnostics" - ], - "dataConnectorsDependencies": [ - "AzureSecurityCenter", - "AzureKeyVault" - ], - "previewImagesFileNames": [ - "AkvSecurityWhite.png", - "AkvSecurityBlack.png" - ], - "version": "1.1.0", - "title": "Azure Key Vault Security", - "templateRelativePath": "AzureKeyVaultWorkbook.json", - "subtitle": "", - "provider": "Microsoft" - }, - { - "workbookKey": "IncidentOverview", - "logoFileName": "Azure_Sentinel.svg", - "description": "The Incident Overview workbook is designed to assist in triaging and investigation by providing in-depth information about the incident, including:\r\n* General information\r\n* Entity data\r\n* Triage time (time between incident creation and first response)\r\n* Mitigation time (time between incident creation and closing)\r\n* Comments\r\n\r\nCustomize this workbook by saving and editing it. \r\nYou can reach this workbook template from the incidents panel as well. Once you have customized it, the link from the incident panel will open the customized workbook instead of the template.\r\n", - "dataTypesDependencies": [ - "SecurityAlert", - "SecurityIncident" - ], - "dataConnectorsDependencies": [], - "previewImagesFileNames": [ - "IncidentOverviewBlack1.png", - "IncidentOverviewWhite1.png", - "IncidentOverviewBlack2.png", - "IncidentOverviewWhite2.png" - ], - "version": "2.1.0", - "title": "Incident overview", - "templateRelativePath": "IncidentOverview.json", - "subtitle": "", - "provider": "Microsoft" - }, - { - "workbookKey": "SecurityOperationsEfficiency", - "logoFileName": "Azure_Sentinel.svg", - "description": "Security operations center managers can view overall efficiency metrics and measures regarding the performance of their team. They can find operations by multiple indicators over time including severity, MITRE tactics, mean time to triage, mean time to resolve and more. The SOC manager can develop a picture of the performance in both general and specific areas over time and use it to improve efficiency.", - "dataTypesDependencies": [ - "SecurityAlert", - "SecurityIncident" - ], - "dataConnectorsDependencies": [], - "previewImagesFileNames": [ - "SecurityEfficiencyWhite1.png", - "SecurityEfficiencyWhite2.png", - "SecurityEfficiencyBlack1.png", - "SecurityEfficiencyBlack2.png" - ], - "version": "1.5.0", - "title": "Security Operations Efficiency", - "templateRelativePath": "SecurityOperationsEfficiency.json", - "subtitle": "", - "provider": "Microsoft" - }, - { - "workbookKey": "DataCollectionHealthMonitoring", - "logoFileName": "Azure_Sentinel.svg", - "description": "Gain insights into your workspace's data ingestion status. In this workbook, you can view additional monitors and detect anomalies that will help you determine your workspace\u2019s data collection health.", - "dataTypesDependencies": [], - "dataConnectorsDependencies": [], - "previewImagesFileNames": [ - "HealthMonitoringWhite1.png", - "HealthMonitoringWhite2.png", - "HealthMonitoringWhite3.png", - "HealthMonitoringBlack1.png", - "HealthMonitoringBlack2.png", - "HealthMonitoringBlack3.png" - ], - "version": "1.0.0", - "title": "Data collection health monitoring", - "templateRelativePath": "DataCollectionHealthMonitoring.json", - "subtitle": "", - "provider": "Microsoft" - }, - { - "workbookKey": "OnapsisAlarmsWorkbook", - "logoFileName": "onapsis_logo.svg", - "description": "Gain insights into what is going on in your SAP Systems with this overview of the alarms triggered in the Onapsis Platform. Incidents are enriched with context and next steps to help your Security team respond effectively.", - "dataTypesDependencies": [ - "CommonSecurityLog" - ], - "dataConnectorsDependencies": [ - "OnapsisPlatform" - ], - "previewImagesFileNames": [ - "OnapsisWhite1.PNG", - "OnapsisBlack1.PNG", - "OnapsisWhite2.PNG", - "OnapsisBlack2.PNG" - ], - "version": "1.0.0", - "title": "Onapsis Alarms Overview", - "templateRelativePath": "OnapsisAlarmsOverview.json", - "subtitle": "", - "provider": "Onapsis" - }, - { - "workbookKey": "DelineaWorkbook", - "logoFileName": "DelineaLogo.svg", - "description": "The Delinea Secret Server Syslog connector", - "dataTypesDependencies": [ - "CommonSecurityLog" - ], - "dataConnectorsDependencies": [ - "DelineaSecretServer_CEF" - ], - "previewImagesFileNames": [ - "DelineaWorkbookWhite.PNG", - "DelineaWorkbookBlack.PNG" - ], - "version": "1.0.0", - "title": "Delinea Secret Server Workbook", - "templateRelativePath": "DelineaWorkbook.json", - "subtitle": "", - "provider": "Delinea" - }, - { - "workbookKey": "ForcepointCloudSecurityGatewayWorkbook", - "logoFileName": "Forcepoint_new_logo.svg", - "description": "Use this report to understand query runs across your workspace.", - "dataTypesDependencies": [ - "CommonSecurityLog" - ], - "dataConnectorsDependencies": [ - "ForcepointCSG" - ], - "previewImagesFileNames": [ - "ForcepointCloudSecurityGatewayWhite.png", - "ForcepointCloudSecurityGatewayBlack.png" - ], - "version": "1.0.0", - "title": "Forcepoint Cloud Security Gateway Workbook", - "templateRelativePath": "ForcepointCloudSecuirtyGatewayworkbook.json", - "subtitle": "", - "provider": "Forcepoint" - }, - { - "workbookKey": "IntsightsIOCWorkbook", - "logoFileName": "IntSights_logo.svg", - "description": "", - "dataTypesDependencies": [ - "ThreatIntelligenceIndicator", - "SecurityAlert" - ], - "dataConnectorsDependencies": [ - "ThreatIntelligenceTaxii" - ], - "previewImagesFileNames": [ - "IntsightsIOCWhite.png", - "IntsightsMatchedWhite.png", - "IntsightsMatchedBlack.png", - "IntsightsIOCBlack.png" - ], - "version": "2.0.0", - "title": "IntSights IOC Workbook", - "templateRelativePath": "IntsightsIOCWorkbook.json", - "subtitle": "", - "provider": "IntSights Cyber Intelligence" - }, - { - "workbookKey": "DarktraceSummaryWorkbook", - "logoFileName": "Darktrace.svg", - "description": "A workbook containing relevant KQL queries to help you visualise the data in model breaches from the Darktrace Connector", - "dataTypesDependencies": [ - "CommonSecurityLog" - ], - "dataConnectorsDependencies": [ - "Darktrace" - ], - "previewImagesFileNames": [ - "AIA-DarktraceSummaryWhite.png", - "AIA-DarktraceSummaryBlack.png" - ], - "version": "1.1.0", - "title": "AI Analyst Darktrace Model Breach Summary", - "templateRelativePath": "AIA-Darktrace.json", - "subtitle": "", - "provider": "Darktrace" - }, - { - "workbookKey": "TrendMicroXDR", - "logoFileName": "trendmicro_logo.svg", - "description": "Gain insights from Trend Vision One with this overview of the Alerts triggered.", - "dataTypesDependencies": [ - "TrendMicro_XDR_WORKBENCH_CL" - ], - "dataConnectorsDependencies": [ - "TrendMicroXDR" - ], - "previewImagesFileNames": [ - "TrendMicroXDROverviewWhite.png", - "TrendMicroXDROverviewBlack.png" - ], - "version": "1.3.0", - "title": "Trend Vision One Alert Overview", - "templateRelativePath": "TrendMicroXDROverview.json", - "subtitle": "", - "provider": "Trend Micro" - }, - { - "workbookKey": "CyberpionOverviewWorkbook", - "logoFileName": "cyberpion_logo.svg", - "description": "Use Cyberpion's Security Logs and this workbook, to get an overview of your online assets, gain insights into their current state, and find ways to better secure your ecosystem.", - "dataTypesDependencies": [ - "CyberpionActionItems_CL" - ], - "dataConnectorsDependencies": [ - "CyberpionSecurityLogs" - ], - "previewImagesFileNames": [ - "CyberpionActionItemsBlack.png", - "CyberpionActionItemsWhite.png" - ], - "version": "1.0.0", - "title": "Cyberpion Overview", - "templateRelativePath": "CyberpionOverviewWorkbook.json", - "subtitle": "", - "provider": "Cyberpion" - }, - { - "workbookKey": "SolarWindsPostCompromiseHuntingWorkbook", - "logoFileName": "MSTIC-Logo.svg", - "description": "This hunting workbook is intended to help identify activity related to the Solorigate compromise and subsequent attacks discovered in December 2020", - "dataTypesDependencies": [ - "CommonSecurityLog", - "SigninLogs", - "AuditLogs", - "AADServicePrincipalSignInLogs", - "OfficeActivity", - "BehaviorAnalytics", - "SecurityEvent", - "DeviceProcessEvents", - "SecurityAlert", - "DnsEvents" - ], - "dataConnectorsDependencies": [ - "AzureActiveDirectory", - "SecurityEvents", - "Office365", - "MicrosoftThreatProtection", - "DNS", - "WindowsSecurityEvents" - ], - "previewImagesFileNames": [ - "SolarWindsPostCompromiseHuntingWhite.png", - "SolarWindsPostCompromiseHuntingBlack.png" - ], - "version": "1.5.0", - "title": "SolarWinds Post Compromise Hunting", - "templateRelativePath": "SolarWindsPostCompromiseHunting.json", - "subtitle": "", - "provider": "Microsoft" - }, - { - "workbookKey": "ProofpointPODWorkbook", - "logoFileName": "proofpointlogo.svg", - "description": "Gain insights into your Proofpoint on Demand Email Security activities, including maillog and messages data. The Workbook provides users with an executive dashboard showing the reporting capabilities, message traceability and monitoring.", - "dataTypesDependencies": [ - "ProofpointPOD_maillog_CL", - "ProofpointPOD_message_CL" - ], - "dataConnectorsDependencies": [ - "ProofpointPOD" - ], - "previewImagesFileNames": [ - "ProofpointPODMainBlack1.png", - "ProofpointPODMainBlack2.png", - "ProofpointPODMainWhite1.png", - "ProofpointPODMainWhite2.png", - "ProofpointPODMessageSummaryBlack.png", - "ProofpointPODMessageSummaryWhite.png", - "ProofpointPODTLSBlack.png", - "ProofpointPODTLSWhite.png" - ], - "version": "1.0.0", - "title": "Proofpoint On-Demand Email Security", - "templateRelativePath": "ProofpointPOD.json", - "subtitle": "", - "provider": "Proofpoint" - }, - { - "workbookKey": "CiscoUmbrellaWorkbook", - "logoFileName": "cisco_logo.svg", - "description": "Gain insights into Cisco Umbrella activities, including the DNS, Proxy and Cloud Firewall data. Workbook shows general information along with threat landscape including categories, blocked destinations and URLs.", - "dataTypesDependencies": [ - "Cisco_Umbrella_dns_CL", - "Cisco_Umbrella_proxy_CL", - "Cisco_Umbrella_ip_CL", - "Cisco_Umbrella_cloudfirewall_CL" - ], - "dataConnectorsDependencies": [ - "CiscoUmbrellaDataConnector" - ], - "previewImagesFileNames": [ - "CiscoUmbrellaDNSBlack1.png", - "CiscoUmbrellaDNSBlack2.png", - "CiscoUmbrellaDNSWhite1.png", - "CiscoUmbrellaDNSWhite2.png", - "CiscoUmbrellaFirewallBlack.png", - "CiscoUmbrellaFirewallWhite.png", - "CiscoUmbrellaMainBlack1.png", - "CiscoUmbrellaMainBlack2.png", - "CiscoUmbrellaMainWhite1.png", - "CiscoUmbrellaMainWhite2.png", - "CiscoUmbrellaProxyBlack1.png", - "CiscoUmbrellaProxyBlack2.png", - "CiscoUmbrellaProxyWhite1.png", - "CiscoUmbrellaProxyWhite2.png" - ], - "version": "1.0.0", - "title": "Cisco Umbrella", - "templateRelativePath": "CiscoUmbrella.json", - "subtitle": "", - "provider": "Cisco" - }, - { - "workbookKey": "AnalyticsEfficiencyWorkbook", - "logoFileName": "Azure_Sentinel.svg", - "description": "Gain insights into the efficacy of your analytics rules. In this workbook you can analyze and monitor the analytics rules found in your workspace to achieve better performance by your SOC.", - "dataTypesDependencies": [ - "SecurityAlert", - "SecurityIncident" - ], - "dataConnectorsDependencies": [], - "previewImagesFileNames": [ - "AnalyticsEfficiencyBlack.png", - "AnalyticsEfficiencyWhite.png" - ], - "version": "1.2.0", - "title": "Analytics Efficiency", - "templateRelativePath": "AnalyticsEfficiency.json", - "subtitle": "", - "provider": "Microsoft" - }, - { - "workbookKey": "WorkspaceUsage", - "logoFileName": "Azure_Sentinel.svg", - "description": "Gain insights into your workspace's usage. In this workbook, you can view your workspace\u2019s data consumption, latency, recommended tasks and Cost and Usage statistics.", - "dataTypesDependencies": [], - "dataConnectorsDependencies": [], - "previewImagesFileNames": [ - "WorkspaceUsageBlack.png", - "WorkspaceUsageWhite.png" - ], - "version": "1.6.0", - "title": "Workspace Usage Report", - "templateRelativePath": "WorkspaceUsage.json", - "subtitle": "", - "provider": "Microsoft Sentinel community" - }, - { - "workbookKey": "SentinelCentral", - "logoFileName": "Azure_Sentinel.svg", - "description": "Use this report to view Incident (and Alert data) across many workspaces, this works with Azure Lighthouse and across any subscription you have access to.", - "dataTypesDependencies": [], - "dataConnectorsDependencies": [], - "previewImagesFileNames": [ - "SentinelCentralBlack.png", - "SentinelCentralWhite.png" - ], - "version": "2.1.0", - "title": "Sentinel Central", - "templateRelativePath": "SentinelCentral.json", - "subtitle": "", - "provider": "Microsoft Sentinel community" - }, - { - "workbookKey": "CognniIncidentsWorkbook", - "logoFileName": "cognni-logo.svg", - "description": "Gain intelligent insights into the risks to your important financial, legal, HR, and governance information. This workbook lets you monitor your at-risk information to determine when and why incidents occurred, as well as who was involved. These incidents are broken into high, medium, and low risk incidents for each information category.", - "dataTypesDependencies": [ - "CognniIncidents_CL" - ], - "dataConnectorsDependencies": [ - "CognniSentinelDataConnector" - ], - "previewImagesFileNames": [ - "CognniBlack.PNG", - "CognniWhite.PNG" - ], - "version": "1.0.0", - "title": "Cognni Important Information Incidents", - "templateRelativePath": "CognniIncidentsWorkbook.json", - "subtitle": "", - "provider": "Cognni" - }, - { - "workbookKey": "pfsense", - "logoFileName": "pfsense_logo.svg", - "description": "Gain insights into pfsense logs from both filterlog and nginx.", - "dataTypesDependencies": [ - "CommonSecurityLog" - ], - "dataConnectorsDependencies": [], - "previewImagesFileNames": [ - "pfsenseBlack.png", - "pfsenseWhite.png" - ], - "version": "1.0.0", - "title": "pfsense", - "templateRelativePath": "pfsense.json", - "subtitle": "", - "provider": "Microsoft Sentinel community" - }, - { - "workbookKey": "ExchangeCompromiseHunting", - "logoFileName": "MSTIC-Logo.svg", - "description": "This workbook is intended to help defenders in responding to the Exchange Server vulnerabilities disclosed in March 2021, as well as hunting for potential compromise activity. More details on these vulnearbilities can be found at: https://aka.ms/exchangevulns", - "dataTypesDependencies": [ - "SecurityEvent", - "W3CIISLog" - ], - "dataConnectorsDependencies": [ - "SecurityEvents", - "AzureMonitor(IIS)", - "WindowsSecurityEvents" - ], - "previewImagesFileNames": [ - "ExchangeBlack.png", - "ExchangeWhite.png" - ], - "version": "1.0.0", - "title": "Exchange Compromise Hunting", - "templateRelativePath": "ExchangeCompromiseHunting.json", - "subtitle": "", - "provider": "Microsoft" - }, - { - "workbookKey": "SOCProcessFrameworkWorkbook", - "logoFileName": "Azure_Sentinel.svg", - "description": "Built by Microsoft's Sentinel GBB's - This workbook contains years of SOC Best Practices and is intended to help SOCs mature and leverage industry standards in Operationalizing their SOC in using Microsoft Sentinel. It contains Processes and Procedures every SOC should consider and builds a high level of operational excellence.", - "dataTypesDependencies": [], - "dataConnectorsDependencies": [], - "previewImagesFileNames": [ - "SOCProcessFrameworkCoverImage1White.png", - "SOCProcessFrameworkCoverImage1Black.png", - "SOCProcessFrameworkCoverImage2White.png", - "SOCProcessFrameworkCoverImage2Black.png" - ], - "version": "1.1.0", - "title": "SOC Process Framework", - "templateRelativePath": "SOCProcessFramework.json", - "subtitle": "", - "provider": "Microsoft Sentinel Community" - }, - { - "workbookKey": "Building_a_SOCLargeStaffWorkbook", - "logoFileName": "Azure_Sentinel.svg", - "description": "Built by Microsoft's Sentinel GBB's - This workbook contains years of SOC Best Practices and is intended to help SOCs mature and leverage industry standards in Operationalizing their SOC in using Microsoft Sentinel. It contains Processes and Procedures every SOC should consider and builds a high level of operational excellence.", - "dataTypesDependencies": [], - "dataConnectorsDependencies": [], - "previewImagesFileNames": [ - "SOCProcessFrameworkCoverImage1White.png", - "SOCProcessFrameworkCoverImage1Black.png", - "SOCProcessFrameworkCoverImage2White.png", - "SOCProcessFrameworkCoverImage2Black.png" - ], - "version": "1.1.0", - "title": "SOC Large Staff", - "templateRelativePath": "Building_a_SOCLargeStaff.json", - "subtitle": "", - "provider": "Microsoft Sentinel Community" - }, - { - "workbookKey": "Building_a_SOCMediumStaffWorkbook", - "logoFileName": "Azure_Sentinel.svg", - "description": "Built by Microsoft's Sentinel GBB's - This workbook contains years of SOC Best Practices and is intended to help SOCs mature and leverage industry standards in Operationalizing their SOC in using Microsoft Sentinel. It contains Processes and Procedures every SOC should consider and builds a high level of operational excellence.", - "dataTypesDependencies": [], - "dataConnectorsDependencies": [], - "previewImagesFileNames": [ - "SOCProcessFrameworkCoverImage1White.png", - "SOCProcessFrameworkCoverImage1Black.png", - "SOCProcessFrameworkCoverImage2White.png", - "SOCProcessFrameworkCoverImage2Black.png" - ], - "version": "1.1.0", - "title": "SOC Medium Staff", - "templateRelativePath": "Building_a_SOCMediumStaff.json", - "subtitle": "", - "provider": "Microsoft Sentinel Community" - }, - { - "workbookKey": "Building_a_SOCPartTimeStaffWorkbook", - "logoFileName": "Azure_Sentinel.svg", - "description": "Built by Microsoft's Sentinel GBB's - This workbook contains years of SOC Best Practices and is intended to help SOCs mature and leverage industry standards in Operationalizing their SOC in using Microsoft Sentinel. It contains Processes and Procedures every SOC should consider and builds a high level of operational excellence.", - "dataTypesDependencies": [], - "dataConnectorsDependencies": [], - "previewImagesFileNames": [ - "SOCProcessFrameworkCoverImage1White.png", - "SOCProcessFrameworkCoverImage1Black.png", - "SOCProcessFrameworkCoverImage2White.png", - "SOCProcessFrameworkCoverImage2Black.png" - ], - "version": "1.1.0", - "title": "SOC Part Time Staff", - "templateRelativePath": "Building_a_SOCPartTimeStaff.json", - "subtitle": "", - "provider": "Microsoft Sentinel Community" - }, - { - "workbookKey": "Building_a_SOCSmallStaffWorkbook", - "logoFileName": "Azure_Sentinel.svg", - "description": "Built by Microsoft's Sentinel GBB's - This workbook contains years of SOC Best Practices and is intended to help SOCs mature and leverage industry standards in Operationalizing their SOC in using Microsoft Sentinel. It contains Processes and Procedures every SOC should consider and builds a high level of operational excellence.", - "dataTypesDependencies": [], - "dataConnectorsDependencies": [], - "previewImagesFileNames": [ - "SOCProcessFrameworkCoverImage1White.png", - "SOCProcessFrameworkCoverImage1Black.png", - "SOCProcessFrameworkCoverImage2White.png", - "SOCProcessFrameworkCoverImage2Black.png" - ], - "version": "1.1.0", - "title": "SOC Small Staff", - "templateRelativePath": "Building_a_SOCSmallStaff.json", - "subtitle": "", - "provider": "Microsoft Sentinel Community" - }, - { - "workbookKey": "SOCIRPlanningWorkbook", - "logoFileName": "Azure_Sentinel.svg", - "description": "Built by Microsoft's Sentinel GBB's - This workbook contains years of SOC Best Practices and is intended to help SOCs mature and leverage industry standards in Operationalizing their SOC in using Microsoft Sentinel. It contains Processes and Procedures every SOC should consider and builds a high level of operational excellence.", - "dataTypesDependencies": [], - "dataConnectorsDependencies": [], - "previewImagesFileNames": [ - "SOCProcessFrameworkCoverImage1White.png", - "SOCProcessFrameworkCoverImage1Black.png", - "SOCProcessFrameworkCoverImage2White.png", - "SOCProcessFrameworkCoverImage2Black.png" - ], - "version": "1.1.0", - "title": "SOC IR Planning", - "templateRelativePath": "SOCIRPlanning.json", - "subtitle": "", - "provider": "Microsoft Sentinel Community" - }, - { - "workbookKey": "UpdateSOCMaturityScoreWorkbook", - "logoFileName": "Azure_Sentinel.svg", - "description": "Built by Microsoft's Sentinel GBB's - This workbook contains years of SOC Best Practices and is intended to help SOCs mature and leverage industry standards in Operationalizing their SOC in using Microsoft Sentinel. It contains Processes and Procedures every SOC should consider and builds a high level of operational excellence.", - "dataTypesDependencies": [], - "dataConnectorsDependencies": [], - "previewImagesFileNames": [ - "SOCProcessFrameworkCoverImage1White.png", - "SOCProcessFrameworkCoverImage1Black.png", - "SOCProcessFrameworkCoverImage2White.png", - "SOCProcessFrameworkCoverImage2Black.png" - ], - "version": "1.1.0", - "title": "Update SOC Maturity Score", - "templateRelativePath": "UpdateSOCMaturityScore.json", - "subtitle": "", - "provider": "Microsoft Sentinel Community" - }, - { - "workbookKey": "Microsoft365SecurityPosture", - "logoFileName": "M365securityposturelogo.svg", - "description": "This workbook presents security posture data collected from Azure Security Center, M365 Defender, Defender for Endpoint, and Microsoft Cloud App Security. This workbook relies on the M365 Security Posture Playbook in order to bring the data in.", - "dataTypesDependencies": [ - "M365SecureScore_CL", - "MDfESecureScore_CL", - "MDfEExposureScore_CL", - "MDfERecommendations_CL", - "MDfEVulnerabilitiesList_CL", - "McasShadowItReporting" - ], - "dataConnectorsDependencies": [], - "previewImagesFileNames": [ - "M365securitypostureblack.png", - "M365securityposturewhite.png" - ], - "version": "1.0.0", - "title": "Microsoft 365 Security Posture", - "templateRelativePath": "M365SecurityPosture.json", - "subtitle": "", - "provider": "Microsoft Sentinel Community" - }, - { - "workbookKey": "AzureSentinelCost", - "logoFileName": "Azure_Sentinel.svg", - "description": "This workbook provides an estimated cost across the main billed items in Microsoft Sentinel: ingestion, retention and automation. It also provides insight about the possible impact of the Microsoft 365 E5 offer.", - "dataTypesDependencies": [], - "dataConnectorsDependencies": [], - "previewImagesFileNames": [ - "AzureSentinelCostWhite.png", - "AzureSentinelCostBlack.png" - ], - "version": "1.5.0", - "title": "Microsoft Sentinel Cost", - "templateRelativePath": "AzureSentinelCost.json", - "subtitle": "", - "provider": "Microsoft Sentinel Community" - }, - { - "workbookKey": "ADXvsLA", - "logoFileName": "Azure_Sentinel.svg", - "description": "This workbook shows the tables from Microsoft Sentinel which are backed up in ADX. It also provides a comparison between the entries in the Microsoft Sentinel tables and the ADX tables. Lastly some general information about the queries and ingestion on ADX is shown.", - "dataTypesDependencies": [], - "dataConnectorsDependencies": [], - "previewImagesFileNames": [ - "ADXvsLABlack.PNG", - "ADXvsLAWhite.PNG" - ], - "version": "1.0.0", - "title": "ADXvsLA", - "templateRelativePath": "ADXvsLA.json", - "subtitle": "", - "provider": "Microsoft Sentinel Community" - }, - { - "workbookKey": "MicrosoftDefenderForOffice365", - "logoFileName": "office365_logo.svg", - "description": "Gain insights into your Microsoft Defender for Office 365 raw data logs. This workbook lets you look at trends in email senders, attachments and embedded URL data to find anomalies. You can also search by, sender, recipient, subject, attachment or embedded URL to find where the related messages have been sent.", - "dataTypesDependencies": [ - "EmailEvents", - "EmailUrlInfo", - "EmailAttachmentInfo" - ], - "dataConnectorsDependencies": [], - "previewImagesFileNames": [ - "MDOWhite1.png", - "MDOBlack1.png", - "MDOWhite2.png", - "MDOBlack2.png" - ], - "version": "1.0.0", - "title": "Microsoft Defender For Office 365", - "templateRelativePath": "MicrosoftDefenderForOffice365.json", - "subtitle": "", - "provider": "Microsoft Sentinel Community" - }, - { - "workbookKey": "ProofPointThreatDashboard", - "logoFileName": "", - "description": "Provides an overview of email threat activity based on log data provided by ProofPoint", - "dataTypesDependencies": [ - "ProofpointPOD_message_CL", - "ProofpointPOD_maillog_CL", - "ProofPointTAPClicksBlocked_CL", - "ProofPointTAPClicksPermitted_CL", - "ProofPointTAPMessagesBlocked_CL", - "ProofPointTAPMessagesDelivered_CL" - ], - "dataConnectorsDependencies": [ - "ProofpointTAP", - "ProofpointPOD" - ], - "previewImagesFileNames": [ - "ProofPointThreatDashboardBlack1.png", - "ProofPointThreatDashboardWhite1.png" - ], - "version": "1.0.0", - "title": "ProofPoint Threat Dashboard", - "templateRelativePath": "ProofPointThreatDashboard.json", - "subtitle": "", - "provider": "Microsoft Sentinel Community" - }, - { - "workbookKey": "AMAmigrationTracker", - "logoFileName": "Azure_Sentinel.svg", - "description": "See what Azure and Azure Arc servers have Log Analytics agent or Azure Monitor agent installed. Review what DCR (data collection rules) apply to your machines and whether you are collecting logs from those machines into your selected workspaces.", - "dataTypesDependencies": [], - "dataConnectorsDependencies": [], - "previewImagesFileNames": [ - "AMAtrackingWhite1.png", - "AMAtrackingWhite2.png", - "AMAtrackingWhite3.png", - "AMAtrackingBlack1.png", - "AMAtrackingBlack2.png", - "AMAtrackingBlack3.png" - ], - "version": "1.1.0", - "title": "AMA migration tracker", - "templateRelativePath": "AMAmigrationTracker.json", - "subtitle": "", - "provider": "Microsoft Sentinel Community" - }, - { - "workbookKey": "AdvancedKQL", - "logoFileName": "Azure_Sentinel.svg", - "description": "This interactive Workbook is designed to improve your KQL proficiency by using a use-case driven approach.", - "dataTypesDependencies": [], - "dataConnectorsDependencies": [], - "previewImagesFileNames": [ - "AdvancedKQLWhite.png", - "AdvancedKQLBlack.png" - ], - "version": "1.3.0", - "title": "Advanced KQL for Microsoft Sentinel", - "templateRelativePath": "AdvancedKQL.json", - "subtitle": "", - "provider": "Microsoft Sentinel Community" - }, - { - "workbookKey": "DSTIMWorkbook", - "logoFileName": "DSTIM.svg", - "description": "Identify sensitive data blast radius (i.e., who accessed sensitive data, what kinds of sensitive data, from where and when) in a given data security incident investigation or as part of Threat Hunting. Prioritize your investigation based on insights provided with integrations with Watchlists(VIPUsers, TerminatedEmployees and HighValueAssets), Threat Intelligence feed, UEBA baselines and much more.", - "dataTypesDependencies": [ - "DSMAzureBlobStorageLogs", - "DSMDataClassificationLogs", - "DSMDataLabelingLogs", - "Anomalies", - "ThreatIntelligenceIndicator", - "AADManagedIdentitySignInLogs", - "SecurityAlert", - "SigninLogs" - ], - "dataConnectorsDependencies": [], - "previewImagesFileNames": [ - "DSTIMWorkbookBlack.png", - "DSTIMWorkbookWhite.png" - ], - "version": "1.9.0", - "title": "Data Security - Sensitive Data Impact Assessment", - "templateRelativePath": "DSTIMWorkbook.json", - "subtitle": "", - "provider": "Microsoft", - "featureFlag": "DSTIMWorkbook" - }, - { - "workbookKey": "IntrotoKQLWorkbook", - "logoFileName": "", - "description": "Learn and practice the Kusto Query Language. This workbook introduces and provides 100 to 200 level content for new and existing users looking to learn KQL. This workbook will be updated with content over time.", - "dataTypesDependencies": [], - "dataConnectorsDependencies": [], - "previewImagesFileNames": [ - "IntrotoKQL-black.png", - "IntrotoKQL-white.png" - ], - "version": "1.0.0", - "title": "Intro to KQL", - "templateRelativePath": "IntrotoKQL.json", - "subtitle": "", - "provider": "Microsoft Sentinel Community" - }, - { - "workbookKey": "Log4jPostCompromiseHuntingWorkbook", - "logoFileName": "", - "description": "This hunting workbook is intended to help identify activity related to the Log4j compromise discovered in December 2021.", - "dataTypesDependencies": [ - "SecurityNestedRecommendation", - "AzureDiagnostics", - "OfficeActivity", - "W3CIISLog", - "AWSCloudTrail", - "SigninLogs", - "AADNonInteractiveUserSignInLogs", - "imWebSessions", - "imNetworkSession" - ], - "dataConnectorsDependencies": [], - "previewImagesFileNames": [ - "Log4jPostCompromiseHuntingBlack.png", - "Log4jPostCompromiseHuntingWhite.png" - ], - "version": "1.0.0", - "title": "Log4j Post Compromise Hunting", - "templateRelativePath": "Log4jPostCompromiseHunting.json", - "subtitle": "", - "provider": "Microsoft Sentinel Community" - }, - { - "workbookKey": "Log4jImpactAssessmentWorkbook", - "logoFileName": "", - "description": "This hunting workbook is intended to help identify activity related to the Log4j compromise discovered in December 2021.", - "dataTypesDependencies": [ - "SecurityIncident", - "SecurityAlert", - "AzureSecurityCenter", - "MDfESecureScore_CL", - "MDfEExposureScore_CL", - "MDfERecommendations_CL", - "MDfEVulnerabilitiesList_CL" - ], - "dataConnectorsDependencies": [], - "previewImagesFileNames": [], - "version": "1.0.0", - "title": "Log4j Impact Assessment", - "templateRelativePath": "Log4jImpactAssessment.json", - "subtitle": "", - "provider": "Microsoft Sentinel Community" - }, - { - "workbookKey": "UserMap", - "logoFileName": "", - "description": "This Workbook shows MaliciousIP, User SigninLog Data (this shows user Signin Locations and distance between as well as order visited) and WAF information.", - "dataTypesDependencies": [ - "SigninLogs", - "AzureDiagnostics", - "WireData", - "VMconnection", - "CommonSecurityLog", - "WindowsFirewall", - "W3CIISLog", - "DnsEvents" - ], - "dataConnectorsDependencies": [ - "AzureActiveDirectory" - ], - "previewImagesFileNames": [ - "UserMapBlack.png", - "UserMapWhite.png" - ], - "version": "1.0.0", - "title": "User Map information", - "templateRelativePath": "UserMap.json", - "subtitle": "", - "provider": "Microsoft Sentinel Community" - }, - { - "workbookKey": "AWSS3", - "logoFileName": "", - "description": ".", - "dataTypesDependencies": [ - "AWSCloudTrail", - "AWSGuardDuty", - "AWSVPCFlow" - ], - "dataConnectorsDependencies": [ - "AWSS3" - ], - "previewImagesFileNames": [ - "AWSS3Black.png", - "AWSS3White.png", - "AWSS3White1.png" - ], - "version": "1.0.0", - "title": "AWS S3 Workbook", - "templateRelativePath": "AWSS3.json", - "subtitle": "", - "provider": "Microsoft Sentinel Community" - }, - { - "workbookKey": "LogSourcesAndAnalyticRulesCoverageWorkbook", - "logoFileName": "", - "description": "This workbook is intended to show how the different tables in a Log Analytics workspace are being used by the different Microsoft Sentinel features, like analytics, hunting queries, playbooks and queries in general.", - "dataTypesDependencies": [], - "dataConnectorsDependencies": [], - "previewImagesFileNames": [ - "LogSourcesAndAnalyticRulesCoverageBlack.png", - "LogSourcesAndAnalyticRulesCoverageWhite.png" - ], - "version": "1.1.0", - "title": "Log Sources & Analytic Rules Coverage", - "templateRelativePath": "LogSourcesAndAnalyticRulesCoverage.json", - "subtitle": "", - "provider": "Microsoft Sentinel Community" - }, - { - "workbookKey": "CiscoFirepower", - "logoFileName": "", - "description": "Gain insights into your Cisco Firepower firewalls. This workbook analyzes Cisco Firepower device logs.", - "dataTypesDependencies": [ - "CommonSecurityLog" - ], - "dataConnectorsDependencies": [], - "previewImagesFileNames": [ - "CiscoFirepowerBlack.png", - "CiscoFirepowerWhite.png" - ], - "version": "1.0.0", - "title": "Cisco Firepower", - "templateRelativePath": "CiscoFirepower.json", - "subtitle": "", - "provider": "Microsoft Sentinel Community" - }, - { - "workbookKey": "MicrorosftTeams", - "logoFileName": "microsoftteams.svg", - "description": "This workbook is intended to identify the activities on Microrsoft Teams.", - "dataTypesDependencies": [ - "OfficeActivity" - ], - "dataConnectorsDependencies": [], - "previewImagesFileNames": [ - "MicrosoftTeamsBlack.png", - "MicrosoftTeamsWhite.png" - ], - "version": "1.0.0", - "title": "Microsoft Teams", - "templateRelativePath": "MicrosoftTeams.json", - "subtitle": "", - "provider": "Microsoft Sentinel Community" - }, - { - "workbookKey": "ArchivingBasicLogsRetention", - "logoFileName": "ArchivingBasicLogsRetention.svg", - "description": "This workbooks shows workspace and table retention periods, basic logs, and search & restore tables. It also allows you to update table retention periods, plans, and delete search or restore tables.", - "dataTypesDependencies": [], - "dataConnectorsDependencies": [], - "previewImagesFileNames": [ - "ArchivingBasicLogsRetentionBlack1.png", - "ArchivingBasicLogsRetentionWhite1.png" - ], - "version": "1.1.0", - "title": "Archiving, Basic Logs, and Retention", - "templateRelativePath": "ArchivingBasicLogsRetention.json", - "subtitle": "", - "provider": "Microsoft Sentinel Community" - }, - { - "workbookKey": "OktaSingleSignOnWorkbook", - "logoFileName": "okta_logo.svg", - "description": "Gain extensive insight into Okta Single Sign-On (SSO) by analyzing, collecting and correlating Audit and Event events.\nThis workbook provides visibility into message and click events that were permitted, delivered, or blocked", - "dataTypesDependencies": [ - "Okta_CL" - ], - "dataConnectorsDependencies": [ - "OktaSSO" - ], - "previewImagesFileNames": [ - "OktaSingleSignOnWhite.png", - "OktaSingleSignOnBlack.png" - ], - "version": "1.2", - "title": "Okta Single Sign-On", - "templateRelativePath": "OktaSingleSignOn.json", - "subtitle": "", - "provider": "Okta" - }, - { - "workbookKey": "Dynamics365Workbooks", - "logoFileName": "DynamicsLogo.svg", - "description": "This workbook brings together queries and visualizations to assist you in identifying potential threats in your Dynamics 365 audit data.", - "dataTypesDependencies": [ - "Dynamics365Activity" - ], - "dataConnectorsDependencies": [ - "Dynamics365" - ], - "previewImagesFileNames": [ - "Dynamics365WorkbookBlack.png", - "Dynamics365WorkbookWhite.png" - ], - "version": "1.0.3", - "title": "Dynamics365Workbooks", - "templateRelativePath": "Dynamics365Workbooks.json", - "subtitle": "", - "provider": "Microsoft Sentinel Community" - }, - { - "workbookKey": "CiscoMerakiWorkbook", - "logoFileName": "", - "description": "Gain insights into the Events from Cisco Meraki Solution and analyzing all the different types of Security Events. This workbook also helps in identifying the Events from affected devices, IPs and the nodes where malware was successfully detected.\nIP data received in Events is correlated with Threat Intelligence to identify if the reported IP address is known bad based on threat intelligence data.", - "dataTypesDependencies": [ - "meraki_CL", - "CiscoMerakiNativePoller", - "ThreatIntelligenceIndicator" - ], - "dataConnectorsDependencies": [ - "CiscoMeraki", - "CiscoMerakiNativePolling", - "ThreatIntelligence" - ], - "previewImagesFileNames": [ - "CiscoMerakiWorkbookWhite.png", - "CiscoMerakiWorkbookBlack.png" - ], - "version": "1.0.0", - "title": "CiscoMerakiWorkbook", - "templateRelativePath": "CiscoMerakiWorkbook.json", - "subtitle": "", - "provider": "Microsoft" - }, - { - "workbookKey": "SentinelOneWorkbook", - "logoFileName": "", - "description": "Sets the time name for analysis.", - "dataTypesDependencies": [ - "SentinelOne_CL" - ], - "dataConnectorsDependencies": [ - "SentinelOne" - ], - "previewImagesFileNames": [ - "SentinelOneBlack.png", - "SentinelOneWhite.png" - ], - "version": "1.0.0", - "title": "SentinelOneWorkbook", - "templateRelativePath": "SentinelOne.json", - "subtitle": "", - "provider": "Microsoft" - }, - { - "workbookKey": "TrendMicroApexOneWorkbook", - "logoFileName": "trendmicro_logo.svg", - "description": "Sets the time name for analysis.", - "dataTypesDependencies": [ - "CommonSecurityLog" - ], - "dataConnectorsDependencies": [ - "TrendMicroApexOne" - ], - "previewImagesFileNames": [ - "TrendMicroApexOneBlack.png", - "TrendMicroApexOneWhite.png" - ], - "version": "1.0.0", - "title": "Trend Micro Apex One", - "templateRelativePath": "TrendMicroApexOne.json", - "subtitle": "", - "provider": "TrendMicro" - }, - { - "workbookKey": "ContrastProtect", - "logoFileName": "contrastsecurity_logo.svg", - "description": "Select the time range for this Overview.", - "dataTypesDependencies": [ - "CommonSecurityLog" - ], - "dataConnectorsDependencies": [ - "ContrastProtect" - ], - "previewImagesFileNames": [ - "ContrastProtectAllBlack.png", - "ContrastProtectAllWhite.png", - "ContrastProtectEffectiveBlack.png", - "ContrastProtectEffectiveWhite.png", - "ContrastProtectSummaryBlack.png", - "ContrastProtectSummaryWhite.png" - ], - "version": "1.0.0", - "title": "Contrast Protect", - "templateRelativePath": "ContrastProtect.json", - "subtitle": "", - "provider": "contrast security" - }, - { - "workbookKey": "ArmorbloxOverview", - "logoFileName": "armorblox.svg", - "description": "INCIDENTS FROM SELECTED TIME RANGE", - "dataTypesDependencies": [ - "Armorblox_CL" - ], - "dataConnectorsDependencies": [ - "Armorblox" - ], - "previewImagesFileNames": [ - "ArmorbloxOverviewBlack01.png", - "ArmorbloxOverviewBlack02.png", - "ArmorbloxOverviewWhite01.png", - "ArmorbloxOverviewWhite02.png" - ], - "version": "1.0.0", - "title": "Armorblox", - "templateRelativePath": "ArmorbloxOverview.json", - "subtitle": "", - "provider": "Armorblox" - }, - { - "workbookKey": "PaloAltoCDL", - "logoFileName": "paloalto_logo.svg", - "description": "Sets the time name for analysis", - "dataTypesDependencies": [ - "CommonSecurityLog" - ], - "dataConnectorsDependencies": [ - "PaloAltoCDL" - ], - "previewImagesFileNames": [ - "PaloAltoBlack.png", - "PaloAltoWhite.png" - ], - "version": "1.0.0", - "title": "Palo Alto Networks Cortex Data Lake", - "templateRelativePath": "PaloAltoCDL.json", - "subtitle": "", - "provider": "Palo Alto Networks" - }, - { - "workbookKey": "VMwareCarbonBlack", - "logoFileName": "Azure_Sentinel.svg", - "description": "Sets the time name for analysis", - "dataTypesDependencies": [ - "CarbonBlackEvents_CL", - "CarbonBlackAuditLogs_CL", - "CarbonBlackNotifications_CL" - ], - "dataConnectorsDependencies": [ - "VMwareCarbonBlack" - ], - "previewImagesFileNames": [ - "VMwareCarbonBlack.png", - "VMwareCarbonWhite.png" - ], - "version": "1.0.0", - "title": "VMware Carbon Black Cloud", - "templateRelativePath": "VMwareCarbonBlack.json", - "subtitle": "", - "provider": "Microsoft" - }, - { - "workbookKey": "arista-networks", - "logoFileName": "AristaAwakeSecurity.svg", - "description": "Sets the time name for analysis", - "dataTypesDependencies": [ - "CommonSecurityLog" - ], - "dataConnectorsDependencies": [ - "AristaAwakeSecurity" - ], - "previewImagesFileNames": [ - "AristaAwakeSecurityDevicesBlack.png", - "AristaAwakeSecurityDevicesWhite.png", - "AristaAwakeSecurityModelsBlack.png", - "AristaAwakeSecurityModelsWhite.png", - "AristaAwakeSecurityOverviewBlack.png", - "AristaAwakeSecurityOverviewWhite.png" - ], - "version": "1.0.0", - "title": "Arista Awake", - "templateRelativePath": "AristaAwakeSecurityWorkbook.json", - "subtitle": "", - "provider": "Arista Networks" - }, - { - "workbookKey": "TomcatWorkbook", - "logoFileName": "Azure_Sentinel.svg", - "description": "Sets the time name for analysis", - "dataTypesDependencies": [ - "Tomcat_CL" - ], - "dataConnectorsDependencies": [ - "ApacheTomcat" - ], - "previewImagesFileNames": [ - "TomcatBlack.png", - "TomcatWhite.png" - ], - "version": "1.0.0", - "title": "ApacheTomcat", - "templateRelativePath": "Tomcat.json", - "subtitle": "", - "provider": "Apache" - }, - { - "workbookKey": "ClarotyWorkbook", - "logoFileName": "Azure_Sentinel.svg", - "description": "Sets the time name for analysis", - "dataTypesDependencies": [ - "CommonSecurityLog" - ], - "dataConnectorsDependencies": [ - "Claroty" - ], - "previewImagesFileNames": [ - "ClarotyBlack.png", - "ClarotyWhite.png" - ], - "version": "1.0.0", - "title": "Claroty", - "templateRelativePath": "ClarotyOverview.json", - "subtitle": "", - "provider": "Claroty" - }, - { - "workbookKey": "ApacheHTTPServerWorkbook", - "logoFileName": "apache.svg", - "description": "Sets the time name for analysis", - "dataTypesDependencies": [ - "ApacheHTTPServer_CL" - ], - "dataConnectorsDependencies": [ - "ApacheHTTPServer" - ], - "previewImagesFileNames": [ - "ApacheHTTPServerOverviewBlack01.png", - "ApacheHTTPServerOverviewBlack02.png", - "ApacheHTTPServerOverviewWhite01.png", - "ApacheHTTPServerOverviewWhite02.png" - ], - "version": "1.0.0", - "title": "Apache HTTP Server", - "templateRelativePath": "ApacheHTTPServer.json", - "subtitle": "", - "provider": "Apache Software Foundation" - }, - { - "workbookKey": "OCIWorkbook", - "logoFileName": "Azure_Sentinel.svg", - "description": "Sets the time name for analysis", - "dataTypesDependencies": [ - "OCI_Logs_CL" - ], - "dataConnectorsDependencies": [ - "OracleCloudInfrastructureLogsConnector" - ], - "previewImagesFileNames": [ - "OCIBlack.png", - "OCIWhite.png" - ], - "version": "1.0.0", - "title": "Oracle Cloud Infrastructure", - "templateRelativePath": "OracleCloudInfrastructureOCI.json", - "subtitle": "", - "provider": "Microsoft" - }, - { - "workbookKey": "OracleWeblogicServerWorkbook", - "logoFileName": "Azure_Sentinel.svg", - "description": "Sets the time name for analysis", - "dataTypesDependencies": [ - "OracleWebLogicServer_CL" - ], - "dataConnectorsDependencies": [ - "OracleWebLogicServer" - ], - "previewImagesFileNames": [ - "OracleWeblogicServerBlack.png", - "OracleWeblogicServerWhite.png" - ], - "version": "1.0.0", - "title": "Oracle WebLogic Server", - "templateRelativePath": "OracleWorkbook.json", - "subtitle": "", - "provider": "Oracle" - }, - { - "workbookKey": "BitglassWorkbook", - "logoFileName": "Azure_Sentinel.svg", - "description": "Sets the time name for analysis", - "dataTypesDependencies": [ - "BitglassLogs_CL" - ], - "dataConnectorsDependencies": [ - "Bitglass" - ], - "previewImagesFileNames": [ - "BitglassBlack.png", - "BitglassWhite.png" - ], - "version": "1.0.0", - "title": "Bitglass", - "templateRelativePath": "Bitglass.json", - "subtitle": "", - "provider": "Bitglass" - }, - { - "workbookKey": "NGINXWorkbook", - "logoFileName": "Azure_Sentinel.svg", - "description": "Sets the time name for analysis", - "dataTypesDependencies": [ - "NGINX_CL" - ], - "dataConnectorsDependencies": [ - "NGINXHTTPServer" - ], - "previewImagesFileNames": [ - "NGINXOverviewBlack01.png", - "NGINXOverviewBlack02.png", - "NGINXOverviewWhite01.png", - "NGINXOverviewWhite02.png" - ], - "version": "1.0.0", - "title": "NGINX HTTP Server", - "templateRelativePath": "NGINX.json", - "subtitle": "", - "provider": "Microsoft" - }, - { - "workbookKey": "vArmourAppContollerWorkbook", - "logoFileName": "varmour-logo.svg", - "description": "Sets the time name for analysis", - "dataTypesDependencies": [ - "CommonSecurityLog" - ], - "dataConnectorsDependencies": [ - "vArmourAC" - ], - "previewImagesFileNames": [ - "vArmourAppControllerAppBlack.png", - "vArmourAppControllerAppBlack-1.png", - "vArmourAppControllerAppBlack-2.png", - "vArmourAppControllerAppBlack-3.png", - "vArmourAppControllerAppBlack-4.png", - "vArmourAppControllerAppBlack-5.png", - "vArmourAppControllerAppBlack-6.png", - "vArmourAppControllerAppBlack-7.png", - "vArmourAppControllerAppWhite.png", - "vArmourAppControllerAppWhite-1.png", - "vArmourAppControllerAppWhite-2.png", - "vArmourAppControllerAppWhite-3.png", - "vArmourAppControllerAppWhite-4.png", - "vArmourAppControllerAppWhite-5.png", - "vArmourAppControllerAppWhite-6.png", - "vArmourAppControllerAppWhite-7.png" - ], - "version": "1.0.0", - "title": "vArmour Application Controller", - "templateRelativePath": "vArmour_AppContoller_Workbook.json", - "subtitle": "", - "provider": "vArmour" - }, - { - "workbookKey": "CorelightWorkbook", - "logoFileName": "corelight.svg", - "description": "Sets the time name for analysis", - "dataTypesDependencies": [ - "Corelight_CL" - ], - "dataConnectorsDependencies": [ - "Corelight" - ], - "previewImagesFileNames": [ - "CorelightConnectionsBlack1.png", - "CorelightConnectionsBlack2.png", - "CorelightConnectionsWhite1.png", - "CorelightConnectionsWhite2.png", - "CorelightDNSBlack1.png", - "CorelightDNSWhite1.png", - "CorelightFileBlack1.png", - "CorelightFileBlack2.png", - "CorelightFileWhite1.png", - "CorelightFileWhite2.png", - "CorelightMainBlack1.png", - "CorelightMainWhite1.png", - "CorelightSoftwareBlack1.png", - "CorelightSoftwareWhite1.png" - ], - "version": "1.0.0", - "title": "Corelight", - "templateRelativePath": "Corelight.json", - "subtitle": "", - "provider": "Corelight" - }, - { - "workbookKey": "LookoutEvents", - "logoFileName": "lookout.svg", - "description": "Sets the time name for analysis", - "dataTypesDependencies": [ - "Lookout_CL" - ], - "dataConnectorsDependencies": [ - "LookoutAPI" - ], - "previewImagesFileNames": [ - "SampleLookoutWorkBookBlack.png", - "SampleLookoutWorkBookWhite.png" - ], - "version": "1.0.0", - "title": "Lookout", - "templateRelativePath": "LookoutEvents.json", - "subtitle": "", - "provider": "Lookout" - }, - { - "workbookKey": "sentinel-MicrosoftPurview", - "logoFileName": "MicrosoftPurview.svg", - "description": "Sets the time name for analysis", - "dataTypesDependencies": [ - "AzureDiagnostics" - ], - "dataConnectorsDependencies": [ - "MicrosoftAzurePurview" - ], - "previewImagesFileNames": [ - "" - ], - "version": "1.0.0", - "title": "Microsoft Purview", - "templateRelativePath": "MicrosoftPurview.json", - "subtitle": "", - "provider": "Microsoft" - }, - { - "workbookKey": "InfobloxCDCB1TDWorkbook", - "logoFileName": "infoblox_logo.svg", - "description": "Sets the time name for analysis", - "dataTypesDependencies": [ - "CommonSecurityLog" - ], - "dataConnectorsDependencies": [ - "InfobloxCloudDataConnector" - ], - "previewImagesFileNames": [ - "InfobloxCDCB1TDBlack.png", - "InfobloxCDCB1TDWhite.png" - ], - "version": "1.0.0", - "title": "Infoblox Cloud Data Connector", - "templateRelativePath": "InfobloxCDCB1TDWorkbook.json", - "subtitle": "", - "provider": "InfoBlox" - }, - { - "workbookKey": "UbiquitiUniFiWorkbook", - "logoFileName": "ubiquiti.svg", - "description": "Sets the time name for analysis", - "dataTypesDependencies": [ - "Ubiquiti_CL" - ], - "dataConnectorsDependencies": [ - "UbiquitiUnifi" - ], - "previewImagesFileNames": [ - "UbiquitiOverviewBlack01.png", - "UbiquitiOverviewBlack02.png", - "UbiquitiOverviewWhite01.png", - "UbiquitiOverviewWhite02.png" - ], - "version": "1.0.0", - "title": "Ubiquiti UniFi", - "templateRelativePath": "Ubiquiti.json", - "subtitle": "", - "provider": "Microsoft" - }, - { - "workbookKey": "VMwareESXiWorkbook", - "logoFileName": "Azure_Sentinel.svg", - "description": "Sets the time name for analysis", - "dataTypesDependencies": [ - "Syslog" - ], - "dataConnectorsDependencies": [ - "VMwareESXi" - ], - "previewImagesFileNames": [ - "VMWareESXiBlack.png", - "VMWareESXiWhite.png" - ], - "version": "1.0.0", - "title": "VMware ESXi", - "templateRelativePath": "VMWareESXi.json", - "subtitle": "", - "provider": "Microsoft" - }, - { - "workbookKey": "SnowflakeWorkbook", - "logoFileName": "Azure_Sentinel.svg", - "description": "Sets the time name for analysis", - "dataTypesDependencies": [ - "Snowflake_CL" - ], - "dataConnectorsDependencies": [ - "SnowflakeDataConnector" - ], - "previewImagesFileNames": [ - "SnowflakeBlack.png", - "SnowflakeWhite.png" - ], - "version": "1.0.0", - "title": "Snowflake", - "templateRelativePath": "Snowflake.json", - "subtitle": "", - "provider": "Snowflake" - }, - { - "workbookKey": "LastPassWorkbook", - "logoFileName": "LastPass.svg", - "description": "Sets the time name for analysis", - "dataTypesDependencies": [ - "LastPassNativePoller_CL" - ], - "dataConnectorsDependencies": [ - "LastPassAPIConnector" - ], - "previewImagesFileNames": [ - "LastPassBlack.png", - "LastPassWhite.png" - ], - "version": "1.0.0", - "title": "Lastpass Enterprise Activity Monitoring", - "templateRelativePath": "LastPassWorkbook.json", - "subtitle": "", - "provider": "LastPass" - }, - { - "workbookKey": "SecurityBridgeWorkbook", - "logoFileName": "SecurityBridgeLogo-Vector-TM_75x75.svg", - "description": "Sets the time name for analysis", - "dataTypesDependencies": [ - "SecurityBridgeLogs" - ], - "dataConnectorsDependencies": [ - "SecurityBridgeSAP" - ], - "previewImagesFileNames": [ - "SecurityBridgeThreatDetectionWhite.png", - "SecurityBridgeThreatDetectionWhite1.png" - ], - "version": "1.0.0", - "title": "SecurityBridge App", - "templateRelativePath": "SecurityBridgeThreatDetectionforSAP.json", - "subtitle": "", - "provider": "SecurityBridge" - }, - { - "workbookKey": "PaloAltoPrismaCloudWorkbook", - "logoFileName": "paloalto_logo.svg", - "description": "Sets the time name for analysis.", - "dataTypesDependencies": [ - "PaloAltoPrismaCloudAlert_CL", - "PaloAltoPrismaCloudAudit_CL" - ], - "dataConnectorsDependencies": [ - "PaloAltoPrismaCloud" - ], - "previewImagesFileNames": [ - "PaloAltoPrismaCloudBlack01.png", - "PaloAltoPrismaCloudBlack02.png", - "PaloAltoPrismaCloudWhite01.png", - "PaloAltoPrismaCloudWhite02.png" - ], - "version": "1.0.0", - "title": "Palo Alto Prisma", - "templateRelativePath": "PaloAltoPrismaCloudOverview.json", - "subtitle": "", - "provider": "Microsoft" - }, - { - "workbookKey": "PingFederateWorkbook", - "logoFileName": "PingIdentity.svg", - "description": "Sets the time name for analysis", - "dataTypesDependencies": [ - "PingFederateEvent" - ], - "dataConnectorsDependencies": [ - "PingFederate" - ], - "previewImagesFileNames": [ - "PingFederateBlack1.png", - "PingFederateWhite1.png" - ], - "version": "1.0.0", - "title": "PingFederate", - "templateRelativePath": "PingFederate.json", - "subtitle": "", - "provider": "Microsoft" - }, - { - "workbookKey": "McAfeeePOWorkbook", - "logoFileName": "mcafee_logo.svg", - "description": "Sets the time name for analysis", - "dataTypesDependencies": [ - "McAfeeEPOEvent" - ], - "dataConnectorsDependencies": [ - "McAfeeePO" - ], - "previewImagesFileNames": [ - "McAfeeePOBlack1.png", - "McAfeeePOBlack2.png", - "McAfeeePOWhite1.png", - "McAfeeePOWhite2.png" - ], - "version": "1.0.0", - "title": "McAfee ePolicy Orchestrator", - "templateRelativePath": "McAfeeePOOverview.json", - "subtitle": "", - "provider": "Microsoft" - }, - { - "workbookKey": "OracleDatabaseAudit", - "logoFileName": "oracle_logo.svg", - "description": "Sets the time name for analysis", - "dataTypesDependencies": [ - "Syslog" - ], - "dataConnectorsDependencies": [ - "OracleDatabaseAudit" - ], - "previewImagesFileNames": [ - "OracleDatabaseAuditBlack1.png", - "OracleDatabaseAuditBlack2.png", - "OracleDatabaseAuditWhite1.png", - "OracleDatabaseAuditWhite2.png" - ], - "version": "1.0.0", - "title": "Oracle Database Audit", - "templateRelativePath": "OracleDatabaseAudit.json", - "subtitle": "", - "provider": "Oracle" - }, - { - "workbookKey": "SenservaProAnalyticsWorkbook", - "logoFileName": "SenservaPro_logo.svg", - "description": "Sets the time name for analysis", - "dataTypesDependencies": [ - "SenservaPro_CL" - ], - "dataConnectorsDependencies": [ - "SenservaPro" - ], - "previewImagesFileNames": [ - "SenservaProAnalyticsBlack.png", - "SenservaProAnalyticsWhite.png" - ], - "version": "1.0.0", - "title": "SenservaProAnalytics", - "templateRelativePath": "SenservaProAnalyticsWorkbook.json", - "subtitle": "", - "provider": "Senserva Pro" - }, - { - "workbookKey": "SenservaProMultipleWorkspaceWorkbook", - "logoFileName": "SenservaPro_logo.svg", - "description": "Sets the time name for analysis", - "dataTypesDependencies": [ - "SenservaPro_CL" - ], - "dataConnectorsDependencies": [ - "SenservaPro" - ], - "previewImagesFileNames": [ - "SenservaProMultipleWorkspaceWorkbookBlack.png", - "SenservaProMultipleWorkspaceWorkbookWhite.png" - ], - "version": "1.0.0", - "title": "SenservaProMultipleWorkspace", - "templateRelativePath": "SenservaProMultipleWorkspaceWorkbook.json", - "subtitle": "", - "provider": "Senserva Pro" - }, - { - "workbookKey": "SenservaProSecureScoreMultiTenantWorkbook", - "logoFileName": "SenservaPro_logo.svg", - "description": "Sets the time name for analysis", - "dataTypesDependencies": [ - "SenservaPro_CL" - ], - "dataConnectorsDependencies": [ - "SenservaPro" - ], - "previewImagesFileNames": [ - "SenservaProSecureScoreMultiTenantBlack.png", - "SenservaProSecureScoreMultiTenantWhite.png" - ], - "version": "1.0.0", - "title": "SenservaProSecureScoreMultiTenant", - "templateRelativePath": "SenservaProSecureScoreMultiTenantWorkbook.json", - "subtitle": "", - "provider": "Senserva Pro" - }, - { - "workbookKey": "CiscoSecureEndpointOverviewWorkbook", - "logoFileName": "cisco-logo-72px.svg", - "description": "Sets the time name for analysis", - "dataTypesDependencies": [ - "CiscoSecureEndpoint" - ], - "dataConnectorsDependencies": [ - "CiscoSecureEndpoint" - ], - "previewImagesFileNames": [ - "CiscoSecureEndpointBlack.png", - "CiscoSecureEndpointWhite.png" - ], - "version": "1.0.0", - "title": "Cisco Secure Endpoint", - "templateRelativePath": "Cisco Secure Endpoint Overview.json", - "subtitle": "", - "provider": "Cisco" - }, - { - "workbookKey": "InfoSecGlobalWorkbook", - "logoFileName": "infosecglobal.svg", - "description": "Sets the time name for analysis.", - "dataTypesDependencies": [ - "InfoSecAnalytics_CL" - ], - "dataConnectorsDependencies": [ - "InfoSecDataConnector" - ], - "previewImagesFileNames": [ - "InfoSecGlobalWorkbookBlack.png", - "InfoSecGlobalWorkbookWhite.png" - ], - "version": "1.0.0", - "title": "AgileSec Analytics Connector", - "templateRelativePath": "InfoSecGlobal.json", - "subtitle": "", - "provider": "InfoSecGlobal" - }, - { - "workbookKey": "CrowdStrikeFalconEndpointProtectionWorkbook", - "logoFileName": "crowdstrike.svg", - "description": "Sets the time name for analysis", - "dataTypesDependencies": [ - "CrowdstrikeReplicatorLogs_CL" - ], - "dataConnectorsDependencies": [ - "CrowdstrikeReplicator" - ], - "previewImagesFileNames": [ - "CrowdStrikeFalconEndpointProtectionBlack.png", - "CrowdStrikeFalconEndpointProtectionWhite.png" - ], - "version": "1.0.0", - "title": "CrowdStrike Falcon Endpoint Protection", - "templateRelativePath": "CrowdStrikeFalconEndpointProtection.json", - "subtitle": "", - "provider": "Microsoft" - }, - { - "workbookKey": "IronDefenseAlertDashboard", - "logoFileName": "IronNet.svg", - "description": "Sets the time name for analysis", - "dataTypesDependencies": [ - "CommonSecurityLog" - ], - "dataConnectorsDependencies": [ - "IronNetIronDefense" - ], - "previewImagesFileNames": [ - "IronDefenseDashboardBlack.png", - "IronDefenseDashboardWhit.png" - ], - "version": "1.0.0", - "title": "IronDefenseAlertDashboard", - "templateRelativePath": "IronDefenseAlertDashboard.json", - "subtitle": "", - "provider": "Microsoft" - }, - { - "workbookKey": "IronDefenseAlertDetails", - "logoFileName": "IronNet.svg", - "description": "Sets the time name for analysis", - "dataTypesDependencies": [ - "CommonSecurityLog" - ], - "dataConnectorsDependencies": [ - "IronNetIronDefense" - ], - "previewImagesFileNames": [ - "IronDefenseAlertsBlack.png", - "IronDefenseAlertsWhite.png" - ], - "version": "1.0.0", - "title": "IronDefenseAlertDetails", - "templateRelativePath": "IronDefenseAlertDetails.json", - "subtitle": "", - "provider": "Microsoft" - }, - { - "workbookKey": "CiscoSEGWorkbook", - "logoFileName": "cisco-logo-72px.svg", - "description": "Sets the time name for analysis", - "dataTypesDependencies": [ - "CommonSecurityLog" - ], - "dataConnectorsDependencies": [ - "CiscoSEG" - ], - "previewImagesFileNames": [ - "CiscoSEGBlack.png", - "CiscoSEGWhite.png" - ], - "version": "1.0.0", - "title": "Cisco Secure Email Gateway", - "templateRelativePath": "CiscoSEG.json", - "subtitle": "", - "provider": "Cisco" - }, - { - "workbookKey": "EatonForeseerHealthAndAccess", - "logoFileName": "Azure_Sentinel.svg", - "description": "This workbook gives an insight into the health of all the Windows VMs in this subscription running Eaton Foreseer and the unauthorized access into the Eaton Foreseer application running on these VMs.", - "dataTypesDependencies": [ - "SecurityEvent" - ], - "dataConnectorsDependencies": [], - "previewImagesFileNames": [ - "EatonForeseerHealthAndAccessBlack.png", - "EatonForeseerHealthAndAccessWhite.png" - ], - "version": "1.0.0", - "title": "EatonForeseerHealthAndAccess", - "templateRelativePath": "EatonForeseerHealthAndAccess.json", - "subtitle": "", - "provider": "Eaton" - }, - { - "workbookKey": "PCIDSSComplianceWorkbook", - "logoFileName": "Azure_Sentinel.svg", - "description": "Choose your subscription and workspace in which PCI assets are deployed", - "dataTypesDependencies": [ - "AzureDaignostics", - "SecurityEvent", - "SecurityAlert", - "OracleDatabaseAuditEvent", - "Syslog", - "Anomalies" - ], - "dataConnectorsDependencies": [], - "previewImagesFileNames": [ - "PCIDSSComplianceBlack01.PNG", - "PCIDSSComplianceBlack02.PNG", - "PCIDSSComplianceWhite01.PNG", - "PCIDSSComplianceWhite02.PNG" - ], - "version": "1.0.0", - "title": "PCI DSS Compliance", - "templateRelativePath": "PCIDSSCompliance.json", - "subtitle": "", - "provider": "Microsoft" - }, - { - "workbookKey": "SonraiSecurityWorkbook", - "logoFileName": "Sonrai.svg", - "description": "Sets the time name for analysis", - "dataTypesDependencies": [ - "Sonrai_Tickets_CL" - ], - "dataConnectorsDependencies": [ - "SonraiDataConnector" - ], - "previewImagesFileNames": [ - "SonraiWorkbookBlack.png", - "SonraiWorkbookWhite.png" - ], - "version": "1.0.0", - "title": "Sonrai", - "templateRelativePath": "Sonrai.json", - "subtitle": "", - "provider": "Sonrai" - }, - { - "workbookKey": "CloudflareWorkbook", - "logoFileName": "cloudflare.svg", - "description": "Sets the time name for analysis", - "dataTypesDependencies": [ - "Cloudflare_CL" - ], - "dataConnectorsDependencies": [ - "CloudflareDataConnector" - ], - "previewImagesFileNames": [ - "CloudflareOverviewBlack01.png", - "CloudflareOverviewBlack02.png", - "CloudflareOverviewWhite01.png", - "CloudflareOverviewWhite02.png" - ], - "version": "1.0.0", - "title": "Cloudflare", - "templateRelativePath": "Cloudflare.json", - "subtitle": "", - "provider": "Cloudflare" - }, - { - "workbookKey": "SemperisDSPWorkbook", - "logoFileName": "Semperis.svg", - "description": "Specify the time range on which to query the data", - "dataTypesDependencies": [ - "dsp_parser" - ], - "dataConnectorsDependencies": [ - "SemperisDSP" - ], - "previewImagesFileNames": [ - "SemperisDSPOverview1Black.png", - "SemperisDSPOverview1White.png", - "SemperisDSPOverview2Black.png", - "SemperisDSPOverview2White.png", - "SemperisDSPOverview3Black.png", - "SemperisDSPOverview3White.png" - ], - "version": "1.0.0", - "title": "Semperis Directory Services Protector", - "templateRelativePath": "SemperisDSPWorkbook.json", - "subtitle": "", - "provider": "Semperis" - }, - { - "workbookKey": "BoxWorkbook", - "logoFileName": "box.svg", - "description": "Sets the time name for analysis", - "dataTypesDependencies": [ - "BoxEvents_CL" - ], - "dataConnectorsDependencies": [ - "BoxDataConnector" - ], - "previewImagesFileNames": [ - "BoxBlack1.png", - "BoxWhite1.png", - "BoxBlack2.png", - "BoxWhite2.png" - ], - "version": "1.0.0", - "title": "Box", - "templateRelativePath": "Box.json", - "subtitle": "", - "provider": "Box" - }, - { - "workbookKey": "SymantecEndpointProtection", - "logoFileName": "symantec_logo.svg", - "description": "Sets the time name for analysis", - "dataTypesDependencies": [ - "SymantecEndpointProtection" - ], - "dataConnectorsDependencies": [ - "SymantecEndpointProtection" - ], - "previewImagesFileNames": [ - "SymantecEndpointProtectionBlack.png", - "SymantecEndpointProtectionWhite.png" - ], - "version": "1.0.0", - "title": "Symantec Endpoint Protection", - "templateRelativePath": "SymantecEndpointProtection.json", - "subtitle": "", - "provider": "Symantec" - }, - { - "workbookKey": "DynamicThreatModeling&Response", - "logoFileName": "", - "description": "Sets the time name for analysis", - "dataTypesDependencies": [ - "SecurityAlert" - ], - "dataConnectorsDependencies": [], - "previewImagesFileNames": [ - "ThreatAnalysis&ResponseWhite1.png", - "ThreatAnalysis&ResponseWhite2.png" - ], - "version": "1.0.0", - "title": "Dynamic Threat Modeling Response", - "templateRelativePath": "DynamicThreatModeling&Response.json", - "subtitle": "", - "provider": "Microsoft" - }, - { - "workbookKey": "ThreatAnalysis&Response", - "logoFileName": "", - "description": "The Defenders for IoT workbook provide guided investigations for OT entities based on open incidents, alert notifications, and activities for OT assets. They also provide a hunting experience across the MITRE ATT&CK® framework for ICS, and are designed to enable analysts, security engineers, and MSSPs to gain situational awareness of OT security posture.", - "dataTypesDependencies": [ - "SecurityAlert" - ], - "dataConnectorsDependencies": [], - "previewImagesFileNames": [ - "ThreatAnalysis&ResponseWhite.png" - ], - "version": "1.0.1", - "title": "Threat Analysis Response", - "templateRelativePath": "ThreatAnalysis&Response.json", - "subtitle": "", - "provider": "Microsoft" - }, - { - "workbookKey": "TrendMicroCAS", - "logoFileName": "Trend_Micro_Logo.svg", - "description": "Sets the time name for analysis", - "dataTypesDependencies": [ - "TrendMicroCAS_CL" - ], - "dataConnectorsDependencies": [ - "TrendMicroCAS" - ], - "previewImagesFileNames": [ - "TrendMicroCASBlack.png", - "TrendMicroCASWhite.png" - ], - "version": "1.0.0", - "title": "TrendMicroCAS", - "templateRelativePath": "TrendMicroCAS.json", - "subtitle": "", - "provider": "TrendMicro" - }, - { - "workbookKey": "GitHubSecurityWorkbook", - "logoFileName": "GitHub.svg", - "description": "Gain insights to GitHub activities that may be interesting for security.", - "dataTypesDependencies": [ - "GitHubAuditLogPolling_CL" - ], - "dataConnectorsDependencies": [ - "GitHubEcAuditLogPolling" - ], - "previewImagesFileNames": [], - "version": "1.0.0", - "title": "GithubWorkbook", - "templateRelativePath": "GitHubWorkbook.json", - "subtitle": "", - "provider": "Microsoft" - }, - { - "workbookKey": "GCPDNSWorkbook", - "logoFileName": "google_logo.svg", - "description": "Sets the time name for analysis", - "dataTypesDependencies": [ - "GCPCloudDNS" - ], - "dataConnectorsDependencies": [ - "GCPDNSDataConnector" - ], - "previewImagesFileNames": [ - "GCPDNSBlack.png", - "GCPDNSWhite.png" - ], - "version": "1.0.0", - "title": "Google Cloud Platform DNS", - "templateRelativePath": "GCPDNS.json", - "subtitle": "", - "provider": "Microsoft" - }, - { - "workbookKey": "AtlassianJiraAuditWorkbook", - "logoFileName": "", - "description": "Sets the time name for analysis", - "dataTypesDependencies": [ - "AtlassianJiraNativePoller_CL" - ], - "dataConnectorsDependencies": [ - "AtlassianJira" - ], - "previewImagesFileNames": [ - "AtlassianJiraAuditWhite.png", - "AtlassianJiraAuditBlack.png" - ], - "version": "1.0.0", - "title": "AtlassianJiraAudit", - "templateRelativePath": "AtlassianJiraAudit.json", - "subtitle": "", - "provider": "Atlassian" - }, - { - "workbookKey": "DigitalGuardianWorkbook", - "logoFileName": "Azure_Sentinel.svg", - "description": "Sets the time name for analysis", - "dataTypesDependencies": [ - "DigitalGuardianDLPEvent" - ], - "dataConnectorsDependencies": [ - "DigitalGuardianDLP" - ], - "previewImagesFileNames": [ - "DigitalGuardianBlack.png", - "DigitalGuardianWhite.png" - ], - "version": "1.0.0", - "title": "DigitalGuardianDLP", - "templateRelativePath": "DigitalGuardian.json", - "subtitle": "", - "provider": "Digital Guardian" - }, - { - "workbookKey": "CiscoDuoWorkbook", - "logoFileName": "cisco-logo-72px.svg", - "description": "Sets the time name for analysis", - "dataTypesDependencies": [ - "CiscoDuo_CL" - ], - "dataConnectorsDependencies": [ - "CiscoDuoSecurity" - ], - "previewImagesFileNames": [ - "CiscoDuoWhite.png", - "CiscoDuoBlack.png" - ], - "version": "1.0.0", - "title": "CiscoDuoSecurity", - "templateRelativePath": "CiscoDuo.json", - "subtitle": "", - "provider": "Cisco" - }, - { - "workbookKey": "SlackAudit", - "logoFileName": "slacklogo.svg", - "description": "Sets the time name for analysis", - "dataTypesDependencies": [ - "SlackAudit_CL" - ], - "dataConnectorsDependencies": [ - "SlackAuditAPI" - ], - "previewImagesFileNames": [ - "SlackAuditApplicationActivityBlack1.png", - "SlackAuditApplicationActivityWhite1.png" - ], - "version": "1.0.0", - "title": "SlackAudit", - "templateRelativePath": "SlackAudit.json", - "subtitle": "", - "provider": "Slack" - }, - { - "workbookKey": "CiscoWSAWorkbook", - "logoFileName": "cisco-logo-72px.svg", - "description": "Sets the time name for analysis", - "dataTypesDependencies": [ - "Syslog" - ], - "dataConnectorsDependencies": [ - "CiscoWSA" - ], - "previewImagesFileNames": [ - "CiscoWSAWhite.png", - "CiscoWSABlack.png" - ], - "version": "1.0.0", - "title": "CiscoWSA", - "templateRelativePath": "CiscoWSA.json", - "subtitle": "", - "provider": "Cisco" - }, - { - "workbookKey": "GCP-IAM-Workbook", - "logoFileName": "google_logo.svg", - "description": "Sets the time name for analysis", - "dataTypesDependencies": [ - "GCP_IAM_CL" - ], - "dataConnectorsDependencies": [ - "GCPIAMDataConnector" - ], - "previewImagesFileNames": [ - "GCPIAMBlack01.png", - "GCPIAMBlack02.png", - "GCPIAMWhite01.png", - "GCPIAMWhite02.png" - ], - "version": "1.0.0", - "title": "Google Cloud Platform IAM", - "templateRelativePath": "GCP_IAM.json", - "subtitle": "", - "provider": "Google" - }, - { - "workbookKey": "ImpervaWAFCloudWorkbook", - "logoFileName": "Imperva_DarkGrey_final_75x75.svg", - "description": "Sets the time name for analysis.", - "dataTypesDependencies": [ - "ImpervaWAFCloud_CL" - ], - "dataConnectorsDependencies": [ - "ImpervaWAFCloudAPI" - ], - "previewImagesFileNames": [ - "ImpervaWAFCloudBlack01.png", - "ImpervaWAFCloudBlack02.png", - "ImpervaWAFCloudWhite01.png", - "ImpervaWAFCloudWhite02.png" - ], - "version": "1.0.0", - "title": "Imperva WAF Cloud Overview", - "templateRelativePath": "Imperva WAF Cloud Overview.json", - "subtitle": "", - "provider": "Microsoft" - }, - { - "workbookKey": "ZscalerZPAWorkbook", - "logoFileName": "ZscalerLogo.svg", - "description": "Select the time range for this Overview.", - "dataTypesDependencies": [ - "ZPA_CL" - ], - "dataConnectorsDependencies": [ - "ZscalerPrivateAccess" - ], - "previewImagesFileNames": [ - "ZscalerZPABlack.png", - "ZscalerZPAWhite.png" - ], - "version": "1.0.0", - "title": "Zscaler Private Access (ZPA)", - "templateRelativePath": "ZscalerZPA.json", - "subtitle": "", - "provider": "Zscaler" - }, - { - "workbookKey": "GoogleWorkspaceWorkbook", - "logoFileName": "google_logo.svg", - "description": "Sets the time name for analysis", - "dataTypesDependencies": [ - "GWorkspace_ReportsAPI_admin_CL", - "GWorkspace_ReportsAPI_calendar_CL", - "GWorkspace_ReportsAPI_drive_CL", - "GWorkspace_ReportsAPI_login_CL", - "GWorkspace_ReportsAPI_login_CL", - "GWorkspace_ReportsAPI_mobile_CL" - ], - "dataConnectorsDependencies": [ - "GoogleWorkspaceReportsAPI" - ], - "previewImagesFileNames": [ - "GoogleWorkspaceBlack.png", - "GoogleWorkspaceWhite.png" - ], - "version": "1.0.0", - "title": "GoogleWorkspaceReports", - "templateRelativePath": "GoogleWorkspace.json", - "subtitle": "", - "provider": "Microsoft" - }, - { - "workbookKey": "NCProtectWorkbook", - "logoFileName": "NCProtectIcon.svg", - "description": "Sets the time name for analysis", - "dataTypesDependencies": [ - "NCProtectUAL_CL" - ], - "dataConnectorsDependencies": [ - "NucleusCyberNCProtect" - ], - "previewImagesFileNames": [ - "", - "" - ], - "version": "1.0.0", - "title": "NucleusCyberProtect", - "templateRelativePath": "NucleusCyber_NCProtect_Workbook.json", - "subtitle": "", - "provider": "archTIS" - }, - { - "workbookKey": "CiscoISEWorkbook", - "logoFileName": "cisco-logo-72px.svg", - "description": "Sets the time name for analysis", - "dataTypesDependencies": [ - "Syslog" - ], - "dataConnectorsDependencies": [ - "CiscoISE" - ], - "previewImagesFileNames": [], - "version": "1.0.0", - "title": "Cisco ISE", - "templateRelativePath": "CiscoISE.json", - "subtitle": "", - "provider": "Cisco" - }, - { - "workbookKey": "IoTOTThreatMonitoringwithDefenderforIoTWorkbook", - "logoFileName": "", - "description": "The OT Threat Monitoring with Defender for IoT Workbook features OT filtering for Security Alerts, Incidents, Vulnerabilities and Asset Inventory. The workbook features a dynamic assessment of the MITRE ATT&CK for ICS matrix across your environment to analyze and respond to OT-based threats. This workbook is designed to enable SecOps Analysts, Security Engineers, and MSSPs to gain situational awareness for IT/OT security posture.", - "dataTypesDependencies": [ - "SecurityAlert", - "SecurityIncident" - ], - "dataConnectorsDependencies": [], - "previewImagesFileNames": [], - "version": "1.0.0", - "title": "Microsoft Defender for IoT", - "templateRelativePath": "IoTOTThreatMonitoringwithDefenderforIoT.json", - "subtitle": "", - "provider": "Microsoft" - }, - { - "workbookKey": "ZeroTrust(TIC3.0)Workbook", - "logoFileName": "Azure_Sentinel.svg", - "description": "Sets the time name for analysis", - "dataTypesDependencies": [ - "SecurityRecommendation" - ], - "dataConnectorsDependencies": [], - "previewImagesFileNames": [ - "ZeroTrust(TIC3.0)Black1.PNG", - "ZeroTrust(TIC3.0)White1.PNG" - ], - "version": "1.0.0", - "title": "ZeroTrust(TIC3.0)", - "templateRelativePath": "ZeroTrustTIC3.json", - "subtitle": "", - "provider": "Microsoft" - }, - { - "workbookKey": "InsiderRiskManagementWorkbook", - "logoFileName": "Azure_Sentinel.svg", - "description": "The Microsoft Insider Risk Management Workbook integrates telemetry from 25+ Microsoft security products to provide actionable insights into insider risk management. Reporting tools provide \u201cGo to Alert\u201d links to provide deeper integration between products and a simplified user experience for exploring alerts. ", - "dataTypesDependencies": [ - "SigninLogsSigninLogs", - "AuditLogs", - "AzureActivity", - "OfficeActivity", - "InformationProtectionLogs_CL", - "SecurityIncident" - ], - "dataConnectorsDependencies": [], - "previewImagesFileNames": [ - "InsiderRiskManagementBlack1.png" - ], - "version": "1.0.0", - "title": "Insider Risk Management", - "templateRelativePath": "InsiderRiskManagement.json", - "subtitle": "", - "provider": "Microsoft" - }, - { - "workbookKey": "CybersecurityMaturityModelCertification(CMMC)2.0Workbook", - "logoFileName": "", - "description": "Sets the time name for analysis.", - "dataTypesDependencies": [ - "InformationProtectionLogs_CL", - "AuditLogs", - "SecurityIncident", - "SigninLogs", - "AzureActivity" - ], - "dataConnectorsDependencies": [], - "previewImagesFileNames": [], - "version": "1.0.0", - "title": "CybersecurityMaturityModelCertification(CMMC)2.0", - "templateRelativePath": "CybersecurityMaturityModelCertification_CMMCV2.json", - "subtitle": "", - "provider": "Microsoft" - }, - { - "workbookKey": "NISTSP80053Workbook", - "logoFileName": "", - "description": "Sets the time name for analysis.", - "dataTypesDependencies": [ - "SigninLogs", - "AuditLogs", - "AzureActivity", - "OfficeActivity", - "SecurityEvents", - "CommonSecurityLog", - "SecurityIncident", - "SecurityRecommendation" - ], - "dataConnectorsDependencies": [ - "SecurityEvents" - ], - "previewImagesFileNames": [], - "version": "1.0.0", - "title": "NISTSP80053workbook", - "templateRelativePath": "NISTSP80053.json", - "subtitle": "", - "provider": "Microsoft" - }, - { - "workbookKey": "DarktraceWorkbook", - "logoFileName": "Darktrace.svg", - "description": "The Darktrace Workbook visualises Model Breach and AI Analyst data received by the Darktrace Data Connector and visualises events across the network, SaaS, IaaS and Email.", - "dataTypesDependencies": [ - "darktrace_model_alerts_CL" - ], - "dataConnectorsDependencies": [ - "DarktraceRESTConnector" - ], - "previewImagesFileNames": [ - "DarktraceWorkbookBlack01.png", - "DarktraceWorkbookBlack02.png", - "DarktraceWorkbookWhite01.png", - "DarktraceWorkbookWhite02.png" - ], - "version": "1.0.1", - "title": "Darktrace", - "templateRelativePath": "DarktraceWorkbook.json", - "subtitle": "", - "provider": "Darktrace" - }, - { - "workbookKey": "RecordedFutureDomainC2DNSWorkbook", - "logoFileName": "RecordedFuture.svg", - "description": "Sets the time name for DNS Events and Threat Intelligence Time Range", - "dataTypesDependencies": [ - "ThreatIntelligenceIndicator" - ], - "dataConnectorsDependencies": [], - "previewImagesFileNames": [], - "version": "1.0.0", - "title": "Recorded Future - C&C DNS Name to DNS Events - Correlation&Threat Hunting", - "templateRelativePath": "Recorded Future - C&C DNS Name to DNS Events - Correlation&Threat Hunting.json", - "subtitle": "", - "provider": "Recorded Future" - }, - { - "workbookKey": "RecordedFutureIPActiveC2Workbook", - "logoFileName": "RecordedFuture.svg", - "description": "Sets the time name for DNS Events and Threat Intelligence Time Range", - "dataTypesDependencies": [ - "ThreatIntelligenceIndicator" - ], - "dataConnectorsDependencies": [], - "previewImagesFileNames": [], - "version": "1.0.0", - "title": "Recorded Future - Actively Communicating C&C IPs to DNS Events - Correlation&Threat Hunting", - "templateRelativePath": "Recorded Future - Actively Communicating C&C IPs to DNS Events - Correlation&Threat Hunting.json", - "subtitle": "", - "provider": "Recorded Future" - }, - { - "workbookKey": "MaturityModelForEventLogManagement_M2131", - "logoFileName": "contrastsecurity_logo.svg", - "description": "Select the time range for this Overview.", - "dataTypesDependencies": [], - "dataConnectorsDependencies": [], - "previewImagesFileNames": [ - "MaturityModelForEventLogManagement_M2131Black.png" - ], - "version": "1.0.0", - "title": "MaturityModelForEventLogManagementM2131", - "templateRelativePath": "MaturityModelForEventLogManagement_M2131.json", - "subtitle": "", - "provider": "Microsoft" - }, - { - "workbookKey": "AzureSQLSecurityWorkbook", - "logoFileName": "AzureSQL.svg", - "description": "Sets the time window in days to search around the alert", - "dataTypesDependencies": [ - "AzureDiagnostics", - "SecurityAlert", - "SecurityIncident" - ], - "dataConnectorsDependencies": [ - "AzureSql" - ], - "previewImagesFileNames": [], - "version": "1.0.0", - "title": "Azure SQL Database Workbook", - "templateRelativePath": "Workbook-AzureSQLSecurity.json", - "subtitle": "", - "provider": "Microsoft" - }, - { - "workbookKey": "ContinuousDiagnostics&Mitigation", - "logoFileName": "", - "description": "Select the time range for this Overview.", - "dataTypesDependencies": [], - "dataConnectorsDependencies": [], - "previewImagesFileNames": [ - "ContinuousDiagnostics&MitigationBlack.png" - ], - "version": "1.0.0", - "title": "ContinuousDiagnostics&Mitigation", - "templateRelativePath": "ContinuousDiagnostics&Mitigation.json", - "subtitle": "", - "provider": "Microsoft" - }, - { - "workbookKey": "UserWorkbook-alexdemichieli-github-update-1", - "logoFileName": "GitHub.svg", - "description": "Repository selector.", - "dataTypesDependencies": [ - "githubscanaudit_CL" - ], - "dataConnectorsDependencies": [ - "GitHubWebhook" - ], - "previewImagesFileNames": [], - "version": "1.0.0", - "title": "GithubWorkbook-update-to-workbook-1", - "templateRelativePath": "update-to-workbook-1.json", - "subtitle": "", - "provider": "Microsoft" - }, - { - "workbookKey": "AtlasianJiraAuditWorkbook", - "logoFileName": "", - "description": "Select the time range for this Overview.", - "dataTypesDependencies": [ - "AtlassianJiraNativePoller_CL" - ], - "dataConnectorsDependencies": [ - "AtlassianJira" - ], - "previewImagesFileNames": [ - "AtlassianJiraAuditBlack.png", - "AtlassianJiraAuditWhite.png" - ], - "version": "1.0.0", - "title": "AtlasianJiraAuditWorkbook", - "templateRelativePath": "AtlasianJiraAuditWorkbook.json", - "subtitle": "", - "provider": "Microsoft" - }, - { - "workbookKey": "AzureSecurityBenchmark", - "logoFileName": "", - "description": "Azure Security Benchmark v3 Workbook provides a mechanism for viewing log queries, azure resource graph, and policies aligned to ASB controls across Microsoft security offerings, Azure, Microsoft 365, 3rd Party, On-Premises, and Multi-cloud workloads. This workbook enables Security Architects, Engineers, SecOps Analysts, Managers, and IT Pros to gain situational awareness visibility for the security posture of cloud workloads. There are also recommendations for selecting, designing, deploying, and configuring Microsoft offerings for alignment with respective ASB requirements and practices.", - "dataTypesDependencies": [ - "SecurityRegulatoryCompliance", - "AzureDiagnostics", - "SecurityIncident", - "SigninLogs", - "SecurityAlert" - ], - "dataConnectorsDependencies": [], - "previewImagesFileNames": [ - "AzureSecurityBenchmark1.png", - "AzureSecurityBenchmark2.png", - "AzureSecurityBenchmark3.png" - ], - "version": "1.0.0", - "title": "Azure Security Benchmark", - "templateRelativePath": "AzureSecurityBenchmark.json", - "subtitle": "", - "provider": "Microsoft" - }, - { - "workbookKey": "ZNAccessOchestratorAudit", - "logoFileName": "", - "description": "This workbook provides a summary of ZeroNetworks data.", - "dataTypesDependencies": [ - "ZNAccessOrchestratorAudit_CL", - "ZNAccessOrchestratorAuditNativePoller_CL" - ], - "dataConnectorsDependencies": [ - "ZeroNetworksAccessOrchestratorAuditFunction", - "ZeroNetworksAccessOrchestratorAuditNativePoller" - ], - "previewImagesFileNames": [], - "version": "1.0.0", - "title": "Zero NetWork", - "templateRelativePath": "ZNSegmentAudit.json", - "subtitle": "", - "provider": "Zero Networks" - }, - { - "workbookKey": "FireworkWorkbook", - "logoFileName": "FlareSystems.svg", - "description": "Select the time range for this Overview.", - "dataTypesDependencies": [ - "Firework_CL" - ], - "dataConnectorsDependencies": [ - "FlareSystemsFirework" - ], - "previewImagesFileNames": [ - "FireworkOverviewBlack01.png", - "FireworkOverviewBlack02.png", - "FireworkOverviewWhite01.png", - "FireworkOverviewWhite02.png" - ], - "version": "1.0.0", - "title": "FlareSystemsFirework", - "templateRelativePath": "FlareSystemsFireworkOverview.json", - "subtitle": "", - "provider": "Flare Systems" - }, - { - "workbookKey": "UserWorkbook-alexdemichieli-github-update-1", - "logoFileName": "GitHub.svg", - "description": "Gain insights to GitHub activities that may be interesting for security.", - "dataTypesDependencies": [ - "GitHubAuditLogPolling_CL" - ], - "dataConnectorsDependencies": [ - "GitHubEcAuditLogPolling" - ], - "previewImagesFileNames": [], - "version": "1.0.0", - "title": "GitHub Security", - "templateRelativePath": "GitHubAdvancedSecurity.json", - "subtitle": "", - "provider": "Microsoft" - }, - { - "workbookKey": "TaniumWorkbook", - "logoFileName": "Tanium.svg", - "description": "Visualize Tanium endpoint and module data", - "dataTypesDependencies": [ - "TaniumComplyCompliance_CL", - "TaniumComplyVulnerabilities_CL", - "TaniumDefenderHealth_CL", - "TaniumDiscoverUnmanagedAssets_CL", - "TaniumHighUptime_CL", - "TaniumMainAsset_CL", - "TaniumPatchListApplicability_CL", - "TaniumPatchListCompliance_CL", - "TaniumSCCMClientHealth_CL", - "TaniumThreatResponse_CL" - ], - "dataConnectorsDependencies": [], - "previewImagesFileNames": [ - "TaniumComplyDark.png", - "TaniumComplyLight.png", - "TaniumDiscoverDark.png", - "TaniumDiscoverLight.png", - "TaniumMSToolingHealthDark.png", - "TaniumMSToolingHealthLight.png", - "TaniumPatchDark.png", - "TaniumPatchLight.png", - "TaniumThreatResponseAlertsDark.png", - "TaniumThreatResponseAlertsLight.png", - "TaniumThreatResponseDark.png", - "TaniumThreatResponseLight.png" - ], - "version": "1.0", - "title": "Tanium Workbook", - "templateRelativePath": "TaniumWorkbook.json", - "subtitle": "", - "provider": "Tanium" - }, - { - "workbookKey": "ActionableAlertsDashboard", - "logoFileName": "", - "description": "None.", - "dataTypesDependencies": [ - "CyberSixgill_Alerts_CL" - ], - "dataConnectorsDependencies": [ - "CybersixgillActionableAlerts" - ], - "previewImagesFileNames": [], - "version": "1.0.0", - "title": "Cybersixgill Actionable Alerts Dashboard", - "templateRelativePath": "ActionableAlertsDashboard.json", - "subtitle": "", - "provider": "Cybersixgill" - }, - { - "workbookKey": "ActionableAlertsList", - "logoFileName": "", - "description": "None.", - "dataTypesDependencies": [ - "CyberSixgill_Alerts_CL" - ], - "dataConnectorsDependencies": [ - "CybersixgillActionableAlerts" - ], - "previewImagesFileNames": [], - "version": "1.0.0", - "title": "Cybersixgill Actionable Alerts List", - "templateRelativePath": "ActionableAlertsList.json", - "subtitle": "", - "provider": "Cybersixgill" - }, - { - "workbookKey": "ArgosCloudSecurityWorkbook", - "logoFileName": "argos-logo.svg", - "description": "The ARGOS Cloud Security integration for Microsoft Sentinel allows you to have all your important cloud security events in one place.", - "dataTypesDependencies": [ - "ARGOS_CL" - ], - "dataConnectorsDependencies": [ - "ARGOSCloudSecurity" - ], - "previewImagesFileNames": [ - "ARGOSCloudSecurityWorkbookBlack.png", - "ARGOSCloudSecurityWorkbookWhite.png" - ], - "version": "1.0.0", - "title": "ARGOS Cloud Security", - "templateRelativePath": "ARGOSCloudSecurityWorkbook.json", - "subtitle": "", - "provider": "ARGOS Cloud Security" - }, - { - "workbookKey": "JamfProtectWorkbook", - "logoFileName": "jamf_logo.svg", - "description": "This Jamf Protect Workbook for Microsoft Sentinel enables you to ingest Jamf Protect events forwarded into Microsoft Sentinel.\n Providing reports into all alerts, device controls and Unfied Logs.", - "dataTypesDependencies": [ - "jamfprotect_CL" - ], - "dataConnectorsDependencies": [], - "previewImagesFileNames": [ - "JamfProtectDashboardBlack.png", - "JamfProtectDashboardWhite.png" - ], - "version": "2.0.0", - "title": "Jamf Protect Workbook", - "templateRelativePath": "JamfProtectDashboard.json", - "subtitle": "", - "provider": "Jamf Software, LLC" - }, - { - "workbookKey": "AIVectraStream", - "logoFileName": "", - "description": "", - "dataTypesDependencies": [ - "VectraStream_CL" - ], - "dataConnectorsDependencies": [ "AIVectraStream" ], - "previewImagesFileNames": [], - "version": "1.0.0", - "title": "AIVectraStreamWorkbook", - "templateRelativePath": "AIVectraStreamWorkbook.json", - "subtitle": "", - "provider": "Vectra AI" - }, - { - "workbookKey": "SecurityScorecardWorkbook", - "logoFileName": "", - "description": "This Workbook provides immediate insight into the data coming from SecurityScorecard’s three Sentinel data connectors: SecurityScorecard Cybersecurity Ratings, SecurityScorecard Cybersecurity Ratings - Factors, and SecurityScorecard Cybersecurity Ratings - Issues.", - "dataTypesDependencies": [ - "SecurityScorecardFactor_CL", - "SecurityScorecardIssues_CL", - "SecurityScorecardRatings_CL" - ], - "dataConnectorsDependencies": [ - "SecurityScorecardFactorAzureFunctions", - "SecurityScorecardIssueAzureFunctions", - "SecurityScorecardRatingsAzureFunctions" - ], - "previewImagesFileNames": [ - "SecurityScorecardBlack1.png", - "SecurityScorecardBlack2.png", - "SecurityScorecardBlack3.png", - "SecurityScorecardBlack4.png", - "SecurityScorecardBlack5.png", - "SecurityScorecardBlack6.png", - "SecurityScorecardWhite1.png", - "SecurityScorecardWhite2.png", - "SecurityScorecardWhite3.png", - "SecurityScorecardWhite4.png", - "SecurityScorecardWhite5.png", - "SecurityScorecardWhite6.png" - ], - "version": "1.0.0", - "title": "SecurityScorecard", - "templateRelativePath": "SecurityScorecardWorkbook.json", - "subtitle": "", - "provider": "SecurityScorecard" - }, - { - "workbookKey": "DigitalShadowsWorkbook", - "logoFileName": "DigitalShadowsLogo.svg", - "description": "For gaining insights into Digital Shadows logs.", - "dataTypesDependencies": [ - "DigitalShadows_CL" - ], - "dataConnectorsDependencies": [ - "DigitalShadowsSearchlightAzureFunctions" - ], - "previewImagesFileNames": [ - "DigitalShadowsBlack1.png", - "DigitalShadowsBlack2.png", - "DigitalShadowsBlack3.png", - "DigitalShadowsWhite1.png", - "DigitalShadowsWhite2.png", - "DigitalShadowsWhite3.png" - ], - "version": "1.0.0", - "title": "Digital Shadows", - "templateRelativePath": "DigitalShadows.json", - "subtitle": "", - "provider": "Digital Shadows" - }, - { - "workbookKey": "SalesforceServiceCloudWorkbook", - "logoFileName": "salesforce_logo.svg", - "description": "Sets the time name for analysis.", - "dataTypesDependencies": [ - "SalesforceServiceCloud" - ], - "dataConnectorsDependencies": [ - "SalesforceServiceCloud_CL" - ], - "previewImagesFileNames": [], - "version": "1.0.0", - "title": "Salesforce Service Cloud", - "templateRelativePath": "SalesforceServiceCloud.json", - "subtitle": "", - "provider": "Salesforce" - }, - { - "workbookKey": "NetworkSessionSolution", - "logoFileName": "Azure_Sentinel.svg", - "description": "This workbook is included as part of Network Session Essentials solution and gives a summary of analyzed traffic, helps with threat analysis and investigating suspicious IP’s and traffic analysis. Network Session Essentials Solution also includes playbooks to periodically summarize the logs thus enhancing user experience and improving data search. For the effective usage of workbook, we highly recommend to enable the summarization playbooks that are provided with this solution.", - "dataTypesDependencies": [ - "AWSVPCFlow", - "DeviceNetworkEvents", - "SecurityEvent", - "WindowsEvent", - "CommonSecurityLog", - "Syslog", - "CommonSecurityLog", - "VMConnection", - "AzureDiagnostics", - "AzureDiagnostics", - "CommonSecurityLog", - "Corelight_CL", - "VectraStream", - "CommonSecurityLog", - "CommonSecurityLog", - "Syslog", - "CiscoMerakiNativePoller" - ], - "dataConnectorsDependencies": [ "AWSS3", "MicrosoftThreatProtection", "SecurityEvents", "WindowsForwardedEvents", "Zscaler", "MicrosoftSysmonForLinux", "PaloAltoNetworks", "AzureMonitor(VMInsights)", "AzureFirewall", "AzureNSG", "CiscoASA", "Corelight", "AIVectraStream", "CheckPoint", "Fortinet", "CiscoMeraki" ], - "previewImagesFileNames": [], - "version": "1.0.0", - "title": "Network Session Essentials", - "templateRelativePath": "NetworkSessionEssentials.json", - "subtitle": "", - "provider": "Microsoft" - }, - { - "workbookKey": "SAPSODAnalysis", - "logoFileName": "AliterConsulting.svg", - "description": "SAP SOD Analysis", - "dataTypesDependencies": [ - "SAPAuditLog" - ], - "dataConnectorsDependencies": [ - "SAP" - ], - "previewImagesFileNames": [], - "version": "2.0.0", - "title": "SAP SOD Analysis", - "templateRelativePath": "SAP - Segregation of Duties v2.0 (by Aliter Consulting).json", - "subtitle": "", - "provider": "Aliter Consulting" - }, - { - "workbookKey": "TheomWorkbook", - "logoFileName": "theom-logo.svg", - "description": "Theom Alert Statistics", - "dataTypesDependencies": [ - "TheomAlerts_CL" - ], - "dataConnectorsDependencies": [ - "Theom" - ], - "previewImagesFileNames": [ - "TheomWorkbook-black.png", - "TheomWorkbook-white.png" - ], - "version": "1.0.0", - "title": "Theom", - "templateRelativePath": "Theom.json", - "subtitle": "", - "provider": "Theom" - }, - { - "workbookKey": "DynatraceWorkbooks", - "logoFileName": "dynatrace.svg", - "description": "This workbook brings together queries and visualizations to assist you in identifying potential threats surfaced by Dynatrace.", - "dataTypesDependencies": [ - "DynatraceAttacks_CL", - "DynatraceAuditLogs_CL", - "DynatraceProblems_CL", - "DynatraceSecurityProblems_CL" - ], - "dataConnectorsDependencies": [ - "DynatraceAttacks", - "DynatraceAuditLogs", - "DynatraceProblems", - "DynatraceRuntimeVulnerabilities" - ], - "previewImagesFileNames": [ - "DynatraceWorkbookBlack.png", - "DynatraceWorkbookWhite.png" - ], - "version": "2.0.0", - "title": "Dynatrace", - "templateRelativePath": "Dynatrace.json", - "subtitle": "", - "provider": "Dynatrace" - }, - { - "workbookKey": "MDOWorkbook", - "logoFileName": "", - "description": "Gain extensive insight into your organization's Microsoft Defender for Office Activity by analyzing, and correlating events.\nYou can track malware and phishing detection over time.", - "dataTypesDependencies": [ - "SecurityAlert" - ], - "dataConnectorsDependencies": [ - "MicrosoftThreatProtection" - ], - "previewImagesFileNames": [], - "version": "1.0.0", - "title": "Microsoft 365 Defender MDOWorkbook", - "templateRelativePath": "MDO Insights.json", - "subtitle": "", - "provider": "Microsoft" - }, - { - "workbookKey": "AnomaliesVisualizationWorkbook", - "logoFileName": "", - "description": "A workbook that provides contextual information to a user for better insight on Anomalies and their impact. The workbook will help with investigation of anomalies as well as identify patterns that can lead to a threat.", - "dataTypesDependencies": [ - "Anomalies" - ], - "dataConnectorsDependencies": [], - "previewImagesFileNames": [ - "AnomaliesVisualizationWorkbookWhite.png", - "AnomaliesVisualizationWorkbookBlack.png" - ], - "version": "1.0.0", - "title": "AnomaliesVisulization", - "templateRelativePath": "AnomaliesVisualization.json", - "subtitle": "", - "provider": "Microsoft Sentinel Community" -}, -{ - "workbookKey": "AnomalyDataWorkbook", - "logoFileName": "", - "description": "A workbook providing details, related Incident, and related Hunting Workbook for a specific Anomaly.", - "dataTypesDependencies": [ - "Anomalies" - ], - "dataConnectorsDependencies": [], - "previewImagesFileNames": [ - "AnomalyDataWorkbookWhite.png", - "AnomalyDataWorkbookBlack.png" - ], - "version": "1.0.0", - "title": "AnomalyData", - "templateRelativePath": "AnomalyData.json", - "subtitle": "", - "provider": "Microsoft Sentinel Community" -}, -{ - "workbookKey": "MicrosoftExchangeLeastPrivilegewithRBAC-Online", - "logoFileName": "Azure_Sentinel.svg", - "description": "This Workbook, dedicated to Exchange Online environments is built to have a simple view of non-standard RBAC delegations on an Exchange Online tenant. This Workbook allow you to go deep dive on custom delegation and roles and also members of each delegation, including the nested level and the group imbrication on your environment.", - "dataTypesDependencies": [ - "ESIExchangeOnlineConfig_CL" - ], - "dataConnectorsDependencies": [ - "ESI-ExchangeOnPremisesCollector", - "ESI-ExchangeAdminAuditLogEvents", - "ESI-ExchangeOnlineCollector" - ], - "previewImagesFileNames": [], - "version": "1.0.0", - "title": "Microsoft Exchange Least Privilege with RBAC - Online", - "templateRelativePath": "Microsoft Exchange Least Privilege with RBAC - Online.json", - "subtitle": "", - "provider": "Microsoft" -}, -{ - "workbookKey": "MicrosoftExchangeLeastPrivilegewithRBAC", - "logoFileName": "Azure_Sentinel.svg", - "description": "This Workbook, dedicated to On-Premises environments is built to have a simple view of non-standard RBAC delegations on an On-Premises Exchange environment. This Workbook allow you to go deep dive on custom delegation and roles and also members of each delegation, including the nested level and the group imbrication on your environment.", - "dataTypesDependencies": [ - "ESIExchangeOnlineConfig_CL" - ], - "dataConnectorsDependencies": [ - "ESI-ExchangeOnPremisesCollector", - "ESI-ExchangeAdminAuditLogEvents", - "ESI-ExchangeOnlineCollector" - ], - "previewImagesFileNames": [], - "version": "1.0.0", - "title": "Microsoft Exchange Least Privilege with RBAC", - "templateRelativePath": "Microsoft Exchange Least Privilege with RBAC.json", - "subtitle": "", - "provider": "Microsoft" -}, -{ - "workbookKey": "MicrosoftExchangeSearchAdminAuditLog", - "logoFileName": "Azure_Sentinel.svg", - "description": "This workbook is dedicated to On-Premises Exchange organizations. It uses the MSExchange Management event logs to give you a simple way to view administrators’ activities in your Exchange environment with Cmdlets usage statistics and multiple pivots to understand who and/or what is affected to modifications on your environment.", - "dataTypesDependencies": [ - "ESIExchangeOnlineConfig_CL" - ], - "dataConnectorsDependencies": [ - "ESI-ExchangeOnPremisesCollector", - "ESI-ExchangeAdminAuditLogEvents", - "ESI-ExchangeOnlineCollector" - ], - "previewImagesFileNames": [], - "version": "1.0.0", - "title": "Microsoft Exchange Search AdminAuditLog", - "templateRelativePath": "Microsoft Exchange Search AdminAuditLog.json", - "subtitle": "", - "provider": "Microsoft" -}, -{ - "workbookKey": "MicrosoftExchangeSecurityMonitoring", - "logoFileName": "Azure_Sentinel.svg", - "description": "This Workbook is dedicated to On-Premises Exchange organizations. It uses the MSExchange Management event logs and Microsoft Exchange Security configuration collected by data connectors. It helps to track admin actions, especially on VIP Users and/or on Sensitive Cmdlets. This workbook allows also to list Exchange Services changes, local account activities and local logon on Exchange Servers.", - "dataTypesDependencies": [ - "ESIExchangeOnlineConfig_CL" - ], - "dataConnectorsDependencies": [ - "ESI-ExchangeOnPremisesCollector", - "ESI-ExchangeAdminAuditLogEvents", - "ESI-ExchangeOnlineCollector" - ], - "previewImagesFileNames": [], - "version": "1.0.0", - "title": "Microsoft Exchange Admin Activity", - "templateRelativePath": "Microsoft Exchange Admin Activity.json", - "subtitle": "", - "provider": "Microsoft" -}, -{ - "workbookKey": "MicrosoftExchangeSecurityReview-Online", - "logoFileName": "Azure_Sentinel.svg", - "description": "This Workbook is dedicated to Exchange Online tenants. It displays and highlights current Security configuration on various Exchange components specific to Online including delegations, the transport configuration and the linked security risks, and risky protocols.", - "dataTypesDependencies": [ - "ESIExchangeOnlineConfig_CL" - ], - "dataConnectorsDependencies": [ - "ESI-ExchangeOnPremisesCollector", - "ESI-ExchangeAdminAuditLogEvents", - "ESI-ExchangeOnlineCollector" - ], - "previewImagesFileNames": [], - "version": "1.0.0", - "title": "Microsoft Exchange Security Review - Online", - "templateRelativePath": "Microsoft Exchange Security Review - Online.json", - "subtitle": "", - "provider": "Microsoft" -}, -{ - "workbookKey": "MicrosoftExchangeSecurityReview", - "logoFileName": "Azure_Sentinel.svg", - "description": "This Workbook is dedicated to On-Premises Exchange organizations. It displays and highlights current Security configuration on various Exchange components including delegations, rights on databases, Exchange and most important AD Groups with members including nested groups, local administrators of servers. This workbook helps also to understand the transport configuration and the linked security risks.", - "dataTypesDependencies": [ - "ESIExchangeOnlineConfig_CL" - ], - "dataConnectorsDependencies": [ - "ESI-ExchangeOnPremisesCollector", - "ESI-ExchangeAdminAuditLogEvents", - "ESI-ExchangeOnlineCollector" - ], - "previewImagesFileNames": [], - "version": "1.0.0", - "title": "Microsoft Exchange Security Review", - "templateRelativePath": "Microsoft Exchange Security Review.json", - "subtitle": "", - "provider": "Microsoft" -}, -{ - "workbookKey": "ibossMalwareAndC2Workbook", - "logoFileName": "", - "description": "A workbook providing insights into malware and C2 activity detected by iboss.", - "dataTypesDependencies": [ - ], - "dataConnectorsDependencies": [ - ], - "previewImagesFileNames": [ - ], - "version": "1.0.0", - "title": "iboss Malware and C2", - "templateRelativePath": "ibossMalwareAndC2.json", - "subtitle": "", - "provider": "iboss" -}, -{ - "workbookKey": "ibossWebUsageWorkbook", - "logoFileName": "", - "description": "A workbook providing insights into web usage activity detected by iboss.", - "dataTypesDependencies": [ - ], - "dataConnectorsDependencies": [ - ], - "previewImagesFileNames": [ - ], - "version": "1.0.0", - "title": "iboss Web Usage", - "templateRelativePath": "ibossWebUsage.json", - "subtitle": "", - "provider": "iboss" -}, -{ - "workbookKey": "Fortiweb-workbook", - "logoFileName": "Azure_Sentinel.svg", - "description": "This workbook depends on a parser based on a Kusto Function to work as expected [**Fortiweb**](https://aka.ms/sentinel-FortiwebDataConnector-parser) which is deployed with the Microsoft Sentinel Solution.", - "dataTypesDependencies": [ - "CommonSecurityLog" - ], - "dataConnectorsDependencies": [ - "FortinetFortiWeb" - ], - "previewImagesFileNames": [], - "version": "1.0.0", - "title": "Fortiweb-workbook", - "templateRelativePath": "Fortiweb-workbook.json", - "subtitle": "", - "provider": "Microsoft" -}, -{ - "workbookKey": "ReversingLabs-CapabilitiesOverview", - "logoFileName": "reversinglabs.svg", - "description": "The ReversingLabs-CapabilitiesOverview workbook provides a high level look at your threat intelligence capabilities and how they relate to your operations.", - "dataTypesDependencies": [ - ], - "dataConnectorsDependencies": [ - ], - "previewImagesFileNames": [ - "ReversingLabsTiSummary-White.png", - "ReversingLabsTiSummary-Black.png", - "ReversingLabsOpsSummary-White.png", - "ReversingLabsOpsSummary-Black.png" - ], - "version": "1.1.1", - "title": "ReversingLabs-CapabilitiesOverview", - "templateRelativePath": "ReversingLabs-CapabilitiesOverview.json", - "subtitle": "", - "provider": "ReversingLabs" -}, -{ - "workbookKey": "TalonInsights", - "logoFileName": "Talon.svg", - "description": "This workbook provides Talon Security Insights on Log Analytics Query Logs", - "dataTypesDependencies": [], - "dataConnectorsDependencies": [], - "previewImagesFileNames": [ "TalonInsightsBlack.png", "TalonInsightsWhite.png"], - "version": "2.0.0", - "title": "Talon Insights", - "templateRelativePath": "TalonInsights.json", - "subtitle": "", - "provider": "Talon Security" -}, -{ - "workbookKey": "vCenter", - "logoFileName": [], - "description": "This data connector depends on a parser based on Kusto Function **vCenter** to work as expected. [Follow steps to get this Kusto Function](https://aka.ms/sentinel-vCenter-parser)", - "dataTypesDependencies": ["vCenter_CL"], - "dataConnectorsDependencies": ["VMwarevCenter"], - "previewImagesFileNames": [ ], - "version": "1.0.0", - "title": "vCenter", - "templateRelativePath": "vCenter.json", - "subtitle": "", - "provider": "VMware" -}, - -{ - "workbookKey": "SAP-Monitors-AlertsandPerformance", - "logoFileName": "SAPVMIcon.svg", - "description": "SAP -Monitors- Alerts and Performance", - "dataTypesDependencies": ["SAPAuditLog"], - "dataConnectorsDependencies": [ "SAP"], - "previewImagesFileNames": ["SAPVMIcon.svg"], - "version": "2.0.1", - "title": "SAP -Monitors- Alerts and Performance", - "templateRelativePath": "SAP -Monitors- Alerts and Performance.json", - "subtitle": "", - "provider": "Microsoft" -}, -{ - "workbookKey": "SAP-SecurityAuditlogandInitialAccess", - "logoFileName": "SAPVMIcon.svg", - "description": "SAP -Security Audit log and Initial Access", - "dataTypesDependencies": [ "SAPAuditLog"], - "dataConnectorsDependencies": [ "SAP" ], - "previewImagesFileNames": ["SAPVMIcon.svg"], - "version": "2.0.1", - "title": "SAP -Security Audit log and Initial Access", - "templateRelativePath": "SAP -Security Audit log and Initial Access.json", - "subtitle": "", - "provider": "Microsoft" -}, -{ - "workbookKey": "DNSSolutionWorkbook", - "logoFileName": "", - "description": "This workbook is included as part of the DNS Essentials solution and gives a summary of analyzed DNS traffic. It also helps with threat analysis and investigating suspicious Domains, IPs and DNS traffic. DNS Essentials Solution also includes a playbook to periodically summarize the logs, thus enhancing the user experience and improving data search. For effective usage of workbook, we highly recommend enabling the summarization playbook that is provided with this solution.", - "dataTypesDependencies": [], - "dataConnectorsDependencies": [], - "previewImagesFileNames": [ - "DNSDomainWorkbookWhite.png", - "DNSDomainWorkbookBlack.png" - ], - "version": "1.0.0", - "title": "DNS Solution Workbook", - "templateRelativePath": "DNSSolutionWorkbook.json", - "subtitle": "", - "provider": "Microsoft" -}, -{ - "workbookKey": "MicrosoftPowerBIActivityWorkbook", - "logoFileName": "", - "description": "This workbook provides details on Microsoft PowerBI Activity", - "dataTypesDependencies": ["PowerBIActivity"], - "dataConnectorsDependencies": ["Microsoft PowerBI (Preview)"], - "previewImagesFileNames": [ "MicrosoftPowerBIActivityWorkbookBlack.png", "MicrosoftPowerBIActivityWhite.png"], - "version": "1.0.0", - "title": "Microsoft PowerBI Activity Workbook", - "templateRelativePath": "MicrosoftPowerBIActivityWorkbook.json", - "subtitle": "", - "provider": "Microsoft" -}, -{ - "workbookKey": "MicrosoftThreatIntelligenceWorkbook", - "logoFileName": "", - "description": "Gain insights into threat indicators ingestion and search for indicators at scale across Microsoft 1st Party, 3rd Party, On-Premises, Hybrid, and Multi-Cloud Workloads. Indicators Search facilitates a simple interface for finding IP, File, Hash, Sender and more across your data. Seamless pivots to correlate indicators with Microsoft Sentinel: Incidents to make your threat intelligence actionable.", - "dataTypesDependencies": [ "ThreatIntelligenceIndicator", "SecurityIncident" ], - "dataConnectorsDependencies": [ "ThreatIntelligence", "ThreatIntelligenceTaxii" ], - "previewImagesFileNames": [ "ThreatIntelligenceWhite.png", "ThreatIntelligenceBlack.png" ], - "version": "1.0.0", - "title": "Threat Intelligence", - "templateRelativePath": "MicrosoftThreatIntelligence.json", - "subtitle": "", - "provider": "Microsoft" -}, -{ - "workbookKey": "MicrosoftDefenderForEndPoint", - "logoFileName": "", - "description": "A wokbook to provide details about Microsoft Defender for Endpoint Advance Hunting to Overview & Analyse data brought through M365 Defender Connector.", - "dataTypesDependencies": [], - "dataConnectorsDependencies": [], - "previewImagesFileNames": [ "microsoftdefenderforendpointwhite.png", "microsoftdefenderforendpointblack.png" ], - "version": "1.0.0", - "title": "Microsoft Defender For EndPoint", - "templateRelativePath": "MicrosoftDefenderForEndPoint.json", - "subtitle": "", - "provider": "Microsoft Sentinel Community" - }, - { - "workbookKey": "MicrosoftDefenderForIdentity", - "logoFileName": "", - "description": "Use this workbook to analyse the advance hunting data ingested for Defender For Identity.", - "dataTypesDependencies": [ "IdentityLogonEvents", "IdentityQueryEvents", "IdentityDirectoryEvents", "SecurityAlert" ], - "dataConnectorsDependencies": [], - "previewImagesFileNames": [ "microsoftdefenderforidentityblack.png", "microsoftdefenderforidentitywhite.png" ], - "version": "1.0.0", - "title": "Microsoft Defender For Identity", - "templateRelativePath": "MicrosoftDefenderForIdentity.json", - "subtitle": "", - "provider": "Microsoft Sentinel Community" - }, - { - "workbookKey": "EsetProtect", - "logoFileName": "", - "description": "Visualize events and threats from Eset protect.", - "dataTypesDependencies": [ "ESETPROTECT" ], - "dataConnectorsDependencies": ["ESETPROTECT"], - "previewImagesFileNames": [ "ESETPROTECTBlack.png", "ESETPROTECTWhite.png" ], - "version": "1.0.0", - "title": "EsetProtect", - "templateRelativePath": "ESETPROTECT.json", - "subtitle": "", - "provider": "Community" - }, - { - "workbookKey": "CyberArkEPMWorkbook", - "logoFileName": "CyberArk_Logo.svg", - "description": "Sets the time name for analysis", - "dataTypesDependencies": [ - "CyberArkEPM_CL" - ], - "dataConnectorsDependencies": [ - "CyberArkEPM" - ], - "previewImagesFileNames": [ - "CyberArkEPMBlack.png", - "CyberArkEPMWhite.png" - ], - "version": "1.0.0", - "title": "CyberArk EPM", - "templateRelativePath": "CyberArkEPM.json", - "subtitle": "", - "provider": "CyberArk" - } -] diff --git a/Tools/Create-Azure-Sentinel-Solution/V2/input/Solution_CyberArkEPM.json b/Tools/Create-Azure-Sentinel-Solution/V2/input/Solution_CyberArkEPM.json deleted file mode 100644 index a569d37d2da..00000000000 --- a/Tools/Create-Azure-Sentinel-Solution/V2/input/Solution_CyberArkEPM.json +++ /dev/null @@ -1,44 +0,0 @@ -{ - "Name": "CyberArkEPM", - "Author": "CyberArk Business Development - business_development@cyberark.com", - "Logo": "", - "Description": "Endpoint Privilege Manager, a critical and foundational endpoint control addresses the underlying weaknesses of endpoint defenses against a privileged attacker and helps enterprises defend against these attacks.", -"Data Connectors": [ - "Solutions/CyberArkEPM/DataConnectors/CyberArkEPM_API_FunctionApp.json" -], -"Parsers": [ - "Solutions/CyberArkEPM/Parsers/CyberArkEPM.txt" -], - "Hunting Queries": [ - "Solutions/CyberArkEPM/Hunting Queries/CyberArkEPMElevationRequests.yaml", - "Solutions/CyberArkEPM/Hunting Queries/CyberArkEPMPowershellDownloads.yaml", - "Solutions/CyberArkEPM/Hunting Queries/CyberArkEPMPowershellExecutionParameters.yaml", - "Solutions/CyberArkEPM/Hunting Queries/CyberArkEPMProcessNewHash.yaml", - "Solutions/CyberArkEPM/Hunting Queries/CyberArkEPMProcessesAccessedInternet.yaml", - "Solutions/CyberArkEPM/Hunting Queries/CyberArkEPMProcessesRunAsAdmin.yaml", - "Solutions/CyberArkEPM/Hunting Queries/CyberArkEPMRareProcVendors.yaml", - "Solutions/CyberArkEPM/Hunting Queries/CyberArkEPMRareProcessesRunByUsers.yaml", - "Solutions/CyberArkEPM/Hunting Queries/CyberArkEPMScriptsExecuted.yaml", - "Solutions/CyberArkEPM/Hunting Queries/CyberArkEPMSuspiciousActivityAttempts.yaml" -], -"Analytic Rules": [ - "Solutions/CyberArkEPM/Analytic Rules/CyberArkEPMAttackAttemptNotBlocked.yaml", - "Solutions/CyberArkEPM/Analytic Rules/CyberArkEPMMSBuildLOLBin.yaml", - "Solutions/CyberArkEPM/Analytic Rules/CyberArkEPMMultipleAttackAttempts.yaml", - "Solutions/CyberArkEPM/Analytic Rules/CyberArkEPMNewProcessStartetFromSystem.yaml", - "Solutions/CyberArkEPM/Analytic Rules/CyberArkEPMPossibleExecutionOfPowershellEmpire.yaml", - "Solutions/CyberArkEPM/Analytic Rules/CyberArkEPMProcessChangedStartLocation.yaml", - "Solutions/CyberArkEPM/Analytic Rules/CyberArkEPMRareProcInternetAccess.yaml", - "Solutions/CyberArkEPM/Analytic Rules/CyberArkEPMRenamedWindowsBinary.yaml", - "Solutions/CyberArkEPM/Analytic Rules/CyberArkEPMUnexpectedExecutableExtension.yaml", - "Solutions/CyberArkEPM/Analytic Rules/CyberArkEPMUnexpectedExecutableLocation.yaml" -], -"Workbooks": [ - "Solutions/CyberArkEPM/Workbooks/CyberArkEPM.json" -], -"BasePath": "/Users/Julie.Mauch/Documents/GitHub/Azure-Sentinel/", -"Version": "2.0.0", -"Metadata": "SolutionMetadata.json", -"TemplateSpec": true, -"Is1PConnector": false -} diff --git a/Tools/Create-Azure-Sentinel-Solution/V2/input/Solution_MicrosoftDefenderThreatIntelligence.json b/Tools/Create-Azure-Sentinel-Solution/V2/input/Solution_MicrosoftDefenderThreatIntelligence.json deleted file mode 100644 index e5b5d481880..00000000000 --- a/Tools/Create-Azure-Sentinel-Solution/V2/input/Solution_MicrosoftDefenderThreatIntelligence.json +++ /dev/null @@ -1,17 +0,0 @@ -{ - "Name": "Microsoft Defender Threat Intelligence", - "Author": "Microsoft - support@microsoft.com", - "Logo": "", - "Description": "Microsoft centralizes numerous data sets into a single platform, Microsoft Defender Threat Intelligence [(MDTI)](https://learn.microsoft.com/defender/threat-intelligence/what-is-microsoft-defender-threat-intelligence-defender-ti), making it easier for Microsoft’s community and customers to conduct infrastructure analysis. Microsoft’s primary focus is to provide as much data as possible about Internet infrastructure to support a variety of security use cases and enabling automation for Incident management in Microsoft Sentinel", - "Playbooks": [ - "Playbooks/MDTI-Automated-Triage/azuredeploy.json", - "Playbooks/MDTI-Base/azuredeploy.json", - "Playbooks/MDTI-Data-WebComponents/azuredeploy.json", - "Playbooks/MDTI-Intel-Reputation/azuredeploy.json" - ], - "BasePath": "C:\\GitHub\\Azure-Sentinel\\Solutions\\Microsoft Defender Threat Intelligence", - "Version": "2.0.1", - "Metadata": "SolutionMetadata.json", - "TemplateSpec": true, - "Is1Pconnector": true -} \ No newline at end of file diff --git a/Tools/Create-Azure-Sentinel-Solution/V2/input/Solution_Salem.json b/Tools/Create-Azure-Sentinel-Solution/V2/input/Solution_Salem.json new file mode 100644 index 00000000000..8e662538741 --- /dev/null +++ b/Tools/Create-Azure-Sentinel-Solution/V2/input/Solution_Salem.json @@ -0,0 +1,16 @@ +{ + "Name": "Salem Virtual Cyber Analyst", + "Author": "Salem Cyber - support@salemcyber.com", + "Logo": "", + "Description": "Salem, AI Cyber analyst, **automatically investigates** Sentinel alerts and escalates validated threats that require your attention. \n\nThis integration allows you to send new Sentinel alerts to Salem for analysis and reporting.\n\n**Why Salem?** \n\nMost alerts are false positives. Salem automatically triages noisy cyber alerts to find a small number of threats that require your attention. \n\nSalem scales the impact of your cyber team by helping you respond well 24/7 to a wide range of security threats. \n\nSalem's AI learns from your team and customizes its analysis to your cyber relevant business context. \n\n**Get Started with Salem** \n\nYou can find and install Salem, AI cyber analyst in the [Azure Marketplace](https%3A%2F%2Fazuremarketplace.microsoft.com%2Fen-us%2Fmarketplace%2Fapps%2Fsaleminc1627928803559.salemcyber%3Ftab%3DOverview)", + "Workbooks": ["Workbooks/SalemDashboard.json"], + "Analytic Rules": [], + "Playbooks": ["Playbooks/SendAlertToSalem/azuredeploy.json"], + "Hunting Queries": [], + "Watchlists": [], + "BasePath": "C:\\Users\\jonwb\\github\\Azure-Sentinel\\Solutions\\Salem Virtual Cyber Analyst", + "Version": "1.0.0", + "Metadata": "SolutionMetadata.json", + "TemplateSpec": true, + "Is1PConnector": false +} \ No newline at end of file From 36f1223077b174c973d6401899f8a2cb59efbd33 Mon Sep 17 00:00:00 2001 From: jonbagg Date: Sun, 9 Jul 2023 09:40:11 -0400 Subject: [PATCH 04/26] Add Salem Workbook Metadata Adding Salem workbook metadata to the v2 create tool workbook metadata file per request from Sentinel Team --- .../V2/WorkbookMetadata/WorkbooksMetadata.json | 13 +++++++++++++ 1 file changed, 13 insertions(+) diff --git a/Tools/Create-Azure-Sentinel-Solution/V2/WorkbookMetadata/WorkbooksMetadata.json b/Tools/Create-Azure-Sentinel-Solution/V2/WorkbookMetadata/WorkbooksMetadata.json index 24a46369483..01275a17a97 100644 --- a/Tools/Create-Azure-Sentinel-Solution/V2/WorkbookMetadata/WorkbooksMetadata.json +++ b/Tools/Create-Azure-Sentinel-Solution/V2/WorkbookMetadata/WorkbooksMetadata.json @@ -1,4 +1,17 @@ [ + { + "workbookKey": "SalemDashboard", + "logoFileName": "salem_logo.svg", + "description": "Monitor Salem Performance", + "dataTypesDependencies": [ "SalemAlerts_CL" ], + "dataConnectorsDependencies": [], + "previewImagesFileNames": [], + "version": "1.0.0", + "title": "Salem Alerts Workbook", + "templateRelativePath": "SalemDashboard.json", + "subtitle": "", + "provider": "SalemCyber" + }, { "workbookKey": "42CrunchAPIProtectionWorkbook", "logoFileName": "42CrunchLogo.svg", From da126ea31a6902ef52353b3bf831cce68ae1420e Mon Sep 17 00:00:00 2001 From: jonbagg Date: Sun, 9 Jul 2023 09:59:19 -0400 Subject: [PATCH 05/26] Update Solution to use v2 tool creation --- .../Playbooks/SendAlertToSalem/azuredeploy.json | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/Solutions/Salem Virtual Cyber Analyst/Playbooks/SendAlertToSalem/azuredeploy.json b/Solutions/Salem Virtual Cyber Analyst/Playbooks/SendAlertToSalem/azuredeploy.json index bb470384cd1..def0d9cfc53 100644 --- a/Solutions/Salem Virtual Cyber Analyst/Playbooks/SendAlertToSalem/azuredeploy.json +++ b/Solutions/Salem Virtual Cyber Analyst/Playbooks/SendAlertToSalem/azuredeploy.json @@ -40,8 +40,8 @@ } }, "variables": { - "SalemEventHubConnectionName": "[concat('SalemEventHub-', parameters('PlaybookName'))]", - "SentinelConnectionName": "[concat('MicrosoftSentinel-', parameters('PlaybookName'))]" + "SalemEventHubConnectionName": "Salem-EventHub", + "SentinelConnectionName": "Salem-MicrosoftSentinel" }, "resources": [ { From 75a009df80d2d5f588daa589d1e08593d5715e73 Mon Sep 17 00:00:00 2001 From: jonbagg Date: Sun, 9 Jul 2023 09:59:41 -0400 Subject: [PATCH 06/26] Update to v2 --- .../Create-Azure-Sentinel-Solution/V2/input/Solution_Salem.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Tools/Create-Azure-Sentinel-Solution/V2/input/Solution_Salem.json b/Tools/Create-Azure-Sentinel-Solution/V2/input/Solution_Salem.json index 8e662538741..9426153c194 100644 --- a/Tools/Create-Azure-Sentinel-Solution/V2/input/Solution_Salem.json +++ b/Tools/Create-Azure-Sentinel-Solution/V2/input/Solution_Salem.json @@ -9,7 +9,7 @@ "Hunting Queries": [], "Watchlists": [], "BasePath": "C:\\Users\\jonwb\\github\\Azure-Sentinel\\Solutions\\Salem Virtual Cyber Analyst", - "Version": "1.0.0", + "Version": "2.0.0", "Metadata": "SolutionMetadata.json", "TemplateSpec": true, "Is1PConnector": false From 9e02e09e815b93163c7d89fd2b2fac623b884be6 Mon Sep 17 00:00:00 2001 From: jonbagg Date: Tue, 11 Jul 2023 09:28:42 -0400 Subject: [PATCH 07/26] Update to resolve conflicts --- .../V2/MigratedContent/PlaybooksMigrated.json | 258 + .../WorkbookMetadata/WorkbooksMetadata.json | 15030 +++++++++++----- 2 files changed, 10384 insertions(+), 4904 deletions(-) create mode 100644 Tools/Create-Azure-Sentinel-Solution/V2/MigratedContent/PlaybooksMigrated.json diff --git a/Tools/Create-Azure-Sentinel-Solution/V2/MigratedContent/PlaybooksMigrated.json b/Tools/Create-Azure-Sentinel-Solution/V2/MigratedContent/PlaybooksMigrated.json new file mode 100644 index 00000000000..978ee6f0b56 --- /dev/null +++ b/Tools/Create-Azure-Sentinel-Solution/V2/MigratedContent/PlaybooksMigrated.json @@ -0,0 +1,258 @@ +[ + { + "OldPath": "Playbooks/Get-VirusTotalDomainReport", + "NewPath": "Solutions/VirusTotal/Playbooks/Get-VirusTotalDomainReport" + }, + { + "OldPath": "Playbooks/Get-VirusTotalFileInfo", + "NewPath": "Solutions/VirusTotal/Playbooks/Get-VirusTotalFileInfo" + }, + { + "OldPath": "Playbooks/Get-VirusTotalURLReport", + "NewPath": "Solutions/VirusTotal/Playbooks/Get-VirusTotalURLReport" + }, + { + "OldPath": "Playbooks/Get-VirusTotalIPReport", + "NewPath": "Solutions/VirusTotal/Playbooks/Get-VirusTotalIPReport" + }, + { + "OldPath": "Playbooks/Watchlist-Add-HostToWatchList", + "NewPath": "Solutions/Watchlists Utilities/Playbooks/Watchlist-Add-HostToWatchList" + }, + { + "OldPath": "Playbooks/Watchlist-Add-IPToWatchList", + "NewPath": "Solutions/Watchlists Utilities/Playbooks/Watchlist-Add-IPToWatchList" + }, + { + "OldPath": "Playbooks/Watchlist-Add-URLToWatchList", + "NewPath": "Solutions/Watchlists Utilities/Playbooks/Watchlist-Add-URLToWatchList" + }, + { + "OldPath": "Playbooks/Watchlist-Add-UserToWatchList", + "NewPath": "Solutions/Watchlists Utilities/Playbooks/Watchlist-Add-UserToWatchList" + }, + { + "OldPath": "Playbooks/Watchlist-ChangeIncidentSeverityandTitleIFUserVIP", + "NewPath": "Solutions/Watchlists Utilities/Playbooks/Watchlist-ChangeIncidentSeverityandTitleIFUserVIP" + }, + { + "OldPath": "Playbooks/Watchlist-CloseIncidentKnownIPs", + "NewPath": "Solutions/Watchlists Utilities/Playbooks/Watchlist-CloseIncidentKnownIPs" + }, + { + "OldPath": "Playbooks/Watchlist-InformSubowner-IncidentTrigger", + "NewPath": "Solutions/Watchlists Utilities/Playbooks/Watchlist-InformSubowner-IncidentTrigger" + }, + { + "OldPath": "Playbooks/Create-SNOW-record", + "NewPath": "Solutions/Servicenow/Playbooks/Create-SNOW-record" + }, + { + "OldPath": "Playbooks/SNOW-CreateAndUpdateIncident", + "NewPath": "Solutions/Servicenow/Playbooks/SNOW-CreateAndUpdateIncident" + }, + { + "OldPath": "Playbooks/AzureFirewall/AzureFirewall-AddIPtoTIAllowList", + "NewPath": "Solutions/Azure Firewall/Playbooks/AzureFirewall-AddIPtoTIAllowList" + }, + { + "OldPath": "Playbooks/CrowdStrike/Playbooks/CrowdStrike_Base", + "NewPath": "Solutions/CrowdStrike Falcon Endpoint Protection/Playbooks/CrowdStrike_Base" + }, + { + "OldPath": "Playbooks/CrowdStrike/Playbooks/CrowdStrike_ContainHost", + "NewPath": "Solutions/CrowdStrike Falcon Endpoint Protection/Playbooks/CrowdStrike_ContainHost" + }, + { + "OldPath": "Playbooks/CrowdStrike/Playbooks/CrowdStrike_Enrichment_GetDeviceInformation", + "NewPath": "Solutions/CrowdStrike Falcon Endpoint Protection/Playbooks/CrowdStrike_Enrichment_GetDeviceInformation" + }, + { + "OldPath": "Playbooks/Incident-Assignment-Shifts", + "NewPath": "Solutions/SentinelSOARessentials/Playbooks/Incident-Assignment-Shifts" + }, + { + "OldPath": "Playbooks/Notify-IncidentClosed", + "NewPath": "Solutions/SentinelSOARessentials/Playbooks/Notify-IncidentClosed" + }, + { + "OldPath": "Playbooks/Notify-IncidentReopened", + "NewPath": "Solutions/SentinelSOARessentials/Playbooks/Notify-IncidentReopened" + }, + { + "OldPath": "Playbooks/Notify-IncidentSeverityChanged", + "NewPath": "Solutions/SentinelSOARessentials/Playbooks/Notify-IncidentSeverityChanged" + }, + { + "OldPath": "Playbooks/Notify-Owner", + "NewPath": "Solutions/SentinelSOARessentials/Playbooks/Notify-Owner" + }, + { + "OldPath": "Playbooks/Post-Message-Slack", + "NewPath": "Solutions/SentinelSOARessentials/Playbooks/Post-Message-Slack" + }, + { + "OldPath": "Playbooks/Post-Message-Teams", + "NewPath": "Solutions/SentinelSOARessentials/Playbooks/Post-Message-Teams" + }, + { + "OldPath": "Playbooks/Send-basic-email", + "NewPath": "Solutions/SentinelSOARessentials/Playbooks/Send-basic-email" + }, + { + "OldPath": "Playbooks/Send-email-with-formatted-incident-report", + "NewPath": "Solutions/SentinelSOARessentials/Playbooks/Send-email-with-formatted-incident-report" + }, + { + "OldPath": "Playbooks/relateAlertsToIncident-basedOnIP", + "NewPath": "Solutions/SentinelSOARessentials/Playbooks/relateAlertsToIncident-basedOnIP" + }, + { + "OldPath": "Playbooks/Isolate-MDEMachine", + "NewPath": "Solutions/MicrosoftDefenderForEndpoint/Playbooks/Isolate-MDEMachine" + }, + { + "OldPath": "Playbooks/Restrict-MDEAppExecution", + "NewPath": "Solutions/MicrosoftDefenderForEndpoint/Playbooks/Restrict-MDEAppExecution" + }, + { + "OldPath": "Playbooks/Restrict-MDEDomain", + "NewPath": "Solutions/MicrosoftDefenderForEndpoint/Playbooks/Restrict-MDEDomain" + }, + { + "OldPath": "Playbooks/Restrict-MDEFileHash", + "NewPath": "Solutions/MicrosoftDefenderForEndpoint/Playbooks/Restrict-MDEFileHash" + }, + { + "OldPath": "Playbooks/Restrict-MDEIPAddress", + "NewPath": "Solutions/MicrosoftDefenderForEndpoint/Playbooks/Restrict-MDEIPAddress" + }, + { + "OldPath": "Playbooks/Restrict-MDEUrl", + "NewPath": "Solutions/MicrosoftDefenderForEndpoint/Playbooks/Restrict-MDEUrl" + }, + { + "OldPath": "Playbooks/Run-MDEAntivirus", + "NewPath": "Solutions/MicrosoftDefenderForEndpoint/Playbooks/Run-MDEAntivirus" + }, + { + "OldPath": "Playbooks/Unisolate-MDEMachine", + "NewPath": "Solutions/MicrosoftDefenderForEndpoint/Playbooks/Unisolate-MDEMachine" + }, + { + "OldPath": "Playbooks/AzureFirewall/AzureFirewall-BlockIP-addNewRule", + "NewPath": "Solutions/Azure Firewall/Playbooks/AzureFirewall-BlockIP-addNewRule" + }, + { + "OldPath": "Playbooks/AzureFirewall/AzureFirewall-BlockIP-addToIPGroup", + "NewPath": "Solutions/Azure Firewall/Playbooks/AzureFirewall-BlockIP-addToIPGroup" + }, + { + "OldPath": "Playbooks/AzureFirewall/AzureFirewallConnector", + "NewPath": "Solutions/Azure Firewall/Playbooks/AzureFirewallConnector" + }, + { + "OldPath": "Playbooks/Advanced-SNOW-Teams-Integration", + "NewPath": "Solutions/Teams/Playbooks/Advanced-SNOW-Teams-Integration" + }, + { + "OldPath": "Playbooks/IdentityProtection-TeamsBotResponse", + "NewPath": "Solutions/Teams/Playbooks/IdentityProtection-TeamsBotResponse" + }, + { + "OldPath": "Playbooks/Send-Teams-adaptive-card-on-incident-creation", + "NewPath": "Solutions/Teams/Playbooks/Send-Teams-adaptive-card-on-incident-creation" + }, + { + "OldPath": "Playbooks/CiscoFirepower/CustomConnector", + "NewPath": "Solutions/Cisco Firepower EStreamer/Playbooks/CustomConnector" + }, + { + "OldPath": "Playbooks/CiscoFirepower/CiscoFirepower-BlockFQDN-NetworkGroup", + "NewPath": "Solutions/Cisco Firepower EStreamer/Playbooks/CiscoFirepower-BlockFQDN-NetworkGroup" + }, + { + "OldPath": "Playbooks/CiscoFirepower/CiscoFirepower-BlockIP-NetworkGroup", + "NewPath": "Solutions/Cisco Firepower EStreamer/Playbooks/CiscoFirepower-BlockIP-NetworkGroup" + }, + { + "OldPath": "Playbooks/CiscoFirepower/CiscoFirepower-BlockIP-Teams", + "NewPath": "Solutions/Cisco Firepower EStreamer/Playbooks/CiscoFirepower-BlockIP-Teams" + }, + { + "OldPath": "Playbooks/Confirm-AADRiskyUser", + "NewPath": "Solutions/Azure Active directory Identity Protection/Playbooks/Confirm-AADRiskyUser" + }, + { + "OldPath": "Playbooks/Dismiss-AADRiskyUser", + "NewPath": "Solutions/Azure Active directory Identity Protection/Playbooks/Dismiss-AADRiskyUser" + }, + { + "OldPath": "Playbooks/IdentityProtection-TeamsBotResponse", + "NewPath": "Solutions/Azure Active directory Identity Protection/Playbooks/IdentityProtection-TeamsBotResponse" + }, + { + "OldPath": "Playbooks/Block-AADUser", + "NewPath": "Solutions/Azure Active Directory/Playbooks/Block-AADUser" + }, + { + "OldPath": "Playbooks/Prompt-User", + "NewPath": "Solutions/Azure Active Directory/Playbooks/Prompt-User" + }, + { + "OldPath": "Playbooks/Reset-AADUserPassword", + "NewPath": "Solutions/Azure Active Directory/Playbooks/Reset-AADUserPassword" + }, + { + "OldPath": "Playbooks/Create-Jira-Issue", + "NewPath": "Solutions/AtlassianJiraAudit/Playbooks/Create-Jira-Issue" + }, + { + "OldPath": "Playbooks/Jira-CreateAndUpdateIssue", + "NewPath": "Solutions/AtlassianJiraAudit/Playbooks/Jira-CreateAndUpdateIssue" + }, + { + "OldPath": "Playbooks/Sync-IncidentsWithJira/Sync-AssignedUser", + "NewPath": "Solutions/AtlassianJiraAudit/Playbooks/Sync-AssignedUser" + }, + { + "OldPath": "Playbooks/Sync-IncidentsWithJira/Sync-Incidents", + "NewPath": "Solutions/AtlassianJiraAudit/Playbooks/Sync-Incidents" + }, + { + "OldPath": "Playbooks/CarbonBlack/Playbooks/CarbonBlack-DeviceEnrichment", + "NewPath": "Solutions/CarbonBlack/Playbooks/CarbonBlack-DeviceEnrichment" + }, + { + "OldPath": "Playbooks/CarbonBlack/Playbooks/CarbonBlack-QuarantineDevice", + "NewPath": "Solutions/CarbonBlack/Playbooks/CarbonBlack-QuarantineDevice" + }, + { + "OldPath": "Playbooks/CarbonBlack/Playbooks/CarbonBlack-TakeDeviceActionFromTeams", + "NewPath": "Solutions/CarbonBlack/Playbooks/CarbonBlack-TakeDeviceActionFromTeams" + }, + { + "OldPath": "Playbooks/CarbonBlack/CarbonBlackConnector", + "NewPath": "Solutions/CarbonBlack/Playbooks/CarbonBlackConnector" + }, + { + "OldPath": "Playbooks/Sync-IncidentsWithJira/Add-JiraLinkComment", + "NewPath": "Solutions/AtlassianJiraAudit/Playbooks/Add-JiraLinkComment" + }, + { + "OldPath": "Playbooks/Sync-IncidentsWithJira/Sync-Comments", + "NewPath": "Solutions/AtlassianJiraAudit/Playbooks/Sync-CommentsFunctionApp" + }, + { + "OldPath": "Playbooks/Sync-IncidentsWithJira/Sync-Status", + "NewPath": "Solutions/AtlassianJiraAudit/Playbooks/Sync-Status" + }, + { + "OldPath": "Playbooks/CreateIncident-MicrosoftForms", + "NewPath": "Solutions/SentinelSOARessentials/Playbooks/CreateIncident-MicrosoftForms" + }, + { + "OldPath": "Playbooks/CreateIncident-SharedMailbox", + "NewPath": "Solutions/SentinelSOARessentials/Playbooks/CreateIncident-SharedMailbox" + } +] \ No newline at end of file diff --git a/Tools/Create-Azure-Sentinel-Solution/V2/WorkbookMetadata/WorkbooksMetadata.json b/Tools/Create-Azure-Sentinel-Solution/V2/WorkbookMetadata/WorkbooksMetadata.json index 01275a17a97..e17b3d3f259 100644 --- a/Tools/Create-Azure-Sentinel-Solution/V2/WorkbookMetadata/WorkbooksMetadata.json +++ b/Tools/Create-Azure-Sentinel-Solution/V2/WorkbookMetadata/WorkbooksMetadata.json @@ -1,5074 +1,10296 @@ [ - { - "workbookKey": "SalemDashboard", - "logoFileName": "salem_logo.svg", - "description": "Monitor Salem Performance", - "dataTypesDependencies": [ "SalemAlerts_CL" ], - "dataConnectorsDependencies": [], - "previewImagesFileNames": [], - "version": "1.0.0", - "title": "Salem Alerts Workbook", - "templateRelativePath": "SalemDashboard.json", - "subtitle": "", - "provider": "SalemCyber" - }, - { + { "workbookKey": "42CrunchAPIProtectionWorkbook", "logoFileName": "42CrunchLogo.svg", "description": "Monitor and protect APIs using the 42Crunch API microfirewall", - "dataTypesDependencies": [ "apifirewall_log_1_CL" ], - "dataConnectorsDependencies": [ "42CrunchAPIProtection" ], - "previewImagesFileNames": [ "42CrunchInstancesBlack.png", "42CrunchInstancesWhite.png", "42CrunchRequestsBlack.png", "42CrunchRequestsWhite.png", "42CrunchStatusBlack.png", "42CrunchStatusWhite.png" ], + "dataTypesDependencies": [ + "apifirewall_log_1_CL" + ], + "dataConnectorsDependencies": [ + "42CrunchAPIProtection" + ], + "previewImagesFileNames": [ + "42CrunchInstancesBlack.png", + "42CrunchInstancesWhite.png", + "42CrunchRequestsBlack.png", + "42CrunchRequestsWhite.png", + "42CrunchStatusBlack.png", + "42CrunchStatusWhite.png" + ], "version": "1.0.0", "title": "42Crunch API Protection Workbook", "templateRelativePath": "42CrunchAPIProtectionWorkbook.json", "subtitle": "", "provider": "42Crunch" - }, - { - "workbookKey": "ForcepointNGFWAdvanced", - "logoFileName": "FPAdvLogo.svg", - "description": "Gain threat intelligence correlated security and application insights on Forcepoint NGFW (Next Generation Firewall). Monitor Forcepoint logging servers health.", - "dataTypesDependencies": [ - "CommonSecurityLog", - "ThreatIntelligenceIndicator" - ], - "dataConnectorsDependencies": [ - "ForcepointNgfw", - "ThreatIntelligence" - ], - "previewImagesFileNames": [ - "ForcepointNGFWAdvancedWhite.png", - "ForcepointNGFWAdvancedBlack.png" - ], - "version": "1.0.0", - "title": "Forcepoint Next Generation Firewall (NGFW) Advanced Workbook", - "templateRelativePath": "ForcepointNGFWAdvanced.json", - "subtitle": "", - "provider": "Forcepoint" - }, - { - "workbookKey": "AzureActivityWorkbook", - "logoFileName": "azureactivity_logo.svg", - "description": "Gain extensive insight into your organization's Azure Activity by analyzing, and correlating all user operations and events.\nYou can learn about all user operations, trends, and anomalous changes over time.\nThis workbook gives you the ability to drill down into caller activities and summarize detected failure and warning events.", - "dataTypesDependencies": [ - "AzureActivity" - ], - "dataConnectorsDependencies": [ - "AzureActivity" - ], - "previewImagesFileNames": [ - "AzureActivityWhite1.png", - "AzureActivityBlack1.png" - ], - "version": "2.0.0", - "title": "Azure Activity", - "templateRelativePath": "AzureActivity.json", - "subtitle": "", - "provider": "Microsoft" - }, - { - "workbookKey": "IdentityAndAccessWorkbook", - "logoFileName": "Microsoft_logo.svg", - "description": "Gain insights into Identity and access operations by collecting and analyzing security logs, using the audit and sign-in logs to gather insights into use of Microsoft products.\nYou can view anomalies and trends across login events from all users and machines. This workbook also identifies suspicious entities from login and access events.", - "dataTypesDependencies": [ - "SecurityEvent" - ], - "dataConnectorsDependencies": [ - "SecurityEvents", - "WindowsSecurityEvents" - ], - "previewImagesFileNames": [ - "IdentityAndAccessWhite.png", - "IdentityAndAccessBlack.png" - ], - "version": "1.1.0", - "title": "Identity & Access", - "templateRelativePath": "IdentityAndAccess.json", - "subtitle": "", - "provider": "Microsoft" - }, - { - "workbookKey": "CheckPointWorkbook", - "logoFileName": "checkpoint_logo.svg", - "description": "Gain insights into Check Point network activities, including number of gateways and servers, security incidents, and identify infected hosts.", - "dataTypesDependencies": [ - "CommonSecurityLog" - ], - "dataConnectorsDependencies": [ - "CheckPoint" - ], - "previewImagesFileNames": [ - "CheckPointWhite.png", - "CheckPointBlack.png" - ], - "version": "1.0.0", - "title": "Check Point Software Technologies", - "templateRelativePath": "CheckPoint.json", - "subtitle": "", - "provider": "Check Point" - }, - { - "workbookKey": "CiscoWorkbook", - "logoFileName": "cisco_logo.svg", - "description": "Gain insights into your Cisco ASA firewalls by analyzing traffic, events, and firewall operations.\nThis workbook analyzes Cisco ASA threat events and identifies suspicious ports, users, protocols and IP addresses.\nYou can learn about trends across user and data traffic directions, and drill down into the Cisco filter results.\nEasily detect attacks on your organization by monitoring management operations, such as configuration and logins.", - "dataTypesDependencies": [ - "CommonSecurityLog" - ], - "dataConnectorsDependencies": [ - "CiscoASA" - ], - "previewImagesFileNames": [ - "CiscoWhite.png", - "CiscoBlack.png" - ], - "version": "1.1.0", - "title": "Cisco - ASA", - "templateRelativePath": "Cisco.json", - "subtitle": "", - "provider": "Microsoft" - }, - { - "workbookKey": "ExchangeOnlineWorkbook", - "logoFileName": "office365_logo.svg", - "description": "Gain insights into Microsoft Exchange online by tracing and analyzing all Exchange operations and user activities.\nThis workbook let you monitor user activities, including logins, account operations, permission changes, and mailbox creations to discover suspicious trends among them.", - "dataTypesDependencies": [ - "OfficeActivity" - ], - "dataConnectorsDependencies": [ - "Office365" - ], - "previewImagesFileNames": [ - "ExchangeOnlineWhite.png", - "ExchangeOnlineBlack.png" - ], - "version": "2.0.0", - "title": "Exchange Online", - "templateRelativePath": "ExchangeOnline.json", - "subtitle": "", - "provider": "Microsoft" - }, - { - "workbookKey": "PaloAltoOverviewWorkbook", - "logoFileName": "paloalto_logo.svg", - "description": "Gain insights and comprehensive monitoring into Palo Alto firewalls by analyzing traffic and activities.\nThis workbook correlates all Palo Alto data with threat events to identify suspicious entities and relationships.\nYou can learn about trends across user and data traffic, and drill down into Palo Alto Wildfire and filter results.", - "dataTypesDependencies": [ - "CommonSecurityLog" - ], - "dataConnectorsDependencies": [ - "PaloAltoNetworks" - ], - "previewImagesFileNames": [ - "PaloAltoOverviewWhite1.png", - "PaloAltoOverviewBlack1.png", - "PaloAltoOverviewWhite2.png", - "PaloAltoOverviewBlack2.png", - "PaloAltoOverviewWhite3.png", - "PaloAltoOverviewBlack3.png" - ], - "version": "1.2.0", - "title": "Palo Alto overview", - "templateRelativePath": "PaloAltoOverview.json", - "subtitle": "", - "provider": "Microsoft" - }, - { - "workbookKey": "PaloAltoNetworkThreatWorkbook", - "logoFileName": "paloalto_logo.svg", - "description": "Gain insights into Palo Alto network activities by analyzing threat events.\nYou can extract meaningful security information by correlating data between threats, applications, and time.\nThis workbook makes it easy to track malware, vulnerability, and virus log events.", - "dataTypesDependencies": [ - "CommonSecurityLog" - ], - "dataConnectorsDependencies": [ - "PaloAltoNetworks" - ], - "previewImagesFileNames": [ - "PaloAltoNetworkThreatWhite1.png", - "PaloAltoNetworkThreatBlack1.png", - "PaloAltoNetworkThreatWhite2.png", - "PaloAltoNetworkThreatBlack2.png" - ], - "version": "1.1.0", - "title": "Palo Alto Network Threat", - "templateRelativePath": "PaloAltoNetworkThreat.json", - "subtitle": "", - "provider": "Palo Alto Networks" - }, - { - "workbookKey": "EsetSMCWorkbook", - "logoFileName": "eset-logo.svg", - "description": "Visualize events and threats from Eset Security Management Center.", - "dataTypesDependencies": [ - "eset_CL" - ], - "dataConnectorsDependencies": [ - "EsetSMC" - ], - "previewImagesFileNames": [ - "esetSMCWorkbook-black.png", - "esetSMCWorkbook-white.png" - ], - "version": "1.0.0", - "title": "Eset Security Management Center Overview", - "templateRelativePath": "esetSMCWorkbook.json", - "subtitle": "", - "provider": "Community" - }, - { - "workbookKey": "FortigateWorkbook", - "logoFileName": "fortinet_logo.svg", - "description": "Gain insights into Fortigate firewalls by analyzing traffic and activities.\nThis workbook finds correlations in Fortigate threat events and identifies suspicious ports, users, protocols and IP addresses.\nYou can learn about trends across user and data traffic, and drill down into the Fortigate filter results.\nEasily detect attacks on your organization by monitoring management operations such as configuration and logins.", - "dataTypesDependencies": [ - "CommonSecurityLog" - ], - "dataConnectorsDependencies": [ - "Fortinet" - ], - "previewImagesFileNames": [ - "FortigateWhite.png", - "FortigateBlack.png" - ], - "version": "1.1.0", - "title": "FortiGate", - "templateRelativePath": "Fortigate.json", - "subtitle": "", - "provider": "Microsoft" - }, - { - "workbookKey": "DnsWorkbook", - "logoFileName": "dns_logo.svg", - "description": "Gain extensive insight into your organization's DNS by analyzing, collecting and correlating all DNS events.\nThis workbook exposes a variety of information about suspicious queries, malicious IP addresses and domain operations.", - "dataTypesDependencies": [ - "DnsInventory", - "DnsEvents" - ], - "dataConnectorsDependencies": [ - "DNS" - ], - "previewImagesFileNames": [ - "DnsWhite.png", - "DnsBlack.png" - ], - "version": "1.3.0", - "title": "DNS", - "templateRelativePath": "Dns.json", - "subtitle": "", - "provider": "Microsoft" - }, - { - "workbookKey": "Office365Workbook", - "logoFileName": "office365_logo.svg", - "description": "Gain insights into Office 365 by tracing and analyzing all operations and activities. You can drill down into your SharePoint, OneDrive, and Exchange.\nThis workbook lets you find usage trends across users, files, folders, and mailboxes, making it easier to identify anomalies in your network.", - "dataTypesDependencies": [ - "OfficeActivity" - ], - "dataConnectorsDependencies": [ - "Office365" - ], - "previewImagesFileNames": [ - "Office365White1.png", - "Office365Black1.png", - "Office365White2.png", - "Office365Black2.png", - "Office365White3.png", - "Office365Black3.png" - ], - "version": "2.0.1", - "title": "Office 365", - "templateRelativePath": "Office365.json", - "subtitle": "", - "provider": "Microsoft" - }, - { - "workbookKey": "SharePointAndOneDriveWorkbook", - "logoFileName": "office365_logo.svg", - "description": "Gain insights into SharePoint and OneDrive by tracing and analyzing all operations and activities.\nYou can view trends across user operation, find correlations between users and files, and identify interesting information such as user IP addresses.", - "dataTypesDependencies": [ - "OfficeActivity" - ], - "dataConnectorsDependencies": [ - "Office365" - ], - "previewImagesFileNames": [ - "SharePointAndOneDriveBlack1.png", - "SharePointAndOneDriveBlack2.png", - "SharePointAndOneDriveWhite1.png", - "SharePointAndOneDriveWhite2.png" - ], - "version": "2.0.0", - "title": "SharePoint & OneDrive", - "templateRelativePath": "SharePointAndOneDrive.json", - "subtitle": "", - "provider": "Microsoft" - }, - { - "workbookKey": "AzureActiveDirectorySigninLogsWorkbook", - "logoFileName": "azureactivedirectory_logo.svg", - "description": "Gain insights into Azure Active Directory by connecting Microsoft Sentinel and using the sign-in logs to gather insights around Azure AD scenarios. \nYou can learn about sign-in operations, such as user sign-ins and locations, email addresses, and IP addresses of your users, as well as failed activities and the errors that triggered the failures.", - "dataTypesDependencies": [ - "SigninLogs" - ], - "dataConnectorsDependencies": [ - "AzureActiveDirectory" - ], - "previewImagesFileNames": [ - "AADsigninBlack1.png", - "AADsigninBlack2.png", - "AADsigninWhite1.png", - "AADsigninWhite2.png" - ], - "version": "2.4.0", - "title": "Azure AD Sign-in logs", - "templateRelativePath": "AzureActiveDirectorySignins.json", - "subtitle": "", - "provider": "Microsoft" - }, - { - "workbookKey": "VirtualMachinesInsightsWorkbook", - "logoFileName": "azurevirtualmachine_logo.svg", - "description": "Gain rich insight into your organization's virtual machines from Azure Monitor, which analyzes and correlates data in your VM network. \nYou will get visibility on your VM parameters and behavior, and will be able to trace sent and received data. \nIdentify malicious attackers and their targets, and drill down into the protocols, source and destination IP addresses, countries, and ports the attacks occur across.", - "dataTypesDependencies": [ - "VMConnection", - "ServiceMapComputer_CL", - "ServiceMapProcess_CL" - ], - "dataConnectorsDependencies": [], - "previewImagesFileNames": [ - "VMInsightBlack1.png", - "VMInsightWhite1.png" - ], - "version": "1.3.0", - "title": "VM insights", - "templateRelativePath": "VirtualMachinesInsights.json", - "subtitle": "", - "provider": "Microsoft" - }, - { - "workbookKey": "AzureActiveDirectoryAuditLogsWorkbook", - "logoFileName": "azureactivedirectory_logo.svg", - "description": "Gain insights into Azure Active Directory by connecting Microsoft Sentinel and using the audit logs to gather insights around Azure AD scenarios. \nYou can learn about user operations, including password and group management, device activities, and top active users and apps.", - "dataTypesDependencies": [ - "AuditLogs" - ], - "dataConnectorsDependencies": [ - "AzureActiveDirectory" - ], - "previewImagesFileNames": [ - "AzureADAuditLogsBlack1.png", - "AzureADAuditLogsWhite1.png" - ], - "version": "1.2.0", - "title": "Azure AD Audit logs", - "templateRelativePath": "AzureActiveDirectoryAuditLogs.json", - "subtitle": "", - "provider": "Microsoft" - }, - { - "workbookKey": "ThreatIntelligenceWorkbook", - "logoFileName": "", - "description": "Gain insights into threat indicators ingestion and search for indicators at scale across Microsoft 1st Party, 3rd Party, On-Premises, Hybrid, and Multi-Cloud Workloads. Indicators Search facilitates a simple interface for finding IP, File, Hash, Sender and more across your data. Seamless pivots to correlate indicators with Microsoft Sentinel: Incidents to make your threat intelligence actionable.", - "dataTypesDependencies": [ - "ThreatIntelligenceIndicator", - "SecurityIncident" - ], - "dataConnectorsDependencies": [ - "ThreatIntelligence", - "ThreatIntelligenceTaxii" - ], - "previewImagesFileNames": [ - "ThreatIntelligenceWhite.png", - "ThreatIntelligenceBlack.png" - ], - "version": "5.0.0", - "title": "Threat Intelligence", - "templateRelativePath": "ThreatIntelligence.json", - "subtitle": "", - "provider": "Microsoft" - }, - { - "workbookKey": "WebApplicationFirewallOverviewWorkbook", - "logoFileName": "waf_logo.svg", - "description": "Gain insights into your organization's Azure web application firewall (WAF). You will get a general overview of your application gateway firewall and application gateway access events.", - "dataTypesDependencies": [ - "AzureDiagnostics" - ], - "dataConnectorsDependencies": [ - "WAF" - ], - "previewImagesFileNames": [ - "WAFOverviewBlack.png", - "WAFOverviewWhite.png" - ], - "version": "1.1.0", - "title": "Microsoft Web Application Firewall (WAF) - overview", - "templateRelativePath": "WebApplicationFirewallOverview.json", - "subtitle": "", - "provider": "Microsoft" - }, - { - "workbookKey": "WebApplicationFirewallFirewallEventsWorkbook", - "logoFileName": "waf_logo.svg", - "description": "Gain insights into your organization's Azure web application firewall (WAF). You will get visibility in to your application gateway firewall. You can view anomalies and trends across all firewall event triggers, attack events, blocked URL addresses and more.", - "dataTypesDependencies": [ - "AzureDiagnostics" - ], - "dataConnectorsDependencies": [ - "WAF" - ], - "previewImagesFileNames": [ - "WAFFirewallEventsBlack1.png", - "WAFFirewallEventsBlack2.png", - "WAFFirewallEventsWhite1.png", - "WAFFirewallEventsWhite2.png" - ], - "version": "1.1.0", - "title": "Microsoft Web Application Firewall (WAF) - firewall events", - "templateRelativePath": "WebApplicationFirewallFirewallEvents.json", - "subtitle": "", - "provider": "Microsoft" - }, - { - "workbookKey": "WebApplicationFirewallGatewayAccessEventsWorkbook", - "logoFileName": "waf_logo.svg", - "description": "Gain insights into your organization's Azure web application firewall (WAF). You will get visibility in to your application gateway access events. You can view anomalies and trends across received and sent data, client IP addresses, URL addresses and more, and drill down into details.", - "dataTypesDependencies": [ - "AzureDiagnostics" - ], - "dataConnectorsDependencies": [ - "WAF" - ], - "previewImagesFileNames": [ - "WAFGatewayAccessEventsBlack1.png", - "WAFGatewayAccessEventsBlack2.png", - "WAFGatewayAccessEventsWhite1.png", - "WAFGatewayAccessEventsWhite2.png" - ], - "version": "1.2.0", - "title": "Microsoft Web Application Firewall (WAF) - gateway access events", - "templateRelativePath": "WebApplicationFirewallGatewayAccessEvents.json", - "subtitle": "", - "provider": "Microsoft" - }, - { - "workbookKey": "LinuxMachinesWorkbook", - "logoFileName": "azurevirtualmachine_logo.svg", - "description": "Gain insights into your workspaces' Linux machines by connecting Microsoft Sentinel and using the logs to gather insights around Linux events and errors.", - "dataTypesDependencies": [ - "Syslog" - ], - "dataConnectorsDependencies": [ - "Syslog" - ], - "previewImagesFileNames": [ - "LinuxMachinesWhite.png", - "LinuxMachinesBlack.png" - ], - "version": "1.1.0", - "title": "Linux machines", - "templateRelativePath": "LinuxMachines.json", - "subtitle": "", - "provider": "Microsoft" - }, - { - "workbookKey": "AzureFirewallWorkbook", - "logoFileName": "AzFirewalls.svg", - "description": "Gain insights into Azure Firewall events. You can learn about your application and network rules, see metrics for firewall activities across URLs, ports, and addresses across multiple workspaces.", - "dataTypesDependencies": [ - "AzureDiagnostics" - ], - "dataConnectorsDependencies": [ - "AzureFirewall" - ], - "previewImagesFileNames": [ - "AzureFirewallWorkbookWhite1.PNG", - "AzureFirewallWorkbookBlack1.PNG", - "AzureFirewallWorkbookWhite2.PNG", - "AzureFirewallWorkbookBlack2.PNG", - "AzureFirewallWorkbookWhite3.PNG", - "AzureFirewallWorkbookBlack3.PNG", - "AzureFirewallWorkbookWhite4.PNG", - "AzureFirewallWorkbookBlack4.PNG", - "AzureFirewallWorkbookWhite5.PNG", - "AzureFirewallWorkbookBlack5.PNG" - ], - "version": "1.3.0", - "title": "Azure Firewall", - "templateRelativePath": "AzureFirewallWorkbook.json", - "subtitle": "", - "provider": "Microsoft" - }, - { - "workbookKey": "AzureDDoSStandardProtection", - "logoFileName": "AzDDoS.svg", - "description": "This workbook visualizes security-relevant Azure DDoS events across several filterable panels. Offering a summary tab, metrics and a investigate tabs across multiple workspaces.", - "dataTypesDependencies": [ - "AzureDiagnostics" - ], - "dataConnectorsDependencies": [ - "DDOS" - ], - "previewImagesFileNames": [ - "AzureDDoSWhite1.PNG", - "AzureDDoSBlack1.PNG", - "AzureDDoSWhite2.PNG", - "AzureDDoSBlack2.PNG", - "AzureDDoSWhite2.PNG", - "AzureDDoSBlack2.PNG" - ], - "version": "1.0.2", - "title": "Azure DDoS Protection Workbook", - "templateRelativePath": "AzDDoSStandardWorkbook.json", - "subtitle": "", - "provider": "Microsoft" - }, - { - "workbookKey": "MicrosoftCloudAppSecurityWorkbook", - "logoFileName": "Microsoft_logo.svg", - "description": "Using this workbook, you can identify which cloud apps are being used in your organization, gain insights from usage trends and drill down to a specific user and application.", - "dataTypesDependencies": [ - "McasShadowItReporting" - ], - "dataConnectorsDependencies": [ - "MicrosoftCloudAppSecurity" - ], - "previewImagesFileNames": [ - "McasDiscoveryBlack.png", - "McasDiscoveryWhite.png" - ], - "version": "1.2.0", - "title": "Microsoft Cloud App Security - discovery logs", - "templateRelativePath": "MicrosoftCloudAppSecurity.json", - "subtitle": "", - "provider": "Microsoft" - }, - { - "workbookKey": "F5BIGIPSytemMetricsWorkbook", - "logoFileName": "f5_logo.svg", - "description": "Gain insight into F5 BIG-IP health and performance. This workbook provides visibility of various metrics including CPU, memory, connectivity, throughput and disk utilization.", - "dataTypesDependencies": [ - "F5Telemetry_system_CL", - "F5Telemetry_AVR_CL" - ], - "dataConnectorsDependencies": [ - "F5BigIp" - ], - "previewImagesFileNames": [ - "F5SMBlack.png", - "F5SMWhite.png" - ], - "version": "1.1.0", - "title": "F5 BIG-IP System Metrics", - "templateRelativePath": "F5BIGIPSystemMetrics.json", - "subtitle": "", - "provider": "F5 Networks" - }, - { - "workbookKey": "F5NetworksWorkbook", - "logoFileName": "f5_logo.svg", - "description": "Gain insights into F5 BIG-IP Application Security Manager (ASM), by analyzing traffic and activities.\nThis workbook provides insight into F5's web application firewall events and identifies attack traffic patterns across multiple ASM instances as well as overall BIG-IP health.", - "dataTypesDependencies": [ - "F5Telemetry_LTM_CL", - "F5Telemetry_system_CL", - "F5Telemetry_ASM_CL" - ], - "dataConnectorsDependencies": [ - "F5BigIp" - ], - "previewImagesFileNames": [ - "F5White.png", - "F5Black.png" - ], - "version": "1.1.0", - "title": "F5 BIG-IP ASM", - "templateRelativePath": "F5Networks.json", - "subtitle": "", - "provider": "F5 Networks" - }, - { - "workbookKey": "AzureNetworkWatcherWorkbook", - "logoFileName": "networkwatcher_logo.svg", - "description": "Gain deeper understanding of your organization's Azure network traffic by analyzing, and correlating Network Security Group flow logs. \nYou can trace malicious traffic flows, and drill down into their protocols, source and destination IP addresses, machines, countries, and subnets. \nThis workbook also helps you protect your network by identifying weak NSG rules.", - "dataTypesDependencies": [ - "AzureNetworkAnalytics_CL" - ], - "dataConnectorsDependencies": [], - "previewImagesFileNames": [ - "AzureNetworkWatcherWhite.png", - "AzureNetworkWatcherBlack.png" - ], - "version": "1.1.0", - "title": "Azure Network Watcher", - "templateRelativePath": "AzureNetworkWatcher.json", - "subtitle": "", - "provider": "Microsoft" - }, - { - "workbookKey": "ZscalerFirewallWorkbook", - "logoFileName": "zscaler_logo.svg", - "description": "Gain insights into your ZIA cloud firewall logs by connecting to Microsoft Sentinel.\nThe Zscaler firewall overview workbook provides an overview and ability to drill down into all cloud firewall activity in your Zscaler instance including non-web related networking events, security events, firewall rules, and bandwidth consumption", - "dataTypesDependencies": [ - "CommonSecurityLog" - ], - "dataConnectorsDependencies": [ - "Zscaler" - ], - "previewImagesFileNames": [ - "ZscalerFirewallWhite1.png", - "ZscalerFirewallBlack1.png", - "ZscalerFirewallWhite2.png", - "ZscalerFirewallBlack2.png" - ], - "version": "1.1.0", - "title": "Zscaler Firewall", - "templateRelativePath": "ZscalerFirewall.json", - "subtitle": "", - "provider": "Zscaler" - }, - { - "workbookKey": "ZscalerWebOverviewWorkbook", - "logoFileName": "zscaler_logo.svg", - "description": "Gain insights into your ZIA web logs by connecting to Microsoft Sentinel.\nThe Zscaler web overview workbook provides a bird's eye view and ability to drill down into all the security and networking events related to web transactions, types of devices, and bandwidth consumption.", - "dataTypesDependencies": [ - "CommonSecurityLog" - ], - "dataConnectorsDependencies": [ - "Zscaler" - ], - "previewImagesFileNames": [ - "ZscalerWebOverviewWhite.png", - "ZscalerWebOverviewBlack.png" - ], - "version": "1.1.0", - "title": "Zscaler Web Overview", - "templateRelativePath": "ZscalerWebOverview.json", - "subtitle": "", - "provider": "Zscaler" - }, - { - "workbookKey": "ZscalerThreatsOverviewWorkbook", - "logoFileName": "zscaler_logo.svg", - "description": "Gain insights into threats blocked by Zscaler Internet access on your network.\nThe Zscaler threat overview workbook shows your entire threat landscape including blocked malware, IPS/AV rules, and blocked cloud apps. Threats are displayed by threat categories, filetypes, inbound vs outbound threats, usernames, user location, and more.", - "dataTypesDependencies": [ - "CommonSecurityLog" - ], - "dataConnectorsDependencies": [ - "Zscaler" - ], - "previewImagesFileNames": [ - "ZscalerThreatsWhite.png", - "ZscalerThreatsBlack.png" - ], - "version": "1.2.0", - "title": "Zscaler Threats", - "templateRelativePath": "ZscalerThreats.json", - "subtitle": "", - "provider": "Zscaler" - }, - { - "workbookKey": "ZscalerOffice365AppsWorkbook", - "logoFileName": "zscaler_logo.svg", - "description": "Gain insights into Office 365 use on your network.\nThe Zscaler Office 365 overview workbook shows you the Microsoft apps running on your network and their individual bandwidth consumption. It also helps identify phishing attempts in which attackers disguised themselves as Microsoft services.", - "dataTypesDependencies": [ - "CommonSecurityLog" - ], - "dataConnectorsDependencies": [ - "Zscaler" - ], - "previewImagesFileNames": [ - "ZscalerOffice365White.png", - "ZscalerOffice365Black.png" - ], - "version": "1.1.0", - "title": "Zscaler Office365 Apps", - "templateRelativePath": "ZscalerOffice365Apps.json", - "subtitle": "", - "provider": "Zscaler" - }, - { - "workbookKey": "InsecureProtocolsWorkbook", - "logoFileName": "Microsoft_logo.svg", - "description": "Gain insights into insecure protocol traffic by collecting and analyzing security events from Microsoft products.\nYou can view analytics and quickly identify use of weak authentication as well as sources of legacy protocol traffic, like NTLM and SMBv1.\nYou will also have the ability to monitor use of weak ciphers, allowing you to find weak spots in your organization's security.", - "dataTypesDependencies": [ - "SecurityEvent", - "Event", - "SigninLogs" - ], - "dataConnectorsDependencies": [ - "SecurityEvents", - "AzureActiveDirectory", - "WindowsSecurityEvents" - ], - "previewImagesFileNames": [ - "InsecureProtocolsWhite1.png", - "InsecureProtocolsBlack1.png", - "InsecureProtocolsWhite2.png", - "InsecureProtocolsBlack2.png" - ], - "version": "2.1.0", - "title": "Insecure Protocols", - "templateRelativePath": "InsecureProtocols.json", - "subtitle": "", - "provider": "Microsoft" - }, - { - "workbookKey": "AmazonWebServicesNetworkActivitiesWorkbook", - "logoFileName": "amazon_web_services_Logo.svg", - "description": "Gain insights into AWS network related resource activities, including the creation, update, and deletions of security groups, network ACLs and routes, gateways, elastic load balancers, VPCs, subnets, and network interfaces.", - "dataTypesDependencies": [ - "AWSCloudTrail" - ], - "dataConnectorsDependencies": [ - "AWS" - ], - "previewImagesFileNames": [ - "AwsNetworkActivitiesWhite.png", - "AwsNetworkActivitiesBlack.png" - ], - "version": "1.0.0", - "title": "AWS Network Activities", - "templateRelativePath": "AmazonWebServicesNetworkActivities.json", - "subtitle": "", - "provider": "Microsoft" - }, - { - "workbookKey": "AmazonWebServicesUserActivitiesWorkbook", - "logoFileName": "amazon_web_services_Logo.svg", - "description": "Gain insights into AWS user activities, including failed sign-in attempts, IP addresses, regions, user agents, and identity types, as well as potential malicious user activities with assumed roles.", - "dataTypesDependencies": [ - "AWSCloudTrail" - ], - "dataConnectorsDependencies": [ - "AWS" - ], - "previewImagesFileNames": [ - "AwsUserActivitiesWhite.png", - "AwsUserActivitiesBlack.png" - ], - "version": "1.0.0", - "title": "AWS User Activities", - "templateRelativePath": "AmazonWebServicesUserActivities.json", - "subtitle": "", - "provider": "Microsoft" - }, - { - "workbookKey": "TrendMicroDeepSecurityAttackActivityWorkbook", - "logoFileName": "trendmicro_logo.svg", - "description": "Visualize and gain insights into the MITRE ATT&CK related activity detected by Trend Micro Deep Security.", - "dataTypesDependencies": [ - "CommonSecurityLog" - ], - "dataConnectorsDependencies": [ - "TrendMicro" - ], - "previewImagesFileNames": [ - "TrendMicroDeepSecurityAttackActivityWhite.png", - "TrendMicroDeepSecurityAttackActivityBlack.png" - ], - "version": "1.0.0", - "title": "Trend Micro Deep Security ATT&CK Related Activity", - "templateRelativePath": "TrendMicroDeepSecurityAttackActivity.json", - "subtitle": "", - "provider": "Trend Micro" - }, - { - "workbookKey": "TrendMicroDeepSecurityOverviewWorkbook", - "logoFileName": "trendmicro_logo.svg", - "description": "Gain insights into your Trend Micro Deep Security security event data by visualizing your Deep Security Anti-Malware, Firewall, Integrity Monitoring, Intrusion Prevention, Log Inspection, and Web Reputation event data.", - "dataTypesDependencies": [ - "CommonSecurityLog" - ], - "dataConnectorsDependencies": [ - "TrendMicro" - ], - "previewImagesFileNames": [ - "TrendMicroDeepSecurityOverviewWhite1.png", - "TrendMicroDeepSecurityOverviewBlack1.png", - "TrendMicroDeepSecurityOverviewWhite2.png", - "TrendMicroDeepSecurityOverviewBlack2.png" - ], - "version": "1.0.0", - "title": "Trend Micro Deep Security Events", - "templateRelativePath": "TrendMicroDeepSecurityOverview.json", - "subtitle": "", - "provider": "Trend Micro" - }, - { - "workbookKey": "ExtraHopDetectionSummaryWorkbook", - "logoFileName": "extrahop_logo.svg", - "description": "Gain insights into ExtraHop Reveal(x) detections by analyzing traffic and activities.\nThis workbook provides an overview of security detections in your organization's network, including high-risk detections and top participants.", - "dataTypesDependencies": [ - "CommonSecurityLog" - ], - "dataConnectorsDependencies": [ - "ExtraHopNetworks" - ], - "previewImagesFileNames": [ - "ExtrahopWhite.png", - "ExtrahopBlack.png" - ], - "version": "1.0.0", - "title": "ExtraHop", - "templateRelativePath": "ExtraHopDetectionSummary.json", - "subtitle": "", - "provider": "ExtraHop Networks" - }, - { - "workbookKey": "BarracudaCloudFirewallWorkbook", - "logoFileName": "barracuda_logo.svg", - "description": "Gain insights into your Barracuda CloudGen Firewall by analyzing firewall operations and events.\nThis workbook provides insights into rule enforcement, network activities, including number of connections, top users, and helps you identify applications that are popular on your network.", - "dataTypesDependencies": [ - "CommonSecurityLog", - "Syslog" - ], - "dataConnectorsDependencies": [ - "BarracudaCloudFirewall" - ], - "previewImagesFileNames": [ - "BarracudaWhite1.png", - "BarracudaBlack1.png", - "BarracudaWhite2.png", - "BarracudaBlack2.png" - ], - "version": "1.0.0", - "title": "Barracuda CloudGen FW", - "templateRelativePath": "Barracuda.json", - "subtitle": "", - "provider": "Barracuda" - }, - { - "workbookKey": "CitrixWorkbook", - "logoFileName": "citrix_logo.svg", - "description": "Citrix Analytics for Security aggregates and correlates information across network traffic, users, files and endpoints in Citrix environments. This generates actionable insights that enable Citrix administrators and security teams to remediate user security threats through automation while optimizing IT operations. Machine learning and artificial intelligence empowers Citrix Analytics for Security to identify and take automated action to prevent data exfiltration. While delivered as a cloud service, Citrix Analytics for Security can generate insights from resources located on-premises, in the cloud, or in hybrid architectures. The Citrix Analytics Workbook further enhances the value of both your Citrix Analytics for Security and Microsoft Sentinel. The Workbook enables you to integrate data sources together, helping you gain even richer insights. It also gives Security Operations (SOC) teams the ability to correlate data from disparate logs, helping you identify and proactively remediate security risk quickly. Additionally, valuable dashboards that were unique to the Citrix Analytics for Security can now be implemented in Sentinel. You can also create new custom Workbooks that were not previously available, helping extend the value of both investments.", - "dataTypesDependencies": [ - "CitrixAnalytics_userProfile_CL", - "CitrixAnalytics_riskScoreChange_CL", - "CitrixAnalytics_indicatorSummary_CL", - "CitrixAnalytics_indicatorEventDetails_CL" - ], - "dataConnectorsDependencies": [ - "Citrix" - ], - "previewImagesFileNames": [ - "CitrixWhite.png", - "CitrixBlack.png" - ], - "version": "2.1.0", - "title": "Citrix Analytics", - "templateRelativePath": "Citrix.json", - "subtitle": "", - "provider": "Citrix Systems Inc." - }, - { - "workbookKey": "OneIdentityWorkbook", - "logoFileName": "oneIdentity_logo.svg", - "description": "This simple workbook gives an overview of sessions going through your SafeGuard for Privileged Sessions device.", - "dataTypesDependencies": [ - "CommonSecurityLog" - ], - "dataConnectorsDependencies": [ - "OneIdentity" - ], - "previewImagesFileNames": [ - "OneIdentityWhite.png", - "OneIdentityBlack.png" - ], - "version": "1.0.0", - "title": "One Identity", - "templateRelativePath": "OneIdentity.json", - "subtitle": "", - "provider": "One Identity LLC." - }, - { - "workbookKey": "SecurityStatusWorkbook", - "logoFileName": "", - "description": "This workbook gives an overview of Security Settings for VMs and Azure Arc.", - "dataTypesDependencies": [ - "CommonSecurityLog", - "SecurityEvent", - "Syslog" - ], - "dataConnectorsDependencies": [], - "previewImagesFileNames": [ - "AzureSentinelSecurityStatusBlack.png", - "AzureSentinelSecurityStatusWhite.png" - ], - "version": "1.3.0", - "title": "Security Status", - "templateRelativePath": "SecurityStatus.json", - "subtitle": "", - "provider": "Microsoft" - }, - { - "workbookKey": "AzureSentinelSecurityAlertsWorkbook", - "logoFileName": "Azure_Sentinel.svg", - "description": "Security Alerts dashboard for alerts in your Microsoft Sentinel environment.", - "dataTypesDependencies": [ - "SecurityAlert" - ], - "dataConnectorsDependencies": [], - "previewImagesFileNames": [ - "AzureSentinelSecurityAlertsWhite.png", - "AzureSentinelSecurityAlertsBlack.png" - ], - "version": "1.1.0", - "title": "Security Alerts", - "templateRelativePath": "AzureSentinelSecurityAlerts.json", - "subtitle": "", - "provider": "Microsoft" - }, - { - "workbookKey": "SquadraTechnologiesSecRMMWorkbook", - "logoFileName": "SquadraTechnologiesLogo.svg", - "description": "This workbook gives an overview of security data for removable storage activity such as USB thumb drives and USB connected mobile devices.", - "dataTypesDependencies": [ - "secRMM_CL" - ], - "dataConnectorsDependencies": [ - "SquadraTechnologiesSecRmm" - ], - "previewImagesFileNames": [ - "SquadraTechnologiesSecRMMWhite.PNG", - "SquadraTechnologiesSecRMMBlack.PNG" - ], - "version": "1.0.0", - "title": "Squadra Technologies SecRMM - USB removable storage security", - "templateRelativePath": "SquadraTechnologiesSecRMM.json", - "subtitle": "", - "provider": "Squadra Technologies" - }, - { - "workbookKey": "IoT-Alerts", - "logoFileName": "IoTIcon.svg", - "description": "Gain insights into your IoT data workloads from Azure IoT Hub managed deployments, monitor alerts across all your IoT Hub deployments, detect devices at risk and act upon potential threats.", - "dataTypesDependencies": [ - "SecurityAlert" - ], - "dataConnectorsDependencies": [ - "IoT" - ], - "previewImagesFileNames": [ - "IOTBlack1.png", - "IOTWhite1.png" - ], - "version": "1.2.0", - "title": "Azure Defender for IoT Alerts", - "templateRelativePath": "IOT_Alerts.json", - "subtitle": "", - "provider": "Microsoft" - }, - { - "workbookKey": "IoTAssetDiscovery", - "logoFileName": "IoTIcon.svg", - "description": "IoT Devices asset discovery from Firewall logs By Azure Defender for IoT", - "dataTypesDependencies": [ - "CommonSecurityLog" - ], - "dataConnectorsDependencies": [ - "Fortinet" - ], - "previewImagesFileNames": [ - "workbook-iotassetdiscovery-screenshot-Black.PNG", - "workbook-iotassetdiscovery-screenshot-White.PNG" - ], - "version": "1.0.0", - "title": "IoT Asset Discovery", - "templateRelativePath": "IoTAssetDiscovery.json", - "subtitle": "", - "provider": "Microsoft" - }, - { - "workbookKey": "ForcepointCASBWorkbook", - "logoFileName": "FP_Green_Emblem_RGB-01.svg", - "description": "Get insights on user risk with the Forcepoint CASB (Cloud Access Security Broker) workbook.", - "dataTypesDependencies": [ - "CommonSecurityLog" - ], - "dataConnectorsDependencies": [ - "ForcepointCasb" - ], - "previewImagesFileNames": [ - "ForcepointCASBWhite.png", - "ForcepointCASBBlack.png" - ], - "version": "1.0.0", - "title": "Forcepoint Cloud Access Security Broker (CASB)", - "templateRelativePath": "ForcepointCASB.json", - "subtitle": "", - "provider": "Forcepoint" - }, - { - "workbookKey": "ForcepointNGFWWorkbook", - "logoFileName": "FP_Green_Emblem_RGB-01.svg", - "description": "Get insights on firewall activities with the Forcepoint NGFW (Next Generation Firewall) workbook.", - "dataTypesDependencies": [ - "CommonSecurityLog" - ], - "dataConnectorsDependencies": [ - "ForcepointNgfw" - ], - "previewImagesFileNames": [ - "ForcepointNGFWWhite.png", - "ForcepointNGFWBlack.png" - ], - "version": "1.0.0", - "title": "Forcepoint Next Generation Firewall (NGFW)", - "templateRelativePath": "ForcepointNGFW.json", - "subtitle": "", - "provider": "Forcepoint" - }, - { - "workbookKey": "ForcepointDLPWorkbook", - "logoFileName": "FP_Green_Emblem_RGB-01.svg", - "description": "Get insights on DLP incidents with the Forcepoint DLP (Data Loss Prevention) workbook.", - "dataTypesDependencies": [ - "ForcepointDLPEvents_CL" - ], - "dataConnectorsDependencies": [ - "ForcepointDlp" - ], - "previewImagesFileNames": [ - "ForcepointDLPWhite.png", - "ForcepointDLPBlack.png" - ], - "version": "1.0.0", - "title": "Forcepoint Data Loss Prevention (DLP)", - "templateRelativePath": "ForcepointDLP.json", - "subtitle": "", - "provider": "Forcepoint" - }, - { - "workbookKey": "ZimperiumMTDWorkbook", - "logoFileName": "ZIMPERIUM-logo_square2.svg", - "description": "This workbook provides insights on Zimperium Mobile Threat Defense (MTD) threats and mitigations.", - "dataTypesDependencies": [ - "ZimperiumThreatLog_CL", - "ZimperiumMitigationLog_CL" - ], - "dataConnectorsDependencies": [ - "ZimperiumMtdAlerts" - ], - "previewImagesFileNames": [ - "ZimperiumWhite.png", - "ZimperiumBlack.png" - ], - "version": "1.0.0", - "title": "Zimperium Mobile Threat Defense (MTD)", - "templateRelativePath": "ZimperiumWorkbooks.json", - "subtitle": "", - "provider": "Zimperium" - }, - { - "workbookKey": "AzureAuditActivityAndSigninWorkbook", - "logoFileName": "azureactivedirectory_logo.svg", - "description": "Gain insights into Azure Active Directory Audit, Activity and Signins with one workbook. This workbook can be used by Security and Azure administrators.", - "dataTypesDependencies": [ - "AzureActivity", - "AuditLogs", - "SigninLogs" - ], - "dataConnectorsDependencies": [ - "AzureActiveDirectory" - ], - "previewImagesFileNames": [ - "AzureAuditActivityAndSigninWhite1.png", - "AzureAuditActivityAndSigninWhite2.png", - "AzureAuditActivityAndSigninBlack1.png", - "AzureAuditActivityAndSigninBlack2.png" - ], - "version": "1.2.0", - "title": "Azure AD Audit, Activity and Sign-in logs", - "templateRelativePath": "AzureAuditActivityAndSignin.json", - "subtitle": "", - "provider": "Microsoft Sentinel community" - }, - { - "workbookKey": "WindowsFirewall", - "logoFileName": "Microsoft_logo.svg", - "description": "Gain insights into Windows Firewall logs in combination with security and Azure signin logs", - "dataTypesDependencies": [ - "WindowsFirewall", - "SecurityEvent", - "SigninLogs" - ], - "dataConnectorsDependencies": [ - "SecurityEvents", - "WindowsFirewall", - "WindowsSecurityEvents" - ], - "previewImagesFileNames": [ - "WindowsFirewallWhite1.png", - "WindowsFirewallWhite2.png", - "WindowsFirewallBlack1.png", - "WindowsFirewallBlack2.png" - ], - "version": "1.0.0", - "title": "Windows Firewall", - "templateRelativePath": "WindowsFirewall.json", - "subtitle": "", - "provider": "Microsoft Sentinel community" - }, - { - "workbookKey": "EventAnalyzerwWorkbook", - "logoFileName": "", - "description": "The Event Analyzer workbook allows to explore, audit and speed up analysis of Windows Event Logs, including all event details and attributes, such as security, application, system, setup, directory service, DNS and others.", - "dataTypesDependencies": [ - "SecurityEvent" - ], - "dataConnectorsDependencies": [ - "SecurityEvents", - "WindowsSecurityEvents" - ], - "previewImagesFileNames": [ - "EventAnalyzer-Workbook-White.png", - "EventAnalyzer-Workbook-Black.png" - ], - "version": "1.0.0", - "title": "Event Analyzer", - "templateRelativePath": "EventAnalyzer.json", - "subtitle": "", - "provider": "Microsoft Sentinel community" - }, - { - "workbookKey": "ASC-ComplianceandProtection", - "logoFileName": "", - "description": "Gain insight into regulatory compliance, alert trends, security posture, and more with this workbook based on Azure Security Center data.", - "dataTypesDependencies": [ - "SecurityAlert", - "ProtectionStatus", - "SecurityRecommendation", - "SecurityBaseline", - "SecurityBaselineSummary", - "Update", - "ConfigurationChange" - ], - "dataConnectorsDependencies": [ - "AzureSecurityCenter" - ], - "previewImagesFileNames": [ - "ASCCaPBlack.png", - "ASCCaPWhite.png" - ], - "version": "1.2.0", - "title": "ASC Compliance and Protection", - "templateRelativePath": "ASC-ComplianceandProtection.json", - "subtitle": "", - "provider": "Microsoft Sentinel community" - }, - { - "workbookKey": "AIVectraDetectWorkbook", - "logoFileName": "AIVectraDetect.svg", - "description": "Start investigating network attacks surfaced by Vectra Detect directly from Sentinel. View critical hosts, accounts, campaigns and detections. Also monitor Vectra system health and audit logs.", - "dataTypesDependencies": [ - "CommonSecurityLog" - ], - "dataConnectorsDependencies": [ - "AIVectraDetect" - ], - "previewImagesFileNames": [ - "AIVectraDetectWhite1.png", - "AIVectraDetectBlack1.png" - ], - "version": "1.1.1", - "title": "Vectra AI Detect", - "templateRelativePath": "AIVectraDetectWorkbook.json", - "subtitle": "", - "provider": "Vectra AI" - }, - { - "workbookKey": "Perimeter81OverviewWorkbook", - "logoFileName": "Perimeter81_Logo.svg", - "description": "Gain insights and comprehensive monitoring into your Perimeter 81 account by analyzing activities.", - "dataTypesDependencies": [ - "Perimeter81_CL" - ], - "dataConnectorsDependencies": [ - "Perimeter81ActivityLogs" - ], - "previewImagesFileNames": [ - "Perimeter81OverviewWhite1.png", - "Perimeter81OverviewBlack1.png", - "Perimeter81OverviewWhite2.png", - "Perimeter81OverviewBlack2.png" - ], - "version": "1.0.0", - "title": "Perimeter 81 Overview", - "templateRelativePath": "Perimeter81OverviewWorkbook.json", - "subtitle": "", - "provider": "Perimeter 81" - }, - { - "workbookKey": "SymantecProxySGWorkbook", - "logoFileName": "symantec_logo.svg", - "description": "Gain insight into Symantec ProxySG by analyzing, collecting and correlating proxy data.\nThis workbook provides visibility into ProxySG Access logs", - "dataTypesDependencies": [ - "Syslog" - ], - "dataConnectorsDependencies": [ - "SymantecProxySG" - ], - "previewImagesFileNames": [ - "SymantecProxySGWhite.png", - "SymantecProxySGBlack.png" - ], - "version": "1.0.0", - "title": "Symantec ProxySG", - "templateRelativePath": "SymantecProxySG.json", - "subtitle": "", - "provider": "Symantec" - }, - { - "workbookKey": "IllusiveASMWorkbook", - "logoFileName": "illusive_logo_workbook.svg", - "description": "Gain insights into your organization's Cyber Hygiene and Attack Surface risk.\nIllusive ASM automates discovery and clean-up of credential violations, allows drill-down inspection of pathways to critical assets, and provides risk insights that inform intelligent decision-making to reduce attacker mobility.", - "dataTypesDependencies": [ - "CommonSecurityLog" - ], - "dataConnectorsDependencies": [ - "illusiveAttackManagementSystem" - ], - "previewImagesFileNames": [ - "IllusiveASMWhite.png", - "IllusiveASMBlack.png" - ], - "version": "1.0.0", - "title": "Illusive ASM Dashboard", - "templateRelativePath": "IllusiveASM.json", - "subtitle": "", - "provider": "Illusive" - }, - { - "workbookKey": "IllusiveADSWorkbook", - "logoFileName": "illusive_logo_workbook.svg", - "description": "Gain insights into unauthorized lateral movement in your organization's network.\nIllusive ADS is designed to paralyzes attackers and eradicates in-network threats by creating a hostile environment for the attackers across all the layers of the attack surface.", - "dataTypesDependencies": [ - "CommonSecurityLog" - ], - "dataConnectorsDependencies": [ - "illusiveAttackManagementSystem" - ], - "previewImagesFileNames": [ - "IllusiveADSWhite.png", - "IllusiveADSBlack.png" - ], - "version": "1.0.0", - "title": "Illusive ADS Dashboard", - "templateRelativePath": "IllusiveADS.json", - "subtitle": "", - "provider": "Illusive" - }, - { - "workbookKey": "PulseConnectSecureWorkbook", - "logoFileName": "", - "description": "Gain insight into Pulse Secure VPN by analyzing, collecting and correlating vulnerability data.\nThis workbook provides visibility into user VPN activities", - "dataTypesDependencies": [ - "Syslog" - ], - "dataConnectorsDependencies": [ - "PulseConnectSecure" - ], - "previewImagesFileNames": [ - "PulseConnectSecureWhite.png", - "PulseConnectSecureBlack.png" - ], - "version": "1.0.0", - "title": "Pulse Connect Secure", - "templateRelativePath": "PulseConnectSecure.json", - "subtitle": "", - "provider": "Pulse Secure" - }, - { - "workbookKey": "InfobloxNIOSWorkbook", - "logoFileName": "infoblox_logo.svg", - "description": "Gain insight into Infoblox NIOS by analyzing, collecting and correlating DHCP and DNS data.\nThis workbook provides visibility into DHCP and DNS traffic", - "dataTypesDependencies": [ - "Syslog" - ], - "dataConnectorsDependencies": [ - "InfobloxNIOS" - ], - "previewImagesFileNames": [], - "version": "1.1.0", - "title": "Infoblox NIOS", - "templateRelativePath": "Infoblox-Workbook-V2.json", - "subtitle": "", - "provider": "Infoblox" - }, - { - "workbookKey": "SymantecVIPWorkbook", - "logoFileName": "symantec_logo.svg", - "description": "Gain insight into Symantec VIP by analyzing, collecting and correlating strong authentication data.\nThis workbook provides visibility into user authentications", - "dataTypesDependencies": [ - "Syslog" - ], - "dataConnectorsDependencies": [ - "SymantecVIP" - ], - "previewImagesFileNames": [ - "SymantecVIPWhite.png", - "SymantecVIPBlack.png" - ], - "version": "1.0.0", - "title": "Symantec VIP", - "templateRelativePath": "SymantecVIP.json", - "subtitle": "", - "provider": "Symantec" - }, - { - "workbookKey": "ProofPointTAPWorkbook", - "logoFileName": "proofpointlogo.svg", - "description": "Gain extensive insight into Proofpoint Targeted Attack Protection (TAP) by analyzing, collecting and correlating TAP log events.\nThis workbook provides visibility into message and click events that were permitted, delivered, or blocked", - "dataTypesDependencies": [ - "ProofPointTAPMessagesBlocked_CL", - "ProofPointTAPMessagesDelivered_CL", - "ProofPointTAPClicksPermitted_CL", - "ProofPointTAPClicksBlocked_CL" - ], - "dataConnectorsDependencies": [ - "ProofpointTAP" - ], - "previewImagesFileNames": [ - "ProofpointTAPWhite.png", - "ProofpointTAPBlack.png" - ], - "version": "1.0.0", - "title": "Proofpoint TAP", - "templateRelativePath": "ProofpointTAP.json", - "subtitle": "", - "provider": "Proofpoint" - }, - { - "workbookKey": "QualysVMWorkbook", - "logoFileName": "qualys_logo.svg", - "description": "Gain insight into Qualys Vulnerability Management by analyzing, collecting and correlating vulnerability data.\nThis workbook provides visibility into vulnerabilities detected from vulnerability scans", - "dataTypesDependencies": [ - "QualysHostDetection_CL" - ], - "dataConnectorsDependencies": [ - "QualysVulnerabilityManagement" - ], - "previewImagesFileNames": [ - "QualysVMWhite.png", - "QualysVMBlack.png" - ], - "version": "1.0.0", - "title": "Qualys Vulnerability Management", - "templateRelativePath": "QualysVM.json", - "subtitle": "", - "provider": "Qualys" - }, - { - "workbookKey": "QualysVMV2Workbook", - "logoFileName": "qualys_logo.svg", - "description": "Gain insight into Qualys Vulnerability Management by analyzing, collecting and correlating vulnerability data.\nThis workbook provides visibility into vulnerabilities detected from vulnerability scans", - "dataTypesDependencies": [ - "QualysHostDetectionV2_CL" - ], - "dataConnectorsDependencies": [ - "QualysVulnerabilityManagement" - ], - "previewImagesFileNames": [ - "QualysVMWhite.png", - "QualysVMBlack.png" - ], - "version": "1.0.0", - "title": "Qualys Vulnerability Management", - "templateRelativePath": "QualysVMv2.json", - "subtitle": "", - "provider": "Qualys" - }, - { - "workbookKey": "GitHubSecurityWorkbook", - "logoFileName": "GitHub.svg", - "description": "Gain insights to GitHub activities that may be interesting for security.", - "dataTypesDependencies": [ - "Github_CL", - "GitHubRepoLogs_CL" - ], - "dataConnectorsDependencies": [], - "previewImagesFileNames": [ - "GitHubSecurityWhite.png", - "GitHubSecurityBlack.png" - ], - "version": "1.0.0", - "title": "GitHub Security", - "templateRelativePath": "GitHubSecurityWorkbook.json", - "subtitle": "", - "provider": "Microsoft Sentinel community" - }, - { - "workbookKey": "VisualizationDemo", - "logoFileName": "", - "description": "Learn and explore the many ways of displaying information within Microsoft Sentinel workbooks", - "dataTypesDependencies": [ - "SecurityAlert" - ], - "dataConnectorsDependencies": [], - "previewImagesFileNames": [ - "VisualizationDemoBlack.png", - "VisualizationDemoWhite.png" - ], - "version": "1.0.0", - "title": "Visualizations Demo", - "templateRelativePath": "VisualizationDemo.json", - "subtitle": "", - "provider": "Microsoft Sentinel Community" - }, - { - "workbookKey": "SophosXGFirewallWorkbook", - "logoFileName": "sophos_logo.svg", - "description": "Gain insight into Sophos XG Firewall by analyzing, collecting and correlating firewall data.\nThis workbook provides visibility into network traffic", - "dataTypesDependencies": [ - "Syslog" - ], - "dataConnectorsDependencies": [ - "SophosXGFirewall" - ], - "previewImagesFileNames": [ - "SophosXGFirewallWhite.png", - "SophosXGFirewallBlack.png" - ], - "version": "1.0.0", - "title": "Sophos XG Firewall", - "templateRelativePath": "SophosXGFirewall.json", - "subtitle": "", - "provider": "Sophos" - }, - { - "workbookKey": "SysmonThreatHuntingWorkbook", - "logoFileName": "", - "description": "Simplify your threat hunts using Sysmon data mapped to MITRE ATT&CK data. This workbook gives you the ability to drilldown into system activity based on known ATT&CK techniques as well as other threat hunting entry points such as user activity, network connections or virtual machine Sysmon events.\nPlease note that for this workbook to work you must have deployed Sysmon on your virtual machines in line with the instructions at https://github.com/BlueTeamLabs/sentinel-attack/wiki/Onboarding-sysmon-data-to-Azure-Sentinel", - "dataTypesDependencies": [ - "Event" - ], - "dataConnectorsDependencies": [], - "previewImagesFileNames": [ - "SysmonThreatHuntingWhite1.png", - "SysmonThreatHuntingBlack1.png" - ], - "version": "1.4.0", - "title": "Sysmon Threat Hunting", - "templateRelativePath": "SysmonThreatHunting.json", - "subtitle": "", - "provider": "Microsoft Sentinel community" - }, - { - "workbookKey": "WebApplicationFirewallWAFTypeEventsWorkbook", - "logoFileName": "webapplicationfirewall(WAF)_logo.svg", - "description": "Gain insights into your organization's Azure web application firewall (WAF) across various services such as Azure Front Door Service and Application Gateway. You can view event triggers, full messages, attacks over time, among other data. Several aspects of the workbook are interactable to allow users to further understand their data", - "dataTypesDependencies": [ - "AzureDiagnostics" - ], - "dataConnectorsDependencies": [ - "WAF" - ], - "previewImagesFileNames": [ - "WAFFirewallWAFTypeEventsBlack1.PNG", - "WAFFirewallWAFTypeEventsBlack2.PNG", - "WAFFirewallWAFTypeEventsBlack3.PNG", - "WAFFirewallWAFTypeEventsBlack4.PNG", - "WAFFirewallWAFTypeEventsWhite1.png", - "WAFFirewallWAFTypeEventsWhite2.PNG", - "WAFFirewallWAFTypeEventsWhite3.PNG", - "WAFFirewallWAFTypeEventsWhite4.PNG" - ], - "version": "1.1.0", - "title": "Microsoft Web Application Firewall (WAF) - Azure WAF", - "templateRelativePath": "WebApplicationFirewallWAFTypeEvents.json", - "subtitle": "", - "provider": "Microsoft" - }, - { - "workbookKey": "OrcaAlertsOverviewWorkbook", - "logoFileName": "Orca_logo.svg", - "description": "A visualized overview of Orca security alerts.\nExplore, analize and learn about your security posture using Orca alerts Overview", - "dataTypesDependencies": [ - "OrcaAlerts_CL" - ], - "dataConnectorsDependencies": [ - "OrcaSecurityAlerts" - ], - "previewImagesFileNames": [ - "OrcaAlertsWhite.png", - "OrcaAlertsBlack.png" - ], - "version": "1.1.0", - "title": "Orca alerts overview", - "templateRelativePath": "OrcaAlerts.json", - "subtitle": "", - "provider": "Orca Security" - }, - { - "workbookKey": "CyberArkWorkbook", - "logoFileName": "CyberArk_Logo.svg", - "description": "The CyberArk Syslog connector allows you to easily connect all your CyberArk security solution logs with your Microsoft Sentinel, to view dashboards, create custom alerts, and improve investigation. Integration between CyberArk and Microsoft Sentinel makes use of the CEF Data Connector to properly parse and display CyberArk Syslog messages.", - "dataTypesDependencies": [ - "CommonSecurityLog" - ], - "dataConnectorsDependencies": [ - "CyberArk" - ], - "previewImagesFileNames": [ - "CyberArkActivitiesWhite.PNG", - "CyberArkActivitiesBlack.PNG" - ], - "version": "1.1.0", - "title": "CyberArk EPV Events", - "templateRelativePath": "CyberArkEPV.json", - "subtitle": "", - "provider": "CyberArk" - }, - { - "workbookKey": "UserEntityBehaviorAnalyticsWorkbook", - "logoFileName": "Azure_Sentinel.svg", - "description": "Identify compromised users and insider threats using User and Entity Behavior Analytics. Gain insights into anomalous user behavior from baselines learned from behavior patterns", - "dataTypesDependencies": [ - "BehaviorAnalytics" - ], - "dataConnectorsDependencies": [], - "previewImagesFileNames": [ - "UserEntityBehaviorAnalyticsBlack1.png", - "UserEntityBehaviorAnalyticsWhite1.png" - ], - "version": "1.2.0", - "title": "User And Entity Behavior Analytics", - "templateRelativePath": "UserEntityBehaviorAnalytics.json", - "subtitle": "", - "provider": "Microsoft" - }, - { - "workbookKey": "CitrixWAF", - "logoFileName": "citrix_logo.svg", - "description": "Gain insight into the Citrix WAF logs", - "dataTypesDependencies": [ - "CommonSecurityLog" - ], - "dataConnectorsDependencies": [ - "CitrixWAF" - ], - "previewImagesFileNames": [ - "CitrixWAFBlack.png", - "CitrixWAFWhite.png" - ], - "version": "1.0.0", - "title": "Citrix WAF (Web App Firewall)", - "templateRelativePath": "CitrixWAF.json", - "subtitle": "", - "provider": "Citrix Systems Inc." }, { - "workbookKey": "UnifiSGWorkbook", - "logoFileName": "", - "description": "Gain insights into Unifi Security Gateways analyzing traffic and activities.", - "dataTypesDependencies": [ - "CommonSecurityLog" - ], - "dataConnectorsDependencies": [], - "previewImagesFileNames": [ - "UnifiSGBlack.png", - "UnifiSGWhite.png" - ], - "version": "1.0.0", - "title": "Unifi Security Gateway", - "templateRelativePath": "UnfiSG.json", - "subtitle": "", - "provider": "Microsoft Sentinel community" - }, - { - "workbookKey": "UnifiSGNetflowWorkbook", - "logoFileName": "", - "description": "Gain insights into Unifi Security Gateways analyzing traffic and activities using Netflow.", - "dataTypesDependencies": [ - "netflow_CL" - ], - "dataConnectorsDependencies": [], - "previewImagesFileNames": [ - "UnifiSGNetflowBlack.png", - "UnifiSGNetflowWhite.png" - ], - "version": "1.0.0", - "title": "Unifi Security Gateway - NetFlow", - "templateRelativePath": "UnfiSGNetflow.json", - "subtitle": "", - "provider": "Microsoft Sentinel community" - }, - { - "workbookKey": "NormalizedNetworkEventsWorkbook", - "logoFileName": "Azure_Sentinel.svg", - "description": "See insights on multiple networking appliances and other network sessions, that have been parsed or mapped to the normalized networking sessions table. Note this requires enabling parsers for the different products - to learn more, visit https://aka.ms/sentinelnormalizationdocs", - "dataTypesDependencies": [], - "dataConnectorsDependencies": [], - "previewImagesFileNames": [ - "NormalizedNetworkEventsWhite.png", - "NormalizedNetworkEventsBlack.png" - ], - "version": "1.0.0", - "title": "Normalized network events", - "templateRelativePath": "NormalizedNetworkEvents.json", - "subtitle": "", - "provider": "Microsoft" - }, - { - "workbookKey": "WorkspaceAuditingWorkbook", - "logoFileName": "Azure_Sentinel.svg", - "description": "Workspace auditing report\r\nUse this report to understand query runs across your workspace.", - "dataTypesDependencies": [ - "LAQueryLogs" - ], - "dataConnectorsDependencies": [], - "previewImagesFileNames": [ - "WorkspaceAuditingWhite.png", - "WorkspaceAuditingBlack.png" - ], - "version": "1.0.0", - "title": "Workspace audit", - "templateRelativePath": "WorkspaceAuditing.json", - "subtitle": "", - "provider": "Microsoft Sentinel community" - }, - { - "workbookKey": "MITREATTACKWorkbook", - "logoFileName": "Azure_Sentinel.svg", - "description": "Workbook to showcase MITRE ATT&CK Coverage for Microsoft Sentinel", - "dataTypesDependencies": ["SecurityAlert"], - "dataConnectorsDependencies": [], - "previewImagesFileNames": [ - "MITREATTACKWhite1.PNG", - "MITREATTACKWhite2.PNG", - "MITREATTACKBlack1.PNG", - "MITREATTACKBlack2.PNG" - ], - "version": "1.0.1", - "title": "MITRE ATT&CK Workbook", - "templateRelativePath": "MITREAttack.json", - "subtitle": "", - "provider": "Microsoft Sentinel community" - }, - { - "workbookKey": "BETTERMTDWorkbook", - "logoFileName": "BETTER_MTD_logo.svg", - "description": "Workbook using the BETTER Mobile Threat Defense (MTD) connector, to give insights into your mobile devices, installed application and overall device security posture.", - "dataTypesDependencies": [ - "BetterMTDDeviceLog_CL", - "BetterMTDAppLog_CL", - "BetterMTDIncidentLog_CL", - "BetterMTDNetflowLog_CL" - ], - "dataConnectorsDependencies": [ - "BetterMTD" - ], - "previewImagesFileNames": [ - "BetterMTDWorkbookPreviewWhite1.png", - "BetterMTDWorkbookPreviewWhite2.png", - "BetterMTDWorkbookPreviewWhite3.png", - "BetterMTDWorkbookPreviewBlack1.png", - "BetterMTDWorkbookPreviewBlack2.png", - "BetterMTDWorkbookPreviewBlack3.png" - ], - "version": "1.1.0", - "title": "BETTER Mobile Threat Defense (MTD)", - "templateRelativePath": "BETTER_MTD_Workbook.json", - "subtitle": "", - "provider": "BETTER Mobile" - }, - { - "workbookKey": "AlsidIoEWorkbook", - "logoFileName": "Alsid.svg", - "description": "Workbook showcasing the state and evolution of your Alsid for AD Indicators of Exposures alerts.", - "dataTypesDependencies": [ - "AlsidForADLog_CL" - ], - "dataConnectorsDependencies": [ - "AlsidForAD" - ], - "previewImagesFileNames": [ - "AlsidIoEBlack1.png", - "AlsidIoEBlack2.png", - "AlsidIoEBlack3.png", - "AlsidIoEWhite1.png", - "AlsidIoEWhite2.png", - "AlsidIoEWhite3.png" - ], - "version": "1.0.0", - "title": "Alsid for AD | Indicators of Exposure", - "templateRelativePath": "AlsidIoE.json", - "subtitle": "", - "provider": "Alsid" - }, - { - "workbookKey": "AlsidIoAWorkbook", - "logoFileName": "Alsid.svg", - "description": "Workbook showcasing the state and evolution of your Alsid for AD Indicators of Attack alerts.", - "dataTypesDependencies": [ - "AlsidForADLog_CL" - ], - "dataConnectorsDependencies": [ - "AlsidForAD" - ], - "previewImagesFileNames": [ - "AlsidIoABlack1.png", - "AlsidIoABlack2.png", - "AlsidIoABlack3.png", - "AlsidIoAWhite1.png", - "AlsidIoAWhite2.png", - "AlsidIoAWhite3.png" - ], - "version": "1.0.0", - "title": "Alsid for AD | Indicators of Attack", - "templateRelativePath": "AlsidIoA.json", - "subtitle": "", - "provider": "Alsid" - }, - { - "workbookKey": "InvestigationInsightsWorkbook", - "logoFileName": "Microsoft_logo.svg", - "description": "Help analysts gain insight into incident, bookmark and entity data through the Investigation Insights Workbook. This workbook provides common queries and detailed visualizations to help an analyst investigate suspicious activities quickly with an easy to use interface. Analysts can start their investigation from a Microsoft Sentinel incident, bookmark, or by simply entering the entity data into the workbook manually.", - "dataTypesDependencies": [ - "AuditLogs", - "AzureActivity", - "CommonSecurityLog", - "OfficeActivity", - "SecurityEvent", - "SigninLogs", - "ThreatIntelligenceIndicator" - ], - "dataConnectorsDependencies": [ - "AzureActivity", - "SecurityEvents", - "Office365", - "AzureActiveDirectory", - "ThreatIntelligence", - "ThreatIntelligenceTaxii", - "WindowsSecurityEvents" - ], - "previewImagesFileNames": [ - "InvestigationInsightsWhite1.png", - "InvestigationInsightsBlack1.png", - "InvestigationInsightsWhite2.png", - "InvestigationInsightsBlack2.png" - ], - "version": "1.4.0", - "title": "Investigation Insights", - "templateRelativePath": "InvestigationInsights.json", - "subtitle": "", - "provider": "Microsoft Sentinel community" - }, - { - "workbookKey": "AksSecurityWorkbook", - "logoFileName": "Kubernetes_services.svg", - "description": "See insights about the security of your AKS clusters. The workbook helps to identify sensitive operations in the clusters and get insights based on Azure Defender alerts.", - "dataTypesDependencies": [ - "SecurityAlert", - "AzureDiagnostics" - ], - "dataConnectorsDependencies": [ - "AzureSecurityCenter", - "AzureKubernetes" - ], - "previewImagesFileNames": [ - "AksSecurityWhite.png", - "AksSecurityBlack.png" - ], - "version": "1.5.0", - "title": "Azure Kubernetes Service (AKS) Security", - "templateRelativePath": "AksSecurity.json", - "subtitle": "", - "provider": "Microsoft" - }, - { - "workbookKey": "AzureKeyVaultWorkbook", - "logoFileName": "KeyVault.svg", - "description": "See insights about the security of your Azure key vaults. The workbook helps to identify sensitive operations in the key vaults and get insights based on Azure Defender alerts.", - "dataTypesDependencies": [ - "SecurityAlert", - "AzureDiagnostics" - ], - "dataConnectorsDependencies": [ - "AzureSecurityCenter", - "AzureKeyVault" - ], - "previewImagesFileNames": [ - "AkvSecurityWhite.png", - "AkvSecurityBlack.png" - ], - "version": "1.1.0", - "title": "Azure Key Vault Security", - "templateRelativePath": "AzureKeyVaultWorkbook.json", - "subtitle": "", - "provider": "Microsoft" - }, - { - "workbookKey": "IncidentOverview", - "logoFileName": "Azure_Sentinel.svg", - "description": "The Incident Overview workbook is designed to assist in triaging and investigation by providing in-depth information about the incident, including:\r\n* General information\r\n* Entity data\r\n* Triage time (time between incident creation and first response)\r\n* Mitigation time (time between incident creation and closing)\r\n* Comments\r\n\r\nCustomize this workbook by saving and editing it. \r\nYou can reach this workbook template from the incidents panel as well. Once you have customized it, the link from the incident panel will open the customized workbook instead of the template.\r\n", - "dataTypesDependencies": [ - "SecurityAlert", - "SecurityIncident" - ], - "dataConnectorsDependencies": [], - "previewImagesFileNames": [ - "IncidentOverviewBlack1.png", - "IncidentOverviewWhite1.png", - "IncidentOverviewBlack2.png", - "IncidentOverviewWhite2.png" - ], - "version": "2.1.0", - "title": "Incident overview", - "templateRelativePath": "IncidentOverview.json", - "subtitle": "", - "provider": "Microsoft" - }, - { - "workbookKey": "SecurityOperationsEfficiency", - "logoFileName": "Azure_Sentinel.svg", - "description": "Security operations center managers can view overall efficiency metrics and measures regarding the performance of their team. They can find operations by multiple indicators over time including severity, MITRE tactics, mean time to triage, mean time to resolve and more. The SOC manager can develop a picture of the performance in both general and specific areas over time and use it to improve efficiency.", - "dataTypesDependencies": [ - "SecurityAlert", - "SecurityIncident" - ], - "dataConnectorsDependencies": [], - "previewImagesFileNames": [ - "SecurityEfficiencyWhite1.png", - "SecurityEfficiencyWhite2.png", - "SecurityEfficiencyBlack1.png", - "SecurityEfficiencyBlack2.png" - ], - "version": "1.5.0", - "title": "Security Operations Efficiency", - "templateRelativePath": "SecurityOperationsEfficiency.json", - "subtitle": "", - "provider": "Microsoft" - }, - { - "workbookKey": "DataCollectionHealthMonitoring", - "logoFileName": "Azure_Sentinel.svg", - "description": "Gain insights into your workspace's data ingestion status. In this workbook, you can view additional monitors and detect anomalies that will help you determine your workspace\u2019s data collection health.", - "dataTypesDependencies": [], - "dataConnectorsDependencies": [], - "previewImagesFileNames": [ - "HealthMonitoringWhite1.png", - "HealthMonitoringWhite2.png", - "HealthMonitoringWhite3.png", - "HealthMonitoringBlack1.png", - "HealthMonitoringBlack2.png", - "HealthMonitoringBlack3.png" - ], - "version": "1.0.0", - "title": "Data collection health monitoring", - "templateRelativePath": "DataCollectionHealthMonitoring.json", - "subtitle": "", - "provider": "Microsoft" - }, - { - "workbookKey": "OnapsisAlarmsWorkbook", - "logoFileName": "onapsis_logo.svg", - "description": "Gain insights into what is going on in your SAP Systems with this overview of the alarms triggered in the Onapsis Platform. Incidents are enriched with context and next steps to help your Security team respond effectively.", - "dataTypesDependencies": [ - "CommonSecurityLog" - ], - "dataConnectorsDependencies": [ - "OnapsisPlatform" - ], - "previewImagesFileNames": [ - "OnapsisWhite1.PNG", - "OnapsisBlack1.PNG", - "OnapsisWhite2.PNG", - "OnapsisBlack2.PNG" - ], - "version": "1.0.0", - "title": "Onapsis Alarms Overview", - "templateRelativePath": "OnapsisAlarmsOverview.json", - "subtitle": "", - "provider": "Onapsis" - }, - { - "workbookKey": "DelineaWorkbook", - "logoFileName": "DelineaLogo.svg", - "description": "The Delinea Secret Server Syslog connector", - "dataTypesDependencies": [ - "CommonSecurityLog" - ], - "dataConnectorsDependencies": [ - "DelineaSecretServer_CEF" - ], - "previewImagesFileNames": [ - "DelineaWorkbookWhite.PNG", - "DelineaWorkbookBlack.PNG" - ], - "version": "1.0.0", - "title": "Delinea Secret Server Workbook", - "templateRelativePath": "DelineaWorkbook.json", - "subtitle": "", - "provider": "Delinea" - }, - { - "workbookKey": "ForcepointCloudSecurityGatewayWorkbook", - "logoFileName": "Forcepoint_new_logo.svg", - "description": "Use this report to understand query runs across your workspace.", - "dataTypesDependencies": [ - "CommonSecurityLog" - ], - "dataConnectorsDependencies": [ - "ForcepointCSG" - ], - "previewImagesFileNames": [ - "ForcepointCloudSecurityGatewayWhite.png", - "ForcepointCloudSecurityGatewayBlack.png" - ], - "version": "1.0.0", - "title": "Forcepoint Cloud Security Gateway Workbook", - "templateRelativePath": "ForcepointCloudSecuirtyGatewayworkbook.json", - "subtitle": "", - "provider": "Forcepoint" - }, - { - "workbookKey": "IntsightsIOCWorkbook", - "logoFileName": "IntSights_logo.svg", - "description": "This Microsoft Sentinel workbook provides an overview of Indicators of Compromise (IOCs) and their correlations allowing users to analyze and visualize indicators based on severity, type, and other parameters.", - "dataTypesDependencies": [ - "ThreatIntelligenceIndicator", - "SecurityAlert" - ], - "dataConnectorsDependencies": [ - "ThreatIntelligenceTaxii" - ], - "previewImagesFileNames": [ - "IntsightsIOCWhite.png", - "IntsightsMatchedWhite.png", - "IntsightsMatchedBlack.png", - "IntsightsIOCBlack.png" - ], - "version": "2.0.0", - "title": "IntSights IOC Workbook", - "templateRelativePath": "IntsightsIOCWorkbook.json", - "subtitle": "", - "provider": "IntSights Cyber Intelligence" - }, - { - "workbookKey": "DarktraceSummaryWorkbook", - "logoFileName": "Darktrace.svg", - "description": "A workbook containing relevant KQL queries to help you visualise the data in model breaches from the Darktrace Connector", - "dataTypesDependencies": [ - "CommonSecurityLog" - ], - "dataConnectorsDependencies": [ - "Darktrace" - ], - "previewImagesFileNames": [ - "AIA-DarktraceSummaryWhite.png", - "AIA-DarktraceSummaryBlack.png" - ], - "version": "1.1.0", - "title": "AI Analyst Darktrace Model Breach Summary", - "templateRelativePath": "AIA-Darktrace.json", - "subtitle": "", - "provider": "Darktrace" - }, - { - "workbookKey": "TrendMicroXDR", - "logoFileName": "trendmicro_logo.svg", - "description": "Gain insights from Trend Vision One with this overview of the Alerts triggered.", - "dataTypesDependencies": [ - "TrendMicro_XDR_WORKBENCH_CL" - ], - "dataConnectorsDependencies": [ - "TrendMicroXDR" - ], - "previewImagesFileNames": [ - "TrendMicroXDROverviewWhite.png", - "TrendMicroXDROverviewBlack.png" - ], - "version": "1.3.0", - "title": "Trend Vision One Alert Overview", - "templateRelativePath": "TrendMicroXDROverview.json", - "subtitle": "", - "provider": "Trend Micro" - }, - { - "workbookKey": "CyberpionOverviewWorkbook", - "logoFileName": "cyberpion_logo.svg", - "description": "Use Cyberpion's Security Logs and this workbook, to get an overview of your online assets, gain insights into their current state, and find ways to better secure your ecosystem.", - "dataTypesDependencies": [ - "CyberpionActionItems_CL" - ], - "dataConnectorsDependencies": [ - "CyberpionSecurityLogs" - ], - "previewImagesFileNames": [ - "CyberpionActionItemsBlack.png", - "CyberpionActionItemsWhite.png" - ], - "version": "1.0.0", - "title": "Cyberpion Overview", - "templateRelativePath": "CyberpionOverviewWorkbook.json", - "subtitle": "", - "provider": "Cyberpion" - }, - { - "workbookKey": "SolarWindsPostCompromiseHuntingWorkbook", - "logoFileName": "MSTIC-Logo.svg", - "description": "This hunting workbook is intended to help identify activity related to the Solorigate compromise and subsequent attacks discovered in December 2020", - "dataTypesDependencies": [ - "CommonSecurityLog", - "SigninLogs", - "AuditLogs", - "AADServicePrincipalSignInLogs", - "OfficeActivity", - "BehaviorAnalytics", - "SecurityEvent", - "DeviceProcessEvents", - "SecurityAlert", - "DnsEvents" - ], - "dataConnectorsDependencies": [ - "AzureActiveDirectory", - "SecurityEvents", - "Office365", - "MicrosoftThreatProtection", - "DNS", - "WindowsSecurityEvents" - ], - "previewImagesFileNames": [ - "SolarWindsPostCompromiseHuntingWhite.png", - "SolarWindsPostCompromiseHuntingBlack.png" - ], - "version": "1.5.0", - "title": "SolarWinds Post Compromise Hunting", - "templateRelativePath": "SolarWindsPostCompromiseHunting.json", - "subtitle": "", - "provider": "Microsoft" - }, - { - "workbookKey": "ProofpointPODWorkbook", - "logoFileName": "proofpointlogo.svg", - "description": "Gain insights into your Proofpoint on Demand Email Security activities, including maillog and messages data. The Workbook provides users with an executive dashboard showing the reporting capabilities, message traceability and monitoring.", - "dataTypesDependencies": [ - "ProofpointPOD_maillog_CL", - "ProofpointPOD_message_CL" - ], - "dataConnectorsDependencies": [ - "ProofpointPOD" - ], - "previewImagesFileNames": [ - "ProofpointPODMainBlack1.png", - "ProofpointPODMainBlack2.png", - "ProofpointPODMainWhite1.png", - "ProofpointPODMainWhite2.png", - "ProofpointPODMessageSummaryBlack.png", - "ProofpointPODMessageSummaryWhite.png", - "ProofpointPODTLSBlack.png", - "ProofpointPODTLSWhite.png" - ], - "version": "1.0.0", - "title": "Proofpoint On-Demand Email Security", - "templateRelativePath": "ProofpointPOD.json", - "subtitle": "", - "provider": "Proofpoint" - }, - { - "workbookKey": "CiscoUmbrellaWorkbook", - "logoFileName": "cisco_logo.svg", - "description": "Gain insights into Cisco Umbrella activities, including the DNS, Proxy and Cloud Firewall data. Workbook shows general information along with threat landscape including categories, blocked destinations and URLs.", - "dataTypesDependencies": [ - "Cisco_Umbrella_dns_CL", - "Cisco_Umbrella_proxy_CL", - "Cisco_Umbrella_ip_CL", - "Cisco_Umbrella_cloudfirewall_CL" - ], - "dataConnectorsDependencies": [ - "CiscoUmbrellaDataConnector" - ], - "previewImagesFileNames": [ - "CiscoUmbrellaDNSBlack1.png", - "CiscoUmbrellaDNSBlack2.png", - "CiscoUmbrellaDNSWhite1.png", - "CiscoUmbrellaDNSWhite2.png", - "CiscoUmbrellaFirewallBlack.png", - "CiscoUmbrellaFirewallWhite.png", - "CiscoUmbrellaMainBlack1.png", - "CiscoUmbrellaMainBlack2.png", - "CiscoUmbrellaMainWhite1.png", - "CiscoUmbrellaMainWhite2.png", - "CiscoUmbrellaProxyBlack1.png", - "CiscoUmbrellaProxyBlack2.png", - "CiscoUmbrellaProxyWhite1.png", - "CiscoUmbrellaProxyWhite2.png" - ], - "version": "1.0.0", - "title": "Cisco Umbrella", - "templateRelativePath": "CiscoUmbrella.json", - "subtitle": "", - "provider": "Cisco" - }, - { - "workbookKey": "AnalyticsEfficiencyWorkbook", - "logoFileName": "Azure_Sentinel.svg", - "description": "Gain insights into the efficacy of your analytics rules. In this workbook you can analyze and monitor the analytics rules found in your workspace to achieve better performance by your SOC.", - "dataTypesDependencies": [ - "SecurityAlert", - "SecurityIncident" - ], - "dataConnectorsDependencies": [], - "previewImagesFileNames": [ - "AnalyticsEfficiencyBlack.png", - "AnalyticsEfficiencyWhite.png" - ], - "version": "1.2.0", - "title": "Analytics Efficiency", - "templateRelativePath": "AnalyticsEfficiency.json", - "subtitle": "", - "provider": "Microsoft" - }, - { - "workbookKey": "WorkspaceUsage", - "logoFileName": "Azure_Sentinel.svg", - "description": "Gain insights into your workspace's usage. In this workbook, you can view your workspace\u2019s data consumption, latency, recommended tasks and Cost and Usage statistics.", - "dataTypesDependencies": [], - "dataConnectorsDependencies": [], - "previewImagesFileNames": [ - "WorkspaceUsageBlack.png", - "WorkspaceUsageWhite.png" - ], - "version": "1.6.0", - "title": "Workspace Usage Report", - "templateRelativePath": "WorkspaceUsage.json", - "subtitle": "", - "provider": "Microsoft Sentinel community" - }, - { - "workbookKey": "SentinelCentral", - "logoFileName": "Azure_Sentinel.svg", - "description": "Use this report to view Incident (and Alert data) across many workspaces, this works with Azure Lighthouse and across any subscription you have access to.", - "dataTypesDependencies": ["SecurityIncident"], - "dataConnectorsDependencies": [], - "previewImagesFileNames": [ - "SentinelCentralBlack.png", - "SentinelCentralWhite.png" - ], - "version": "2.1.1", - "title": "Microsoft Sentinel Central", - "templateRelativePath": "SentinelCentral.json", - "subtitle": "", - "provider": "Microsoft Sentinel community" - }, - { - "workbookKey": "CognniIncidentsWorkbook", - "logoFileName": "cognni-logo.svg", - "description": "Gain intelligent insights into the risks to your important financial, legal, HR, and governance information. This workbook lets you monitor your at-risk information to determine when and why incidents occurred, as well as who was involved. These incidents are broken into high, medium, and low risk incidents for each information category.", - "dataTypesDependencies": [ - "CognniIncidents_CL" - ], - "dataConnectorsDependencies": [ - "CognniSentinelDataConnector" - ], - "previewImagesFileNames": [ - "CognniBlack.PNG", - "CognniWhite.PNG" - ], - "version": "1.0.0", - "title": "Cognni Important Information Incidents", - "templateRelativePath": "CognniIncidentsWorkbook.json", - "subtitle": "", - "provider": "Cognni" - }, - { - "workbookKey": "pfsense", - "logoFileName": "pfsense_logo.svg", - "description": "Gain insights into pfsense logs from both filterlog and nginx.", - "dataTypesDependencies": [ - "CommonSecurityLog" - ], - "dataConnectorsDependencies": [], - "previewImagesFileNames": [ - "pfsenseBlack.png", - "pfsenseWhite.png" - ], - "version": "1.0.0", - "title": "pfsense", - "templateRelativePath": "pfsense.json", - "subtitle": "", - "provider": "Microsoft Sentinel community" - }, - { - "workbookKey": "ExchangeCompromiseHunting", - "logoFileName": "MSTIC-Logo.svg", - "description": "This workbook is intended to help defenders in responding to the Exchange Server vulnerabilities disclosed in March 2021, as well as hunting for potential compromise activity. More details on these vulnearbilities can be found at: https://aka.ms/exchangevulns", - "dataTypesDependencies": [ - "SecurityEvent", - "W3CIISLog" - ], - "dataConnectorsDependencies": [ - "SecurityEvents", - "AzureMonitor(IIS)", - "WindowsSecurityEvents" - ], - "previewImagesFileNames": [ - "ExchangeBlack.png", - "ExchangeWhite.png" - ], - "version": "1.0.0", - "title": "Exchange Compromise Hunting", - "templateRelativePath": "ExchangeCompromiseHunting.json", - "subtitle": "", - "provider": "Microsoft" - }, - { - "workbookKey": "SOCProcessFrameworkWorkbook", - "logoFileName": "Azure_Sentinel.svg", - "description": "Built by Microsoft's Sentinel GBB's - This workbook contains years of SOC Best Practices and is intended to help SOCs mature and leverage industry standards in Operationalizing their SOC in using Microsoft Sentinel. It contains Processes and Procedures every SOC should consider and builds a high level of operational excellence.", - "dataTypesDependencies": [], - "dataConnectorsDependencies": [], - "previewImagesFileNames": [ - "SOCProcessFrameworkCoverImage1White.png", - "SOCProcessFrameworkCoverImage1Black.png", - "SOCProcessFrameworkCoverImage2White.png", - "SOCProcessFrameworkCoverImage2Black.png" - ], - "version": "1.1.0", - "title": "SOC Process Framework", - "templateRelativePath": "SOCProcessFramework.json", - "subtitle": "", - "provider": "Microsoft Sentinel Community" - }, - { - "workbookKey": "Building_a_SOCLargeStaffWorkbook", - "logoFileName": "Azure_Sentinel.svg", - "description": "Built by Microsoft's Sentinel GBB's - This workbook contains years of SOC Best Practices and is intended to help SOCs mature and leverage industry standards in Operationalizing their SOC in using Microsoft Sentinel. It contains Processes and Procedures every SOC should consider and builds a high level of operational excellence.", - "dataTypesDependencies": [], - "dataConnectorsDependencies": [], - "previewImagesFileNames": [ - "SOCProcessFrameworkCoverImage1White.png", - "SOCProcessFrameworkCoverImage1Black.png", - "SOCProcessFrameworkCoverImage2White.png", - "SOCProcessFrameworkCoverImage2Black.png" - ], - "version": "1.1.0", - "title": "SOC Large Staff", - "templateRelativePath": "Building_a_SOCLargeStaff.json", - "subtitle": "", - "provider": "Microsoft Sentinel Community" - }, - { - "workbookKey": "Building_a_SOCMediumStaffWorkbook", - "logoFileName": "Azure_Sentinel.svg", - "description": "Built by Microsoft's Sentinel GBB's - This workbook contains years of SOC Best Practices and is intended to help SOCs mature and leverage industry standards in Operationalizing their SOC in using Microsoft Sentinel. It contains Processes and Procedures every SOC should consider and builds a high level of operational excellence.", - "dataTypesDependencies": [], - "dataConnectorsDependencies": [], - "previewImagesFileNames": [ - "SOCProcessFrameworkCoverImage1White.png", - "SOCProcessFrameworkCoverImage1Black.png", - "SOCProcessFrameworkCoverImage2White.png", - "SOCProcessFrameworkCoverImage2Black.png" - ], - "version": "1.1.0", - "title": "SOC Medium Staff", - "templateRelativePath": "Building_a_SOCMediumStaff.json", - "subtitle": "", - "provider": "Microsoft Sentinel Community" - }, - { - "workbookKey": "Building_a_SOCPartTimeStaffWorkbook", - "logoFileName": "Azure_Sentinel.svg", - "description": "Built by Microsoft's Sentinel GBB's - This workbook contains years of SOC Best Practices and is intended to help SOCs mature and leverage industry standards in Operationalizing their SOC in using Microsoft Sentinel. It contains Processes and Procedures every SOC should consider and builds a high level of operational excellence.", - "dataTypesDependencies": [], - "dataConnectorsDependencies": [], - "previewImagesFileNames": [ - "SOCProcessFrameworkCoverImage1White.png", - "SOCProcessFrameworkCoverImage1Black.png", - "SOCProcessFrameworkCoverImage2White.png", - "SOCProcessFrameworkCoverImage2Black.png" - ], - "version": "1.1.0", - "title": "SOC Part Time Staff", - "templateRelativePath": "Building_a_SOCPartTimeStaff.json", - "subtitle": "", - "provider": "Microsoft Sentinel Community" - }, - { - "workbookKey": "Building_a_SOCSmallStaffWorkbook", - "logoFileName": "Azure_Sentinel.svg", - "description": "Built by Microsoft's Sentinel GBB's - This workbook contains years of SOC Best Practices and is intended to help SOCs mature and leverage industry standards in Operationalizing their SOC in using Microsoft Sentinel. It contains Processes and Procedures every SOC should consider and builds a high level of operational excellence.", - "dataTypesDependencies": [], - "dataConnectorsDependencies": [], - "previewImagesFileNames": [ - "SOCProcessFrameworkCoverImage1White.png", - "SOCProcessFrameworkCoverImage1Black.png", - "SOCProcessFrameworkCoverImage2White.png", - "SOCProcessFrameworkCoverImage2Black.png" - ], - "version": "1.1.0", - "title": "SOC Small Staff", - "templateRelativePath": "Building_a_SOCSmallStaff.json", - "subtitle": "", - "provider": "Microsoft Sentinel Community" - }, - { - "workbookKey": "SOCIRPlanningWorkbook", - "logoFileName": "Azure_Sentinel.svg", - "description": "Built by Microsoft's Sentinel GBB's - This workbook contains years of SOC Best Practices and is intended to help SOCs mature and leverage industry standards in Operationalizing their SOC in using Microsoft Sentinel. It contains Processes and Procedures every SOC should consider and builds a high level of operational excellence.", - "dataTypesDependencies": [], - "dataConnectorsDependencies": [], - "previewImagesFileNames": [ - "SOCProcessFrameworkCoverImage1White.png", - "SOCProcessFrameworkCoverImage1Black.png", - "SOCProcessFrameworkCoverImage2White.png", - "SOCProcessFrameworkCoverImage2Black.png" - ], - "version": "1.1.0", - "title": "SOC IR Planning", - "templateRelativePath": "SOCIRPlanning.json", - "subtitle": "", - "provider": "Microsoft Sentinel Community" - }, - { - "workbookKey": "UpdateSOCMaturityScoreWorkbook", - "logoFileName": "Azure_Sentinel.svg", - "description": "Built by Microsoft's Sentinel GBB's - This workbook contains years of SOC Best Practices and is intended to help SOCs mature and leverage industry standards in Operationalizing their SOC in using Microsoft Sentinel. It contains Processes and Procedures every SOC should consider and builds a high level of operational excellence.", - "dataTypesDependencies": [], - "dataConnectorsDependencies": [], - "previewImagesFileNames": [ - "SOCProcessFrameworkCoverImage1White.png", - "SOCProcessFrameworkCoverImage1Black.png", - "SOCProcessFrameworkCoverImage2White.png", - "SOCProcessFrameworkCoverImage2Black.png" - ], - "version": "1.1.0", - "title": "Update SOC Maturity Score", - "templateRelativePath": "UpdateSOCMaturityScore.json", - "subtitle": "", - "provider": "Microsoft Sentinel Community" - }, - { - "workbookKey": "Microsoft365SecurityPosture", - "logoFileName": "M365securityposturelogo.svg", - "description": "This workbook presents security posture data collected from Azure Security Center, M365 Defender, Defender for Endpoint, and Microsoft Cloud App Security. This workbook relies on the M365 Security Posture Playbook in order to bring the data in.", - "dataTypesDependencies": [ - "M365SecureScore_CL", - "MDfESecureScore_CL", - "MDfEExposureScore_CL", - "MDfERecommendations_CL", - "MDfEVulnerabilitiesList_CL", - "McasShadowItReporting" - ], - "dataConnectorsDependencies": [], - "previewImagesFileNames": [ - "M365securitypostureblack.png", - "M365securityposturewhite.png" - ], - "version": "1.0.0", - "title": "Microsoft 365 Security Posture", - "templateRelativePath": "M365SecurityPosture.json", - "subtitle": "", - "provider": "Microsoft Sentinel Community" - }, - { - "workbookKey": "AzureSentinelCost", - "logoFileName": "Azure_Sentinel.svg", - "description": "This workbook provides an estimated cost across the main billed items in Microsoft Sentinel: ingestion, retention and automation. It also provides insight about the possible impact of the Microsoft 365 E5 offer.", - "dataTypesDependencies": ["Usage"], - "dataConnectorsDependencies": [], - "previewImagesFileNames": [ - "AzureSentinelCostWhite.png", - "AzureSentinelCostBlack.png" - ], - "version": "1.5.1", - "title": "Microsoft Sentinel Cost", - "templateRelativePath": "AzureSentinelCost.json", - "subtitle": "", - "provider": "Microsoft Sentinel Community" - }, - { - "workbookKey": "ADXvsLA", - "logoFileName": "Azure_Sentinel.svg", - "description": "This workbook shows the tables from Microsoft Sentinel which are backed up in ADX. It also provides a comparison between the entries in the Microsoft Sentinel tables and the ADX tables. Lastly some general information about the queries and ingestion on ADX is shown.", - "dataTypesDependencies": [], - "dataConnectorsDependencies": [], - "previewImagesFileNames": [ - "ADXvsLABlack.PNG", - "ADXvsLAWhite.PNG" - ], - "version": "1.0.0", - "title": "ADXvsLA", - "templateRelativePath": "ADXvsLA.json", - "subtitle": "", - "provider": "Microsoft Sentinel Community" - }, - { - "workbookKey": "MicrosoftDefenderForOffice365", - "logoFileName": "office365_logo.svg", - "description": "Gain insights into your Microsoft Defender for Office 365 raw data logs. This workbook lets you look at trends in email senders, attachments and embedded URL data to find anomalies. You can also search by, sender, recipient, subject, attachment or embedded URL to find where the related messages have been sent.", - "dataTypesDependencies": [ - "EmailEvents", - "EmailUrlInfo", - "EmailAttachmentInfo" - ], - "dataConnectorsDependencies": [], - "previewImagesFileNames": [ - "MDOWhite1.png", - "MDOBlack1.png", - "MDOWhite2.png", - "MDOBlack2.png" - ], - "version": "1.0.0", - "title": "Microsoft Defender For Office 365", - "templateRelativePath": "MicrosoftDefenderForOffice365.json", - "subtitle": "", - "provider": "Microsoft Sentinel Community" - }, - { - "workbookKey": "ProofPointThreatDashboard", - "logoFileName": "", - "description": "Provides an overview of email threat activity based on log data provided by ProofPoint", - "dataTypesDependencies": [ - "ProofpointPOD_message_CL", - "ProofpointPOD_maillog_CL", - "ProofPointTAPClicksBlocked_CL", - "ProofPointTAPClicksPermitted_CL", - "ProofPointTAPMessagesBlocked_CL", - "ProofPointTAPMessagesDelivered_CL" - ], - "dataConnectorsDependencies": [ - "ProofpointTAP", - "ProofpointPOD" - ], - "previewImagesFileNames": [ - "ProofPointThreatDashboardBlack1.png", - "ProofPointThreatDashboardWhite1.png" - ], - "version": "1.0.0", - "title": "ProofPoint Threat Dashboard", - "templateRelativePath": "ProofPointThreatDashboard.json", - "subtitle": "", - "provider": "Microsoft Sentinel Community" - }, - { - "workbookKey": "AMAmigrationTracker", - "logoFileName": "Azure_Sentinel.svg", - "description": "See what Azure and Azure Arc servers have Log Analytics agent or Azure Monitor agent installed. Review what DCR (data collection rules) apply to your machines and whether you are collecting logs from those machines into your selected workspaces.", - "dataTypesDependencies": [], - "dataConnectorsDependencies": [], - "previewImagesFileNames": [ - "AMAtrackingWhite1.png", - "AMAtrackingWhite2.png", - "AMAtrackingWhite3.png", - "AMAtrackingBlack1.png", - "AMAtrackingBlack2.png", - "AMAtrackingBlack3.png" - ], - "version": "1.1.0", - "title": "AMA migration tracker", - "templateRelativePath": "AMAmigrationTracker.json", - "subtitle": "", - "provider": "Microsoft Sentinel Community" - }, - { - "workbookKey": "AdvancedKQL", - "logoFileName": "Azure_Sentinel.svg", - "description": "This interactive Workbook is designed to improve your KQL proficiency by using a use-case driven approach.", - "dataTypesDependencies": [], - "dataConnectorsDependencies": [], - "previewImagesFileNames": [ - "AdvancedKQLWhite.png", - "AdvancedKQLBlack.png" - ], - "version": "1.3.0", - "title": "Advanced KQL for Microsoft Sentinel", - "templateRelativePath": "AdvancedKQL.json", - "subtitle": "", - "provider": "Microsoft Sentinel Community" - }, - { - "workbookKey": "DSTIMWorkbook", - "logoFileName": "DSTIM.svg", - "description": "Identify sensitive data blast radius (i.e., who accessed sensitive data, what kinds of sensitive data, from where and when) in a given data security incident investigation or as part of Threat Hunting. Prioritize your investigation based on insights provided with integrations with Watchlists(VIPUsers, TerminatedEmployees and HighValueAssets), Threat Intelligence feed, UEBA baselines and much more.", - "dataTypesDependencies": [ - "DSMAzureBlobStorageLogs", - "DSMDataClassificationLogs", - "DSMDataLabelingLogs", - "Anomalies", - "ThreatIntelligenceIndicator", - "AADManagedIdentitySignInLogs", - "SecurityAlert", - "SigninLogs" - ], - "dataConnectorsDependencies": [], - "previewImagesFileNames": [ - "DSTIMWorkbookBlack.png", - "DSTIMWorkbookWhite.png" - ], - "version": "1.9.0", - "title": "Data Security - Sensitive Data Impact Assessment", - "templateRelativePath": "DSTIMWorkbook.json", - "subtitle": "", - "provider": "Microsoft", - "featureFlag": "DSTIMWorkbook" - }, - { - "workbookKey": "IntrotoKQLWorkbook", - "logoFileName": "", - "description": "Learn and practice the Kusto Query Language. This workbook introduces and provides 100 to 200 level content for new and existing users looking to learn KQL. This workbook will be updated with content over time.", - "dataTypesDependencies": [], - "dataConnectorsDependencies": [], - "previewImagesFileNames": [ - "IntrotoKQL-black.png", - "IntrotoKQL-white.png" - ], - "version": "1.0.0", - "title": "Intro to KQL", - "templateRelativePath": "IntrotoKQL.json", - "subtitle": "", - "provider": "Microsoft Sentinel Community" - }, - { - "workbookKey": "Log4jPostCompromiseHuntingWorkbook", - "logoFileName": "", - "description": "This hunting workbook is intended to help identify activity related to the Log4j compromise discovered in December 2021.", - "dataTypesDependencies": [ - "SecurityNestedRecommendation", - "AzureDiagnostics", - "OfficeActivity", - "W3CIISLog", - "AWSCloudTrail", - "SigninLogs", - "AADNonInteractiveUserSignInLogs", - "imWebSessions", - "imNetworkSession" - ], - "dataConnectorsDependencies": [], - "previewImagesFileNames": [ - "Log4jPostCompromiseHuntingBlack.png", - "Log4jPostCompromiseHuntingWhite.png" - ], - "version": "1.0.0", - "title": "Log4j Post Compromise Hunting", - "templateRelativePath": "Log4jPostCompromiseHunting.json", - "subtitle": "", - "provider": "Microsoft Sentinel Community" - }, - { - "workbookKey": "Log4jImpactAssessmentWorkbook", - "logoFileName": "", - "description": "This hunting workbook is intended to help identify activity related to the Log4j compromise discovered in December 2021.", - "dataTypesDependencies": [ - "SecurityIncident", - "SecurityAlert", - "AzureSecurityCenter", - "MDfESecureScore_CL", - "MDfEExposureScore_CL", - "MDfERecommendations_CL", - "MDfEVulnerabilitiesList_CL" - ], - "dataConnectorsDependencies": [], - "previewImagesFileNames": [], - "version": "1.0.0", - "title": "Log4j Impact Assessment", - "templateRelativePath": "Log4jImpactAssessment.json", - "subtitle": "", - "provider": "Microsoft Sentinel Community" - }, - { - "workbookKey": "UserMap", - "logoFileName": "", - "description": "This Workbook shows MaliciousIP, User SigninLog Data (this shows user Signin Locations and distance between as well as order visited) and WAF information.", - "dataTypesDependencies": [ - "SigninLogs", - "AzureDiagnostics", - "WireData", - "VMconnection", - "CommonSecurityLog", - "WindowsFirewall", - "W3CIISLog", - "DnsEvents" - ], - "dataConnectorsDependencies": [ - "AzureActiveDirectory" - ], - "previewImagesFileNames": [ - "UserMapBlack.png", - "UserMapWhite.png" - ], - "version": "1.0.0", - "title": "User Map information", - "templateRelativePath": "UserMap.json", - "subtitle": "", - "provider": "Microsoft Sentinel Community" - }, - { - "workbookKey": "AWSS3", - "logoFileName": "", - "description": ".", - "dataTypesDependencies": [ - "AWSCloudTrail", - "AWSGuardDuty", - "AWSVPCFlow" - ], - "dataConnectorsDependencies": [ - "AWSS3" - ], - "previewImagesFileNames": [ - "AWSS3Black.png", - "AWSS3White.png", - "AWSS3White1.png" - ], - "version": "1.0.0", - "title": "AWS S3 Workbook", - "templateRelativePath": "AWSS3.json", - "subtitle": "", - "provider": "Microsoft Sentinel Community" - }, - { - "workbookKey": "LogSourcesAndAnalyticRulesCoverageWorkbook", - "logoFileName": "", - "description": "This workbook is intended to show how the different tables in a Log Analytics workspace are being used by the different Microsoft Sentinel features, like analytics, hunting queries, playbooks and queries in general.", - "dataTypesDependencies": [], - "dataConnectorsDependencies": [], - "previewImagesFileNames": [ - "LogSourcesAndAnalyticRulesCoverageBlack.png", - "LogSourcesAndAnalyticRulesCoverageWhite.png" - ], - "version": "1.1.0", - "title": "Log Sources & Analytic Rules Coverage", - "templateRelativePath": "LogSourcesAndAnalyticRulesCoverage.json", - "subtitle": "", - "provider": "Microsoft Sentinel Community" - }, - { - "workbookKey": "CiscoFirepower", - "logoFileName": "", - "description": "Gain insights into your Cisco Firepower firewalls. This workbook analyzes Cisco Firepower device logs.", - "dataTypesDependencies": [ - "CommonSecurityLog" - ], - "dataConnectorsDependencies": [], - "previewImagesFileNames": [ - "CiscoFirepowerBlack.png", - "CiscoFirepowerWhite.png" - ], - "version": "1.0.0", - "title": "Cisco Firepower", - "templateRelativePath": "CiscoFirepower.json", - "subtitle": "", - "provider": "Microsoft Sentinel Community" - }, - { - "workbookKey": "MicrorosftTeams", - "logoFileName": "microsoftteams.svg", - "description": "This workbook is intended to identify the activities on Microrsoft Teams.", - "dataTypesDependencies": [ - "OfficeActivity" - ], - "dataConnectorsDependencies": [], - "previewImagesFileNames": [ - "MicrosoftTeamsBlack.png", - "MicrosoftTeamsWhite.png" - ], - "version": "1.0.0", - "title": "Microsoft Teams", - "templateRelativePath": "MicrosoftTeams.json", - "subtitle": "", - "provider": "Microsoft Sentinel Community" - }, - { - "workbookKey": "ArchivingBasicLogsRetention", - "logoFileName": "ArchivingBasicLogsRetention.svg", - "description": "This workbooks shows workspace and table retention periods, basic logs, and search & restore tables. It also allows you to update table retention periods, plans, and delete search or restore tables.", - "dataTypesDependencies": [], - "dataConnectorsDependencies": [], - "previewImagesFileNames": [ - "ArchivingBasicLogsRetentionBlack1.png", - "ArchivingBasicLogsRetentionWhite1.png" - ], - "version": "1.1.0", - "title": "Archiving, Basic Logs, and Retention", - "templateRelativePath": "ArchivingBasicLogsRetention.json", - "subtitle": "", - "provider": "Microsoft Sentinel Community" - }, - { - "workbookKey": "OktaSingleSignOnWorkbook", - "logoFileName": "okta_logo.svg", - "description": "Gain extensive insight into Okta Single Sign-On (SSO) by analyzing, collecting and correlating Audit and Event events.\nThis workbook provides visibility into message and click events that were permitted, delivered, or blocked", - "dataTypesDependencies": [ - "Okta_CL" - ], - "dataConnectorsDependencies": [ - "OktaSSO" - ], - "previewImagesFileNames": [ - "OktaSingleSignOnWhite.png", - "OktaSingleSignOnBlack.png" - ], - "version": "1.2", - "title": "Okta Single Sign-On", - "templateRelativePath": "OktaSingleSignOn.json", - "subtitle": "", - "provider": "Okta" - }, - { - "workbookKey": "Dynamics365Workbooks", - "logoFileName": "DynamicsLogo.svg", - "description": "This workbook brings together queries and visualizations to assist you in identifying potential threats in your Dynamics 365 audit data.", - "dataTypesDependencies": [ - "Dynamics365Activity" - ], - "dataConnectorsDependencies": [ - "Dynamics365" - ], - "previewImagesFileNames": [ - "Dynamics365WorkbookBlack.png", - "Dynamics365WorkbookWhite.png" - ], - "version": "1.0.3", - "title": "Dynamics365Workbooks", - "templateRelativePath": "Dynamics365Workbooks.json", - "subtitle": "", - "provider": "Microsoft Sentinel Community" - }, - { - "workbookKey": "CiscoMerakiWorkbook", - "logoFileName": "", - "description": "Gain insights into the Events from Cisco Meraki Solution and analyzing all the different types of Security Events. This workbook also helps in identifying the Events from affected devices, IPs and the nodes where malware was successfully detected.\nIP data received in Events is correlated with Threat Intelligence to identify if the reported IP address is known bad based on threat intelligence data.", - "dataTypesDependencies": [ - "meraki_CL", - "CiscoMerakiNativePoller", - "ThreatIntelligenceIndicator" - ], - "dataConnectorsDependencies": [ - "CiscoMeraki", - "CiscoMerakiNativePolling", - "ThreatIntelligence" - ], - "previewImagesFileNames": [ - "CiscoMerakiWorkbookWhite.png", - "CiscoMerakiWorkbookBlack.png" - ], - "version": "1.0.0", - "title": "CiscoMerakiWorkbook", - "templateRelativePath": "CiscoMerakiWorkbook.json", - "subtitle": "", - "provider": "Microsoft" - }, - { - "workbookKey": "SentinelOneWorkbook", - "logoFileName": "", - "description": "Sets the time name for analysis.", - "dataTypesDependencies": [ - "SentinelOne_CL" - ], - "dataConnectorsDependencies": [ - "SentinelOne" - ], - "previewImagesFileNames": [ - "SentinelOneBlack.png", - "SentinelOneWhite.png" - ], - "version": "1.0.0", - "title": "SentinelOneWorkbook", - "templateRelativePath": "SentinelOne.json", - "subtitle": "", - "provider": "Microsoft" - }, - { - "workbookKey": "TrendMicroApexOneWorkbook", - "logoFileName": "trendmicro_logo.svg", - "description": "Sets the time name for analysis.", - "dataTypesDependencies": [ - "CommonSecurityLog" - ], - "dataConnectorsDependencies": [ - "TrendMicroApexOne" - ], - "previewImagesFileNames": [ - "TrendMicroApexOneBlack.png", - "TrendMicroApexOneWhite.png" - ], - "version": "1.0.0", - "title": "Trend Micro Apex One", - "templateRelativePath": "TrendMicroApexOne.json", - "subtitle": "", - "provider": "TrendMicro" - }, - { - "workbookKey": "ContrastProtect", - "logoFileName": "contrastsecurity_logo.svg", - "description": "Select the time range for this Overview.", - "dataTypesDependencies": [ - "CommonSecurityLog" - ], - "dataConnectorsDependencies": [ - "ContrastProtect" - ], - "previewImagesFileNames": [ - "ContrastProtectAllBlack.png", - "ContrastProtectAllWhite.png", - "ContrastProtectEffectiveBlack.png", - "ContrastProtectEffectiveWhite.png", - "ContrastProtectSummaryBlack.png", - "ContrastProtectSummaryWhite.png" - ], - "version": "1.0.0", - "title": "Contrast Protect", - "templateRelativePath": "ContrastProtect.json", - "subtitle": "", - "provider": "contrast security" - }, - { - "workbookKey": "ArmorbloxOverview", - "logoFileName": "armorblox.svg", - "description": "INCIDENTS FROM SELECTED TIME RANGE", - "dataTypesDependencies": [ - "Armorblox_CL" - ], - "dataConnectorsDependencies": [ - "Armorblox" - ], - "previewImagesFileNames": [ - "ArmorbloxOverviewBlack01.png", - "ArmorbloxOverviewBlack02.png", - "ArmorbloxOverviewWhite01.png", - "ArmorbloxOverviewWhite02.png" - ], - "version": "1.0.0", - "title": "Armorblox", - "templateRelativePath": "ArmorbloxOverview.json", - "subtitle": "", - "provider": "Armorblox" - }, - { - "workbookKey": "PaloAltoCDL", - "logoFileName": "paloalto_logo.svg", - "description": "Sets the time name for analysis", - "dataTypesDependencies": [ - "CommonSecurityLog" - ], - "dataConnectorsDependencies": [ - "PaloAltoCDL" - ], - "previewImagesFileNames": [ - "PaloAltoBlack.png", - "PaloAltoWhite.png" - ], - "version": "1.0.0", - "title": "Palo Alto Networks Cortex Data Lake", - "templateRelativePath": "PaloAltoCDL.json", - "subtitle": "", - "provider": "Palo Alto Networks" - }, - { - "workbookKey": "VMwareCarbonBlack", - "logoFileName": "Azure_Sentinel.svg", - "description": "Sets the time name for analysis", - "dataTypesDependencies": [ - "CarbonBlackEvents_CL", - "CarbonBlackAuditLogs_CL", - "CarbonBlackNotifications_CL" - ], - "dataConnectorsDependencies": [ - "VMwareCarbonBlack" - ], - "previewImagesFileNames": [ - "VMwareCarbonBlack.png", - "VMwareCarbonWhite.png" - ], - "version": "1.0.0", - "title": "VMware Carbon Black Cloud", - "templateRelativePath": "VMwareCarbonBlack.json", - "subtitle": "", - "provider": "Microsoft" - }, - { - "workbookKey": "arista-networks", - "logoFileName": "AristaAwakeSecurity.svg", - "description": "Sets the time name for analysis", - "dataTypesDependencies": [ - "CommonSecurityLog" - ], - "dataConnectorsDependencies": [ - "AristaAwakeSecurity" - ], - "previewImagesFileNames": [ - "AristaAwakeSecurityDevicesBlack.png", - "AristaAwakeSecurityDevicesWhite.png", - "AristaAwakeSecurityModelsBlack.png", - "AristaAwakeSecurityModelsWhite.png", - "AristaAwakeSecurityOverviewBlack.png", - "AristaAwakeSecurityOverviewWhite.png" - ], - "version": "1.0.0", - "title": "Arista Awake", - "templateRelativePath": "AristaAwakeSecurityWorkbook.json", - "subtitle": "", - "provider": "Arista Networks" - }, - { - "workbookKey": "TomcatWorkbook", - "logoFileName": "Azure_Sentinel.svg", - "description": "Sets the time name for analysis", - "dataTypesDependencies": [ - "Tomcat_CL" - ], - "dataConnectorsDependencies": [ - "ApacheTomcat" - ], - "previewImagesFileNames": [ - "TomcatBlack.png", - "TomcatWhite.png" - ], - "version": "1.0.0", - "title": "ApacheTomcat", - "templateRelativePath": "Tomcat.json", - "subtitle": "", - "provider": "Apache" - }, - { - "workbookKey": "ClarotyWorkbook", - "logoFileName": "Azure_Sentinel.svg", - "description": "Sets the time name for analysis", - "dataTypesDependencies": [ - "CommonSecurityLog" - ], - "dataConnectorsDependencies": [ - "Claroty" - ], - "previewImagesFileNames": [ - "ClarotyBlack.png", - "ClarotyWhite.png" - ], - "version": "1.0.0", - "title": "Claroty", - "templateRelativePath": "ClarotyOverview.json", - "subtitle": "", - "provider": "Claroty" - }, - { - "workbookKey": "ApacheHTTPServerWorkbook", - "logoFileName": "apache.svg", - "description": "Sets the time name for analysis", - "dataTypesDependencies": [ - "ApacheHTTPServer_CL" - ], - "dataConnectorsDependencies": [ - "ApacheHTTPServer" - ], - "previewImagesFileNames": [ - "ApacheHTTPServerOverviewBlack01.png", - "ApacheHTTPServerOverviewBlack02.png", - "ApacheHTTPServerOverviewWhite01.png", - "ApacheHTTPServerOverviewWhite02.png" - ], - "version": "1.0.0", - "title": "Apache HTTP Server", - "templateRelativePath": "ApacheHTTPServer.json", - "subtitle": "", - "provider": "Apache Software Foundation" - }, - { - "workbookKey": "OCIWorkbook", - "logoFileName": "Azure_Sentinel.svg", - "description": "Sets the time name for analysis", - "dataTypesDependencies": [ - "OCI_Logs_CL" - ], - "dataConnectorsDependencies": [ - "OracleCloudInfrastructureLogsConnector" - ], - "previewImagesFileNames": [ - "OCIBlack.png", - "OCIWhite.png" - ], - "version": "1.0.0", - "title": "Oracle Cloud Infrastructure", - "templateRelativePath": "OracleCloudInfrastructureOCI.json", - "subtitle": "", - "provider": "Microsoft" - }, - { - "workbookKey": "OracleWeblogicServerWorkbook", - "logoFileName": "Azure_Sentinel.svg", - "description": "Sets the time name for analysis", - "dataTypesDependencies": [ - "OracleWebLogicServer_CL" - ], - "dataConnectorsDependencies": [ - "OracleWebLogicServer" - ], - "previewImagesFileNames": [ - "OracleWeblogicServerBlack.png", - "OracleWeblogicServerWhite.png" - ], - "version": "1.0.0", - "title": "Oracle WebLogic Server", - "templateRelativePath": "OracleWorkbook.json", - "subtitle": "", - "provider": "Oracle" - }, - { - "workbookKey": "BitglassWorkbook", - "logoFileName": "Azure_Sentinel.svg", - "description": "Sets the time name for analysis", - "dataTypesDependencies": [ - "BitglassLogs_CL" - ], - "dataConnectorsDependencies": [ - "Bitglass" - ], - "previewImagesFileNames": [ - "BitglassBlack.png", - "BitglassWhite.png" - ], - "version": "1.0.0", - "title": "Bitglass", - "templateRelativePath": "Bitglass.json", - "subtitle": "", - "provider": "Bitglass" - }, - { - "workbookKey": "NGINXWorkbook", - "logoFileName": "Azure_Sentinel.svg", - "description": "Sets the time name for analysis", - "dataTypesDependencies": [ - "NGINX_CL" - ], - "dataConnectorsDependencies": [ - "NGINXHTTPServer" - ], - "previewImagesFileNames": [ - "NGINXOverviewBlack01.png", - "NGINXOverviewBlack02.png", - "NGINXOverviewWhite01.png", - "NGINXOverviewWhite02.png" - ], - "version": "1.0.0", - "title": "NGINX HTTP Server", - "templateRelativePath": "NGINX.json", - "subtitle": "", - "provider": "Microsoft" - }, - { - "workbookKey": "vArmourAppContollerWorkbook", - "logoFileName": "varmour-logo.svg", - "description": "Sets the time name for analysis", - "dataTypesDependencies": [ - "CommonSecurityLog" - ], - "dataConnectorsDependencies": [ - "vArmourAC" - ], - "previewImagesFileNames": [ - "vArmourAppControllerAppBlack.png", - "vArmourAppControllerAppBlack-1.png", - "vArmourAppControllerAppBlack-2.png", - "vArmourAppControllerAppBlack-3.png", - "vArmourAppControllerAppBlack-4.png", - "vArmourAppControllerAppBlack-5.png", - "vArmourAppControllerAppBlack-6.png", - "vArmourAppControllerAppBlack-7.png", - "vArmourAppControllerAppWhite.png", - "vArmourAppControllerAppWhite-1.png", - "vArmourAppControllerAppWhite-2.png", - "vArmourAppControllerAppWhite-3.png", - "vArmourAppControllerAppWhite-4.png", - "vArmourAppControllerAppWhite-5.png", - "vArmourAppControllerAppWhite-6.png", - "vArmourAppControllerAppWhite-7.png" - ], - "version": "1.0.0", - "title": "vArmour Application Controller", - "templateRelativePath": "vArmour_AppContoller_Workbook.json", - "subtitle": "", - "provider": "vArmour" - }, - { - "workbookKey": "CorelightWorkbook", - "logoFileName": "corelight.svg", - "description": "Sets the time name for analysis", - "dataTypesDependencies": [ - "Corelight_CL" - ], - "dataConnectorsDependencies": [ - "Corelight" - ], - "previewImagesFileNames": [ - "CorelightConnectionsBlack1.png", - "CorelightConnectionsBlack2.png", - "CorelightConnectionsWhite1.png", - "CorelightConnectionsWhite2.png", - "CorelightDNSBlack1.png", - "CorelightDNSWhite1.png", - "CorelightFileBlack1.png", - "CorelightFileBlack2.png", - "CorelightFileWhite1.png", - "CorelightFileWhite2.png", - "CorelightMainBlack1.png", - "CorelightMainWhite1.png", - "CorelightSoftwareBlack1.png", - "CorelightSoftwareWhite1.png" - ], - "version": "1.0.0", - "title": "Corelight", - "templateRelativePath": "Corelight.json", - "subtitle": "", - "provider": "Corelight" - }, - { - "workbookKey": "LookoutEvents", - "logoFileName": "lookout.svg", - "description": "Sets the time name for analysis", - "dataTypesDependencies": [ - "Lookout_CL" - ], - "dataConnectorsDependencies": [ - "LookoutAPI" - ], - "previewImagesFileNames": [ - "SampleLookoutWorkBookBlack.png", - "SampleLookoutWorkBookWhite.png" - ], - "version": "1.0.0", - "title": "Lookout", - "templateRelativePath": "LookoutEvents.json", - "subtitle": "", - "provider": "Lookout" - }, - { - "workbookKey": "sentinel-MicrosoftPurview", - "logoFileName": "MicrosoftPurview.svg", - "description": "Sets the time name for analysis", - "dataTypesDependencies": [ - "AzureDiagnostics" - ], - "dataConnectorsDependencies": [ - "MicrosoftAzurePurview" - ], - "previewImagesFileNames": [ - "" - ], - "version": "1.0.0", - "title": "Microsoft Purview", - "templateRelativePath": "MicrosoftPurview.json", - "subtitle": "", - "provider": "Microsoft" - }, - { - "workbookKey": "InfobloxCDCB1TDWorkbook", - "logoFileName": "infoblox_logo.svg", - "description": "Sets the time name for analysis", - "dataTypesDependencies": [ - "CommonSecurityLog" - ], - "dataConnectorsDependencies": [ - "InfobloxCloudDataConnector" - ], - "previewImagesFileNames": [ - "InfobloxCDCB1TDBlack.png", - "InfobloxCDCB1TDWhite.png" - ], - "version": "1.0.0", - "title": "Infoblox Cloud Data Connector", - "templateRelativePath": "InfobloxCDCB1TDWorkbook.json", - "subtitle": "", - "provider": "InfoBlox" - }, - { - "workbookKey": "UbiquitiUniFiWorkbook", - "logoFileName": "ubiquiti.svg", - "description": "Sets the time name for analysis", - "dataTypesDependencies": [ - "Ubiquiti_CL" - ], - "dataConnectorsDependencies": [ - "UbiquitiUnifi" - ], - "previewImagesFileNames": [ - "UbiquitiOverviewBlack01.png", - "UbiquitiOverviewBlack02.png", - "UbiquitiOverviewWhite01.png", - "UbiquitiOverviewWhite02.png" - ], - "version": "1.0.0", - "title": "Ubiquiti UniFi", - "templateRelativePath": "Ubiquiti.json", - "subtitle": "", - "provider": "Microsoft" - }, - { - "workbookKey": "VMwareESXiWorkbook", - "logoFileName": "Azure_Sentinel.svg", - "description": "Sets the time name for analysis", - "dataTypesDependencies": [ - "Syslog" - ], - "dataConnectorsDependencies": [ - "VMwareESXi" - ], - "previewImagesFileNames": [ - "VMWareESXiBlack.png", - "VMWareESXiWhite.png" - ], - "version": "1.0.0", - "title": "VMware ESXi", - "templateRelativePath": "VMWareESXi.json", - "subtitle": "", - "provider": "Microsoft" - }, - { - "workbookKey": "SnowflakeWorkbook", - "logoFileName": "Azure_Sentinel.svg", - "description": "Sets the time name for analysis", - "dataTypesDependencies": [ - "Snowflake_CL" - ], - "dataConnectorsDependencies": [ - "SnowflakeDataConnector" - ], - "previewImagesFileNames": [ - "SnowflakeBlack.png", - "SnowflakeWhite.png" - ], - "version": "1.0.0", - "title": "Snowflake", - "templateRelativePath": "Snowflake.json", - "subtitle": "", - "provider": "Snowflake" - }, - { - "workbookKey": "LastPassWorkbook", - "logoFileName": "LastPass.svg", - "description": "Sets the time name for analysis", - "dataTypesDependencies": [ - "LastPassNativePoller_CL" - ], - "dataConnectorsDependencies": [ - "LastPassAPIConnector" - ], - "previewImagesFileNames": [ - "LastPassBlack.png", - "LastPassWhite.png" - ], - "version": "1.0.0", - "title": "Lastpass Enterprise Activity Monitoring", - "templateRelativePath": "LastPassWorkbook.json", - "subtitle": "", - "provider": "LastPass" - }, - { - "workbookKey": "SecurityBridgeWorkbook", - "logoFileName": "SecurityBridgeLogo-Vector-TM_75x75.svg", - "description": "Sets the time name for analysis", - "dataTypesDependencies": [ - "SecurityBridgeLogs" - ], - "dataConnectorsDependencies": [ - "SecurityBridgeSAP" - ], - "previewImagesFileNames": [ - "SecurityBridgeThreatDetectionWhite.png", - "SecurityBridgeThreatDetectionWhite1.png" - ], - "version": "1.0.0", - "title": "SecurityBridge App", - "templateRelativePath": "SecurityBridgeThreatDetectionforSAP.json", - "subtitle": "", - "provider": "SecurityBridge" - }, - { - "workbookKey": "PaloAltoPrismaCloudWorkbook", - "logoFileName": "paloalto_logo.svg", - "description": "Sets the time name for analysis.", - "dataTypesDependencies": [ - "PaloAltoPrismaCloudAlert_CL", - "PaloAltoPrismaCloudAudit_CL" - ], - "dataConnectorsDependencies": [ - "PaloAltoPrismaCloud" - ], - "previewImagesFileNames": [ - "PaloAltoPrismaCloudBlack01.png", - "PaloAltoPrismaCloudBlack02.png", - "PaloAltoPrismaCloudWhite01.png", - "PaloAltoPrismaCloudWhite02.png" - ], - "version": "1.0.0", - "title": "Palo Alto Prisma", - "templateRelativePath": "PaloAltoPrismaCloudOverview.json", - "subtitle": "", - "provider": "Microsoft" - }, - { - "workbookKey": "PingFederateWorkbook", - "logoFileName": "PingIdentity.svg", - "description": "Sets the time name for analysis", - "dataTypesDependencies": [ - "PingFederateEvent" - ], - "dataConnectorsDependencies": [ - "PingFederate" - ], - "previewImagesFileNames": [ - "PingFederateBlack1.png", - "PingFederateWhite1.png" - ], - "version": "1.0.0", - "title": "PingFederate", - "templateRelativePath": "PingFederate.json", - "subtitle": "", - "provider": "Microsoft" - }, - { - "workbookKey": "McAfeeePOWorkbook", - "logoFileName": "mcafee_logo.svg", - "description": "Sets the time name for analysis", - "dataTypesDependencies": [ - "McAfeeEPOEvent" - ], - "dataConnectorsDependencies": [ - "McAfeeePO" - ], - "previewImagesFileNames": [ - "McAfeeePOBlack1.png", - "McAfeeePOBlack2.png", - "McAfeeePOWhite1.png", - "McAfeeePOWhite2.png" - ], - "version": "1.0.0", - "title": "McAfee ePolicy Orchestrator", - "templateRelativePath": "McAfeeePOOverview.json", - "subtitle": "", - "provider": "Microsoft" - }, - { - "workbookKey": "OracleDatabaseAudit", - "logoFileName": "oracle_logo.svg", - "description": "Sets the time name for analysis", - "dataTypesDependencies": [ - "Syslog" - ], - "dataConnectorsDependencies": [ - "OracleDatabaseAudit" - ], - "previewImagesFileNames": [ - "OracleDatabaseAuditBlack1.png", - "OracleDatabaseAuditBlack2.png", - "OracleDatabaseAuditWhite1.png", - "OracleDatabaseAuditWhite2.png" - ], - "version": "1.0.0", - "title": "Oracle Database Audit", - "templateRelativePath": "OracleDatabaseAudit.json", - "subtitle": "", - "provider": "Oracle" - }, - { - "workbookKey": "SenservaProAnalyticsWorkbook", - "logoFileName": "SenservaPro_logo.svg", - "description": "Sets the time name for analysis", - "dataTypesDependencies": [ - "SenservaPro_CL" - ], - "dataConnectorsDependencies": [ - "SenservaPro" - ], - "previewImagesFileNames": [ - "SenservaProAnalyticsBlack.png", - "SenservaProAnalyticsWhite.png" - ], - "version": "1.0.0", - "title": "SenservaProAnalytics", - "templateRelativePath": "SenservaProAnalyticsWorkbook.json", - "subtitle": "", - "provider": "Senserva Pro" - }, - { - "workbookKey": "SenservaProMultipleWorkspaceWorkbook", - "logoFileName": "SenservaPro_logo.svg", - "description": "Sets the time name for analysis", - "dataTypesDependencies": [ - "SenservaPro_CL" - ], - "dataConnectorsDependencies": [ - "SenservaPro" - ], - "previewImagesFileNames": [ - "SenservaProMultipleWorkspaceWorkbookBlack.png", - "SenservaProMultipleWorkspaceWorkbookWhite.png" - ], - "version": "1.0.0", - "title": "SenservaProMultipleWorkspace", - "templateRelativePath": "SenservaProMultipleWorkspaceWorkbook.json", - "subtitle": "", - "provider": "Senserva Pro" - }, - { - "workbookKey": "SenservaProSecureScoreMultiTenantWorkbook", - "logoFileName": "SenservaPro_logo.svg", - "description": "Sets the time name for analysis", - "dataTypesDependencies": [ - "SenservaPro_CL" - ], - "dataConnectorsDependencies": [ - "SenservaPro" - ], - "previewImagesFileNames": [ - "SenservaProSecureScoreMultiTenantBlack.png", - "SenservaProSecureScoreMultiTenantWhite.png" - ], - "version": "1.0.0", - "title": "SenservaProSecureScoreMultiTenant", - "templateRelativePath": "SenservaProSecureScoreMultiTenantWorkbook.json", - "subtitle": "", - "provider": "Senserva Pro" - }, - { - "workbookKey": "CiscoSecureEndpointOverviewWorkbook", - "logoFileName": "cisco-logo-72px.svg", - "description": "Sets the time name for analysis", - "dataTypesDependencies": [ - "CiscoSecureEndpoint" - ], - "dataConnectorsDependencies": [ - "CiscoSecureEndpoint" - ], - "previewImagesFileNames": [ - "CiscoSecureEndpointBlack.png", - "CiscoSecureEndpointWhite.png" - ], - "version": "1.0.0", - "title": "Cisco Secure Endpoint", - "templateRelativePath": "Cisco Secure Endpoint Overview.json", - "subtitle": "", - "provider": "Cisco" - }, - { - "workbookKey": "InfoSecGlobalWorkbook", - "logoFileName": "infosecglobal.svg", - "description": "Sets the time name for analysis.", - "dataTypesDependencies": [ - "InfoSecAnalytics_CL" - ], - "dataConnectorsDependencies": [ - "InfoSecDataConnector" - ], - "previewImagesFileNames": [ - "InfoSecGlobalWorkbookBlack.png", - "InfoSecGlobalWorkbookWhite.png" - ], - "version": "1.0.0", - "title": "AgileSec Analytics Connector", - "templateRelativePath": "InfoSecGlobal.json", - "subtitle": "", - "provider": "InfoSecGlobal" - }, - { - "workbookKey": "CrowdStrikeFalconEndpointProtectionWorkbook", - "logoFileName": "crowdstrike.svg", - "description": "Sets the time name for analysis", - "dataTypesDependencies": [ - "CrowdstrikeReplicatorLogs_CL" - ], - "dataConnectorsDependencies": [ - "CrowdstrikeReplicator" - ], - "previewImagesFileNames": [ - "CrowdStrikeFalconEndpointProtectionBlack.png", - "CrowdStrikeFalconEndpointProtectionWhite.png" - ], - "version": "1.0.0", - "title": "CrowdStrike Falcon Endpoint Protection", - "templateRelativePath": "CrowdStrikeFalconEndpointProtection.json", - "subtitle": "", - "provider": "Microsoft" - }, - { - "workbookKey": "IronDefenseAlertDashboard", - "logoFileName": "IronNet.svg", - "description": "Sets the time name for analysis", - "dataTypesDependencies": [ - "CommonSecurityLog" - ], - "dataConnectorsDependencies": [ - "IronNetIronDefense" - ], - "previewImagesFileNames": [ - "IronDefenseDashboardBlack.png", - "IronDefenseDashboardWhit.png" - ], - "version": "1.0.0", - "title": "IronDefenseAlertDashboard", - "templateRelativePath": "IronDefenseAlertDashboard.json", - "subtitle": "", - "provider": "Microsoft" - }, - { - "workbookKey": "IronDefenseAlertDetails", - "logoFileName": "IronNet.svg", - "description": "Sets the time name for analysis", - "dataTypesDependencies": [ - "CommonSecurityLog" - ], - "dataConnectorsDependencies": [ - "IronNetIronDefense" - ], - "previewImagesFileNames": [ - "IronDefenseAlertsBlack.png", - "IronDefenseAlertsWhite.png" - ], - "version": "1.0.0", - "title": "IronDefenseAlertDetails", - "templateRelativePath": "IronDefenseAlertDetails.json", - "subtitle": "", - "provider": "Microsoft" - }, - { - "workbookKey": "CiscoSEGWorkbook", - "logoFileName": "cisco-logo-72px.svg", - "description": "Sets the time name for analysis", - "dataTypesDependencies": [ - "CommonSecurityLog" - ], - "dataConnectorsDependencies": [ - "CiscoSEG" - ], - "previewImagesFileNames": [ - "CiscoSEGBlack.png", - "CiscoSEGWhite.png" - ], - "version": "1.0.0", - "title": "Cisco Secure Email Gateway", - "templateRelativePath": "CiscoSEG.json", - "subtitle": "", - "provider": "Cisco" - }, - { - "workbookKey": "EatonForeseerHealthAndAccess", - "logoFileName": "Azure_Sentinel.svg", - "description": "This workbook gives an insight into the health of all the Windows VMs in this subscription running Eaton Foreseer and the unauthorized access into the Eaton Foreseer application running on these VMs.", - "dataTypesDependencies": [ - "SecurityEvent" - ], - "dataConnectorsDependencies": [], - "previewImagesFileNames": [ - "EatonForeseerHealthAndAccessBlack.png", - "EatonForeseerHealthAndAccessWhite.png" - ], - "version": "1.0.0", - "title": "EatonForeseerHealthAndAccess", - "templateRelativePath": "EatonForeseerHealthAndAccess.json", - "subtitle": "", - "provider": "Eaton" - }, - { - "workbookKey": "PCIDSSComplianceWorkbook", - "logoFileName": "Azure_Sentinel.svg", - "description": "Choose your subscription and workspace in which PCI assets are deployed", - "dataTypesDependencies": [ - "AzureDaignostics", - "SecurityEvent", - "SecurityAlert", - "OracleDatabaseAuditEvent", - "Syslog", - "Anomalies" - ], - "dataConnectorsDependencies": [], - "previewImagesFileNames": [ - "PCIDSSComplianceBlack01.PNG", - "PCIDSSComplianceBlack02.PNG", - "PCIDSSComplianceWhite01.PNG", - "PCIDSSComplianceWhite02.PNG" - ], - "version": "1.0.0", - "title": "PCI DSS Compliance", - "templateRelativePath": "PCIDSSCompliance.json", - "subtitle": "", - "provider": "Microsoft" - }, - { - "workbookKey": "SonraiSecurityWorkbook", - "logoFileName": "Sonrai.svg", - "description": "Sets the time name for analysis", - "dataTypesDependencies": [ - "Sonrai_Tickets_CL" - ], - "dataConnectorsDependencies": [ - "SonraiDataConnector" - ], - "previewImagesFileNames": [ - "SonraiWorkbookBlack.png", - "SonraiWorkbookWhite.png" - ], - "version": "1.0.0", - "title": "Sonrai", - "templateRelativePath": "Sonrai.json", - "subtitle": "", - "provider": "Sonrai" - }, - { - "workbookKey": "CloudflareWorkbook", - "logoFileName": "cloudflare.svg", - "description": "Sets the time name for analysis", - "dataTypesDependencies": [ - "Cloudflare_CL" - ], - "dataConnectorsDependencies": [ - "CloudflareDataConnector" - ], - "previewImagesFileNames": [ - "CloudflareOverviewBlack01.png", - "CloudflareOverviewBlack02.png", - "CloudflareOverviewWhite01.png", - "CloudflareOverviewWhite02.png" - ], - "version": "1.0.0", - "title": "Cloudflare", - "templateRelativePath": "Cloudflare.json", - "subtitle": "", - "provider": "Cloudflare" - }, - { - "workbookKey": "SemperisDSPWorkbook", - "logoFileName": "Semperis.svg", - "description": "Specify the time range on which to query the data", - "dataTypesDependencies": [ - "dsp_parser" - ], - "dataConnectorsDependencies": [ - "SemperisDSP" - ], - "previewImagesFileNames": [ - "SemperisDSPOverview1Black.png", - "SemperisDSPOverview1White.png", - "SemperisDSPOverview2Black.png", - "SemperisDSPOverview2White.png", - "SemperisDSPOverview3Black.png", - "SemperisDSPOverview3White.png" - ], - "version": "1.0.0", - "title": "Semperis Directory Services Protector", - "templateRelativePath": "SemperisDSPWorkbook.json", - "subtitle": "", - "provider": "Semperis" - }, - { - "workbookKey": "BoxWorkbook", - "logoFileName": "box.svg", - "description": "Sets the time name for analysis", - "dataTypesDependencies": [ - "BoxEvents_CL" - ], - "dataConnectorsDependencies": [ - "BoxDataConnector" - ], - "previewImagesFileNames": [ - "BoxBlack1.png", - "BoxWhite1.png", - "BoxBlack2.png", - "BoxWhite2.png" - ], - "version": "1.0.0", - "title": "Box", - "templateRelativePath": "Box.json", - "subtitle": "", - "provider": "Box" - }, - { - "workbookKey": "SymantecEndpointProtection", - "logoFileName": "symantec_logo.svg", - "description": "Sets the time name for analysis", - "dataTypesDependencies": [ - "SymantecEndpointProtection" - ], - "dataConnectorsDependencies": [ - "SymantecEndpointProtection" - ], - "previewImagesFileNames": [ - "SymantecEndpointProtectionBlack.png", - "SymantecEndpointProtectionWhite.png" - ], - "version": "1.0.0", - "title": "Symantec Endpoint Protection", - "templateRelativePath": "SymantecEndpointProtection.json", - "subtitle": "", - "provider": "Symantec" - }, - { - "workbookKey": "DynamicThreatModeling&Response", - "logoFileName": "", - "description": "Sets the time name for analysis", - "dataTypesDependencies": [ - "SecurityAlert" - ], - "dataConnectorsDependencies": [], - "previewImagesFileNames": [ - "ThreatAnalysis&ResponseWhite1.png", - "ThreatAnalysis&ResponseWhite2.png" - ], - "version": "1.0.0", - "title": "Dynamic Threat Modeling Response", - "templateRelativePath": "DynamicThreatModeling&Response.json", - "subtitle": "", - "provider": "Microsoft" - }, - { - "workbookKey": "ThreatAnalysis&Response", - "logoFileName": "", - "description": "The Defenders for IoT workbook provide guided investigations for OT entities based on open incidents, alert notifications, and activities for OT assets. They also provide a hunting experience across the MITRE ATT&CK® framework for ICS, and are designed to enable analysts, security engineers, and MSSPs to gain situational awareness of OT security posture.", - "dataTypesDependencies": [ - "SecurityAlert" - ], - "dataConnectorsDependencies": [], - "previewImagesFileNames": [ - "ThreatAnalysis&ResponseWhite.png" - ], - "version": "1.0.1", - "title": "Threat Analysis Response", - "templateRelativePath": "ThreatAnalysis&Response.json", - "subtitle": "", - "provider": "Microsoft" - }, - { - "workbookKey": "TrendMicroCAS", - "logoFileName": "Trend_Micro_Logo.svg", - "description": "Sets the time name for analysis", - "dataTypesDependencies": [ - "TrendMicroCAS_CL" - ], - "dataConnectorsDependencies": [ - "TrendMicroCAS" - ], - "previewImagesFileNames": [ - "TrendMicroCASBlack.png", - "TrendMicroCASWhite.png" - ], - "version": "1.0.0", - "title": "TrendMicroCAS", - "templateRelativePath": "TrendMicroCAS.json", - "subtitle": "", - "provider": "TrendMicro" - }, - { - "workbookKey": "GitHubSecurityWorkbook", - "logoFileName": "GitHub.svg", - "description": "Gain insights to GitHub activities that may be interesting for security.", - "dataTypesDependencies": [ - "GitHubAuditLogPolling_CL" - ], - "dataConnectorsDependencies": [ - "GitHubEcAuditLogPolling" - ], - "previewImagesFileNames": [], - "version": "1.0.0", - "title": "GithubWorkbook", - "templateRelativePath": "GitHubWorkbook.json", - "subtitle": "", - "provider": "Microsoft" - }, - { - "workbookKey": "GCPDNSWorkbook", - "logoFileName": "google_logo.svg", - "description": "Sets the time name for analysis", - "dataTypesDependencies": [ - "GCPCloudDNS" - ], - "dataConnectorsDependencies": [ - "GCPDNSDataConnector" - ], - "previewImagesFileNames": [ - "GCPDNSBlack.png", - "GCPDNSWhite.png" - ], - "version": "1.0.0", - "title": "Google Cloud Platform DNS", - "templateRelativePath": "GCPDNS.json", - "subtitle": "", - "provider": "Microsoft" - }, - { - "workbookKey": "AtlassianJiraAuditWorkbook", - "logoFileName": "", - "description": "Sets the time name for analysis", - "dataTypesDependencies": [ - "AtlassianJiraNativePoller_CL" - ], - "dataConnectorsDependencies": [ - "AtlassianJira" - ], - "previewImagesFileNames": [ - "AtlassianJiraAuditWhite.png", - "AtlassianJiraAuditBlack.png" - ], - "version": "1.0.0", - "title": "AtlassianJiraAudit", - "templateRelativePath": "AtlassianJiraAudit.json", - "subtitle": "", - "provider": "Atlassian" - }, - { - "workbookKey": "DigitalGuardianWorkbook", - "logoFileName": "Azure_Sentinel.svg", - "description": "Sets the time name for analysis", - "dataTypesDependencies": [ - "DigitalGuardianDLPEvent" - ], - "dataConnectorsDependencies": [ - "DigitalGuardianDLP" - ], - "previewImagesFileNames": [ - "DigitalGuardianBlack.png", - "DigitalGuardianWhite.png" - ], - "version": "1.0.0", - "title": "DigitalGuardianDLP", - "templateRelativePath": "DigitalGuardian.json", - "subtitle": "", - "provider": "Digital Guardian" - }, - { - "workbookKey": "CiscoDuoWorkbook", - "logoFileName": "cisco-logo-72px.svg", - "description": "Sets the time name for analysis", - "dataTypesDependencies": [ - "CiscoDuo_CL" - ], - "dataConnectorsDependencies": [ - "CiscoDuoSecurity" - ], - "previewImagesFileNames": [ - "CiscoDuoWhite.png", - "CiscoDuoBlack.png" - ], - "version": "1.0.0", - "title": "CiscoDuoSecurity", - "templateRelativePath": "CiscoDuo.json", - "subtitle": "", - "provider": "Cisco" - }, - { - "workbookKey": "SlackAudit", - "logoFileName": "slacklogo.svg", - "description": "Sets the time name for analysis", - "dataTypesDependencies": [ - "SlackAudit_CL" - ], - "dataConnectorsDependencies": [ - "SlackAuditAPI" - ], - "previewImagesFileNames": [ - "SlackAuditApplicationActivityBlack1.png", - "SlackAuditApplicationActivityWhite1.png" - ], - "version": "1.0.0", - "title": "SlackAudit", - "templateRelativePath": "SlackAudit.json", - "subtitle": "", - "provider": "Slack" - }, - { - "workbookKey": "CiscoWSAWorkbook", - "logoFileName": "cisco-logo-72px.svg", - "description": "Sets the time name for analysis", - "dataTypesDependencies": [ - "Syslog" - ], - "dataConnectorsDependencies": [ - "CiscoWSA" - ], - "previewImagesFileNames": [ - "CiscoWSAWhite.png", - "CiscoWSABlack.png" - ], - "version": "1.0.0", - "title": "CiscoWSA", - "templateRelativePath": "CiscoWSA.json", - "subtitle": "", - "provider": "Cisco" - }, - { - "workbookKey": "GCP-IAM-Workbook", - "logoFileName": "google_logo.svg", - "description": "Sets the time name for analysis", - "dataTypesDependencies": [ - "GCP_IAM_CL" - ], - "dataConnectorsDependencies": [ - "GCPIAMDataConnector" - ], - "previewImagesFileNames": [ - "GCPIAMBlack01.png", - "GCPIAMBlack02.png", - "GCPIAMWhite01.png", - "GCPIAMWhite02.png" - ], - "version": "1.0.0", - "title": "Google Cloud Platform IAM", - "templateRelativePath": "GCP_IAM.json", - "subtitle": "", - "provider": "Google" - }, - { - "workbookKey": "ImpervaWAFCloudWorkbook", - "logoFileName": "Imperva_DarkGrey_final_75x75.svg", - "description": "Sets the time name for analysis.", - "dataTypesDependencies": [ - "ImpervaWAFCloud_CL" - ], - "dataConnectorsDependencies": [ - "ImpervaWAFCloudAPI" - ], - "previewImagesFileNames": [ - "ImpervaWAFCloudBlack01.png", - "ImpervaWAFCloudBlack02.png", - "ImpervaWAFCloudWhite01.png", - "ImpervaWAFCloudWhite02.png" - ], - "version": "1.0.0", - "title": "Imperva WAF Cloud Overview", - "templateRelativePath": "Imperva WAF Cloud Overview.json", - "subtitle": "", - "provider": "Microsoft" - }, - { - "workbookKey": "ZscalerZPAWorkbook", - "logoFileName": "ZscalerLogo.svg", - "description": "Select the time range for this Overview.", - "dataTypesDependencies": [ - "ZPA_CL" - ], - "dataConnectorsDependencies": [ - "ZscalerPrivateAccess" - ], - "previewImagesFileNames": [ - "ZscalerZPABlack.png", - "ZscalerZPAWhite.png" - ], - "version": "1.0.0", - "title": "Zscaler Private Access (ZPA)", - "templateRelativePath": "ZscalerZPA.json", - "subtitle": "", - "provider": "Zscaler" - }, - { - "workbookKey": "GoogleWorkspaceWorkbook", - "logoFileName": "google_logo.svg", - "description": "Sets the time name for analysis", - "dataTypesDependencies": [ - "GWorkspace_ReportsAPI_admin_CL", - "GWorkspace_ReportsAPI_calendar_CL", - "GWorkspace_ReportsAPI_drive_CL", - "GWorkspace_ReportsAPI_login_CL", - "GWorkspace_ReportsAPI_login_CL", - "GWorkspace_ReportsAPI_mobile_CL" - ], - "dataConnectorsDependencies": [ - "GoogleWorkspaceReportsAPI" - ], - "previewImagesFileNames": [ - "GoogleWorkspaceBlack.png", - "GoogleWorkspaceWhite.png" - ], - "version": "1.0.0", - "title": "GoogleWorkspaceReports", - "templateRelativePath": "GoogleWorkspace.json", - "subtitle": "", - "provider": "Microsoft" - }, - { - "workbookKey": "NCProtectWorkbook", - "logoFileName": "NCProtectIcon.svg", - "description": "Sets the time name for analysis", - "dataTypesDependencies": [ - "NCProtectUAL_CL" - ], - "dataConnectorsDependencies": [ - "NucleusCyberNCProtect" - ], - "previewImagesFileNames": [ - "", - "" - ], - "version": "1.0.0", - "title": "NucleusCyberProtect", - "templateRelativePath": "NucleusCyber_NCProtect_Workbook.json", - "subtitle": "", - "provider": "archTIS" - }, - { - "workbookKey": "CiscoISEWorkbook", - "logoFileName": "cisco-logo-72px.svg", - "description": "Sets the time name for analysis", - "dataTypesDependencies": [ - "Syslog" - ], - "dataConnectorsDependencies": [ - "CiscoISE" - ], - "previewImagesFileNames": [], - "version": "1.0.0", - "title": "Cisco ISE", - "templateRelativePath": "CiscoISE.json", - "subtitle": "", - "provider": "Cisco" - }, - { - "workbookKey": "IoTOTThreatMonitoringwithDefenderforIoTWorkbook", - "logoFileName": "", - "description": "The OT Threat Monitoring with Defender for IoT Workbook features OT filtering for Security Alerts, Incidents, Vulnerabilities and Asset Inventory. The workbook features a dynamic assessment of the MITRE ATT&CK for ICS matrix across your environment to analyze and respond to OT-based threats. This workbook is designed to enable SecOps Analysts, Security Engineers, and MSSPs to gain situational awareness for IT/OT security posture.", - "dataTypesDependencies": [ - "SecurityAlert", - "SecurityIncident" - ], - "dataConnectorsDependencies": [], - "previewImagesFileNames": [], - "version": "1.0.0", - "title": "Microsoft Defender for IoT", - "templateRelativePath": "IoTOTThreatMonitoringwithDefenderforIoT.json", - "subtitle": "", - "provider": "Microsoft" - }, - { - "workbookKey": "ZeroTrust(TIC3.0)Workbook", - "logoFileName": "Azure_Sentinel.svg", - "description": "Sets the time name for analysis", - "dataTypesDependencies": [ - "SecurityRecommendation" - ], - "dataConnectorsDependencies": [], - "previewImagesFileNames": [ - "ZeroTrust(TIC3.0)Black1.PNG", - "ZeroTrust(TIC3.0)White1.PNG" - ], - "version": "1.0.0", - "title": "ZeroTrust(TIC3.0)", - "templateRelativePath": "ZeroTrustTIC3.json", - "subtitle": "", - "provider": "Microsoft" - }, - { - "workbookKey": "InsiderRiskManagementWorkbook", - "logoFileName": "Azure_Sentinel.svg", - "description": "The Microsoft Insider Risk Management Workbook integrates telemetry from 25+ Microsoft security products to provide actionable insights into insider risk management. Reporting tools provide \u201cGo to Alert\u201d links to provide deeper integration between products and a simplified user experience for exploring alerts. ", - "dataTypesDependencies": [ - "SigninLogsSigninLogs", - "AuditLogs", - "AzureActivity", - "OfficeActivity", - "InformationProtectionLogs_CL", - "SecurityIncident" - ], - "dataConnectorsDependencies": [], - "previewImagesFileNames": [ - "InsiderRiskManagementBlack1.png" - ], - "version": "1.0.0", - "title": "Insider Risk Management", - "templateRelativePath": "InsiderRiskManagement.json", - "subtitle": "", - "provider": "Microsoft" - }, - { - "workbookKey": "CybersecurityMaturityModelCertification(CMMC)2.0Workbook", - "logoFileName": "", - "description": "Sets the time name for analysis.", - "dataTypesDependencies": [ - "InformationProtectionLogs_CL", - "AuditLogs", - "SecurityIncident", - "SigninLogs", - "AzureActivity" - ], - "dataConnectorsDependencies": [], - "previewImagesFileNames": [], - "version": "1.0.0", - "title": "CybersecurityMaturityModelCertification(CMMC)2.0", - "templateRelativePath": "CybersecurityMaturityModelCertification_CMMCV2.json", - "subtitle": "", - "provider": "Microsoft" - }, - { - "workbookKey": "NISTSP80053Workbook", - "logoFileName": "", - "description": "Sets the time name for analysis.", - "dataTypesDependencies": [ - "SigninLogs", - "AuditLogs", - "AzureActivity", - "OfficeActivity", - "SecurityEvents", - "CommonSecurityLog", - "SecurityIncident", - "SecurityRecommendation" - ], - "dataConnectorsDependencies": [ - "SecurityEvents" - ], - "previewImagesFileNames": [], - "version": "1.0.0", - "title": "NISTSP80053workbook", - "templateRelativePath": "NISTSP80053.json", - "subtitle": "", - "provider": "Microsoft" - }, - { - "workbookKey": "DarktraceWorkbook", - "logoFileName": "Darktrace.svg", - "description": "The Darktrace Workbook visualises Model Breach and AI Analyst data received by the Darktrace Data Connector and visualises events across the network, SaaS, IaaS and Email.", - "dataTypesDependencies": [ - "darktrace_model_alerts_CL" - ], - "dataConnectorsDependencies": [ - "DarktraceRESTConnector" - ], - "previewImagesFileNames": [ - "DarktraceWorkbookBlack01.png", - "DarktraceWorkbookBlack02.png", - "DarktraceWorkbookWhite01.png", - "DarktraceWorkbookWhite02.png" - ], - "version": "1.0.1", - "title": "Darktrace", - "templateRelativePath": "DarktraceWorkbook.json", - "subtitle": "", - "provider": "Darktrace" - }, - { - "workbookKey": "RecordedFutureDomainC2DNSWorkbook", - "logoFileName": "RecordedFuture.svg", - "description": "Sets the time name for DNS Events and Threat Intelligence Time Range", - "dataTypesDependencies": [ - "ThreatIntelligenceIndicator" - ], - "dataConnectorsDependencies": [], - "previewImagesFileNames": [], - "version": "1.0.0", - "title": "Recorded Future - C&C DNS Name to DNS Events - Correlation&Threat Hunting", - "templateRelativePath": "Recorded Future - C&C DNS Name to DNS Events - Correlation&Threat Hunting.json", - "subtitle": "", - "provider": "Recorded Future" - }, - { - "workbookKey": "RecordedFutureIPActiveC2Workbook", - "logoFileName": "RecordedFuture.svg", - "description": "Sets the time name for DNS Events and Threat Intelligence Time Range", - "dataTypesDependencies": [ - "ThreatIntelligenceIndicator" - ], - "dataConnectorsDependencies": [], - "previewImagesFileNames": [], - "version": "1.0.0", - "title": "Recorded Future - Actively Communicating C&C IPs to DNS Events - Correlation&Threat Hunting", - "templateRelativePath": "Recorded Future - Actively Communicating C&C IPs to DNS Events - Correlation&Threat Hunting.json", - "subtitle": "", - "provider": "Recorded Future" - }, - { - "workbookKey": "MaturityModelForEventLogManagement_M2131", - "logoFileName": "contrastsecurity_logo.svg", - "description": "Select the time range for this Overview.", - "dataTypesDependencies": [], - "dataConnectorsDependencies": [], - "previewImagesFileNames": [ - "MaturityModelForEventLogManagement_M2131Black.png" - ], - "version": "1.0.0", - "title": "MaturityModelForEventLogManagementM2131", - "templateRelativePath": "MaturityModelForEventLogManagement_M2131.json", - "subtitle": "", - "provider": "Microsoft" - }, - { - "workbookKey": "AzureSQLSecurityWorkbook", - "logoFileName": "AzureSQL.svg", - "description": "Sets the time window in days to search around the alert", - "dataTypesDependencies": [ - "AzureDiagnostics", - "SecurityAlert", - "SecurityIncident" - ], - "dataConnectorsDependencies": [ - "AzureSql" - ], - "previewImagesFileNames": [], - "version": "1.0.0", - "title": "Azure SQL Database Workbook", - "templateRelativePath": "Workbook-AzureSQLSecurity.json", - "subtitle": "", - "provider": "Microsoft" - }, - { - "workbookKey": "ContinuousDiagnostics&Mitigation", - "logoFileName": "", - "description": "Select the time range for this Overview.", - "dataTypesDependencies": [], - "dataConnectorsDependencies": [], - "previewImagesFileNames": [ - "ContinuousDiagnostics&MitigationBlack.png" - ], - "version": "1.0.0", - "title": "ContinuousDiagnostics&Mitigation", - "templateRelativePath": "ContinuousDiagnostics&Mitigation.json", - "subtitle": "", - "provider": "Microsoft" - }, - { - "workbookKey": "UserWorkbook-alexdemichieli-github-update-1", - "logoFileName": "GitHub.svg", - "description": "Repository selector.", - "dataTypesDependencies": [ - "githubscanaudit_CL" - ], - "dataConnectorsDependencies": [ - "GitHubWebhook" - ], - "previewImagesFileNames": [], - "version": "1.0.0", - "title": "GithubWorkbook-update-to-workbook-1", - "templateRelativePath": "update-to-workbook-1.json", - "subtitle": "", - "provider": "Microsoft" + "workbookKey": "ForcepointNGFWAdvanced", + "logoFileName": "FPAdvLogo.svg", + "description": "Gain threat intelligence correlated security and application insights on Forcepoint NGFW (Next Generation Firewall). Monitor Forcepoint logging servers health.", + "dataTypesDependencies": [ + "CommonSecurityLog", + "ThreatIntelligenceIndicator" + ], + "dataConnectorsDependencies": [ + "ForcepointNgfw", + "ThreatIntelligence" + ], + "previewImagesFileNames": [ + "ForcepointNGFWAdvancedWhite.png", + "ForcepointNGFWAdvancedBlack.png" + ], + "version": "1.0.0", + "title": "Forcepoint Next Generation Firewall (NGFW) Advanced Workbook", + "templateRelativePath": "ForcepointNGFWAdvanced.json", + "subtitle": "", + "provider": "Forcepoint" + }, + { + "workbookKey": "AzureActivityWorkbook", + "logoFileName": "azureactivity_logo.svg", + "description": "Gain extensive insight into your organization's Azure Activity by analyzing, and correlating all user operations and events.\nYou can learn about all user operations, trends, and anomalous changes over time.\nThis workbook gives you the ability to drill down into caller activities and summarize detected failure and warning events.", + "dataTypesDependencies": [ + "AzureActivity" + ], + "dataConnectorsDependencies": [ + "AzureActivity" + ], + "previewImagesFileNames": [ + "AzureActivityWhite1.png", + "AzureActivityBlack1.png" + ], + "version": "2.0.0", + "title": "Azure Activity", + "templateRelativePath": "AzureActivity.json", + "subtitle": "", + "provider": "Microsoft" + }, + { + "workbookKey": "IdentityAndAccessWorkbook", + "logoFileName": "Microsoft_logo.svg", + "description": "Gain insights into Identity and access operations by collecting and analyzing security logs, using the audit and sign-in logs to gather insights into use of Microsoft products.\nYou can view anomalies and trends across login events from all users and machines. This workbook also identifies suspicious entities from login and access events.", + "dataTypesDependencies": [ + "SecurityEvent" + ], + "dataConnectorsDependencies": [ + "SecurityEvents", + "WindowsSecurityEvents" + ], + "previewImagesFileNames": [ + "IdentityAndAccessWhite.png", + "IdentityAndAccessBlack.png" + ], + "version": "1.1.0", + "title": "Identity & Access", + "templateRelativePath": "IdentityAndAccess.json", + "subtitle": "", + "provider": "Microsoft" + }, + { + "workbookKey": "CheckPointWorkbook", + "logoFileName": "checkpoint_logo.svg", + "description": "Gain insights into Check Point network activities, including number of gateways and servers, security incidents, and identify infected hosts.", + "dataTypesDependencies": [ + "CommonSecurityLog" + ], + "dataConnectorsDependencies": [ + "CheckPoint" + ], + "previewImagesFileNames": [ + "CheckPointWhite.png", + "CheckPointBlack.png" + ], + "version": "1.0.0", + "title": "Check Point Software Technologies", + "templateRelativePath": "CheckPoint.json", + "subtitle": "", + "provider": "Check Point" + }, + { + "workbookKey": "CiscoWorkbook", + "logoFileName": "cisco_logo.svg", + "description": "Gain insights into your Cisco ASA firewalls by analyzing traffic, events, and firewall operations.\nThis workbook analyzes Cisco ASA threat events and identifies suspicious ports, users, protocols and IP addresses.\nYou can learn about trends across user and data traffic directions, and drill down into the Cisco filter results.\nEasily detect attacks on your organization by monitoring management operations, such as configuration and logins.", + "dataTypesDependencies": [ + "CommonSecurityLog" + ], + "dataConnectorsDependencies": [ + "CiscoASA" + ], + "previewImagesFileNames": [ + "CiscoWhite.png", + "CiscoBlack.png" + ], + "version": "1.1.0", + "title": "Cisco - ASA", + "templateRelativePath": "Cisco.json", + "subtitle": "", + "provider": "Microsoft" + }, + { + "workbookKey": "ExchangeOnlineWorkbook", + "logoFileName": "office365_logo.svg", + "description": "Gain insights into Microsoft Exchange online by tracing and analyzing all Exchange operations and user activities.\nThis workbook let you monitor user activities, including logins, account operations, permission changes, and mailbox creations to discover suspicious trends among them.", + "dataTypesDependencies": [ + "OfficeActivity" + ], + "dataConnectorsDependencies": [ + "Office365" + ], + "previewImagesFileNames": [ + "ExchangeOnlineWhite.png", + "ExchangeOnlineBlack.png" + ], + "version": "2.0.0", + "title": "Exchange Online", + "templateRelativePath": "ExchangeOnline.json", + "subtitle": "", + "provider": "Microsoft" + }, + { + "workbookKey": "PaloAltoOverviewWorkbook", + "logoFileName": "paloalto_logo.svg", + "description": "Gain insights and comprehensive monitoring into Palo Alto firewalls by analyzing traffic and activities.\nThis workbook correlates all Palo Alto data with threat events to identify suspicious entities and relationships.\nYou can learn about trends across user and data traffic, and drill down into Palo Alto Wildfire and filter results.", + "dataTypesDependencies": [ + "CommonSecurityLog" + ], + "dataConnectorsDependencies": [ + "PaloAltoNetworks" + ], + "previewImagesFileNames": [ + "PaloAltoOverviewWhite1.png", + "PaloAltoOverviewBlack1.png", + "PaloAltoOverviewWhite2.png", + "PaloAltoOverviewBlack2.png", + "PaloAltoOverviewWhite3.png", + "PaloAltoOverviewBlack3.png" + ], + "version": "1.2.0", + "title": "Palo Alto overview", + "templateRelativePath": "PaloAltoOverview.json", + "subtitle": "", + "provider": "Microsoft" + }, + { + "workbookKey": "PaloAltoNetworkThreatWorkbook", + "logoFileName": "paloalto_logo.svg", + "description": "Gain insights into Palo Alto network activities by analyzing threat events.\nYou can extract meaningful security information by correlating data between threats, applications, and time.\nThis workbook makes it easy to track malware, vulnerability, and virus log events.", + "dataTypesDependencies": [ + "CommonSecurityLog" + ], + "dataConnectorsDependencies": [ + "PaloAltoNetworks" + ], + "previewImagesFileNames": [ + "PaloAltoNetworkThreatWhite1.png", + "PaloAltoNetworkThreatBlack1.png", + "PaloAltoNetworkThreatWhite2.png", + "PaloAltoNetworkThreatBlack2.png" + ], + "version": "1.1.0", + "title": "Palo Alto Network Threat", + "templateRelativePath": "PaloAltoNetworkThreat.json", + "subtitle": "", + "provider": "Palo Alto Networks" + }, + { + "workbookKey": "EsetSMCWorkbook", + "logoFileName": "eset-logo.svg", + "description": "Visualize events and threats from Eset Security Management Center.", + "dataTypesDependencies": [ + "eset_CL" + ], + "dataConnectorsDependencies": [ + "EsetSMC" + ], + "previewImagesFileNames": [ + "esetSMCWorkbook-black.png", + "esetSMCWorkbook-white.png" + ], + "version": "1.0.0", + "title": "Eset Security Management Center Overview", + "templateRelativePath": "esetSMCWorkbook.json", + "subtitle": "", + "provider": "Community" + }, + { + "workbookKey": "FortigateWorkbook", + "logoFileName": "fortinet_logo.svg", + "description": "Gain insights into Fortigate firewalls by analyzing traffic and activities.\nThis workbook finds correlations in Fortigate threat events and identifies suspicious ports, users, protocols and IP addresses.\nYou can learn about trends across user and data traffic, and drill down into the Fortigate filter results.\nEasily detect attacks on your organization by monitoring management operations such as configuration and logins.", + "dataTypesDependencies": [ + "CommonSecurityLog" + ], + "dataConnectorsDependencies": [ + "Fortinet" + ], + "previewImagesFileNames": [ + "FortigateWhite.png", + "FortigateBlack.png" + ], + "version": "1.1.0", + "title": "FortiGate", + "templateRelativePath": "Fortigate.json", + "subtitle": "", + "provider": "Microsoft" + }, + { + "workbookKey": "DnsWorkbook", + "logoFileName": "dns_logo.svg", + "description": "Gain extensive insight into your organization's DNS by analyzing, collecting and correlating all DNS events.\nThis workbook exposes a variety of information about suspicious queries, malicious IP addresses and domain operations.", + "dataTypesDependencies": [ + "DnsInventory", + "DnsEvents" + ], + "dataConnectorsDependencies": [ + "DNS" + ], + "previewImagesFileNames": [ + "DnsWhite.png", + "DnsBlack.png" + ], + "version": "1.3.0", + "title": "DNS", + "templateRelativePath": "Dns.json", + "subtitle": "", + "provider": "Microsoft" + }, + { + "workbookKey": "Office365Workbook", + "logoFileName": "office365_logo.svg", + "description": "Gain insights into Office 365 by tracing and analyzing all operations and activities. You can drill down into your SharePoint, OneDrive, and Exchange.\nThis workbook lets you find usage trends across users, files, folders, and mailboxes, making it easier to identify anomalies in your network.", + "dataTypesDependencies": [ + "OfficeActivity" + ], + "dataConnectorsDependencies": [ + "Office365" + ], + "previewImagesFileNames": [ + "Office365White1.png", + "Office365Black1.png", + "Office365White2.png", + "Office365Black2.png", + "Office365White3.png", + "Office365Black3.png" + ], + "version": "2.0.1", + "title": "Office 365", + "templateRelativePath": "Office365.json", + "subtitle": "", + "provider": "Microsoft" + }, + { + "workbookKey": "SharePointAndOneDriveWorkbook", + "logoFileName": "office365_logo.svg", + "description": "Gain insights into SharePoint and OneDrive by tracing and analyzing all operations and activities.\nYou can view trends across user operation, find correlations between users and files, and identify interesting information such as user IP addresses.", + "dataTypesDependencies": [ + "OfficeActivity" + ], + "dataConnectorsDependencies": [ + "Office365" + ], + "previewImagesFileNames": [ + "SharePointAndOneDriveBlack1.png", + "SharePointAndOneDriveBlack2.png", + "SharePointAndOneDriveWhite1.png", + "SharePointAndOneDriveWhite2.png" + ], + "version": "2.0.0", + "title": "SharePoint & OneDrive", + "templateRelativePath": "SharePointAndOneDrive.json", + "subtitle": "", + "provider": "Microsoft" + }, + { + "workbookKey": "AzureActiveDirectorySigninLogsWorkbook", + "logoFileName": "azureactivedirectory_logo.svg", + "description": "Gain insights into Azure Active Directory by connecting Microsoft Sentinel and using the sign-in logs to gather insights around Azure AD scenarios. \nYou can learn about sign-in operations, such as user sign-ins and locations, email addresses, and IP addresses of your users, as well as failed activities and the errors that triggered the failures.", + "dataTypesDependencies": [ + "SigninLogs" + ], + "dataConnectorsDependencies": [ + "AzureActiveDirectory" + ], + "previewImagesFileNames": [ + "AADsigninBlack1.png", + "AADsigninBlack2.png", + "AADsigninWhite1.png", + "AADsigninWhite2.png" + ], + "version": "2.4.0", + "title": "Azure AD Sign-in logs", + "templateRelativePath": "AzureActiveDirectorySignins.json", + "subtitle": "", + "provider": "Microsoft" + }, + { + "workbookKey": "VirtualMachinesInsightsWorkbook", + "logoFileName": "azurevirtualmachine_logo.svg", + "description": "Gain rich insight into your organization's virtual machines from Azure Monitor, which analyzes and correlates data in your VM network. \nYou will get visibility on your VM parameters and behavior, and will be able to trace sent and received data. \nIdentify malicious attackers and their targets, and drill down into the protocols, source and destination IP addresses, countries, and ports the attacks occur across.", + "dataTypesDependencies": [ + "VMConnection", + "ServiceMapComputer_CL", + "ServiceMapProcess_CL" + ], + "dataConnectorsDependencies": [], + "previewImagesFileNames": [ + "VMInsightBlack1.png", + "VMInsightWhite1.png" + ], + "version": "1.3.0", + "title": "VM insights", + "templateRelativePath": "VirtualMachinesInsights.json", + "subtitle": "", + "provider": "Microsoft" + }, + { + "workbookKey": "AzureActiveDirectoryAuditLogsWorkbook", + "logoFileName": "azureactivedirectory_logo.svg", + "description": "Gain insights into Azure Active Directory by connecting Microsoft Sentinel and using the audit logs to gather insights around Azure AD scenarios. \nYou can learn about user operations, including password and group management, device activities, and top active users and apps.", + "dataTypesDependencies": [ + "AuditLogs" + ], + "dataConnectorsDependencies": [ + "AzureActiveDirectory" + ], + "previewImagesFileNames": [ + "AzureADAuditLogsBlack1.png", + "AzureADAuditLogsWhite1.png" + ], + "version": "1.2.0", + "title": "Azure AD Audit logs", + "templateRelativePath": "AzureActiveDirectoryAuditLogs.json", + "subtitle": "", + "provider": "Microsoft" + }, + { + "workbookKey": "ThreatIntelligenceWorkbook", + "logoFileName": "", + "description": "Gain insights into threat indicators ingestion and search for indicators at scale across Microsoft 1st Party, 3rd Party, On-Premises, Hybrid, and Multi-Cloud Workloads. Indicators Search facilitates a simple interface for finding IP, File, Hash, Sender and more across your data. Seamless pivots to correlate indicators with Microsoft Sentinel: Incidents to make your threat intelligence actionable.", + "dataTypesDependencies": [ + "ThreatIntelligenceIndicator", + "SecurityIncident" + ], + "dataConnectorsDependencies": [ + "ThreatIntelligence", + "ThreatIntelligenceTaxii" + ], + "previewImagesFileNames": [ + "ThreatIntelligenceWhite.png", + "ThreatIntelligenceBlack.png" + ], + "version": "5.0.0", + "title": "Threat Intelligence", + "templateRelativePath": "ThreatIntelligence.json", + "subtitle": "", + "provider": "Microsoft" + }, + { + "workbookKey": "WebApplicationFirewallOverviewWorkbook", + "logoFileName": "waf_logo.svg", + "description": "Gain insights into your organization's Azure web application firewall (WAF). You will get a general overview of your application gateway firewall and application gateway access events.", + "dataTypesDependencies": [ + "AzureDiagnostics" + ], + "dataConnectorsDependencies": [ + "WAF" + ], + "previewImagesFileNames": [ + "WAFOverviewBlack.png", + "WAFOverviewWhite.png" + ], + "version": "1.1.0", + "title": "Microsoft Web Application Firewall (WAF) - overview", + "templateRelativePath": "WebApplicationFirewallOverview.json", + "subtitle": "", + "provider": "Microsoft" + }, + { + "workbookKey": "WebApplicationFirewallFirewallEventsWorkbook", + "logoFileName": "waf_logo.svg", + "description": "Gain insights into your organization's Azure web application firewall (WAF). You will get visibility in to your application gateway firewall. You can view anomalies and trends across all firewall event triggers, attack events, blocked URL addresses and more.", + "dataTypesDependencies": [ + "AzureDiagnostics" + ], + "dataConnectorsDependencies": [ + "WAF" + ], + "previewImagesFileNames": [ + "WAFFirewallEventsBlack1.png", + "WAFFirewallEventsBlack2.png", + "WAFFirewallEventsWhite1.png", + "WAFFirewallEventsWhite2.png" + ], + "version": "1.1.0", + "title": "Microsoft Web Application Firewall (WAF) - firewall events", + "templateRelativePath": "WebApplicationFirewallFirewallEvents.json", + "subtitle": "", + "provider": "Microsoft" + }, + { + "workbookKey": "WebApplicationFirewallGatewayAccessEventsWorkbook", + "logoFileName": "waf_logo.svg", + "description": "Gain insights into your organization's Azure web application firewall (WAF). You will get visibility in to your application gateway access events. You can view anomalies and trends across received and sent data, client IP addresses, URL addresses and more, and drill down into details.", + "dataTypesDependencies": [ + "AzureDiagnostics" + ], + "dataConnectorsDependencies": [ + "WAF" + ], + "previewImagesFileNames": [ + "WAFGatewayAccessEventsBlack1.png", + "WAFGatewayAccessEventsBlack2.png", + "WAFGatewayAccessEventsWhite1.png", + "WAFGatewayAccessEventsWhite2.png" + ], + "version": "1.2.0", + "title": "Microsoft Web Application Firewall (WAF) - gateway access events", + "templateRelativePath": "WebApplicationFirewallGatewayAccessEvents.json", + "subtitle": "", + "provider": "Microsoft" + }, + { + "workbookKey": "LinuxMachinesWorkbook", + "logoFileName": "azurevirtualmachine_logo.svg", + "description": "Gain insights into your workspaces' Linux machines by connecting Microsoft Sentinel and using the logs to gather insights around Linux events and errors.", + "dataTypesDependencies": [ + "Syslog" + ], + "dataConnectorsDependencies": [ + "Syslog" + ], + "previewImagesFileNames": [ + "LinuxMachinesWhite.png", + "LinuxMachinesBlack.png" + ], + "version": "1.1.0", + "title": "Linux machines", + "templateRelativePath": "LinuxMachines.json", + "subtitle": "", + "provider": "Microsoft" + }, + { + "workbookKey": "AzureFirewallWorkbook", + "logoFileName": "AzFirewalls.svg", + "description": "Gain insights into Azure Firewall events. You can learn about your application and network rules, see metrics for firewall activities across URLs, ports, and addresses across multiple workspaces.", + "dataTypesDependencies": [ + "AzureDiagnostics" + ], + "dataConnectorsDependencies": [ + "AzureFirewall" + ], + "previewImagesFileNames": [ + "AzureFirewallWorkbookWhite1.PNG", + "AzureFirewallWorkbookBlack1.PNG", + "AzureFirewallWorkbookWhite2.PNG", + "AzureFirewallWorkbookBlack2.PNG", + "AzureFirewallWorkbookWhite3.PNG", + "AzureFirewallWorkbookBlack3.PNG", + "AzureFirewallWorkbookWhite4.PNG", + "AzureFirewallWorkbookBlack4.PNG", + "AzureFirewallWorkbookWhite5.PNG", + "AzureFirewallWorkbookBlack5.PNG" + ], + "version": "1.3.0", + "title": "Azure Firewall", + "templateRelativePath": "AzureFirewallWorkbook.json", + "subtitle": "", + "provider": "Microsoft" + }, + { + "workbookKey": "AzureFirewallWorkbook-StructuredLogs", + "logoFileName": "AzFirewalls.svg", + "description": "Gain insights into Azure Firewall events using the new Structured Logs for Azure Firewall. You can learn about your application and network rules, see metrics for firewall activities across URLs, ports, and addresses across multiple workspaces.", + "dataTypesDependencies": [ + "AZFWNetworkRule", + "AZFWApplicationRule", + "AZFWDnsQuery", + "AZFWThreatIntel" + ], + "dataConnectorsDependencies": [ + "AzureFirewall" + ], + "previewImagesFileNames": [ + "AzureFirewallWorkbookWhite1.PNG", + "AzureFirewallWorkbookBlack1.PNG", + "AzureFirewallWorkbookWhite2.PNG", + "AzureFirewallWorkbookBlack2.PNG", + "AzureFirewallWorkbookWhite3.PNG", + "AzureFirewallWorkbookBlack3.PNG", + "AzureFirewallWorkbookWhite4.PNG", + "AzureFirewallWorkbookBlack4.PNG", + "AzureFirewallWorkbookWhite5.PNG", + "AzureFirewallWorkbookBlack5.PNG" + ], + "version": "1.0.0", + "title": "Azure Firewall Structured Logs", + "templateRelativePath": "AzureFirewallWorkbook-StructuredLogs.json", + "subtitle": "", + "provider": "Microsoft" + }, + { + "workbookKey": "AzureDDoSStandardProtection", + "logoFileName": "AzDDoS.svg", + "description": "This workbook visualizes security-relevant Azure DDoS events across several filterable panels. Offering a summary tab, metrics and a investigate tabs across multiple workspaces.", + "dataTypesDependencies": [ + "AzureDiagnostics" + ], + "dataConnectorsDependencies": [ + "DDOS" + ], + "previewImagesFileNames": [ + "AzureDDoSWhite1.PNG", + "AzureDDoSBlack1.PNG", + "AzureDDoSWhite2.PNG", + "AzureDDoSBlack2.PNG", + "AzureDDoSWhite2.PNG", + "AzureDDoSBlack2.PNG" + ], + "version": "1.0.2", + "title": "Azure DDoS Protection Workbook", + "templateRelativePath": "AzDDoSStandardWorkbook.json", + "subtitle": "", + "provider": "Microsoft" + }, + { + "workbookKey": "MicrosoftCloudAppSecurityWorkbook", + "logoFileName": "Microsoft_logo.svg", + "description": "Using this workbook, you can identify which cloud apps are being used in your organization, gain insights from usage trends and drill down to a specific user and application.", + "dataTypesDependencies": [ + "McasShadowItReporting" + ], + "dataConnectorsDependencies": [ + "MicrosoftCloudAppSecurity" + ], + "previewImagesFileNames": [ + "McasDiscoveryBlack.png", + "McasDiscoveryWhite.png" + ], + "version": "1.2.0", + "title": "Microsoft Cloud App Security - discovery logs", + "templateRelativePath": "MicrosoftCloudAppSecurity.json", + "subtitle": "", + "provider": "Microsoft" + }, + { + "workbookKey": "F5BIGIPSytemMetricsWorkbook", + "logoFileName": "f5_logo.svg", + "description": "Gain insight into F5 BIG-IP health and performance. This workbook provides visibility of various metrics including CPU, memory, connectivity, throughput and disk utilization.", + "dataTypesDependencies": [ + "F5Telemetry_system_CL", + "F5Telemetry_AVR_CL" + ], + "dataConnectorsDependencies": [ + "F5BigIp" + ], + "previewImagesFileNames": [ + "F5SMBlack.png", + "F5SMWhite.png" + ], + "version": "1.1.0", + "title": "F5 BIG-IP System Metrics", + "templateRelativePath": "F5BIGIPSystemMetrics.json", + "subtitle": "", + "provider": "F5 Networks" + }, + { + "workbookKey": "F5NetworksWorkbook", + "logoFileName": "f5_logo.svg", + "description": "Gain insights into F5 BIG-IP Application Security Manager (ASM), by analyzing traffic and activities.\nThis workbook provides insight into F5's web application firewall events and identifies attack traffic patterns across multiple ASM instances as well as overall BIG-IP health.", + "dataTypesDependencies": [ + "F5Telemetry_LTM_CL", + "F5Telemetry_system_CL", + "F5Telemetry_ASM_CL" + ], + "dataConnectorsDependencies": [ + "F5BigIp" + ], + "previewImagesFileNames": [ + "F5White.png", + "F5Black.png" + ], + "version": "1.1.0", + "title": "F5 BIG-IP ASM", + "templateRelativePath": "F5Networks.json", + "subtitle": "", + "provider": "F5 Networks" + }, + { + "workbookKey": "AzureNetworkWatcherWorkbook", + "logoFileName": "networkwatcher_logo.svg", + "description": "Gain deeper understanding of your organization's Azure network traffic by analyzing, and correlating Network Security Group flow logs. \nYou can trace malicious traffic flows, and drill down into their protocols, source and destination IP addresses, machines, countries, and subnets. \nThis workbook also helps you protect your network by identifying weak NSG rules.", + "dataTypesDependencies": [ + "AzureNetworkAnalytics_CL" + ], + "dataConnectorsDependencies": [], + "previewImagesFileNames": [ + "AzureNetworkWatcherWhite.png", + "AzureNetworkWatcherBlack.png" + ], + "version": "1.1.0", + "title": "Azure Network Watcher", + "templateRelativePath": "AzureNetworkWatcher.json", + "subtitle": "", + "provider": "Microsoft" + }, + { + "workbookKey": "ZscalerFirewallWorkbook", + "logoFileName": "zscaler_logo.svg", + "description": "Gain insights into your ZIA cloud firewall logs by connecting to Microsoft Sentinel.\nThe Zscaler firewall overview workbook provides an overview and ability to drill down into all cloud firewall activity in your Zscaler instance including non-web related networking events, security events, firewall rules, and bandwidth consumption", + "dataTypesDependencies": [ + "CommonSecurityLog" + ], + "dataConnectorsDependencies": [ + "Zscaler" + ], + "previewImagesFileNames": [ + "ZscalerFirewallWhite1.png", + "ZscalerFirewallBlack1.png", + "ZscalerFirewallWhite2.png", + "ZscalerFirewallBlack2.png" + ], + "version": "1.1.0", + "title": "Zscaler Firewall", + "templateRelativePath": "ZscalerFirewall.json", + "subtitle": "", + "provider": "Zscaler" + }, + { + "workbookKey": "ZscalerWebOverviewWorkbook", + "logoFileName": "zscaler_logo.svg", + "description": "Gain insights into your ZIA web logs by connecting to Microsoft Sentinel.\nThe Zscaler web overview workbook provides a bird's eye view and ability to drill down into all the security and networking events related to web transactions, types of devices, and bandwidth consumption.", + "dataTypesDependencies": [ + "CommonSecurityLog" + ], + "dataConnectorsDependencies": [ + "Zscaler" + ], + "previewImagesFileNames": [ + "ZscalerWebOverviewWhite.png", + "ZscalerWebOverviewBlack.png" + ], + "version": "1.1.0", + "title": "Zscaler Web Overview", + "templateRelativePath": "ZscalerWebOverview.json", + "subtitle": "", + "provider": "Zscaler" + }, + { + "workbookKey": "ZscalerThreatsOverviewWorkbook", + "logoFileName": "zscaler_logo.svg", + "description": "Gain insights into threats blocked by Zscaler Internet access on your network.\nThe Zscaler threat overview workbook shows your entire threat landscape including blocked malware, IPS/AV rules, and blocked cloud apps. Threats are displayed by threat categories, filetypes, inbound vs outbound threats, usernames, user location, and more.", + "dataTypesDependencies": [ + "CommonSecurityLog" + ], + "dataConnectorsDependencies": [ + "Zscaler" + ], + "previewImagesFileNames": [ + "ZscalerThreatsWhite.png", + "ZscalerThreatsBlack.png" + ], + "version": "1.2.0", + "title": "Zscaler Threats", + "templateRelativePath": "ZscalerThreats.json", + "subtitle": "", + "provider": "Zscaler" + }, + { + "workbookKey": "ZscalerOffice365AppsWorkbook", + "logoFileName": "zscaler_logo.svg", + "description": "Gain insights into Office 365 use on your network.\nThe Zscaler Office 365 overview workbook shows you the Microsoft apps running on your network and their individual bandwidth consumption. It also helps identify phishing attempts in which attackers disguised themselves as Microsoft services.", + "dataTypesDependencies": [ + "CommonSecurityLog" + ], + "dataConnectorsDependencies": [ + "Zscaler" + ], + "previewImagesFileNames": [ + "ZscalerOffice365White.png", + "ZscalerOffice365Black.png" + ], + "version": "1.1.0", + "title": "Zscaler Office365 Apps", + "templateRelativePath": "ZscalerOffice365Apps.json", + "subtitle": "", + "provider": "Zscaler" + }, + { + "workbookKey": "InsecureProtocolsWorkbook", + "logoFileName": "Microsoft_logo.svg", + "description": "Gain insights into insecure protocol traffic by collecting and analyzing security events from Microsoft products.\nYou can view analytics and quickly identify use of weak authentication as well as sources of legacy protocol traffic, like NTLM and SMBv1.\nYou will also have the ability to monitor use of weak ciphers, allowing you to find weak spots in your organization's security.", + "dataTypesDependencies": [ + "SecurityEvent", + "Event", + "SigninLogs" + ], + "dataConnectorsDependencies": [ + "SecurityEvents", + "AzureActiveDirectory", + "WindowsSecurityEvents" + ], + "previewImagesFileNames": [ + "InsecureProtocolsWhite1.png", + "InsecureProtocolsBlack1.png", + "InsecureProtocolsWhite2.png", + "InsecureProtocolsBlack2.png" + ], + "version": "2.1.0", + "title": "Insecure Protocols", + "templateRelativePath": "InsecureProtocols.json", + "subtitle": "", + "provider": "Microsoft" + }, + { + "workbookKey": "AmazonWebServicesNetworkActivitiesWorkbook", + "logoFileName": "amazon_web_services_Logo.svg", + "description": "Gain insights into AWS network related resource activities, including the creation, update, and deletions of security groups, network ACLs and routes, gateways, elastic load balancers, VPCs, subnets, and network interfaces.", + "dataTypesDependencies": [ + "AWSCloudTrail" + ], + "dataConnectorsDependencies": [ + "AWS" + ], + "previewImagesFileNames": [ + "AwsNetworkActivitiesWhite.png", + "AwsNetworkActivitiesBlack.png" + ], + "version": "1.0.0", + "title": "AWS Network Activities", + "templateRelativePath": "AmazonWebServicesNetworkActivities.json", + "subtitle": "", + "provider": "Microsoft" + }, + { + "workbookKey": "AmazonWebServicesUserActivitiesWorkbook", + "logoFileName": "amazon_web_services_Logo.svg", + "description": "Gain insights into AWS user activities, including failed sign-in attempts, IP addresses, regions, user agents, and identity types, as well as potential malicious user activities with assumed roles.", + "dataTypesDependencies": [ + "AWSCloudTrail" + ], + "dataConnectorsDependencies": [ + "AWS" + ], + "previewImagesFileNames": [ + "AwsUserActivitiesWhite.png", + "AwsUserActivitiesBlack.png" + ], + "version": "1.0.0", + "title": "AWS User Activities", + "templateRelativePath": "AmazonWebServicesUserActivities.json", + "subtitle": "", + "provider": "Microsoft" + }, + { + "workbookKey": "TrendMicroDeepSecurityAttackActivityWorkbook", + "logoFileName": "trendmicro_logo.svg", + "description": "Visualize and gain insights into the MITRE ATT&CK related activity detected by Trend Micro Deep Security.", + "dataTypesDependencies": [ + "CommonSecurityLog" + ], + "dataConnectorsDependencies": [ + "TrendMicro" + ], + "previewImagesFileNames": [ + "TrendMicroDeepSecurityAttackActivityWhite.png", + "TrendMicroDeepSecurityAttackActivityBlack.png" + ], + "version": "1.0.0", + "title": "Trend Micro Deep Security ATT&CK Related Activity", + "templateRelativePath": "TrendMicroDeepSecurityAttackActivity.json", + "subtitle": "", + "provider": "Trend Micro" + }, + { + "workbookKey": "TrendMicroDeepSecurityOverviewWorkbook", + "logoFileName": "trendmicro_logo.svg", + "description": "Gain insights into your Trend Micro Deep Security security event data by visualizing your Deep Security Anti-Malware, Firewall, Integrity Monitoring, Intrusion Prevention, Log Inspection, and Web Reputation event data.", + "dataTypesDependencies": [ + "CommonSecurityLog" + ], + "dataConnectorsDependencies": [ + "TrendMicro" + ], + "previewImagesFileNames": [ + "TrendMicroDeepSecurityOverviewWhite1.png", + "TrendMicroDeepSecurityOverviewBlack1.png", + "TrendMicroDeepSecurityOverviewWhite2.png", + "TrendMicroDeepSecurityOverviewBlack2.png" + ], + "version": "1.0.0", + "title": "Trend Micro Deep Security Events", + "templateRelativePath": "TrendMicroDeepSecurityOverview.json", + "subtitle": "", + "provider": "Trend Micro" + }, + { + "workbookKey": "ExtraHopDetectionSummaryWorkbook", + "logoFileName": "extrahop_logo.svg", + "description": "Gain insights into ExtraHop Reveal(x) detections by analyzing traffic and activities.\nThis workbook provides an overview of security detections in your organization's network, including high-risk detections and top participants.", + "dataTypesDependencies": [ + "CommonSecurityLog" + ], + "dataConnectorsDependencies": [ + "ExtraHopNetworks" + ], + "previewImagesFileNames": [ + "ExtrahopWhite.png", + "ExtrahopBlack.png" + ], + "version": "1.0.0", + "title": "ExtraHop", + "templateRelativePath": "ExtraHopDetectionSummary.json", + "subtitle": "", + "provider": "ExtraHop Networks" + }, + { + "workbookKey": "BarracudaCloudFirewallWorkbook", + "logoFileName": "barracuda_logo.svg", + "description": "Gain insights into your Barracuda CloudGen Firewall by analyzing firewall operations and events.\nThis workbook provides insights into rule enforcement, network activities, including number of connections, top users, and helps you identify applications that are popular on your network.", + "dataTypesDependencies": [ + "CommonSecurityLog", + "Syslog" + ], + "dataConnectorsDependencies": [ + "BarracudaCloudFirewall" + ], + "previewImagesFileNames": [ + "BarracudaWhite1.png", + "BarracudaBlack1.png", + "BarracudaWhite2.png", + "BarracudaBlack2.png" + ], + "version": "1.0.0", + "title": "Barracuda CloudGen FW", + "templateRelativePath": "Barracuda.json", + "subtitle": "", + "provider": "Barracuda" + }, + { + "workbookKey": "CitrixWorkbook", + "logoFileName": "citrix_logo.svg", + "description": "Citrix Analytics for Security aggregates and correlates information across network traffic, users, files and endpoints in Citrix environments. This generates actionable insights that enable Citrix administrators and security teams to remediate user security threats through automation while optimizing IT operations. Machine learning and artificial intelligence empowers Citrix Analytics for Security to identify and take automated action to prevent data exfiltration. While delivered as a cloud service, Citrix Analytics for Security can generate insights from resources located on-premises, in the cloud, or in hybrid architectures. The Citrix Analytics Workbook further enhances the value of both your Citrix Analytics for Security and Microsoft Sentinel. The Workbook enables you to integrate data sources together, helping you gain even richer insights. It also gives Security Operations (SOC) teams the ability to correlate data from disparate logs, helping you identify and proactively remediate security risk quickly. Additionally, valuable dashboards that were unique to the Citrix Analytics for Security can now be implemented in Sentinel. You can also create new custom Workbooks that were not previously available, helping extend the value of both investments.", + "dataTypesDependencies": [ + "CitrixAnalytics_userProfile_CL", + "CitrixAnalytics_riskScoreChange_CL", + "CitrixAnalytics_indicatorSummary_CL", + "CitrixAnalytics_indicatorEventDetails_CL" + ], + "dataConnectorsDependencies": [ + "Citrix" + ], + "previewImagesFileNames": [ + "CitrixWhite.png", + "CitrixBlack.png" + ], + "version": "2.1.0", + "title": "Citrix Analytics", + "templateRelativePath": "Citrix.json", + "subtitle": "", + "provider": "Citrix Systems Inc." + }, + { + "workbookKey": "OneIdentityWorkbook", + "logoFileName": "oneIdentity_logo.svg", + "description": "This simple workbook gives an overview of sessions going through your SafeGuard for Privileged Sessions device.", + "dataTypesDependencies": [ + "CommonSecurityLog" + ], + "dataConnectorsDependencies": [ + "OneIdentity" + ], + "previewImagesFileNames": [ + "OneIdentityWhite.png", + "OneIdentityBlack.png" + ], + "version": "1.0.0", + "title": "One Identity", + "templateRelativePath": "OneIdentity.json", + "subtitle": "", + "provider": "One Identity LLC." + }, + { + "workbookKey": "SecurityStatusWorkbook", + "logoFileName": "", + "description": "This workbook gives an overview of Security Settings for VMs and Azure Arc.", + "dataTypesDependencies": [ + "CommonSecurityLog", + "SecurityEvent", + "Syslog" + ], + "dataConnectorsDependencies": [], + "previewImagesFileNames": [ + "AzureSentinelSecurityStatusBlack.png", + "AzureSentinelSecurityStatusWhite.png" + ], + "version": "1.3.0", + "title": "Security Status", + "templateRelativePath": "SecurityStatus.json", + "subtitle": "", + "provider": "Microsoft" + }, + { + "workbookKey": "AzureSentinelSecurityAlertsWorkbook", + "logoFileName": "Azure_Sentinel.svg", + "description": "Security Alerts dashboard for alerts in your Microsoft Sentinel environment.", + "dataTypesDependencies": [ + "SecurityAlert" + ], + "dataConnectorsDependencies": [], + "previewImagesFileNames": [ + "AzureSentinelSecurityAlertsWhite.png", + "AzureSentinelSecurityAlertsBlack.png" + ], + "version": "1.1.0", + "title": "Security Alerts", + "templateRelativePath": "AzureSentinelSecurityAlerts.json", + "subtitle": "", + "provider": "Microsoft" + }, + { + "workbookKey": "SquadraTechnologiesSecRMMWorkbook", + "logoFileName": "SquadraTechnologiesLogo.svg", + "description": "This workbook gives an overview of security data for removable storage activity such as USB thumb drives and USB connected mobile devices.", + "dataTypesDependencies": [ + "secRMM_CL" + ], + "dataConnectorsDependencies": [ + "SquadraTechnologiesSecRmm" + ], + "previewImagesFileNames": [ + "SquadraTechnologiesSecRMMWhite.PNG", + "SquadraTechnologiesSecRMMBlack.PNG" + ], + "version": "1.0.0", + "title": "Squadra Technologies SecRMM - USB removable storage security", + "templateRelativePath": "SquadraTechnologiesSecRMM.json", + "subtitle": "", + "provider": "Squadra Technologies" + }, + { + "workbookKey": "IoT-Alerts", + "logoFileName": "IoTIcon.svg", + "description": "Gain insights into your IoT data workloads from Azure IoT Hub managed deployments, monitor alerts across all your IoT Hub deployments, detect devices at risk and act upon potential threats.", + "dataTypesDependencies": [ + "SecurityAlert" + ], + "dataConnectorsDependencies": [ + "IoT" + ], + "previewImagesFileNames": [ + "IOTBlack1.png", + "IOTWhite1.png" + ], + "version": "1.2.0", + "title": "Azure Defender for IoT Alerts", + "templateRelativePath": "IOT_Alerts.json", + "subtitle": "", + "provider": "Microsoft" + }, + { + "workbookKey": "IoTAssetDiscovery", + "logoFileName": "IoTIcon.svg", + "description": "IoT Devices asset discovery from Firewall logs By Azure Defender for IoT", + "dataTypesDependencies": [ + "CommonSecurityLog" + ], + "dataConnectorsDependencies": [ + "Fortinet" + ], + "previewImagesFileNames": [ + "workbook-iotassetdiscovery-screenshot-Black.PNG", + "workbook-iotassetdiscovery-screenshot-White.PNG" + ], + "version": "1.0.0", + "title": "IoT Asset Discovery", + "templateRelativePath": "IoTAssetDiscovery.json", + "subtitle": "", + "provider": "Microsoft" + }, + { + "workbookKey": "ForcepointCASBWorkbook", + "logoFileName": "FP_Green_Emblem_RGB-01.svg", + "description": "Get insights on user risk with the Forcepoint CASB (Cloud Access Security Broker) workbook.", + "dataTypesDependencies": [ + "CommonSecurityLog" + ], + "dataConnectorsDependencies": [ + "ForcepointCasb" + ], + "previewImagesFileNames": [ + "ForcepointCASBWhite.png", + "ForcepointCASBBlack.png" + ], + "version": "1.0.0", + "title": "Forcepoint Cloud Access Security Broker (CASB)", + "templateRelativePath": "ForcepointCASB.json", + "subtitle": "", + "provider": "Forcepoint" + }, + { + "workbookKey": "ForcepointNGFWWorkbook", + "logoFileName": "FP_Green_Emblem_RGB-01.svg", + "description": "Get insights on firewall activities with the Forcepoint NGFW (Next Generation Firewall) workbook.", + "dataTypesDependencies": [ + "CommonSecurityLog" + ], + "dataConnectorsDependencies": [ + "ForcepointNgfw" + ], + "previewImagesFileNames": [ + "ForcepointNGFWWhite.png", + "ForcepointNGFWBlack.png" + ], + "version": "1.0.0", + "title": "Forcepoint Next Generation Firewall (NGFW)", + "templateRelativePath": "ForcepointNGFW.json", + "subtitle": "", + "provider": "Forcepoint" + }, + { + "workbookKey": "ForcepointDLPWorkbook", + "logoFileName": "FP_Green_Emblem_RGB-01.svg", + "description": "Get insights on DLP incidents with the Forcepoint DLP (Data Loss Prevention) workbook.", + "dataTypesDependencies": [ + "ForcepointDLPEvents_CL" + ], + "dataConnectorsDependencies": [ + "ForcepointDlp" + ], + "previewImagesFileNames": [ + "ForcepointDLPWhite.png", + "ForcepointDLPBlack.png" + ], + "version": "1.0.0", + "title": "Forcepoint Data Loss Prevention (DLP)", + "templateRelativePath": "ForcepointDLP.json", + "subtitle": "", + "provider": "Forcepoint" + }, + { + "workbookKey": "ZimperiumMTDWorkbook", + "logoFileName": "ZIMPERIUM-logo_square2.svg", + "description": "This workbook provides insights on Zimperium Mobile Threat Defense (MTD) threats and mitigations.", + "dataTypesDependencies": [ + "ZimperiumThreatLog_CL", + "ZimperiumMitigationLog_CL" + ], + "dataConnectorsDependencies": [ + "ZimperiumMtdAlerts" + ], + "previewImagesFileNames": [ + "ZimperiumWhite.png", + "ZimperiumBlack.png" + ], + "version": "1.0.0", + "title": "Zimperium Mobile Threat Defense (MTD)", + "templateRelativePath": "ZimperiumWorkbooks.json", + "subtitle": "", + "provider": "Zimperium" + }, + { + "workbookKey": "AzureAuditActivityAndSigninWorkbook", + "logoFileName": "azureactivedirectory_logo.svg", + "description": "Gain insights into Azure Active Directory Audit, Activity and Signins with one workbook. This workbook can be used by Security and Azure administrators.", + "dataTypesDependencies": [ + "AzureActivity", + "AuditLogs", + "SigninLogs" + ], + "dataConnectorsDependencies": [ + "AzureActiveDirectory" + ], + "previewImagesFileNames": [ + "AzureAuditActivityAndSigninWhite1.png", + "AzureAuditActivityAndSigninWhite2.png", + "AzureAuditActivityAndSigninBlack1.png", + "AzureAuditActivityAndSigninBlack2.png" + ], + "version": "1.2.0", + "title": "Azure AD Audit, Activity and Sign-in logs", + "templateRelativePath": "AzureAuditActivityAndSignin.json", + "subtitle": "", + "provider": "Microsoft Sentinel community" + }, + { + "workbookKey": "WindowsFirewall", + "logoFileName": "Microsoft_logo.svg", + "description": "Gain insights into Windows Firewall logs in combination with security and Azure signin logs", + "dataTypesDependencies": [ + "WindowsFirewall", + "SecurityEvent", + "SigninLogs" + ], + "dataConnectorsDependencies": [ + "SecurityEvents", + "WindowsFirewall", + "WindowsSecurityEvents" + ], + "previewImagesFileNames": [ + "WindowsFirewallWhite1.png", + "WindowsFirewallWhite2.png", + "WindowsFirewallBlack1.png", + "WindowsFirewallBlack2.png" + ], + "version": "1.0.0", + "title": "Windows Firewall", + "templateRelativePath": "WindowsFirewall.json", + "subtitle": "", + "provider": "Microsoft Sentinel community" + }, + { + "workbookKey": "EventAnalyzerwWorkbook", + "logoFileName": "", + "description": "The Event Analyzer workbook allows to explore, audit and speed up analysis of Windows Event Logs, including all event details and attributes, such as security, application, system, setup, directory service, DNS and others.", + "dataTypesDependencies": [ + "SecurityEvent" + ], + "dataConnectorsDependencies": [ + "SecurityEvents", + "WindowsSecurityEvents" + ], + "previewImagesFileNames": [ + "EventAnalyzer-Workbook-White.png", + "EventAnalyzer-Workbook-Black.png" + ], + "version": "1.0.0", + "title": "Event Analyzer", + "templateRelativePath": "EventAnalyzer.json", + "subtitle": "", + "provider": "Microsoft Sentinel community" + }, + { + "workbookKey": "ASC-ComplianceandProtection", + "logoFileName": "", + "description": "Gain insight into regulatory compliance, alert trends, security posture, and more with this workbook based on Azure Security Center data.", + "dataTypesDependencies": [ + "SecurityAlert", + "ProtectionStatus", + "SecurityRecommendation", + "SecurityBaseline", + "SecurityBaselineSummary", + "Update", + "ConfigurationChange" + ], + "dataConnectorsDependencies": [ + "AzureSecurityCenter" + ], + "previewImagesFileNames": [ + "ASCCaPBlack.png", + "ASCCaPWhite.png" + ], + "version": "1.2.0", + "title": "ASC Compliance and Protection", + "templateRelativePath": "ASC-ComplianceandProtection.json", + "subtitle": "", + "provider": "Microsoft Sentinel community" + }, + { + "workbookKey": "AIVectraDetectWorkbook", + "logoFileName": "AIVectraDetect.svg", + "description": "Start investigating network attacks surfaced by Vectra Detect directly from Sentinel. View critical hosts, accounts, campaigns and detections. Also monitor Vectra system health and audit logs.", + "dataTypesDependencies": [ + "CommonSecurityLog" + ], + "dataConnectorsDependencies": [ + "AIVectraDetect" + ], + "previewImagesFileNames": [ + "AIVectraDetectWhite1.png", + "AIVectraDetectBlack1.png" + ], + "version": "1.1.1", + "title": "Vectra AI Detect", + "templateRelativePath": "AIVectraDetectWorkbook.json", + "subtitle": "", + "provider": "Vectra AI" + }, + { + "workbookKey": "Perimeter81OverviewWorkbook", + "logoFileName": "Perimeter81_Logo.svg", + "description": "Gain insights and comprehensive monitoring into your Perimeter 81 account by analyzing activities.", + "dataTypesDependencies": [ + "Perimeter81_CL" + ], + "dataConnectorsDependencies": [ + "Perimeter81ActivityLogs" + ], + "previewImagesFileNames": [ + "Perimeter81OverviewWhite1.png", + "Perimeter81OverviewBlack1.png", + "Perimeter81OverviewWhite2.png", + "Perimeter81OverviewBlack2.png" + ], + "version": "1.0.0", + "title": "Perimeter 81 Overview", + "templateRelativePath": "Perimeter81OverviewWorkbook.json", + "subtitle": "", + "provider": "Perimeter 81" + }, + { + "workbookKey": "SymantecProxySGWorkbook", + "logoFileName": "symantec_logo.svg", + "description": "Gain insight into Symantec ProxySG by analyzing, collecting and correlating proxy data.\nThis workbook provides visibility into ProxySG Access logs", + "dataTypesDependencies": [ + "Syslog" + ], + "dataConnectorsDependencies": [ + "SymantecProxySG" + ], + "previewImagesFileNames": [ + "SymantecProxySGWhite.png", + "SymantecProxySGBlack.png" + ], + "version": "1.0.0", + "title": "Symantec ProxySG", + "templateRelativePath": "SymantecProxySG.json", + "subtitle": "", + "provider": "Symantec" + }, + { + "workbookKey": "IllusiveASMWorkbook", + "logoFileName": "illusive_logo_workbook.svg", + "description": "Gain insights into your organization's Cyber Hygiene and Attack Surface risk.\nIllusive ASM automates discovery and clean-up of credential violations, allows drill-down inspection of pathways to critical assets, and provides risk insights that inform intelligent decision-making to reduce attacker mobility.", + "dataTypesDependencies": [ + "CommonSecurityLog" + ], + "dataConnectorsDependencies": [ + "illusiveAttackManagementSystem" + ], + "previewImagesFileNames": [ + "IllusiveASMWhite.png", + "IllusiveASMBlack.png" + ], + "version": "1.0.0", + "title": "Illusive ASM Dashboard", + "templateRelativePath": "IllusiveASM.json", + "subtitle": "", + "provider": "Illusive" + }, + { + "workbookKey": "IllusiveADSWorkbook", + "logoFileName": "illusive_logo_workbook.svg", + "description": "Gain insights into unauthorized lateral movement in your organization's network.\nIllusive ADS is designed to paralyzes attackers and eradicates in-network threats by creating a hostile environment for the attackers across all the layers of the attack surface.", + "dataTypesDependencies": [ + "CommonSecurityLog" + ], + "dataConnectorsDependencies": [ + "illusiveAttackManagementSystem" + ], + "previewImagesFileNames": [ + "IllusiveADSWhite.png", + "IllusiveADSBlack.png" + ], + "version": "1.0.0", + "title": "Illusive ADS Dashboard", + "templateRelativePath": "IllusiveADS.json", + "subtitle": "", + "provider": "Illusive" + }, + { + "workbookKey": "PulseConnectSecureWorkbook", + "logoFileName": "", + "description": "Gain insight into Pulse Secure VPN by analyzing, collecting and correlating vulnerability data.\nThis workbook provides visibility into user VPN activities", + "dataTypesDependencies": [ + "Syslog" + ], + "dataConnectorsDependencies": [ + "PulseConnectSecure" + ], + "previewImagesFileNames": [ + "PulseConnectSecureWhite.png", + "PulseConnectSecureBlack.png" + ], + "version": "1.0.0", + "title": "Pulse Connect Secure", + "templateRelativePath": "PulseConnectSecure.json", + "subtitle": "", + "provider": "Pulse Secure" + }, + { + "workbookKey": "InfobloxNIOSWorkbook", + "logoFileName": "infoblox_logo.svg", + "description": "Gain insight into Infoblox NIOS by analyzing, collecting and correlating DHCP and DNS data.\nThis workbook provides visibility into DHCP and DNS traffic", + "dataTypesDependencies": [ + "Syslog" + ], + "dataConnectorsDependencies": [ + "InfobloxNIOS" + ], + "previewImagesFileNames": [], + "version": "1.1.0", + "title": "Infoblox NIOS", + "templateRelativePath": "Infoblox-Workbook-V2.json", + "subtitle": "", + "provider": "Infoblox" + }, + { + "workbookKey": "SymantecVIPWorkbook", + "logoFileName": "symantec_logo.svg", + "description": "Gain insight into Symantec VIP by analyzing, collecting and correlating strong authentication data.\nThis workbook provides visibility into user authentications", + "dataTypesDependencies": [ + "Syslog" + ], + "dataConnectorsDependencies": [ + "SymantecVIP" + ], + "previewImagesFileNames": [ + "SymantecVIPWhite.png", + "SymantecVIPBlack.png" + ], + "version": "1.0.0", + "title": "Symantec VIP", + "templateRelativePath": "SymantecVIP.json", + "subtitle": "", + "provider": "Symantec" + }, + { + "workbookKey": "ProofPointTAPWorkbook", + "logoFileName": "proofpointlogo.svg", + "description": "Gain extensive insight into Proofpoint Targeted Attack Protection (TAP) by analyzing, collecting and correlating TAP log events.\nThis workbook provides visibility into message and click events that were permitted, delivered, or blocked", + "dataTypesDependencies": [ + "ProofPointTAPMessagesBlocked_CL", + "ProofPointTAPMessagesDelivered_CL", + "ProofPointTAPClicksPermitted_CL", + "ProofPointTAPClicksBlocked_CL" + ], + "dataConnectorsDependencies": [ + "ProofpointTAP" + ], + "previewImagesFileNames": [ + "ProofpointTAPWhite.png", + "ProofpointTAPBlack.png" + ], + "version": "1.0.0", + "title": "Proofpoint TAP", + "templateRelativePath": "ProofpointTAP.json", + "subtitle": "", + "provider": "Proofpoint" + }, + { + "workbookKey": "QualysVMV2Workbook", + "logoFileName": "qualys_logo.svg", + "description": "Gain insight into Qualys Vulnerability Management by analyzing, collecting and correlating vulnerability data.\nThis workbook provides visibility into vulnerabilities detected from vulnerability scans", + "dataTypesDependencies": [ + "QualysHostDetectionV2_CL" + ], + "dataConnectorsDependencies": [ + "QualysVulnerabilityManagement" + ], + "previewImagesFileNames": [ + "QualysVMWhite.png", + "QualysVMBlack.png" + ], + "version": "1.0.0", + "title": "Qualys Vulnerability Management", + "templateRelativePath": "QualysVMv2.json", + "subtitle": "", + "provider": "Qualys" + }, + { + "workbookKey": "GitHubSecurityWorkbook", + "logoFileName": "GitHub.svg", + "description": "Gain insights to GitHub activities that may be interesting for security.", + "dataTypesDependencies": [ + "Github_CL", + "GitHubRepoLogs_CL" + ], + "dataConnectorsDependencies": [], + "previewImagesFileNames": [ + "GitHubSecurityWhite.png", + "GitHubSecurityBlack.png" + ], + "version": "1.0.0", + "title": "GitHub Security", + "templateRelativePath": "GitHubSecurityWorkbook.json", + "subtitle": "", + "provider": "Microsoft Sentinel community" + }, + { + "workbookKey": "VisualizationDemo", + "logoFileName": "", + "description": "Learn and explore the many ways of displaying information within Microsoft Sentinel workbooks", + "dataTypesDependencies": [ + "SecurityAlert" + ], + "dataConnectorsDependencies": [], + "previewImagesFileNames": [ + "VisualizationDemoBlack.png", + "VisualizationDemoWhite.png" + ], + "version": "1.0.0", + "title": "Visualizations Demo", + "templateRelativePath": "VisualizationDemo.json", + "subtitle": "", + "provider": "Microsoft Sentinel Community" + }, + { + "workbookKey": "SophosXGFirewallWorkbook", + "logoFileName": "sophos_logo.svg", + "description": "Gain insight into Sophos XG Firewall by analyzing, collecting and correlating firewall data.\nThis workbook provides visibility into network traffic", + "dataTypesDependencies": [ + "Syslog" + ], + "dataConnectorsDependencies": [ + "SophosXGFirewall" + ], + "previewImagesFileNames": [ + "SophosXGFirewallWhite.png", + "SophosXGFirewallBlack.png" + ], + "version": "1.0.0", + "title": "Sophos XG Firewall", + "templateRelativePath": "SophosXGFirewall.json", + "subtitle": "", + "provider": "Sophos" + }, + { + "workbookKey": "SysmonThreatHuntingWorkbook", + "logoFileName": "", + "description": "Simplify your threat hunts using Sysmon data mapped to MITRE ATT&CK data. This workbook gives you the ability to drilldown into system activity based on known ATT&CK techniques as well as other threat hunting entry points such as user activity, network connections or virtual machine Sysmon events.\nPlease note that for this workbook to work you must have deployed Sysmon on your virtual machines in line with the instructions at https://github.com/BlueTeamLabs/sentinel-attack/wiki/Onboarding-sysmon-data-to-Azure-Sentinel", + "dataTypesDependencies": [ + "Event" + ], + "dataConnectorsDependencies": [], + "previewImagesFileNames": [ + "SysmonThreatHuntingWhite1.png", + "SysmonThreatHuntingBlack1.png" + ], + "version": "1.4.0", + "title": "Sysmon Threat Hunting", + "templateRelativePath": "SysmonThreatHunting.json", + "subtitle": "", + "provider": "Microsoft Sentinel community" + }, + { + "workbookKey": "WebApplicationFirewallWAFTypeEventsWorkbook", + "logoFileName": "webapplicationfirewall(WAF)_logo.svg", + "description": "Gain insights into your organization's Azure web application firewall (WAF) across various services such as Azure Front Door Service and Application Gateway. You can view event triggers, full messages, attacks over time, among other data. Several aspects of the workbook are interactable to allow users to further understand their data", + "dataTypesDependencies": [ + "AzureDiagnostics" + ], + "dataConnectorsDependencies": [ + "WAF" + ], + "previewImagesFileNames": [ + "WAFFirewallWAFTypeEventsBlack1.PNG", + "WAFFirewallWAFTypeEventsBlack2.PNG", + "WAFFirewallWAFTypeEventsBlack3.PNG", + "WAFFirewallWAFTypeEventsBlack4.PNG", + "WAFFirewallWAFTypeEventsWhite1.png", + "WAFFirewallWAFTypeEventsWhite2.PNG", + "WAFFirewallWAFTypeEventsWhite3.PNG", + "WAFFirewallWAFTypeEventsWhite4.PNG" + ], + "version": "1.1.0", + "title": "Microsoft Web Application Firewall (WAF) - Azure WAF", + "templateRelativePath": "WebApplicationFirewallWAFTypeEvents.json", + "subtitle": "", + "provider": "Microsoft" + }, + { + "workbookKey": "OrcaAlertsOverviewWorkbook", + "logoFileName": "Orca_logo.svg", + "description": "A visualized overview of Orca security alerts.\nExplore, analize and learn about your security posture using Orca alerts Overview", + "dataTypesDependencies": [ + "OrcaAlerts_CL" + ], + "dataConnectorsDependencies": [ + "OrcaSecurityAlerts" + ], + "previewImagesFileNames": [ + "OrcaAlertsWhite.png", + "OrcaAlertsBlack.png" + ], + "version": "1.1.0", + "title": "Orca alerts overview", + "templateRelativePath": "OrcaAlerts.json", + "subtitle": "", + "provider": "Orca Security" + }, + { + "workbookKey": "CyberArkWorkbook", + "logoFileName": "CyberArk_Logo.svg", + "description": "The CyberArk Syslog connector allows you to easily connect all your CyberArk security solution logs with your Microsoft Sentinel, to view dashboards, create custom alerts, and improve investigation. Integration between CyberArk and Microsoft Sentinel makes use of the CEF Data Connector to properly parse and display CyberArk Syslog messages.", + "dataTypesDependencies": [ + "CommonSecurityLog" + ], + "dataConnectorsDependencies": [ + "CyberArk" + ], + "previewImagesFileNames": [ + "CyberArkActivitiesWhite.PNG", + "CyberArkActivitiesBlack.PNG" + ], + "version": "1.1.0", + "title": "CyberArk EPV Events", + "templateRelativePath": "CyberArkEPV.json", + "subtitle": "", + "provider": "CyberArk" + }, + { + "workbookKey": "UserEntityBehaviorAnalyticsWorkbook", + "logoFileName": "Azure_Sentinel.svg", + "description": "Identify compromised users and insider threats using User and Entity Behavior Analytics. Gain insights into anomalous user behavior from baselines learned from behavior patterns", + "dataTypesDependencies": [ + "BehaviorAnalytics" + ], + "dataConnectorsDependencies": [], + "previewImagesFileNames": [ + "UserEntityBehaviorAnalyticsBlack1.png", + "UserEntityBehaviorAnalyticsWhite1.png" + ], + "version": "1.2.0", + "title": "User And Entity Behavior Analytics", + "templateRelativePath": "UserEntityBehaviorAnalytics.json", + "subtitle": "", + "provider": "Microsoft" + }, + { + "workbookKey": "CitrixWAF", + "logoFileName": "citrix_logo.svg", + "description": "Gain insight into the Citrix WAF logs", + "dataTypesDependencies": [ + "CommonSecurityLog" + ], + "dataConnectorsDependencies": [ + "CitrixWAF" + ], + "previewImagesFileNames": [ + "CitrixWAFBlack.png", + "CitrixWAFWhite.png" + ], + "version": "1.0.0", + "title": "Citrix WAF (Web App Firewall)", + "templateRelativePath": "CitrixWAF.json", + "subtitle": "", + "provider": "Citrix Systems Inc." + }, + { + "workbookKey": "UnifiSGWorkbook", + "logoFileName": "", + "description": "Gain insights into Unifi Security Gateways analyzing traffic and activities.", + "dataTypesDependencies": [ + "CommonSecurityLog" + ], + "dataConnectorsDependencies": [], + "previewImagesFileNames": [ + "UnifiSGBlack.png", + "UnifiSGWhite.png" + ], + "version": "1.0.0", + "title": "Unifi Security Gateway", + "templateRelativePath": "UnfiSG.json", + "subtitle": "", + "provider": "Microsoft Sentinel community" + }, + { + "workbookKey": "UnifiSGNetflowWorkbook", + "logoFileName": "", + "description": "Gain insights into Unifi Security Gateways analyzing traffic and activities using Netflow.", + "dataTypesDependencies": [ + "netflow_CL" + ], + "dataConnectorsDependencies": [], + "previewImagesFileNames": [ + "UnifiSGNetflowBlack.png", + "UnifiSGNetflowWhite.png" + ], + "version": "1.0.0", + "title": "Unifi Security Gateway - NetFlow", + "templateRelativePath": "UnfiSGNetflow.json", + "subtitle": "", + "provider": "Microsoft Sentinel community" + }, + { + "workbookKey": "NormalizedNetworkEventsWorkbook", + "logoFileName": "Azure_Sentinel.svg", + "description": "See insights on multiple networking appliances and other network sessions, that have been parsed or mapped to the normalized networking sessions table. Note this requires enabling parsers for the different products - to learn more, visit https://aka.ms/sentinelnormalizationdocs", + "dataTypesDependencies": [], + "dataConnectorsDependencies": [], + "previewImagesFileNames": [ + "NormalizedNetworkEventsWhite.png", + "NormalizedNetworkEventsBlack.png" + ], + "version": "1.0.0", + "title": "Normalized network events", + "templateRelativePath": "NormalizedNetworkEvents.json", + "subtitle": "", + "provider": "Microsoft" + }, + { + "workbookKey": "WorkspaceAuditingWorkbook", + "logoFileName": "Azure_Sentinel.svg", + "description": "Workspace auditing report\r\nUse this report to understand query runs across your workspace.", + "dataTypesDependencies": [ + "LAQueryLogs" + ], + "dataConnectorsDependencies": [], + "previewImagesFileNames": [ + "WorkspaceAuditingWhite.png", + "WorkspaceAuditingBlack.png" + ], + "version": "1.0.0", + "title": "Workspace audit", + "templateRelativePath": "WorkspaceAuditing.json", + "subtitle": "", + "provider": "Microsoft Sentinel community" + }, + { + "workbookKey": "MITREATTACKWorkbook", + "logoFileName": "Azure_Sentinel.svg", + "description": "Workbook to showcase MITRE ATT&CK Coverage for Microsoft Sentinel", + "dataTypesDependencies": [ + "SecurityAlert" + ], + "dataConnectorsDependencies": [], + "previewImagesFileNames": [ + "MITREATTACKWhite1.PNG", + "MITREATTACKWhite2.PNG", + "MITREATTACKBlack1.PNG", + "MITREATTACKBlack2.PNG" + ], + "version": "1.0.1", + "title": "MITRE ATT&CK Workbook", + "templateRelativePath": "MITREAttack.json", + "subtitle": "", + "provider": "Microsoft Sentinel community" + }, + { + "workbookKey": "BETTERMTDWorkbook", + "logoFileName": "BETTER_MTD_logo.svg", + "description": "Workbook using the BETTER Mobile Threat Defense (MTD) connector, to give insights into your mobile devices, installed application and overall device security posture.", + "dataTypesDependencies": [ + "BetterMTDDeviceLog_CL", + "BetterMTDAppLog_CL", + "BetterMTDIncidentLog_CL", + "BetterMTDNetflowLog_CL" + ], + "dataConnectorsDependencies": [ + "BetterMTD" + ], + "previewImagesFileNames": [ + "BetterMTDWorkbookPreviewWhite1.png", + "BetterMTDWorkbookPreviewWhite2.png", + "BetterMTDWorkbookPreviewWhite3.png", + "BetterMTDWorkbookPreviewBlack1.png", + "BetterMTDWorkbookPreviewBlack2.png", + "BetterMTDWorkbookPreviewBlack3.png" + ], + "version": "1.1.0", + "title": "BETTER Mobile Threat Defense (MTD)", + "templateRelativePath": "BETTER_MTD_Workbook.json", + "subtitle": "", + "provider": "BETTER Mobile" + }, + { + "workbookKey": "AlsidIoEWorkbook", + "logoFileName": "Alsid.svg", + "description": "Workbook showcasing the state and evolution of your Alsid for AD Indicators of Exposures alerts.", + "dataTypesDependencies": [ + "AlsidForADLog_CL" + ], + "dataConnectorsDependencies": [ + "AlsidForAD" + ], + "previewImagesFileNames": [ + "AlsidIoEBlack1.png", + "AlsidIoEBlack2.png", + "AlsidIoEBlack3.png", + "AlsidIoEWhite1.png", + "AlsidIoEWhite2.png", + "AlsidIoEWhite3.png" + ], + "version": "1.0.0", + "title": "Alsid for AD | Indicators of Exposure", + "templateRelativePath": "AlsidIoE.json", + "subtitle": "", + "provider": "Alsid" + }, + { + "workbookKey": "AlsidIoAWorkbook", + "logoFileName": "Alsid.svg", + "description": "Workbook showcasing the state and evolution of your Alsid for AD Indicators of Attack alerts.", + "dataTypesDependencies": [ + "AlsidForADLog_CL" + ], + "dataConnectorsDependencies": [ + "AlsidForAD" + ], + "previewImagesFileNames": [ + "AlsidIoABlack1.png", + "AlsidIoABlack2.png", + "AlsidIoABlack3.png", + "AlsidIoAWhite1.png", + "AlsidIoAWhite2.png", + "AlsidIoAWhite3.png" + ], + "version": "1.0.0", + "title": "Alsid for AD | Indicators of Attack", + "templateRelativePath": "AlsidIoA.json", + "subtitle": "", + "provider": "Alsid" + }, + { + "workbookKey": "InvestigationInsightsWorkbook", + "logoFileName": "Microsoft_logo.svg", + "description": "Help analysts gain insight into incident, bookmark and entity data through the Investigation Insights Workbook. This workbook provides common queries and detailed visualizations to help an analyst investigate suspicious activities quickly with an easy to use interface. Analysts can start their investigation from a Microsoft Sentinel incident, bookmark, or by simply entering the entity data into the workbook manually.", + "dataTypesDependencies": [ + "AuditLogs", + "AzureActivity", + "CommonSecurityLog", + "OfficeActivity", + "SecurityEvent", + "SigninLogs", + "ThreatIntelligenceIndicator" + ], + "dataConnectorsDependencies": [ + "AzureActivity", + "SecurityEvents", + "Office365", + "AzureActiveDirectory", + "ThreatIntelligence", + "ThreatIntelligenceTaxii", + "WindowsSecurityEvents" + ], + "previewImagesFileNames": [ + "InvestigationInsightsWhite1.png", + "InvestigationInsightsBlack1.png", + "InvestigationInsightsWhite2.png", + "InvestigationInsightsBlack2.png" + ], + "version": "1.4.0", + "title": "Investigation Insights", + "templateRelativePath": "InvestigationInsights.json", + "subtitle": "", + "provider": "Microsoft Sentinel community" + }, + { + "workbookKey": "AksSecurityWorkbook", + "logoFileName": "Kubernetes_services.svg", + "description": "See insights about the security of your AKS clusters. The workbook helps to identify sensitive operations in the clusters and get insights based on Azure Defender alerts.", + "dataTypesDependencies": [ + "SecurityAlert", + "AzureDiagnostics" + ], + "dataConnectorsDependencies": [ + "AzureSecurityCenter", + "AzureKubernetes" + ], + "previewImagesFileNames": [ + "AksSecurityWhite.png", + "AksSecurityBlack.png" + ], + "version": "1.5.0", + "title": "Azure Kubernetes Service (AKS) Security", + "templateRelativePath": "AksSecurity.json", + "subtitle": "", + "provider": "Microsoft" + }, + { + "workbookKey": "AzureKeyVaultWorkbook", + "logoFileName": "KeyVault.svg", + "description": "See insights about the security of your Azure key vaults. The workbook helps to identify sensitive operations in the key vaults and get insights based on Azure Defender alerts.", + "dataTypesDependencies": [ + "SecurityAlert", + "AzureDiagnostics" + ], + "dataConnectorsDependencies": [ + "AzureSecurityCenter", + "AzureKeyVault" + ], + "previewImagesFileNames": [ + "AkvSecurityWhite.png", + "AkvSecurityBlack.png" + ], + "version": "1.1.0", + "title": "Azure Key Vault Security", + "templateRelativePath": "AzureKeyVaultWorkbook.json", + "subtitle": "", + "provider": "Microsoft" + }, + { + "workbookKey": "IncidentOverview", + "logoFileName": "Azure_Sentinel.svg", + "description": "The Incident Overview workbook is designed to assist in triaging and investigation by providing in-depth information about the incident, including:\r\n* General information\r\n* Entity data\r\n* Triage time (time between incident creation and first response)\r\n* Mitigation time (time between incident creation and closing)\r\n* Comments\r\n\r\nCustomize this workbook by saving and editing it. \r\nYou can reach this workbook template from the incidents panel as well. Once you have customized it, the link from the incident panel will open the customized workbook instead of the template.\r\n", + "dataTypesDependencies": [ + "SecurityAlert", + "SecurityIncident" + ], + "dataConnectorsDependencies": [], + "previewImagesFileNames": [ + "IncidentOverviewBlack1.png", + "IncidentOverviewWhite1.png", + "IncidentOverviewBlack2.png", + "IncidentOverviewWhite2.png" + ], + "version": "2.1.0", + "title": "Incident overview", + "templateRelativePath": "IncidentOverview.json", + "subtitle": "", + "provider": "Microsoft" + }, + { + "workbookKey": "SecurityOperationsEfficiency", + "logoFileName": "Azure_Sentinel.svg", + "description": "Security operations center managers can view overall efficiency metrics and measures regarding the performance of their team. They can find operations by multiple indicators over time including severity, MITRE tactics, mean time to triage, mean time to resolve and more. The SOC manager can develop a picture of the performance in both general and specific areas over time and use it to improve efficiency.", + "dataTypesDependencies": [ + "SecurityAlert", + "SecurityIncident" + ], + "dataConnectorsDependencies": [], + "previewImagesFileNames": [ + "SecurityEfficiencyWhite1.png", + "SecurityEfficiencyWhite2.png", + "SecurityEfficiencyBlack1.png", + "SecurityEfficiencyBlack2.png" + ], + "version": "1.5.0", + "title": "Security Operations Efficiency", + "templateRelativePath": "SecurityOperationsEfficiency.json", + "subtitle": "", + "provider": "Microsoft" + }, + { + "workbookKey": "DataCollectionHealthMonitoring", + "logoFileName": "Azure_Sentinel.svg", + "description": "Gain insights into your workspace's data ingestion status. In this workbook, you can view additional monitors and detect anomalies that will help you determine your workspace\u2019s data collection health.", + "dataTypesDependencies": [], + "dataConnectorsDependencies": [], + "previewImagesFileNames": [ + "HealthMonitoringWhite1.png", + "HealthMonitoringWhite2.png", + "HealthMonitoringWhite3.png", + "HealthMonitoringBlack1.png", + "HealthMonitoringBlack2.png", + "HealthMonitoringBlack3.png" + ], + "version": "1.0.0", + "title": "Data collection health monitoring", + "templateRelativePath": "DataCollectionHealthMonitoring.json", + "subtitle": "", + "provider": "Microsoft" + }, + { + "workbookKey": "OnapsisAlarmsWorkbook", + "logoFileName": "onapsis_logo.svg", + "description": "Gain insights into what is going on in your SAP Systems with this overview of the alarms triggered in the Onapsis Platform. Incidents are enriched with context and next steps to help your Security team respond effectively.", + "dataTypesDependencies": [ + "CommonSecurityLog" + ], + "dataConnectorsDependencies": [ + "OnapsisPlatform" + ], + "previewImagesFileNames": [ + "OnapsisWhite1.PNG", + "OnapsisBlack1.PNG", + "OnapsisWhite2.PNG", + "OnapsisBlack2.PNG" + ], + "version": "1.0.0", + "title": "Onapsis Alarms Overview", + "templateRelativePath": "OnapsisAlarmsOverview.json", + "subtitle": "", + "provider": "Onapsis" + }, + { + "workbookKey": "DelineaWorkbook", + "logoFileName": "DelineaLogo.svg", + "description": "The Delinea Secret Server Syslog connector", + "dataTypesDependencies": [ + "CommonSecurityLog" + ], + "dataConnectorsDependencies": [ + "DelineaSecretServer_CEF" + ], + "previewImagesFileNames": [ + "DelineaWorkbookWhite.PNG", + "DelineaWorkbookBlack.PNG" + ], + "version": "1.0.0", + "title": "Delinea Secret Server Workbook", + "templateRelativePath": "DelineaWorkbook.json", + "subtitle": "", + "provider": "Delinea" + }, + { + "workbookKey": "ForcepointCloudSecurityGatewayWorkbook", + "logoFileName": "Forcepoint_new_logo.svg", + "description": "Use this report to understand query runs across your workspace.", + "dataTypesDependencies": [ + "CommonSecurityLog" + ], + "dataConnectorsDependencies": [ + "ForcepointCSG" + ], + "previewImagesFileNames": [ + "ForcepointCloudSecurityGatewayWhite.png", + "ForcepointCloudSecurityGatewayBlack.png" + ], + "version": "1.0.0", + "title": "Forcepoint Cloud Security Gateway Workbook", + "templateRelativePath": "ForcepointCloudSecuirtyGatewayworkbook.json", + "subtitle": "", + "provider": "Forcepoint" + }, + { + "workbookKey": "IntsightsIOCWorkbook", + "logoFileName": "IntSights_logo.svg", + "description": "This Microsoft Sentinel workbook provides an overview of Indicators of Compromise (IOCs) and their correlations allowing users to analyze and visualize indicators based on severity, type, and other parameters.", + "dataTypesDependencies": [ + "ThreatIntelligenceIndicator", + "SecurityAlert" + ], + "dataConnectorsDependencies": [ + "ThreatIntelligenceTaxii" + ], + "previewImagesFileNames": [ + "IntsightsIOCWhite.png", + "IntsightsMatchedWhite.png", + "IntsightsMatchedBlack.png", + "IntsightsIOCBlack.png" + ], + "version": "2.0.0", + "title": "IntSights IOC Workbook", + "templateRelativePath": "IntsightsIOCWorkbook.json", + "subtitle": "", + "provider": "IntSights Cyber Intelligence" + }, + { + "workbookKey": "DarktraceSummaryWorkbook", + "logoFileName": "Darktrace.svg", + "description": "A workbook containing relevant KQL queries to help you visualise the data in model breaches from the Darktrace Connector", + "dataTypesDependencies": [ + "CommonSecurityLog" + ], + "dataConnectorsDependencies": [ + "Darktrace" + ], + "previewImagesFileNames": [ + "AIA-DarktraceSummaryWhite.png", + "AIA-DarktraceSummaryBlack.png" + ], + "version": "1.1.0", + "title": "AI Analyst Darktrace Model Breach Summary", + "templateRelativePath": "AIA-Darktrace.json", + "subtitle": "", + "provider": "Darktrace" + }, + { + "workbookKey": "TrendMicroXDR", + "logoFileName": "trendmicro_logo.svg", + "description": "Gain insights from Trend Vision One with this overview of the Alerts triggered.", + "dataTypesDependencies": [ + "TrendMicro_XDR_WORKBENCH_CL" + ], + "dataConnectorsDependencies": [ + "TrendMicroXDR" + ], + "previewImagesFileNames": [ + "TrendMicroXDROverviewWhite.png", + "TrendMicroXDROverviewBlack.png" + ], + "version": "1.3.0", + "title": "Trend Vision One Alert Overview", + "templateRelativePath": "TrendMicroXDROverview.json", + "subtitle": "", + "provider": "Trend Micro" + }, + { + "workbookKey": "CyberpionOverviewWorkbook", + "logoFileName": "cyberpion_logo.svg", + "description": "Use Cyberpion's Security Logs and this workbook, to get an overview of your online assets, gain insights into their current state, and find ways to better secure your ecosystem.", + "dataTypesDependencies": [ + "CyberpionActionItems_CL" + ], + "dataConnectorsDependencies": [ + "CyberpionSecurityLogs" + ], + "previewImagesFileNames": [ + "CyberpionActionItemsBlack.png", + "CyberpionActionItemsWhite.png" + ], + "version": "1.0.0", + "title": "Cyberpion Overview", + "templateRelativePath": "CyberpionOverviewWorkbook.json", + "subtitle": "", + "provider": "Cyberpion" + }, + { + "workbookKey": "SolarWindsPostCompromiseHuntingWorkbook", + "logoFileName": "MSTIC-Logo.svg", + "description": "This hunting workbook is intended to help identify activity related to the Solorigate compromise and subsequent attacks discovered in December 2020", + "dataTypesDependencies": [ + "CommonSecurityLog", + "SigninLogs", + "AuditLogs", + "AADServicePrincipalSignInLogs", + "OfficeActivity", + "BehaviorAnalytics", + "SecurityEvent", + "DeviceProcessEvents", + "SecurityAlert", + "DnsEvents" + ], + "dataConnectorsDependencies": [ + "AzureActiveDirectory", + "SecurityEvents", + "Office365", + "MicrosoftThreatProtection", + "DNS", + "WindowsSecurityEvents" + ], + "previewImagesFileNames": [ + "SolarWindsPostCompromiseHuntingWhite.png", + "SolarWindsPostCompromiseHuntingBlack.png" + ], + "version": "1.5.0", + "title": "SolarWinds Post Compromise Hunting", + "templateRelativePath": "SolarWindsPostCompromiseHunting.json", + "subtitle": "", + "provider": "Microsoft" + }, + { + "workbookKey": "ProofpointPODWorkbook", + "logoFileName": "proofpointlogo.svg", + "description": "Gain insights into your Proofpoint on Demand Email Security activities, including maillog and messages data. The Workbook provides users with an executive dashboard showing the reporting capabilities, message traceability and monitoring.", + "dataTypesDependencies": [ + "ProofpointPOD_maillog_CL", + "ProofpointPOD_message_CL" + ], + "dataConnectorsDependencies": [ + "ProofpointPOD" + ], + "previewImagesFileNames": [ + "ProofpointPODMainBlack1.png", + "ProofpointPODMainBlack2.png", + "ProofpointPODMainWhite1.png", + "ProofpointPODMainWhite2.png", + "ProofpointPODMessageSummaryBlack.png", + "ProofpointPODMessageSummaryWhite.png", + "ProofpointPODTLSBlack.png", + "ProofpointPODTLSWhite.png" + ], + "version": "1.0.0", + "title": "Proofpoint On-Demand Email Security", + "templateRelativePath": "ProofpointPOD.json", + "subtitle": "", + "provider": "Proofpoint" + }, + { + "workbookKey": "CiscoUmbrellaWorkbook", + "logoFileName": "cisco_logo.svg", + "description": "Gain insights into Cisco Umbrella activities, including the DNS, Proxy and Cloud Firewall data. Workbook shows general information along with threat landscape including categories, blocked destinations and URLs.", + "dataTypesDependencies": [ + "Cisco_Umbrella_dns_CL", + "Cisco_Umbrella_proxy_CL", + "Cisco_Umbrella_ip_CL", + "Cisco_Umbrella_cloudfirewall_CL" + ], + "dataConnectorsDependencies": [ + "CiscoUmbrellaDataConnector" + ], + "previewImagesFileNames": [ + "CiscoUmbrellaDNSBlack1.png", + "CiscoUmbrellaDNSBlack2.png", + "CiscoUmbrellaDNSWhite1.png", + "CiscoUmbrellaDNSWhite2.png", + "CiscoUmbrellaFirewallBlack.png", + "CiscoUmbrellaFirewallWhite.png", + "CiscoUmbrellaMainBlack1.png", + "CiscoUmbrellaMainBlack2.png", + "CiscoUmbrellaMainWhite1.png", + "CiscoUmbrellaMainWhite2.png", + "CiscoUmbrellaProxyBlack1.png", + "CiscoUmbrellaProxyBlack2.png", + "CiscoUmbrellaProxyWhite1.png", + "CiscoUmbrellaProxyWhite2.png" + ], + "version": "1.0.0", + "title": "Cisco Umbrella", + "templateRelativePath": "CiscoUmbrella.json", + "subtitle": "", + "provider": "Cisco" + }, + { + "workbookKey": "AnalyticsEfficiencyWorkbook", + "logoFileName": "Azure_Sentinel.svg", + "description": "Gain insights into the efficacy of your analytics rules. In this workbook you can analyze and monitor the analytics rules found in your workspace to achieve better performance by your SOC.", + "dataTypesDependencies": [ + "SecurityAlert", + "SecurityIncident" + ], + "dataConnectorsDependencies": [], + "previewImagesFileNames": [ + "AnalyticsEfficiencyBlack.png", + "AnalyticsEfficiencyWhite.png" + ], + "version": "1.2.0", + "title": "Analytics Efficiency", + "templateRelativePath": "AnalyticsEfficiency.json", + "subtitle": "", + "provider": "Microsoft" + }, + { + "workbookKey": "WorkspaceUsage", + "logoFileName": "Azure_Sentinel.svg", + "description": "Gain insights into your workspace's usage. In this workbook, you can view your workspace\u2019s data consumption, latency, recommended tasks and Cost and Usage statistics.", + "dataTypesDependencies": [], + "dataConnectorsDependencies": [], + "previewImagesFileNames": [ + "WorkspaceUsageBlack.png", + "WorkspaceUsageWhite.png" + ], + "version": "1.6.0", + "title": "Workspace Usage Report", + "templateRelativePath": "WorkspaceUsage.json", + "subtitle": "", + "provider": "Microsoft Sentinel community" + }, + { + "workbookKey": "SentinelCentral", + "logoFileName": "Azure_Sentinel.svg", + "description": "Use this report to view Incident (and Alert data) across many workspaces, this works with Azure Lighthouse and across any subscription you have access to.", + "dataTypesDependencies": [ + "SecurityIncident" + ], + "dataConnectorsDependencies": [], + "previewImagesFileNames": [ + "SentinelCentralBlack.png", + "SentinelCentralWhite.png" + ], + "version": "2.1.1", + "title": "Microsoft Sentinel Central", + "templateRelativePath": "SentinelCentral.json", + "subtitle": "", + "provider": "Microsoft Sentinel community" + }, + { + "workbookKey": "CognniIncidentsWorkbook", + "logoFileName": "cognni-logo.svg", + "description": "Gain intelligent insights into the risks to your important financial, legal, HR, and governance information. This workbook lets you monitor your at-risk information to determine when and why incidents occurred, as well as who was involved. These incidents are broken into high, medium, and low risk incidents for each information category.", + "dataTypesDependencies": [ + "CognniIncidents_CL" + ], + "dataConnectorsDependencies": [ + "CognniSentinelDataConnector" + ], + "previewImagesFileNames": [ + "CognniBlack.PNG", + "CognniWhite.PNG" + ], + "version": "1.0.0", + "title": "Cognni Important Information Incidents", + "templateRelativePath": "CognniIncidentsWorkbook.json", + "subtitle": "", + "provider": "Cognni" + }, + { + "workbookKey": "pfsense", + "logoFileName": "pfsense_logo.svg", + "description": "Gain insights into pfsense logs from both filterlog and nginx.", + "dataTypesDependencies": [ + "CommonSecurityLog" + ], + "dataConnectorsDependencies": [], + "previewImagesFileNames": [ + "pfsenseBlack.png", + "pfsenseWhite.png" + ], + "version": "1.0.0", + "title": "pfsense", + "templateRelativePath": "pfsense.json", + "subtitle": "", + "provider": "Microsoft Sentinel community" + }, + { + "workbookKey": "ExchangeCompromiseHunting", + "logoFileName": "MSTIC-Logo.svg", + "description": "This workbook is intended to help defenders in responding to the Exchange Server vulnerabilities disclosed in March 2021, as well as hunting for potential compromise activity. More details on these vulnearbilities can be found at: https://aka.ms/exchangevulns", + "dataTypesDependencies": [ + "SecurityEvent", + "W3CIISLog" + ], + "dataConnectorsDependencies": [ + "SecurityEvents", + "AzureMonitor(IIS)", + "WindowsSecurityEvents" + ], + "previewImagesFileNames": [ + "ExchangeBlack.png", + "ExchangeWhite.png" + ], + "version": "1.0.0", + "title": "Exchange Compromise Hunting", + "templateRelativePath": "ExchangeCompromiseHunting.json", + "subtitle": "", + "provider": "Microsoft" + }, + { + "workbookKey": "SOCProcessFrameworkWorkbook", + "logoFileName": "Azure_Sentinel.svg", + "description": "Built by Microsoft's Sentinel GBB's - This workbook contains years of SOC Best Practices and is intended to help SOCs mature and leverage industry standards in Operationalizing their SOC in using Microsoft Sentinel. It contains Processes and Procedures every SOC should consider and builds a high level of operational excellence.", + "dataTypesDependencies": [], + "dataConnectorsDependencies": [], + "previewImagesFileNames": [ + "SOCProcessFrameworkCoverImage1White.png", + "SOCProcessFrameworkCoverImage1Black.png", + "SOCProcessFrameworkCoverImage2White.png", + "SOCProcessFrameworkCoverImage2Black.png" + ], + "version": "1.1.0", + "title": "SOC Process Framework", + "templateRelativePath": "SOCProcessFramework.json", + "subtitle": "", + "provider": "Microsoft Sentinel Community" + }, + { + "workbookKey": "Building_a_SOCLargeStaffWorkbook", + "logoFileName": "Azure_Sentinel.svg", + "description": "Built by Microsoft's Sentinel GBB's - This workbook contains years of SOC Best Practices and is intended to help SOCs mature and leverage industry standards in Operationalizing their SOC in using Microsoft Sentinel. It contains Processes and Procedures every SOC should consider and builds a high level of operational excellence.", + "dataTypesDependencies": [], + "dataConnectorsDependencies": [], + "previewImagesFileNames": [ + "SOCProcessFrameworkCoverImage1White.png", + "SOCProcessFrameworkCoverImage1Black.png", + "SOCProcessFrameworkCoverImage2White.png", + "SOCProcessFrameworkCoverImage2Black.png" + ], + "version": "1.1.0", + "title": "SOC Large Staff", + "templateRelativePath": "Building_a_SOCLargeStaff.json", + "subtitle": "", + "provider": "Microsoft Sentinel Community" + }, + { + "workbookKey": "Building_a_SOCMediumStaffWorkbook", + "logoFileName": "Azure_Sentinel.svg", + "description": "Built by Microsoft's Sentinel GBB's - This workbook contains years of SOC Best Practices and is intended to help SOCs mature and leverage industry standards in Operationalizing their SOC in using Microsoft Sentinel. It contains Processes and Procedures every SOC should consider and builds a high level of operational excellence.", + "dataTypesDependencies": [], + "dataConnectorsDependencies": [], + "previewImagesFileNames": [ + "SOCProcessFrameworkCoverImage1White.png", + "SOCProcessFrameworkCoverImage1Black.png", + "SOCProcessFrameworkCoverImage2White.png", + "SOCProcessFrameworkCoverImage2Black.png" + ], + "version": "1.1.0", + "title": "SOC Medium Staff", + "templateRelativePath": "Building_a_SOCMediumStaff.json", + "subtitle": "", + "provider": "Microsoft Sentinel Community" + }, + { + "workbookKey": "Building_a_SOCPartTimeStaffWorkbook", + "logoFileName": "Azure_Sentinel.svg", + "description": "Built by Microsoft's Sentinel GBB's - This workbook contains years of SOC Best Practices and is intended to help SOCs mature and leverage industry standards in Operationalizing their SOC in using Microsoft Sentinel. It contains Processes and Procedures every SOC should consider and builds a high level of operational excellence.", + "dataTypesDependencies": [], + "dataConnectorsDependencies": [], + "previewImagesFileNames": [ + "SOCProcessFrameworkCoverImage1White.png", + "SOCProcessFrameworkCoverImage1Black.png", + "SOCProcessFrameworkCoverImage2White.png", + "SOCProcessFrameworkCoverImage2Black.png" + ], + "version": "1.1.0", + "title": "SOC Part Time Staff", + "templateRelativePath": "Building_a_SOCPartTimeStaff.json", + "subtitle": "", + "provider": "Microsoft Sentinel Community" + }, + { + "workbookKey": "Building_a_SOCSmallStaffWorkbook", + "logoFileName": "Azure_Sentinel.svg", + "description": "Built by Microsoft's Sentinel GBB's - This workbook contains years of SOC Best Practices and is intended to help SOCs mature and leverage industry standards in Operationalizing their SOC in using Microsoft Sentinel. It contains Processes and Procedures every SOC should consider and builds a high level of operational excellence.", + "dataTypesDependencies": [], + "dataConnectorsDependencies": [], + "previewImagesFileNames": [ + "SOCProcessFrameworkCoverImage1White.png", + "SOCProcessFrameworkCoverImage1Black.png", + "SOCProcessFrameworkCoverImage2White.png", + "SOCProcessFrameworkCoverImage2Black.png" + ], + "version": "1.1.0", + "title": "SOC Small Staff", + "templateRelativePath": "Building_a_SOCSmallStaff.json", + "subtitle": "", + "provider": "Microsoft Sentinel Community" + }, + { + "workbookKey": "SOCIRPlanningWorkbook", + "logoFileName": "Azure_Sentinel.svg", + "description": "Built by Microsoft's Sentinel GBB's - This workbook contains years of SOC Best Practices and is intended to help SOCs mature and leverage industry standards in Operationalizing their SOC in using Microsoft Sentinel. It contains Processes and Procedures every SOC should consider and builds a high level of operational excellence.", + "dataTypesDependencies": [], + "dataConnectorsDependencies": [], + "previewImagesFileNames": [ + "SOCProcessFrameworkCoverImage1White.png", + "SOCProcessFrameworkCoverImage1Black.png", + "SOCProcessFrameworkCoverImage2White.png", + "SOCProcessFrameworkCoverImage2Black.png" + ], + "version": "1.1.0", + "title": "SOC IR Planning", + "templateRelativePath": "SOCIRPlanning.json", + "subtitle": "", + "provider": "Microsoft Sentinel Community" + }, + { + "workbookKey": "UpdateSOCMaturityScoreWorkbook", + "logoFileName": "Azure_Sentinel.svg", + "description": "Built by Microsoft's Sentinel GBB's - This workbook contains years of SOC Best Practices and is intended to help SOCs mature and leverage industry standards in Operationalizing their SOC in using Microsoft Sentinel. It contains Processes and Procedures every SOC should consider and builds a high level of operational excellence.", + "dataTypesDependencies": [], + "dataConnectorsDependencies": [], + "previewImagesFileNames": [ + "SOCProcessFrameworkCoverImage1White.png", + "SOCProcessFrameworkCoverImage1Black.png", + "SOCProcessFrameworkCoverImage2White.png", + "SOCProcessFrameworkCoverImage2Black.png" + ], + "version": "1.1.0", + "title": "Update SOC Maturity Score", + "templateRelativePath": "UpdateSOCMaturityScore.json", + "subtitle": "", + "provider": "Microsoft Sentinel Community" + }, + { + "workbookKey": "Microsoft365SecurityPosture", + "logoFileName": "M365securityposturelogo.svg", + "description": "This workbook presents security posture data collected from Azure Security Center, M365 Defender, Defender for Endpoint, and Microsoft Cloud App Security. This workbook relies on the M365 Security Posture Playbook in order to bring the data in.", + "dataTypesDependencies": [ + "M365SecureScore_CL", + "MDfESecureScore_CL", + "MDfEExposureScore_CL", + "MDfERecommendations_CL", + "MDfEVulnerabilitiesList_CL", + "McasShadowItReporting" + ], + "dataConnectorsDependencies": [], + "previewImagesFileNames": [ + "M365securitypostureblack.png", + "M365securityposturewhite.png" + ], + "version": "1.0.0", + "title": "Microsoft 365 Security Posture", + "templateRelativePath": "M365SecurityPosture.json", + "subtitle": "", + "provider": "Microsoft Sentinel Community" + }, + { + "workbookKey": "AzureSentinelCost", + "logoFileName": "Azure_Sentinel.svg", + "description": "This workbook provides an estimated cost across the main billed items in Microsoft Sentinel: ingestion, retention and automation. It also provides insight about the possible impact of the Microsoft 365 E5 offer.", + "dataTypesDependencies": [ + "Usage" + ], + "dataConnectorsDependencies": [], + "previewImagesFileNames": [ + "AzureSentinelCostWhite.png", + "AzureSentinelCostBlack.png" + ], + "version": "1.5.1", + "title": "Microsoft Sentinel Cost", + "templateRelativePath": "AzureSentinelCost.json", + "subtitle": "", + "provider": "Microsoft Sentinel Community" + }, + { + "workbookKey": "ADXvsLA", + "logoFileName": "Azure_Sentinel.svg", + "description": "This workbook shows the tables from Microsoft Sentinel which are backed up in ADX. It also provides a comparison between the entries in the Microsoft Sentinel tables and the ADX tables. Lastly some general information about the queries and ingestion on ADX is shown.", + "dataTypesDependencies": [], + "dataConnectorsDependencies": [], + "previewImagesFileNames": [ + "ADXvsLABlack.PNG", + "ADXvsLAWhite.PNG" + ], + "version": "1.0.0", + "title": "ADXvsLA", + "templateRelativePath": "ADXvsLA.json", + "subtitle": "", + "provider": "Microsoft Sentinel Community" + }, + { + "workbookKey": "MicrosoftDefenderForOffice365", + "logoFileName": "office365_logo.svg", + "description": "Gain insights into your Microsoft Defender for Office 365 raw data logs. This workbook lets you look at trends in email senders, attachments and embedded URL data to find anomalies. You can also search by, sender, recipient, subject, attachment or embedded URL to find where the related messages have been sent.", + "dataTypesDependencies": [ + "EmailEvents", + "EmailUrlInfo", + "EmailAttachmentInfo" + ], + "dataConnectorsDependencies": [], + "previewImagesFileNames": [ + "MDOWhite1.png", + "MDOBlack1.png", + "MDOWhite2.png", + "MDOBlack2.png" + ], + "version": "1.0.0", + "title": "Microsoft Defender For Office 365", + "templateRelativePath": "MicrosoftDefenderForOffice365.json", + "subtitle": "", + "provider": "Microsoft Sentinel Community" + }, + { + "workbookKey": "ProofPointThreatDashboard", + "logoFileName": "", + "description": "Provides an overview of email threat activity based on log data provided by ProofPoint", + "dataTypesDependencies": [ + "ProofpointPOD_message_CL", + "ProofpointPOD_maillog_CL", + "ProofPointTAPClicksBlocked_CL", + "ProofPointTAPClicksPermitted_CL", + "ProofPointTAPMessagesBlocked_CL", + "ProofPointTAPMessagesDelivered_CL" + ], + "dataConnectorsDependencies": [ + "ProofpointTAP", + "ProofpointPOD" + ], + "previewImagesFileNames": [ + "ProofPointThreatDashboardBlack1.png", + "ProofPointThreatDashboardWhite1.png" + ], + "version": "1.0.0", + "title": "ProofPoint Threat Dashboard", + "templateRelativePath": "ProofPointThreatDashboard.json", + "subtitle": "", + "provider": "Microsoft Sentinel Community" + }, + { + "workbookKey": "AMAmigrationTracker", + "logoFileName": "Azure_Sentinel.svg", + "description": "See what Azure and Azure Arc servers have Log Analytics agent or Azure Monitor agent installed. Review what DCR (data collection rules) apply to your machines and whether you are collecting logs from those machines into your selected workspaces.", + "dataTypesDependencies": [], + "dataConnectorsDependencies": [], + "previewImagesFileNames": [ + "AMAtrackingWhite1.png", + "AMAtrackingWhite2.png", + "AMAtrackingWhite3.png", + "AMAtrackingBlack1.png", + "AMAtrackingBlack2.png", + "AMAtrackingBlack3.png" + ], + "version": "1.1.0", + "title": "AMA migration tracker", + "templateRelativePath": "AMAmigrationTracker.json", + "subtitle": "", + "provider": "Microsoft Sentinel Community" + }, + { + "workbookKey": "AdvancedKQL", + "logoFileName": "Azure_Sentinel.svg", + "description": "This interactive Workbook is designed to improve your KQL proficiency by using a use-case driven approach.", + "dataTypesDependencies": [], + "dataConnectorsDependencies": [], + "previewImagesFileNames": [ + "AdvancedKQLWhite.png", + "AdvancedKQLBlack.png" + ], + "version": "1.3.0", + "title": "Advanced KQL for Microsoft Sentinel", + "templateRelativePath": "AdvancedKQL.json", + "subtitle": "", + "provider": "Microsoft Sentinel Community" + }, + { + "workbookKey": "DSTIMWorkbook", + "logoFileName": "DSTIM.svg", + "description": "Identify sensitive data blast radius (i.e., who accessed sensitive data, what kinds of sensitive data, from where and when) in a given data security incident investigation or as part of Threat Hunting. Prioritize your investigation based on insights provided with integrations with Watchlists(VIPUsers, TerminatedEmployees and HighValueAssets), Threat Intelligence feed, UEBA baselines and much more.", + "dataTypesDependencies": [ + "DSMAzureBlobStorageLogs", + "DSMDataClassificationLogs", + "DSMDataLabelingLogs", + "Anomalies", + "ThreatIntelligenceIndicator", + "AADManagedIdentitySignInLogs", + "SecurityAlert", + "SigninLogs" + ], + "dataConnectorsDependencies": [], + "previewImagesFileNames": [ + "DSTIMWorkbookBlack.png", + "DSTIMWorkbookWhite.png" + ], + "version": "1.9.0", + "title": "Data Security - Sensitive Data Impact Assessment", + "templateRelativePath": "DSTIMWorkbook.json", + "subtitle": "", + "provider": "Microsoft", + "featureFlag": "DSTIMWorkbook" + }, + { + "workbookKey": "IntrotoKQLWorkbook", + "logoFileName": "", + "description": "Learn and practice the Kusto Query Language. This workbook introduces and provides 100 to 200 level content for new and existing users looking to learn KQL. This workbook will be updated with content over time.", + "dataTypesDependencies": [], + "dataConnectorsDependencies": [], + "previewImagesFileNames": [ + "IntrotoKQL-black.png", + "IntrotoKQL-white.png" + ], + "version": "1.0.0", + "title": "Intro to KQL", + "templateRelativePath": "IntrotoKQL.json", + "subtitle": "", + "provider": "Microsoft Sentinel Community" + }, + { + "workbookKey": "Log4jPostCompromiseHuntingWorkbook", + "logoFileName": "", + "description": "This hunting workbook is intended to help identify activity related to the Log4j compromise discovered in December 2021.", + "dataTypesDependencies": [ + "SecurityNestedRecommendation", + "AzureDiagnostics", + "OfficeActivity", + "W3CIISLog", + "AWSCloudTrail", + "SigninLogs", + "AADNonInteractiveUserSignInLogs", + "imWebSessions", + "imNetworkSession" + ], + "dataConnectorsDependencies": [], + "previewImagesFileNames": [ + "Log4jPostCompromiseHuntingBlack.png", + "Log4jPostCompromiseHuntingWhite.png" + ], + "version": "1.0.0", + "title": "Log4j Post Compromise Hunting", + "templateRelativePath": "Log4jPostCompromiseHunting.json", + "subtitle": "", + "provider": "Microsoft Sentinel Community" + }, + { + "workbookKey": "Log4jImpactAssessmentWorkbook", + "logoFileName": "", + "description": "This hunting workbook is intended to help identify activity related to the Log4j compromise discovered in December 2021.", + "dataTypesDependencies": [ + "SecurityIncident", + "SecurityAlert", + "AzureSecurityCenter", + "MDfESecureScore_CL", + "MDfEExposureScore_CL", + "MDfERecommendations_CL", + "MDfEVulnerabilitiesList_CL" + ], + "dataConnectorsDependencies": [], + "previewImagesFileNames": [], + "version": "1.0.0", + "title": "Log4j Impact Assessment", + "templateRelativePath": "Log4jImpactAssessment.json", + "subtitle": "", + "provider": "Microsoft Sentinel Community" + }, + { + "workbookKey": "UserMap", + "logoFileName": "", + "description": "This Workbook shows MaliciousIP, User SigninLog Data (this shows user Signin Locations and distance between as well as order visited) and WAF information.", + "dataTypesDependencies": [ + "SigninLogs", + "AzureDiagnostics", + "WireData", + "VMconnection", + "CommonSecurityLog", + "WindowsFirewall", + "W3CIISLog", + "DnsEvents" + ], + "dataConnectorsDependencies": [ + "AzureActiveDirectory" + ], + "previewImagesFileNames": [ + "UserMapBlack.png", + "UserMapWhite.png" + ], + "version": "1.0.0", + "title": "User Map information", + "templateRelativePath": "UserMap.json", + "subtitle": "", + "provider": "Microsoft Sentinel Community" + }, + { + "workbookKey": "AWSS3", + "logoFileName": "", + "description": ".", + "dataTypesDependencies": [ + "AWSCloudTrail", + "AWSGuardDuty", + "AWSVPCFlow" + ], + "dataConnectorsDependencies": [ + "AWSS3" + ], + "previewImagesFileNames": [ + "AWSS3Black.png", + "AWSS3White.png", + "AWSS3White1.png" + ], + "version": "1.0.0", + "title": "AWS S3 Workbook", + "templateRelativePath": "AWSS3.json", + "subtitle": "", + "provider": "Microsoft Sentinel Community" + }, + { + "workbookKey": "LogSourcesAndAnalyticRulesCoverageWorkbook", + "logoFileName": "", + "description": "This workbook is intended to show how the different tables in a Log Analytics workspace are being used by the different Microsoft Sentinel features, like analytics, hunting queries, playbooks and queries in general.", + "dataTypesDependencies": [], + "dataConnectorsDependencies": [], + "previewImagesFileNames": [ + "LogSourcesAndAnalyticRulesCoverageBlack.png", + "LogSourcesAndAnalyticRulesCoverageWhite.png" + ], + "version": "1.1.0", + "title": "Log Sources & Analytic Rules Coverage", + "templateRelativePath": "LogSourcesAndAnalyticRulesCoverage.json", + "subtitle": "", + "provider": "Microsoft Sentinel Community" + }, + { + "workbookKey": "CiscoFirepower", + "logoFileName": "", + "description": "Gain insights into your Cisco Firepower firewalls. This workbook analyzes Cisco Firepower device logs.", + "dataTypesDependencies": [ + "CommonSecurityLog" + ], + "dataConnectorsDependencies": [], + "previewImagesFileNames": [ + "CiscoFirepowerBlack.png", + "CiscoFirepowerWhite.png" + ], + "version": "1.0.0", + "title": "Cisco Firepower", + "templateRelativePath": "CiscoFirepower.json", + "subtitle": "", + "provider": "Microsoft Sentinel Community" + }, + { + "workbookKey": "MicrorosftTeams", + "logoFileName": "microsoftteams.svg", + "description": "This workbook is intended to identify the activities on Microrsoft Teams.", + "dataTypesDependencies": [ + "OfficeActivity" + ], + "dataConnectorsDependencies": [], + "previewImagesFileNames": [ + "MicrosoftTeamsBlack.png", + "MicrosoftTeamsWhite.png" + ], + "version": "1.0.0", + "title": "Microsoft Teams", + "templateRelativePath": "MicrosoftTeams.json", + "subtitle": "", + "provider": "Microsoft Sentinel Community" + }, + { + "workbookKey": "ArchivingBasicLogsRetention", + "logoFileName": "ArchivingBasicLogsRetention.svg", + "description": "This workbooks shows workspace and table retention periods, basic logs, and search & restore tables. It also allows you to update table retention periods, plans, and delete search or restore tables.", + "dataTypesDependencies": [], + "dataConnectorsDependencies": [], + "previewImagesFileNames": [ + "ArchivingBasicLogsRetentionBlack1.png", + "ArchivingBasicLogsRetentionWhite1.png" + ], + "version": "1.1.0", + "title": "Archiving, Basic Logs, and Retention", + "templateRelativePath": "ArchivingBasicLogsRetention.json", + "subtitle": "", + "provider": "Microsoft Sentinel Community" + }, + { + "workbookKey": "OktaSingleSignOnWorkbook", + "logoFileName": "okta_logo.svg", + "description": "Gain extensive insight into Okta Single Sign-On (SSO) by analyzing, collecting and correlating Audit and Event events.\nThis workbook provides visibility into message and click events that were permitted, delivered, or blocked", + "dataTypesDependencies": [ + "Okta_CL" + ], + "dataConnectorsDependencies": [ + "OktaSSO" + ], + "previewImagesFileNames": [ + "OktaSingleSignOnWhite.png", + "OktaSingleSignOnBlack.png" + ], + "version": "1.2", + "title": "Okta Single Sign-On", + "templateRelativePath": "OktaSingleSignOn.json", + "subtitle": "", + "provider": "Okta" + }, + { + "workbookKey": "Dynamics365Workbooks", + "logoFileName": "DynamicsLogo.svg", + "description": "This workbook brings together queries and visualizations to assist you in identifying potential threats in your Dynamics 365 audit data.", + "dataTypesDependencies": [ + "Dynamics365Activity" + ], + "dataConnectorsDependencies": [ + "Dynamics365" + ], + "previewImagesFileNames": [ + "Dynamics365WorkbookBlack.png", + "Dynamics365WorkbookWhite.png" + ], + "version": "1.0.3", + "title": "Dynamics365Workbooks", + "templateRelativePath": "Dynamics365Workbooks.json", + "subtitle": "", + "provider": "Microsoft Sentinel Community" + }, + { + "workbookKey": "CiscoMerakiWorkbook", + "logoFileName": "", + "description": "Gain insights into the Events from Cisco Meraki Solution and analyzing all the different types of Security Events. This workbook also helps in identifying the Events from affected devices, IPs and the nodes where malware was successfully detected.\nIP data received in Events is correlated with Threat Intelligence to identify if the reported IP address is known bad based on threat intelligence data.", + "dataTypesDependencies": [ + "meraki_CL", + "CiscoMerakiNativePoller", + "ThreatIntelligenceIndicator" + ], + "dataConnectorsDependencies": [ + "CiscoMeraki", + "CiscoMerakiNativePolling", + "ThreatIntelligence" + ], + "previewImagesFileNames": [ + "CiscoMerakiWorkbookWhite.png", + "CiscoMerakiWorkbookBlack.png" + ], + "version": "1.0.0", + "title": "CiscoMerakiWorkbook", + "templateRelativePath": "CiscoMerakiWorkbook.json", + "subtitle": "", + "provider": "Microsoft" + }, + { + "workbookKey": "SentinelOneWorkbook", + "logoFileName": "", + "description": "Sets the time name for analysis.", + "dataTypesDependencies": [ + "SentinelOne_CL" + ], + "dataConnectorsDependencies": [ + "SentinelOne" + ], + "previewImagesFileNames": [ + "SentinelOneBlack.png", + "SentinelOneWhite.png" + ], + "version": "1.0.0", + "title": "SentinelOneWorkbook", + "templateRelativePath": "SentinelOne.json", + "subtitle": "", + "provider": "Microsoft" + }, + { + "workbookKey": "TrendMicroApexOneWorkbook", + "logoFileName": "trendmicro_logo.svg", + "description": "Sets the time name for analysis.", + "dataTypesDependencies": [ + "CommonSecurityLog" + ], + "dataConnectorsDependencies": [ + "TrendMicroApexOne" + ], + "previewImagesFileNames": [ + "TrendMicroApexOneBlack.png", + "TrendMicroApexOneWhite.png" + ], + "version": "1.0.0", + "title": "Trend Micro Apex One", + "templateRelativePath": "TrendMicroApexOne.json", + "subtitle": "", + "provider": "TrendMicro" + }, + { + "workbookKey": "ContrastProtect", + "logoFileName": "contrastsecurity_logo.svg", + "description": "Select the time range for this Overview.", + "dataTypesDependencies": [ + "CommonSecurityLog" + ], + "dataConnectorsDependencies": [ + "ContrastProtect" + ], + "previewImagesFileNames": [ + "ContrastProtectAllBlack.png", + "ContrastProtectAllWhite.png", + "ContrastProtectEffectiveBlack.png", + "ContrastProtectEffectiveWhite.png", + "ContrastProtectSummaryBlack.png", + "ContrastProtectSummaryWhite.png" + ], + "version": "1.0.0", + "title": "Contrast Protect", + "templateRelativePath": "ContrastProtect.json", + "subtitle": "", + "provider": "contrast security" + }, + { + "workbookKey": "ArmorbloxOverview", + "logoFileName": "armorblox.svg", + "description": "INCIDENTS FROM SELECTED TIME RANGE", + "dataTypesDependencies": [ + "Armorblox_CL" + ], + "dataConnectorsDependencies": [ + "Armorblox" + ], + "previewImagesFileNames": [ + "ArmorbloxOverviewBlack01.png", + "ArmorbloxOverviewBlack02.png", + "ArmorbloxOverviewWhite01.png", + "ArmorbloxOverviewWhite02.png" + ], + "version": "1.0.0", + "title": "Armorblox", + "templateRelativePath": "ArmorbloxOverview.json", + "subtitle": "", + "provider": "Armorblox" + }, + { + "workbookKey": "PaloAltoCDL", + "logoFileName": "paloalto_logo.svg", + "description": "Sets the time name for analysis", + "dataTypesDependencies": [ + "CommonSecurityLog" + ], + "dataConnectorsDependencies": [ + "PaloAltoCDL" + ], + "previewImagesFileNames": [ + "PaloAltoBlack.png", + "PaloAltoWhite.png" + ], + "version": "1.0.0", + "title": "Palo Alto Networks Cortex Data Lake", + "templateRelativePath": "PaloAltoCDL.json", + "subtitle": "", + "provider": "Palo Alto Networks" + }, + { + "workbookKey": "VMwareCarbonBlack", + "logoFileName": "Azure_Sentinel.svg", + "description": "Sets the time name for analysis", + "dataTypesDependencies": [ + "CarbonBlackEvents_CL", + "CarbonBlackAuditLogs_CL", + "CarbonBlackNotifications_CL" + ], + "dataConnectorsDependencies": [ + "VMwareCarbonBlack" + ], + "previewImagesFileNames": [ + "VMwareCarbonBlack.png", + "VMwareCarbonWhite.png" + ], + "version": "1.0.0", + "title": "VMware Carbon Black Cloud", + "templateRelativePath": "VMwareCarbonBlack.json", + "subtitle": "", + "provider": "Microsoft" + }, + { + "workbookKey": "arista-networks", + "logoFileName": "AristaAwakeSecurity.svg", + "description": "Sets the time name for analysis", + "dataTypesDependencies": [ + "CommonSecurityLog" + ], + "dataConnectorsDependencies": [ + "AristaAwakeSecurity" + ], + "previewImagesFileNames": [ + "AristaAwakeSecurityDevicesBlack.png", + "AristaAwakeSecurityDevicesWhite.png", + "AristaAwakeSecurityModelsBlack.png", + "AristaAwakeSecurityModelsWhite.png", + "AristaAwakeSecurityOverviewBlack.png", + "AristaAwakeSecurityOverviewWhite.png" + ], + "version": "1.0.0", + "title": "Arista Awake", + "templateRelativePath": "AristaAwakeSecurityWorkbook.json", + "subtitle": "", + "provider": "Arista Networks" + }, + { + "workbookKey": "TomcatWorkbook", + "logoFileName": "Azure_Sentinel.svg", + "description": "Sets the time name for analysis", + "dataTypesDependencies": [ + "Tomcat_CL" + ], + "dataConnectorsDependencies": [ + "ApacheTomcat" + ], + "previewImagesFileNames": [ + "TomcatBlack.png", + "TomcatWhite.png" + ], + "version": "1.0.0", + "title": "ApacheTomcat", + "templateRelativePath": "Tomcat.json", + "subtitle": "", + "provider": "Apache" + }, + { + "workbookKey": "ClarotyWorkbook", + "logoFileName": "Azure_Sentinel.svg", + "description": "Sets the time name for analysis", + "dataTypesDependencies": [ + "CommonSecurityLog" + ], + "dataConnectorsDependencies": [ + "Claroty" + ], + "previewImagesFileNames": [ + "ClarotyBlack.png", + "ClarotyWhite.png" + ], + "version": "1.0.0", + "title": "Claroty", + "templateRelativePath": "ClarotyOverview.json", + "subtitle": "", + "provider": "Claroty" + }, + { + "workbookKey": "ApacheHTTPServerWorkbook", + "logoFileName": "apache.svg", + "description": "Sets the time name for analysis", + "dataTypesDependencies": [ + "ApacheHTTPServer_CL" + ], + "dataConnectorsDependencies": [ + "ApacheHTTPServer" + ], + "previewImagesFileNames": [ + "ApacheHTTPServerOverviewBlack01.png", + "ApacheHTTPServerOverviewBlack02.png", + "ApacheHTTPServerOverviewWhite01.png", + "ApacheHTTPServerOverviewWhite02.png" + ], + "version": "1.0.0", + "title": "Apache HTTP Server", + "templateRelativePath": "ApacheHTTPServer.json", + "subtitle": "", + "provider": "Apache Software Foundation" + }, + { + "workbookKey": "OCIWorkbook", + "logoFileName": "Azure_Sentinel.svg", + "description": "Sets the time name for analysis", + "dataTypesDependencies": [ + "OCI_Logs_CL" + ], + "dataConnectorsDependencies": [ + "OracleCloudInfrastructureLogsConnector" + ], + "previewImagesFileNames": [ + "OCIBlack.png", + "OCIWhite.png" + ], + "version": "1.0.0", + "title": "Oracle Cloud Infrastructure", + "templateRelativePath": "OracleCloudInfrastructureOCI.json", + "subtitle": "", + "provider": "Microsoft" + }, + { + "workbookKey": "OracleWeblogicServerWorkbook", + "logoFileName": "Azure_Sentinel.svg", + "description": "Sets the time name for analysis", + "dataTypesDependencies": [ + "OracleWebLogicServer_CL" + ], + "dataConnectorsDependencies": [ + "OracleWebLogicServer" + ], + "previewImagesFileNames": [ + "OracleWeblogicServerBlack.png", + "OracleWeblogicServerWhite.png" + ], + "version": "1.0.0", + "title": "Oracle WebLogic Server", + "templateRelativePath": "OracleWorkbook.json", + "subtitle": "", + "provider": "Oracle" + }, + { + "workbookKey": "BitglassWorkbook", + "logoFileName": "Azure_Sentinel.svg", + "description": "Sets the time name for analysis", + "dataTypesDependencies": [ + "BitglassLogs_CL" + ], + "dataConnectorsDependencies": [ + "Bitglass" + ], + "previewImagesFileNames": [ + "BitglassBlack.png", + "BitglassWhite.png" + ], + "version": "1.0.0", + "title": "Bitglass", + "templateRelativePath": "Bitglass.json", + "subtitle": "", + "provider": "Bitglass" + }, + { + "workbookKey": "NGINXWorkbook", + "logoFileName": "Azure_Sentinel.svg", + "description": "Sets the time name for analysis", + "dataTypesDependencies": [ + "NGINX_CL" + ], + "dataConnectorsDependencies": [ + "NGINXHTTPServer" + ], + "previewImagesFileNames": [ + "NGINXOverviewBlack01.png", + "NGINXOverviewBlack02.png", + "NGINXOverviewWhite01.png", + "NGINXOverviewWhite02.png" + ], + "version": "1.0.0", + "title": "NGINX HTTP Server", + "templateRelativePath": "NGINX.json", + "subtitle": "", + "provider": "Microsoft" + }, + { + "workbookKey": "vArmourAppContollerWorkbook", + "logoFileName": "varmour-logo.svg", + "description": "Sets the time name for analysis", + "dataTypesDependencies": [ + "CommonSecurityLog" + ], + "dataConnectorsDependencies": [ + "vArmourAC" + ], + "previewImagesFileNames": [ + "vArmourAppControllerAppBlack.png", + "vArmourAppControllerAppBlack-1.png", + "vArmourAppControllerAppBlack-2.png", + "vArmourAppControllerAppBlack-3.png", + "vArmourAppControllerAppBlack-4.png", + "vArmourAppControllerAppBlack-5.png", + "vArmourAppControllerAppBlack-6.png", + "vArmourAppControllerAppBlack-7.png", + "vArmourAppControllerAppWhite.png", + "vArmourAppControllerAppWhite-1.png", + "vArmourAppControllerAppWhite-2.png", + "vArmourAppControllerAppWhite-3.png", + "vArmourAppControllerAppWhite-4.png", + "vArmourAppControllerAppWhite-5.png", + "vArmourAppControllerAppWhite-6.png", + "vArmourAppControllerAppWhite-7.png" + ], + "version": "1.0.0", + "title": "vArmour Application Controller", + "templateRelativePath": "vArmour_AppContoller_Workbook.json", + "subtitle": "", + "provider": "vArmour" + }, + { + "workbookKey": "CorelightWorkbook", + "logoFileName": "corelight.svg", + "description": "Sets the time name for analysis", + "dataTypesDependencies": [ + "Corelight_CL" + ], + "dataConnectorsDependencies": [ + "Corelight" + ], + "previewImagesFileNames": [ + "CorelightConnectionsBlack1.png", + "CorelightConnectionsBlack2.png", + "CorelightConnectionsWhite1.png", + "CorelightConnectionsWhite2.png", + "CorelightDNSBlack1.png", + "CorelightDNSWhite1.png", + "CorelightFileBlack1.png", + "CorelightFileBlack2.png", + "CorelightFileWhite1.png", + "CorelightFileWhite2.png", + "CorelightMainBlack1.png", + "CorelightMainWhite1.png", + "CorelightSoftwareBlack1.png", + "CorelightSoftwareWhite1.png" + ], + "version": "1.0.0", + "title": "Corelight", + "templateRelativePath": "Corelight.json", + "subtitle": "", + "provider": "Corelight" + }, + { + "workbookKey": "LookoutEvents", + "logoFileName": "lookout.svg", + "description": "Sets the time name for analysis", + "dataTypesDependencies": [ + "Lookout_CL" + ], + "dataConnectorsDependencies": [ + "LookoutAPI" + ], + "previewImagesFileNames": [ + "SampleLookoutWorkBookBlack.png", + "SampleLookoutWorkBookWhite.png" + ], + "version": "1.0.0", + "title": "Lookout", + "templateRelativePath": "LookoutEvents.json", + "subtitle": "", + "provider": "Lookout" + }, + { + "workbookKey": "sentinel-MicrosoftPurview", + "logoFileName": "MicrosoftPurview.svg", + "description": "Sets the time name for analysis", + "dataTypesDependencies": [ + "AzureDiagnostics" + ], + "dataConnectorsDependencies": [ + "MicrosoftAzurePurview" + ], + "previewImagesFileNames": [ + "" + ], + "version": "1.0.0", + "title": "Microsoft Purview", + "templateRelativePath": "MicrosoftPurview.json", + "subtitle": "", + "provider": "Microsoft" + }, + { + "workbookKey": "InfobloxCDCB1TDWorkbook", + "logoFileName": "infoblox_logo.svg", + "description": "Sets the time name for analysis", + "dataTypesDependencies": [ + "CommonSecurityLog" + ], + "dataConnectorsDependencies": [ + "InfobloxCloudDataConnector" + ], + "previewImagesFileNames": [ + "InfobloxCDCB1TDBlack.png", + "InfobloxCDCB1TDWhite.png" + ], + "version": "1.0.0", + "title": "Infoblox Cloud Data Connector", + "templateRelativePath": "InfobloxCDCB1TDWorkbook.json", + "subtitle": "", + "provider": "InfoBlox" + }, + { + "workbookKey": "UbiquitiUniFiWorkbook", + "logoFileName": "ubiquiti.svg", + "description": "Sets the time name for analysis", + "dataTypesDependencies": [ + "Ubiquiti_CL" + ], + "dataConnectorsDependencies": [ + "UbiquitiUnifi" + ], + "previewImagesFileNames": [ + "UbiquitiOverviewBlack01.png", + "UbiquitiOverviewBlack02.png", + "UbiquitiOverviewWhite01.png", + "UbiquitiOverviewWhite02.png" + ], + "version": "1.0.0", + "title": "Ubiquiti UniFi", + "templateRelativePath": "Ubiquiti.json", + "subtitle": "", + "provider": "Microsoft" + }, + { + "workbookKey": "VMwareESXiWorkbook", + "logoFileName": "Azure_Sentinel.svg", + "description": "Sets the time name for analysis", + "dataTypesDependencies": [ + "Syslog" + ], + "dataConnectorsDependencies": [ + "VMwareESXi" + ], + "previewImagesFileNames": [ + "VMWareESXiBlack.png", + "VMWareESXiWhite.png" + ], + "version": "1.0.0", + "title": "VMware ESXi", + "templateRelativePath": "VMWareESXi.json", + "subtitle": "", + "provider": "Microsoft" + }, + { + "workbookKey": "SnowflakeWorkbook", + "logoFileName": "Azure_Sentinel.svg", + "description": "Sets the time name for analysis", + "dataTypesDependencies": [ + "Snowflake_CL" + ], + "dataConnectorsDependencies": [ + "SnowflakeDataConnector" + ], + "previewImagesFileNames": [ + "SnowflakeBlack.png", + "SnowflakeWhite.png" + ], + "version": "1.0.0", + "title": "Snowflake", + "templateRelativePath": "Snowflake.json", + "subtitle": "", + "provider": "Snowflake" + }, + { + "workbookKey": "LastPassWorkbook", + "logoFileName": "LastPass.svg", + "description": "Sets the time name for analysis", + "dataTypesDependencies": [ + "LastPassNativePoller_CL" + ], + "dataConnectorsDependencies": [ + "LastPassAPIConnector" + ], + "previewImagesFileNames": [ + "LastPassBlack.png", + "LastPassWhite.png" + ], + "version": "1.0.0", + "title": "Lastpass Enterprise Activity Monitoring", + "templateRelativePath": "LastPassWorkbook.json", + "subtitle": "", + "provider": "LastPass" + }, + { + "workbookKey": "SecurityBridgeWorkbook", + "logoFileName": "SecurityBridgeLogo-Vector-TM_75x75.svg", + "description": "Sets the time name for analysis", + "dataTypesDependencies": [ + "SecurityBridgeLogs" + ], + "dataConnectorsDependencies": [ + "SecurityBridgeSAP" + ], + "previewImagesFileNames": [ + "SecurityBridgeThreatDetectionWhite.png", + "SecurityBridgeThreatDetectionWhite1.png" + ], + "version": "1.0.0", + "title": "SecurityBridge App", + "templateRelativePath": "SecurityBridgeThreatDetectionforSAP.json", + "subtitle": "", + "provider": "SecurityBridge" + }, + { + "workbookKey": "PaloAltoPrismaCloudWorkbook", + "logoFileName": "paloalto_logo.svg", + "description": "Sets the time name for analysis.", + "dataTypesDependencies": [ + "PaloAltoPrismaCloudAlert_CL", + "PaloAltoPrismaCloudAudit_CL" + ], + "dataConnectorsDependencies": [ + "PaloAltoPrismaCloud" + ], + "previewImagesFileNames": [ + "PaloAltoPrismaCloudBlack01.png", + "PaloAltoPrismaCloudBlack02.png", + "PaloAltoPrismaCloudWhite01.png", + "PaloAltoPrismaCloudWhite02.png" + ], + "version": "1.0.0", + "title": "Palo Alto Prisma", + "templateRelativePath": "PaloAltoPrismaCloudOverview.json", + "subtitle": "", + "provider": "Microsoft" + }, + { + "workbookKey": "PingFederateWorkbook", + "logoFileName": "PingIdentity.svg", + "description": "Sets the time name for analysis", + "dataTypesDependencies": [ + "PingFederateEvent" + ], + "dataConnectorsDependencies": [ + "PingFederate" + ], + "previewImagesFileNames": [ + "PingFederateBlack1.png", + "PingFederateWhite1.png" + ], + "version": "1.0.0", + "title": "PingFederate", + "templateRelativePath": "PingFederate.json", + "subtitle": "", + "provider": "Microsoft" + }, + { + "workbookKey": "McAfeeePOWorkbook", + "logoFileName": "mcafee_logo.svg", + "description": "Sets the time name for analysis", + "dataTypesDependencies": [ + "McAfeeEPOEvent" + ], + "dataConnectorsDependencies": [ + "McAfeeePO" + ], + "previewImagesFileNames": [ + "McAfeeePOBlack1.png", + "McAfeeePOBlack2.png", + "McAfeeePOWhite1.png", + "McAfeeePOWhite2.png" + ], + "version": "1.0.0", + "title": "McAfee ePolicy Orchestrator", + "templateRelativePath": "McAfeeePOOverview.json", + "subtitle": "", + "provider": "Microsoft" + }, + { + "workbookKey": "OracleDatabaseAudit", + "logoFileName": "oracle_logo.svg", + "description": "Sets the time name for analysis", + "dataTypesDependencies": [ + "Syslog" + ], + "dataConnectorsDependencies": [ + "OracleDatabaseAudit" + ], + "previewImagesFileNames": [ + "OracleDatabaseAuditBlack1.png", + "OracleDatabaseAuditBlack2.png", + "OracleDatabaseAuditWhite1.png", + "OracleDatabaseAuditWhite2.png" + ], + "version": "1.0.0", + "title": "Oracle Database Audit", + "templateRelativePath": "OracleDatabaseAudit.json", + "subtitle": "", + "provider": "Oracle" + }, + { + "workbookKey": "SenservaProAnalyticsWorkbook", + "logoFileName": "SenservaPro_logo.svg", + "description": "Sets the time name for analysis", + "dataTypesDependencies": [ + "SenservaPro_CL" + ], + "dataConnectorsDependencies": [ + "SenservaPro" + ], + "previewImagesFileNames": [ + "SenservaProAnalyticsBlack.png", + "SenservaProAnalyticsWhite.png" + ], + "version": "1.0.0", + "title": "SenservaProAnalytics", + "templateRelativePath": "SenservaProAnalyticsWorkbook.json", + "subtitle": "", + "provider": "Senserva Pro" + }, + { + "workbookKey": "SenservaProMultipleWorkspaceWorkbook", + "logoFileName": "SenservaPro_logo.svg", + "description": "Sets the time name for analysis", + "dataTypesDependencies": [ + "SenservaPro_CL" + ], + "dataConnectorsDependencies": [ + "SenservaPro" + ], + "previewImagesFileNames": [ + "SenservaProMultipleWorkspaceWorkbookBlack.png", + "SenservaProMultipleWorkspaceWorkbookWhite.png" + ], + "version": "1.0.0", + "title": "SenservaProMultipleWorkspace", + "templateRelativePath": "SenservaProMultipleWorkspaceWorkbook.json", + "subtitle": "", + "provider": "Senserva Pro" + }, + { + "workbookKey": "SenservaProSecureScoreMultiTenantWorkbook", + "logoFileName": "SenservaPro_logo.svg", + "description": "Sets the time name for analysis", + "dataTypesDependencies": [ + "SenservaPro_CL" + ], + "dataConnectorsDependencies": [ + "SenservaPro" + ], + "previewImagesFileNames": [ + "SenservaProSecureScoreMultiTenantBlack.png", + "SenservaProSecureScoreMultiTenantWhite.png" + ], + "version": "1.0.0", + "title": "SenservaProSecureScoreMultiTenant", + "templateRelativePath": "SenservaProSecureScoreMultiTenantWorkbook.json", + "subtitle": "", + "provider": "Senserva Pro" + }, + { + "workbookKey": "CiscoSecureEndpointOverviewWorkbook", + "logoFileName": "cisco-logo-72px.svg", + "description": "Sets the time name for analysis", + "dataTypesDependencies": [ + "CiscoSecureEndpoint" + ], + "dataConnectorsDependencies": [ + "CiscoSecureEndpoint" + ], + "previewImagesFileNames": [ + "CiscoSecureEndpointBlack.png", + "CiscoSecureEndpointWhite.png" + ], + "version": "1.0.0", + "title": "Cisco Secure Endpoint", + "templateRelativePath": "Cisco Secure Endpoint Overview.json", + "subtitle": "", + "provider": "Cisco" + }, + { + "workbookKey": "InfoSecGlobalWorkbook", + "logoFileName": "infosecglobal.svg", + "description": "Sets the time name for analysis.", + "dataTypesDependencies": [ + "InfoSecAnalytics_CL" + ], + "dataConnectorsDependencies": [ + "InfoSecDataConnector" + ], + "previewImagesFileNames": [ + "InfoSecGlobalWorkbookBlack.png", + "InfoSecGlobalWorkbookWhite.png" + ], + "version": "1.0.0", + "title": "AgileSec Analytics Connector", + "templateRelativePath": "InfoSecGlobal.json", + "subtitle": "", + "provider": "InfoSecGlobal" + }, + { + "workbookKey": "CrowdStrikeFalconEndpointProtectionWorkbook", + "logoFileName": "crowdstrike.svg", + "description": "Sets the time name for analysis", + "dataTypesDependencies": [ + "CrowdstrikeReplicatorLogs_CL" + ], + "dataConnectorsDependencies": [ + "CrowdstrikeReplicator" + ], + "previewImagesFileNames": [ + "CrowdStrikeFalconEndpointProtectionBlack.png", + "CrowdStrikeFalconEndpointProtectionWhite.png" + ], + "version": "1.0.0", + "title": "CrowdStrike Falcon Endpoint Protection", + "templateRelativePath": "CrowdStrikeFalconEndpointProtection.json", + "subtitle": "", + "provider": "Microsoft" + }, + { + "workbookKey": "IronDefenseAlertDashboard", + "logoFileName": "IronNet.svg", + "description": "Sets the time name for analysis", + "dataTypesDependencies": [ + "CommonSecurityLog" + ], + "dataConnectorsDependencies": [ + "IronNetIronDefense" + ], + "previewImagesFileNames": [ + "IronDefenseDashboardBlack.png", + "IronDefenseDashboardWhit.png" + ], + "version": "1.0.0", + "title": "IronDefenseAlertDashboard", + "templateRelativePath": "IronDefenseAlertDashboard.json", + "subtitle": "", + "provider": "Microsoft" + }, + { + "workbookKey": "IronDefenseAlertDetails", + "logoFileName": "IronNet.svg", + "description": "Sets the time name for analysis", + "dataTypesDependencies": [ + "CommonSecurityLog" + ], + "dataConnectorsDependencies": [ + "IronNetIronDefense" + ], + "previewImagesFileNames": [ + "IronDefenseAlertsBlack.png", + "IronDefenseAlertsWhite.png" + ], + "version": "1.0.0", + "title": "IronDefenseAlertDetails", + "templateRelativePath": "IronDefenseAlertDetails.json", + "subtitle": "", + "provider": "Microsoft" + }, + { + "workbookKey": "CiscoSEGWorkbook", + "logoFileName": "cisco-logo-72px.svg", + "description": "Sets the time name for analysis", + "dataTypesDependencies": [ + "CommonSecurityLog" + ], + "dataConnectorsDependencies": [ + "CiscoSEG" + ], + "previewImagesFileNames": [ + "CiscoSEGBlack.png", + "CiscoSEGWhite.png" + ], + "version": "1.0.0", + "title": "Cisco Secure Email Gateway", + "templateRelativePath": "CiscoSEG.json", + "subtitle": "", + "provider": "Cisco" + }, + { + "workbookKey": "EatonForeseerHealthAndAccess", + "logoFileName": "Azure_Sentinel.svg", + "description": "This workbook gives an insight into the health of all the Windows VMs in this subscription running Eaton Foreseer and the unauthorized access into the Eaton Foreseer application running on these VMs.", + "dataTypesDependencies": [ + "SecurityEvent" + ], + "dataConnectorsDependencies": [], + "previewImagesFileNames": [ + "EatonForeseerHealthAndAccessBlack.png", + "EatonForeseerHealthAndAccessWhite.png" + ], + "version": "1.0.0", + "title": "EatonForeseerHealthAndAccess", + "templateRelativePath": "EatonForeseerHealthAndAccess.json", + "subtitle": "", + "provider": "Eaton" + }, + { + "workbookKey": "PCIDSSComplianceWorkbook", + "logoFileName": "Azure_Sentinel.svg", + "description": "Choose your subscription and workspace in which PCI assets are deployed", + "dataTypesDependencies": [ + "AzureDaignostics", + "SecurityEvent", + "SecurityAlert", + "OracleDatabaseAuditEvent", + "Syslog", + "Anomalies" + ], + "dataConnectorsDependencies": [], + "previewImagesFileNames": [ + "PCIDSSComplianceBlack01.PNG", + "PCIDSSComplianceBlack02.PNG", + "PCIDSSComplianceWhite01.PNG", + "PCIDSSComplianceWhite02.PNG" + ], + "version": "1.0.0", + "title": "PCI DSS Compliance", + "templateRelativePath": "PCIDSSCompliance.json", + "subtitle": "", + "provider": "Microsoft" + }, + { + "workbookKey": "SonraiSecurityWorkbook", + "logoFileName": "Sonrai.svg", + "description": "Sets the time name for analysis", + "dataTypesDependencies": [ + "Sonrai_Tickets_CL" + ], + "dataConnectorsDependencies": [ + "SonraiDataConnector" + ], + "previewImagesFileNames": [ + "SonraiWorkbookBlack.png", + "SonraiWorkbookWhite.png" + ], + "version": "1.0.0", + "title": "Sonrai", + "templateRelativePath": "Sonrai.json", + "subtitle": "", + "provider": "Sonrai" + }, + { + "workbookKey": "CloudflareWorkbook", + "logoFileName": "cloudflare.svg", + "description": "Sets the time name for analysis", + "dataTypesDependencies": [ + "Cloudflare_CL" + ], + "dataConnectorsDependencies": [ + "CloudflareDataConnector" + ], + "previewImagesFileNames": [ + "CloudflareOverviewBlack01.png", + "CloudflareOverviewBlack02.png", + "CloudflareOverviewWhite01.png", + "CloudflareOverviewWhite02.png" + ], + "version": "1.0.0", + "title": "Cloudflare", + "templateRelativePath": "Cloudflare.json", + "subtitle": "", + "provider": "Cloudflare" + }, + { + "workbookKey": "SemperisDSPWorkbook", + "logoFileName": "Semperis.svg", + "description": "Specify the time range on which to query the data", + "dataTypesDependencies": [ + "dsp_parser" + ], + "dataConnectorsDependencies": [ + "SemperisDSP" + ], + "previewImagesFileNames": [ + "SemperisDSPOverview1Black.png", + "SemperisDSPOverview1White.png", + "SemperisDSPOverview2Black.png", + "SemperisDSPOverview2White.png", + "SemperisDSPOverview3Black.png", + "SemperisDSPOverview3White.png" + ], + "version": "1.0.0", + "title": "Semperis Directory Services Protector", + "templateRelativePath": "SemperisDSPWorkbook.json", + "subtitle": "", + "provider": "Semperis" + }, + { + "workbookKey": "BoxWorkbook", + "logoFileName": "box.svg", + "description": "Sets the time name for analysis", + "dataTypesDependencies": [ + "BoxEvents_CL" + ], + "dataConnectorsDependencies": [ + "BoxDataConnector" + ], + "previewImagesFileNames": [ + "BoxBlack1.png", + "BoxWhite1.png", + "BoxBlack2.png", + "BoxWhite2.png" + ], + "version": "1.0.0", + "title": "Box", + "templateRelativePath": "Box.json", + "subtitle": "", + "provider": "Box" + }, + { + "workbookKey": "SymantecEndpointProtection", + "logoFileName": "symantec_logo.svg", + "description": "Sets the time name for analysis", + "dataTypesDependencies": [ + "SymantecEndpointProtection" + ], + "dataConnectorsDependencies": [ + "SymantecEndpointProtection" + ], + "previewImagesFileNames": [ + "SymantecEndpointProtectionBlack.png", + "SymantecEndpointProtectionWhite.png" + ], + "version": "1.0.0", + "title": "Symantec Endpoint Protection", + "templateRelativePath": "SymantecEndpointProtection.json", + "subtitle": "", + "provider": "Symantec" + }, + { + "workbookKey": "DynamicThreatModeling&Response", + "logoFileName": "", + "description": "Sets the time name for analysis", + "dataTypesDependencies": [ + "SecurityAlert" + ], + "dataConnectorsDependencies": [], + "previewImagesFileNames": [ + "ThreatAnalysis&ResponseWhite1.png", + "ThreatAnalysis&ResponseWhite2.png" + ], + "version": "1.0.0", + "title": "Dynamic Threat Modeling Response", + "templateRelativePath": "DynamicThreatModeling&Response.json", + "subtitle": "", + "provider": "Microsoft" + }, + { + "workbookKey": "ThreatAnalysis&Response", + "logoFileName": "", + "description": "The Defenders for IoT workbook provide guided investigations for OT entities based on open incidents, alert notifications, and activities for OT assets. They also provide a hunting experience across the MITRE ATT&CK® framework for ICS, and are designed to enable analysts, security engineers, and MSSPs to gain situational awareness of OT security posture.", + "dataTypesDependencies": [ + "SecurityAlert" + ], + "dataConnectorsDependencies": [], + "previewImagesFileNames": [ + "ThreatAnalysis&ResponseWhite.png" + ], + "version": "1.0.1", + "title": "Threat Analysis Response", + "templateRelativePath": "ThreatAnalysis&Response.json", + "subtitle": "", + "provider": "Microsoft" + }, + { + "workbookKey": "TrendMicroCAS", + "logoFileName": "Trend_Micro_Logo.svg", + "description": "Sets the time name for analysis", + "dataTypesDependencies": [ + "TrendMicroCAS_CL" + ], + "dataConnectorsDependencies": [ + "TrendMicroCAS" + ], + "previewImagesFileNames": [ + "TrendMicroCASBlack.png", + "TrendMicroCASWhite.png" + ], + "version": "1.0.0", + "title": "TrendMicroCAS", + "templateRelativePath": "TrendMicroCAS.json", + "subtitle": "", + "provider": "TrendMicro" + }, + { + "workbookKey": "GitHubSecurityWorkbook", + "logoFileName": "GitHub.svg", + "description": "Gain insights to GitHub activities that may be interesting for security.", + "dataTypesDependencies": [ + "GitHubAuditLogPolling_CL" + ], + "dataConnectorsDependencies": [ + "GitHubEcAuditLogPolling" + ], + "previewImagesFileNames": [], + "version": "1.0.0", + "title": "GithubWorkbook", + "templateRelativePath": "GitHubWorkbook.json", + "subtitle": "", + "provider": "Microsoft" + }, + { + "workbookKey": "GCPDNSWorkbook", + "logoFileName": "google_logo.svg", + "description": "Sets the time name for analysis", + "dataTypesDependencies": [ + "GCPCloudDNS" + ], + "dataConnectorsDependencies": [ + "GCPDNSDataConnector" + ], + "previewImagesFileNames": [ + "GCPDNSBlack.png", + "GCPDNSWhite.png" + ], + "version": "1.0.0", + "title": "Google Cloud Platform DNS", + "templateRelativePath": "GCPDNS.json", + "subtitle": "", + "provider": "Microsoft" + }, + { + "workbookKey": "AtlassianJiraAuditWorkbook", + "logoFileName": "", + "description": "Sets the time name for analysis", + "dataTypesDependencies": [ + "AtlassianJiraNativePoller_CL" + ], + "dataConnectorsDependencies": [ + "AtlassianJira" + ], + "previewImagesFileNames": [ + "AtlassianJiraAuditWhite.png", + "AtlassianJiraAuditBlack.png" + ], + "version": "1.0.0", + "title": "AtlassianJiraAudit", + "templateRelativePath": "AtlassianJiraAudit.json", + "subtitle": "", + "provider": "Atlassian" + }, + { + "workbookKey": "DigitalGuardianWorkbook", + "logoFileName": "Azure_Sentinel.svg", + "description": "Sets the time name for analysis", + "dataTypesDependencies": [ + "DigitalGuardianDLPEvent" + ], + "dataConnectorsDependencies": [ + "DigitalGuardianDLP" + ], + "previewImagesFileNames": [ + "DigitalGuardianBlack.png", + "DigitalGuardianWhite.png" + ], + "version": "1.0.0", + "title": "DigitalGuardianDLP", + "templateRelativePath": "DigitalGuardian.json", + "subtitle": "", + "provider": "Digital Guardian" + }, + { + "workbookKey": "CiscoDuoWorkbook", + "logoFileName": "cisco-logo-72px.svg", + "description": "Sets the time name for analysis", + "dataTypesDependencies": [ + "CiscoDuo_CL" + ], + "dataConnectorsDependencies": [ + "CiscoDuoSecurity" + ], + "previewImagesFileNames": [ + "CiscoDuoWhite.png", + "CiscoDuoBlack.png" + ], + "version": "1.0.0", + "title": "CiscoDuoSecurity", + "templateRelativePath": "CiscoDuo.json", + "subtitle": "", + "provider": "Cisco" + }, + { + "workbookKey": "SlackAudit", + "logoFileName": "slacklogo.svg", + "description": "Sets the time name for analysis", + "dataTypesDependencies": [ + "SlackAudit_CL" + ], + "dataConnectorsDependencies": [ + "SlackAuditAPI" + ], + "previewImagesFileNames": [ + "SlackAuditApplicationActivityBlack1.png", + "SlackAuditApplicationActivityWhite1.png" + ], + "version": "1.0.0", + "title": "SlackAudit", + "templateRelativePath": "SlackAudit.json", + "subtitle": "", + "provider": "Slack" + }, + { + "workbookKey": "CiscoWSAWorkbook", + "logoFileName": "cisco-logo-72px.svg", + "description": "Sets the time name for analysis", + "dataTypesDependencies": [ + "Syslog" + ], + "dataConnectorsDependencies": [ + "CiscoWSA" + ], + "previewImagesFileNames": [ + "CiscoWSAWhite.png", + "CiscoWSABlack.png" + ], + "version": "1.0.0", + "title": "CiscoWSA", + "templateRelativePath": "CiscoWSA.json", + "subtitle": "", + "provider": "Cisco" + }, + { + "workbookKey": "GCP-IAM-Workbook", + "logoFileName": "google_logo.svg", + "description": "Sets the time name for analysis", + "dataTypesDependencies": [ + "GCP_IAM_CL" + ], + "dataConnectorsDependencies": [ + "GCPIAMDataConnector" + ], + "previewImagesFileNames": [ + "GCPIAMBlack01.png", + "GCPIAMBlack02.png", + "GCPIAMWhite01.png", + "GCPIAMWhite02.png" + ], + "version": "1.0.0", + "title": "Google Cloud Platform IAM", + "templateRelativePath": "GCP_IAM.json", + "subtitle": "", + "provider": "Google" + }, + { + "workbookKey": "ImpervaWAFCloudWorkbook", + "logoFileName": "Imperva_DarkGrey_final_75x75.svg", + "description": "Sets the time name for analysis.", + "dataTypesDependencies": [ + "ImpervaWAFCloud_CL" + ], + "dataConnectorsDependencies": [ + "ImpervaWAFCloudAPI" + ], + "previewImagesFileNames": [ + "ImpervaWAFCloudBlack01.png", + "ImpervaWAFCloudBlack02.png", + "ImpervaWAFCloudWhite01.png", + "ImpervaWAFCloudWhite02.png" + ], + "version": "1.0.0", + "title": "Imperva WAF Cloud Overview", + "templateRelativePath": "Imperva WAF Cloud Overview.json", + "subtitle": "", + "provider": "Microsoft" + }, + { + "workbookKey": "ZscalerZPAWorkbook", + "logoFileName": "ZscalerLogo.svg", + "description": "Select the time range for this Overview.", + "dataTypesDependencies": [ + "ZPA_CL" + ], + "dataConnectorsDependencies": [ + "ZscalerPrivateAccess" + ], + "previewImagesFileNames": [ + "ZscalerZPABlack.png", + "ZscalerZPAWhite.png" + ], + "version": "1.0.0", + "title": "Zscaler Private Access (ZPA)", + "templateRelativePath": "ZscalerZPA.json", + "subtitle": "", + "provider": "Zscaler" + }, + { + "workbookKey": "GoogleWorkspaceWorkbook", + "logoFileName": "google_logo.svg", + "description": "Sets the time name for analysis", + "dataTypesDependencies": [ + "GWorkspace_ReportsAPI_admin_CL", + "GWorkspace_ReportsAPI_calendar_CL", + "GWorkspace_ReportsAPI_drive_CL", + "GWorkspace_ReportsAPI_login_CL", + "GWorkspace_ReportsAPI_login_CL", + "GWorkspace_ReportsAPI_mobile_CL" + ], + "dataConnectorsDependencies": [ + "GoogleWorkspaceReportsAPI" + ], + "previewImagesFileNames": [ + "GoogleWorkspaceBlack.png", + "GoogleWorkspaceWhite.png" + ], + "version": "1.0.0", + "title": "GoogleWorkspaceReports", + "templateRelativePath": "GoogleWorkspace.json", + "subtitle": "", + "provider": "Microsoft" + }, + { + "workbookKey": "NCProtectWorkbook", + "logoFileName": "NCProtectIcon.svg", + "description": "Sets the time name for analysis", + "dataTypesDependencies": [ + "NCProtectUAL_CL" + ], + "dataConnectorsDependencies": [ + "NucleusCyberNCProtect" + ], + "previewImagesFileNames": [ + "", + "" + ], + "version": "1.0.0", + "title": "NucleusCyberProtect", + "templateRelativePath": "NucleusCyber_NCProtect_Workbook.json", + "subtitle": "", + "provider": "archTIS" + }, + { + "workbookKey": "CiscoISEWorkbook", + "logoFileName": "cisco-logo-72px.svg", + "description": "Sets the time name for analysis", + "dataTypesDependencies": [ + "Syslog" + ], + "dataConnectorsDependencies": [ + "CiscoISE" + ], + "previewImagesFileNames": [], + "version": "1.0.0", + "title": "Cisco ISE", + "templateRelativePath": "CiscoISE.json", + "subtitle": "", + "provider": "Cisco" + }, + { + "workbookKey": "IoTOTThreatMonitoringwithDefenderforIoTWorkbook", + "logoFileName": "", + "description": "The OT Threat Monitoring with Defender for IoT Workbook features OT filtering for Security Alerts, Incidents, Vulnerabilities and Asset Inventory. The workbook features a dynamic assessment of the MITRE ATT&CK for ICS matrix across your environment to analyze and respond to OT-based threats. This workbook is designed to enable SecOps Analysts, Security Engineers, and MSSPs to gain situational awareness for IT/OT security posture.", + "dataTypesDependencies": [ + "SecurityAlert", + "SecurityIncident" + ], + "dataConnectorsDependencies": [], + "previewImagesFileNames": [], + "version": "1.0.0", + "title": "Microsoft Defender for IoT", + "templateRelativePath": "IoTOTThreatMonitoringwithDefenderforIoT.json", + "subtitle": "", + "provider": "Microsoft" + }, + { + "workbookKey": "ZeroTrust(TIC3.0)Workbook", + "logoFileName": "Azure_Sentinel.svg", + "description": "Sets the time name for analysis", + "dataTypesDependencies": [ + "SecurityRecommendation" + ], + "dataConnectorsDependencies": [], + "previewImagesFileNames": [ + "ZeroTrust(TIC3.0)Black1.PNG", + "ZeroTrust(TIC3.0)White1.PNG" + ], + "version": "1.0.0", + "title": "ZeroTrust(TIC3.0)", + "templateRelativePath": "ZeroTrustTIC3.json", + "subtitle": "", + "provider": "Microsoft" + }, + { + "workbookKey": "InsiderRiskManagementWorkbook", + "logoFileName": "Azure_Sentinel.svg", + "description": "The Microsoft Insider Risk Management Workbook integrates telemetry from 25+ Microsoft security products to provide actionable insights into insider risk management. Reporting tools provide \u201cGo to Alert\u201d links to provide deeper integration between products and a simplified user experience for exploring alerts. ", + "dataTypesDependencies": [ + "SigninLogsSigninLogs", + "AuditLogs", + "AzureActivity", + "OfficeActivity", + "InformationProtectionLogs_CL", + "SecurityIncident" + ], + "dataConnectorsDependencies": [], + "previewImagesFileNames": [ + "InsiderRiskManagementBlack1.png" + ], + "version": "1.0.0", + "title": "Insider Risk Management", + "templateRelativePath": "InsiderRiskManagement.json", + "subtitle": "", + "provider": "Microsoft" + }, + { + "workbookKey": "CybersecurityMaturityModelCertification(CMMC)2.0Workbook", + "logoFileName": "", + "description": "Sets the time name for analysis.", + "dataTypesDependencies": [ + "InformationProtectionLogs_CL", + "AuditLogs", + "SecurityIncident", + "SigninLogs", + "AzureActivity" + ], + "dataConnectorsDependencies": [], + "previewImagesFileNames": [], + "version": "1.0.0", + "title": "CybersecurityMaturityModelCertification(CMMC)2.0", + "templateRelativePath": "CybersecurityMaturityModelCertification_CMMCV2.json", + "subtitle": "", + "provider": "Microsoft" + }, + { + "workbookKey": "NISTSP80053Workbook", + "logoFileName": "", + "description": "Sets the time name for analysis.", + "dataTypesDependencies": [ + "SigninLogs", + "AuditLogs", + "AzureActivity", + "OfficeActivity", + "SecurityEvents", + "CommonSecurityLog", + "SecurityIncident", + "SecurityRecommendation" + ], + "dataConnectorsDependencies": [ + "SecurityEvents" + ], + "previewImagesFileNames": [], + "version": "1.0.0", + "title": "NISTSP80053workbook", + "templateRelativePath": "NISTSP80053.json", + "subtitle": "", + "provider": "Microsoft" + }, + { + "workbookKey": "DarktraceWorkbook", + "logoFileName": "Darktrace.svg", + "description": "The Darktrace Workbook visualises Model Breach and AI Analyst data received by the Darktrace Data Connector and visualises events across the network, SaaS, IaaS and Email.", + "dataTypesDependencies": [ + "darktrace_model_alerts_CL" + ], + "dataConnectorsDependencies": [ + "DarktraceRESTConnector" + ], + "previewImagesFileNames": [ + "DarktraceWorkbookBlack01.png", + "DarktraceWorkbookBlack02.png", + "DarktraceWorkbookWhite01.png", + "DarktraceWorkbookWhite02.png" + ], + "version": "1.0.1", + "title": "Darktrace", + "templateRelativePath": "DarktraceWorkbook.json", + "subtitle": "", + "provider": "Darktrace" }, { - "workbookKey": "AtlasianJiraAuditWorkbook", - "logoFileName": "", - "description": "Select the time range for this Overview.", - "dataTypesDependencies": [ - "AtlassianJiraNativePoller_CL" - ], - "dataConnectorsDependencies": [ - "AtlassianJira" - ], - "previewImagesFileNames": [ - "AtlassianJiraAuditBlack.png", - "AtlassianJiraAuditWhite.png" - ], - "version": "1.0.0", - "title": "AtlasianJiraAuditWorkbook", - "templateRelativePath": "AtlasianJiraAuditWorkbook.json", - "subtitle": "", - "provider": "Microsoft" + "workbookKey": "RecordedFutureDomainC2DNSWorkbook", + "logoFileName": "RecordedFuture.svg", + "description": "Sets the time name for DNS Events and Threat Intelligence Time Range", + "dataTypesDependencies": [ + "ThreatIntelligenceIndicator" + ], + "dataConnectorsDependencies": [], + "previewImagesFileNames": [], + "version": "1.0.0", + "title": "Recorded Future - C&C DNS Name to DNS Events - Correlation&Threat Hunting", + "templateRelativePath": "Recorded Future - C&C DNS Name to DNS Events - Correlation&Threat Hunting.json", + "subtitle": "", + "provider": "Recorded Future" }, { - "workbookKey": "AzureSecurityBenchmark", - "logoFileName": "", - "description": "Azure Security Benchmark v3 Workbook provides a mechanism for viewing log queries, azure resource graph, and policies aligned to ASB controls across Microsoft security offerings, Azure, Microsoft 365, 3rd Party, On-Premises, and Multi-cloud workloads. This workbook enables Security Architects, Engineers, SecOps Analysts, Managers, and IT Pros to gain situational awareness visibility for the security posture of cloud workloads. There are also recommendations for selecting, designing, deploying, and configuring Microsoft offerings for alignment with respective ASB requirements and practices.", - "dataTypesDependencies": [ - "SecurityRegulatoryCompliance", - "AzureDiagnostics", - "SecurityIncident", - "SigninLogs", - "SecurityAlert" - ], - "dataConnectorsDependencies": [], - "previewImagesFileNames": [ - "AzureSecurityBenchmark1.png", - "AzureSecurityBenchmark2.png", - "AzureSecurityBenchmark3.png" - ], - "version": "1.0.0", - "title": "Azure Security Benchmark", - "templateRelativePath": "AzureSecurityBenchmark.json", - "subtitle": "", - "provider": "Microsoft" + "workbookKey": "RecordedFutureIPActiveC2Workbook", + "logoFileName": "RecordedFuture.svg", + "description": "Sets the time name for DNS Events and Threat Intelligence Time Range", + "dataTypesDependencies": [ + "ThreatIntelligenceIndicator" + ], + "dataConnectorsDependencies": [], + "previewImagesFileNames": [], + "version": "1.0.0", + "title": "Recorded Future - Actively Communicating C&C IPs to DNS Events - Correlation&Threat Hunting", + "templateRelativePath": "Recorded Future - Actively Communicating C&C IPs to DNS Events - Correlation&Threat Hunting.json", + "subtitle": "", + "provider": "Recorded Future" }, { - "workbookKey": "ZNAccessOchestratorAudit", - "logoFileName": "", - "description": "This workbook provides a summary of ZeroNetworks data.", - "dataTypesDependencies": [ - "ZNAccessOrchestratorAudit_CL", - "ZNAccessOrchestratorAuditNativePoller_CL" - ], - "dataConnectorsDependencies": [ - "ZeroNetworksAccessOrchestratorAuditFunction", - "ZeroNetworksAccessOrchestratorAuditNativePoller" - ], - "previewImagesFileNames": [], - "version": "1.0.0", - "title": "Zero NetWork", - "templateRelativePath": "ZNSegmentAudit.json", - "subtitle": "", - "provider": "Zero Networks" - }, - { - "workbookKey": "FireworkWorkbook", - "logoFileName": "FlareSystems.svg", - "description": "Select the time range for this Overview.", - "dataTypesDependencies": [ - "Firework_CL" - ], - "dataConnectorsDependencies": [ - "FlareSystemsFirework" - ], - "previewImagesFileNames": [ - "FireworkOverviewBlack01.png", - "FireworkOverviewBlack02.png", - "FireworkOverviewWhite01.png", - "FireworkOverviewWhite02.png" - ], - "version": "1.0.0", - "title": "FlareSystemsFirework", - "templateRelativePath": "FlareSystemsFireworkOverview.json", - "subtitle": "", - "provider": "Flare Systems" - }, - { - "workbookKey": "UserWorkbook-alexdemichieli-github-update-1", - "logoFileName": "GitHub.svg", - "description": "Gain insights to GitHub activities that may be interesting for security.", - "dataTypesDependencies": [ - "GitHubAuditLogPolling_CL" - ], - "dataConnectorsDependencies": [ - "GitHubEcAuditLogPolling" - ], - "previewImagesFileNames": [], - "version": "1.0.0", - "title": "GitHub Security", - "templateRelativePath": "GitHubAdvancedSecurity.json", - "subtitle": "", - "provider": "Microsoft" - }, - { - "workbookKey": "TaniumWorkbook", - "logoFileName": "Tanium.svg", - "description": "Visualize Tanium endpoint and module data", - "dataTypesDependencies": [ - "TaniumComplyCompliance_CL", - "TaniumComplyVulnerabilities_CL", - "TaniumDefenderHealth_CL", - "TaniumDiscoverUnmanagedAssets_CL", - "TaniumHighUptime_CL", - "TaniumMainAsset_CL", - "TaniumPatchListApplicability_CL", - "TaniumPatchListCompliance_CL", - "TaniumSCCMClientHealth_CL", - "TaniumThreatResponse_CL" - ], - "dataConnectorsDependencies": [], - "previewImagesFileNames": [ - "TaniumComplyDark.png", - "TaniumComplyLight.png", - "TaniumDiscoverDark.png", - "TaniumDiscoverLight.png", - "TaniumMSToolingHealthDark.png", - "TaniumMSToolingHealthLight.png", - "TaniumPatchDark.png", - "TaniumPatchLight.png", - "TaniumThreatResponseAlertsDark.png", - "TaniumThreatResponseAlertsLight.png", - "TaniumThreatResponseDark.png", - "TaniumThreatResponseLight.png" - ], - "version": "1.0", - "title": "Tanium Workbook", - "templateRelativePath": "TaniumWorkbook.json", - "subtitle": "", - "provider": "Tanium" + "workbookKey": "MaturityModelForEventLogManagement_M2131", + "logoFileName": "contrastsecurity_logo.svg", + "description": "Select the time range for this Overview.", + "dataTypesDependencies": [], + "dataConnectorsDependencies": [], + "previewImagesFileNames": [ + "MaturityModelForEventLogManagement_M2131Black.png" + ], + "version": "1.0.0", + "title": "MaturityModelForEventLogManagementM2131", + "templateRelativePath": "MaturityModelForEventLogManagement_M2131.json", + "subtitle": "", + "provider": "Microsoft" + }, + { + "workbookKey": "AzureSQLSecurityWorkbook", + "logoFileName": "AzureSQL.svg", + "description": "Sets the time window in days to search around the alert", + "dataTypesDependencies": [ + "AzureDiagnostics", + "SecurityAlert", + "SecurityIncident" + ], + "dataConnectorsDependencies": [ + "AzureSql" + ], + "previewImagesFileNames": [], + "version": "1.0.0", + "title": "Azure SQL Database Workbook", + "templateRelativePath": "Workbook-AzureSQLSecurity.json", + "subtitle": "", + "provider": "Microsoft" }, { - "workbookKey": "ActionableAlertsDashboard", - "logoFileName": "", - "description": "None.", - "dataTypesDependencies": [ - "CyberSixgill_Alerts_CL" - ], - "dataConnectorsDependencies": [ - "CybersixgillActionableAlerts" - ], - "previewImagesFileNames": [], - "version": "1.0.0", - "title": "Cybersixgill Actionable Alerts Dashboard", - "templateRelativePath": "ActionableAlertsDashboard.json", - "subtitle": "", - "provider": "Cybersixgill" + "workbookKey": "ContinuousDiagnostics&Mitigation", + "logoFileName": "", + "description": "Select the time range for this Overview.", + "dataTypesDependencies": [], + "dataConnectorsDependencies": [], + "previewImagesFileNames": [ + "ContinuousDiagnostics&MitigationBlack.png" + ], + "version": "1.0.0", + "title": "ContinuousDiagnostics&Mitigation", + "templateRelativePath": "ContinuousDiagnostics&Mitigation.json", + "subtitle": "", + "provider": "Microsoft" + }, + { + "workbookKey": "UserWorkbook-alexdemichieli-github-update-1", + "logoFileName": "GitHub.svg", + "description": "Repository selector.", + "dataTypesDependencies": [ + "githubscanaudit_CL" + ], + "dataConnectorsDependencies": [ + "GitHubWebhook" + ], + "previewImagesFileNames": [], + "version": "1.0.0", + "title": "GithubWorkbook-update-to-workbook-1", + "templateRelativePath": "update-to-workbook-1.json", + "subtitle": "", + "provider": "Microsoft" + }, + { + "workbookKey": "AtlasianJiraAuditWorkbook", + "logoFileName": "", + "description": "Select the time range for this Overview.", + "dataTypesDependencies": [ + "AtlassianJiraNativePoller_CL" + ], + "dataConnectorsDependencies": [ + "AtlassianJira" + ], + "previewImagesFileNames": [ + "AtlassianJiraAuditBlack.png", + "AtlassianJiraAuditWhite.png" + ], + "version": "1.0.0", + "title": "AtlasianJiraAuditWorkbook", + "templateRelativePath": "AtlasianJiraAuditWorkbook.json", + "subtitle": "", + "provider": "Microsoft" + }, + { + "workbookKey": "AzureSecurityBenchmark", + "logoFileName": "", + "description": "Azure Security Benchmark v3 Workbook provides a mechanism for viewing log queries, azure resource graph, and policies aligned to ASB controls across Microsoft security offerings, Azure, Microsoft 365, 3rd Party, On-Premises, and Multi-cloud workloads. This workbook enables Security Architects, Engineers, SecOps Analysts, Managers, and IT Pros to gain situational awareness visibility for the security posture of cloud workloads. There are also recommendations for selecting, designing, deploying, and configuring Microsoft offerings for alignment with respective ASB requirements and practices.", + "dataTypesDependencies": [ + "SecurityRegulatoryCompliance", + "AzureDiagnostics", + "SecurityIncident", + "SigninLogs", + "SecurityAlert" + ], + "dataConnectorsDependencies": [], + "previewImagesFileNames": [ + "AzureSecurityBenchmark1.png", + "AzureSecurityBenchmark2.png", + "AzureSecurityBenchmark3.png" + ], + "version": "1.0.0", + "title": "Azure Security Benchmark", + "templateRelativePath": "AzureSecurityBenchmark.json", + "subtitle": "", + "provider": "Microsoft" + }, + { + "workbookKey": "ZNAccessOchestratorAudit", + "logoFileName": "", + "description": "This workbook provides a summary of ZeroNetworks data.", + "dataTypesDependencies": [ + "ZNAccessOrchestratorAudit_CL", + "ZNAccessOrchestratorAuditNativePoller_CL" + ], + "dataConnectorsDependencies": [ + "ZeroNetworksAccessOrchestratorAuditFunction", + "ZeroNetworksAccessOrchestratorAuditNativePoller" + ], + "previewImagesFileNames": [], + "version": "1.0.0", + "title": "Zero NetWork", + "templateRelativePath": "ZNSegmentAudit.json", + "subtitle": "", + "provider": "Zero Networks" + }, + { + "workbookKey": "FireworkWorkbook", + "logoFileName": "FlareSystems.svg", + "description": "Select the time range for this Overview.", + "dataTypesDependencies": [ + "Firework_CL" + ], + "dataConnectorsDependencies": [ + "FlareSystemsFirework" + ], + "previewImagesFileNames": [ + "FireworkOverviewBlack01.png", + "FireworkOverviewBlack02.png", + "FireworkOverviewWhite01.png", + "FireworkOverviewWhite02.png" + ], + "version": "1.0.0", + "title": "FlareSystemsFirework", + "templateRelativePath": "FlareSystemsFireworkOverview.json", + "subtitle": "", + "provider": "Flare Systems" + }, + { + "workbookKey": "UserWorkbook-alexdemichieli-github-update-1", + "logoFileName": "GitHub.svg", + "description": "Gain insights to GitHub activities that may be interesting for security.", + "dataTypesDependencies": [ + "GitHubAuditLogPolling_CL" + ], + "dataConnectorsDependencies": [ + "GitHubEcAuditLogPolling" + ], + "previewImagesFileNames": [], + "version": "1.0.0", + "title": "GitHub Security", + "templateRelativePath": "GitHubAdvancedSecurity.json", + "subtitle": "", + "provider": "Microsoft" + }, + { + "workbookKey": "TaniumWorkbook", + "logoFileName": "Tanium.svg", + "description": "Visualize Tanium endpoint and module data", + "dataTypesDependencies": [ + "TaniumComplyCompliance_CL", + "TaniumComplyVulnerabilities_CL", + "TaniumDefenderHealth_CL", + "TaniumDiscoverUnmanagedAssets_CL", + "TaniumHighUptime_CL", + "TaniumMainAsset_CL", + "TaniumPatchListApplicability_CL", + "TaniumPatchListCompliance_CL", + "TaniumSCCMClientHealth_CL", + "TaniumThreatResponse_CL" + ], + "dataConnectorsDependencies": [], + "previewImagesFileNames": [ + "TaniumComplyDark.png", + "TaniumComplyLight.png", + "TaniumDiscoverDark.png", + "TaniumDiscoverLight.png", + "TaniumMSToolingHealthDark.png", + "TaniumMSToolingHealthLight.png", + "TaniumPatchDark.png", + "TaniumPatchLight.png", + "TaniumThreatResponseAlertsDark.png", + "TaniumThreatResponseAlertsLight.png", + "TaniumThreatResponseDark.png", + "TaniumThreatResponseLight.png" + ], + "version": "1.0", + "title": "Tanium Workbook", + "templateRelativePath": "TaniumWorkbook.json", + "subtitle": "", + "provider": "Tanium" + }, + { + "workbookKey": "ActionableAlertsDashboard", + "logoFileName": "", + "description": "None.", + "dataTypesDependencies": [ + "CyberSixgill_Alerts_CL" + ], + "dataConnectorsDependencies": [ + "CybersixgillActionableAlerts" + ], + "previewImagesFileNames": [], + "version": "1.0.0", + "title": "Cybersixgill Actionable Alerts Dashboard", + "templateRelativePath": "ActionableAlertsDashboard.json", + "subtitle": "", + "provider": "Cybersixgill" + }, + { + "workbookKey": "ActionableAlertsList", + "logoFileName": "", + "description": "None.", + "dataTypesDependencies": [ + "CyberSixgill_Alerts_CL" + ], + "dataConnectorsDependencies": [ + "CybersixgillActionableAlerts" + ], + "previewImagesFileNames": [], + "version": "1.0.0", + "title": "Cybersixgill Actionable Alerts List", + "templateRelativePath": "ActionableAlertsList.json", + "subtitle": "", + "provider": "Cybersixgill" + }, + { + "workbookKey": "ArgosCloudSecurityWorkbook", + "logoFileName": "argos-logo.svg", + "description": "The ARGOS Cloud Security integration for Microsoft Sentinel allows you to have all your important cloud security events in one place.", + "dataTypesDependencies": [ + "ARGOS_CL" + ], + "dataConnectorsDependencies": [ + "ARGOSCloudSecurity" + ], + "previewImagesFileNames": [ + "ARGOSCloudSecurityWorkbookBlack.png", + "ARGOSCloudSecurityWorkbookWhite.png" + ], + "version": "1.0.0", + "title": "ARGOS Cloud Security", + "templateRelativePath": "ARGOSCloudSecurityWorkbook.json", + "subtitle": "", + "provider": "ARGOS Cloud Security" + }, + { + "workbookKey": "JamfProtectWorkbook", + "logoFileName": "jamf_logo.svg", + "description": "This Jamf Protect Workbook for Microsoft Sentinel enables you to ingest Jamf Protect events forwarded into Microsoft Sentinel.\n Providing reports into all alerts, device controls and Unfied Logs.", + "dataTypesDependencies": [ + "jamfprotect_CL" + ], + "dataConnectorsDependencies": [], + "previewImagesFileNames": [ + "JamfProtectDashboardBlack.png", + "JamfProtectDashboardWhite.png" + ], + "version": "2.0.0", + "title": "Jamf Protect Workbook", + "templateRelativePath": "JamfProtectDashboard.json", + "subtitle": "", + "provider": "Jamf Software, LLC" + }, + { + "workbookKey": "AIVectraStream", + "logoFileName": "", + "description": "", + "dataTypesDependencies": [ + "VectraStream_CL" + ], + "dataConnectorsDependencies": [ + "AIVectraStream" + ], + "previewImagesFileNames": [], + "version": "1.0.0", + "title": "AIVectraStreamWorkbook", + "templateRelativePath": "AIVectraStreamWorkbook.json", + "subtitle": "", + "provider": "Vectra AI" + }, + { + "workbookKey": "SecurityScorecardWorkbook", + "logoFileName": "", + "description": "This Workbook provides immediate insight into the data coming from SecurityScorecard’s three Sentinel data connectors: SecurityScorecard Cybersecurity Ratings, SecurityScorecard Cybersecurity Ratings - Factors, and SecurityScorecard Cybersecurity Ratings - Issues.", + "dataTypesDependencies": [ + "SecurityScorecardFactor_CL", + "SecurityScorecardIssues_CL", + "SecurityScorecardRatings_CL" + ], + "dataConnectorsDependencies": [ + "SecurityScorecardFactorAzureFunctions", + "SecurityScorecardIssueAzureFunctions", + "SecurityScorecardRatingsAzureFunctions" + ], + "previewImagesFileNames": [ + "SecurityScorecardBlack1.png", + "SecurityScorecardBlack2.png", + "SecurityScorecardBlack3.png", + "SecurityScorecardBlack4.png", + "SecurityScorecardBlack5.png", + "SecurityScorecardBlack6.png", + "SecurityScorecardWhite1.png", + "SecurityScorecardWhite2.png", + "SecurityScorecardWhite3.png", + "SecurityScorecardWhite4.png", + "SecurityScorecardWhite5.png", + "SecurityScorecardWhite6.png" + ], + "version": "1.0.0", + "title": "SecurityScorecard", + "templateRelativePath": "SecurityScorecardWorkbook.json", + "subtitle": "", + "provider": "SecurityScorecard" + }, + { + "workbookKey": "DigitalShadowsWorkbook", + "logoFileName": "DigitalShadowsLogo.svg", + "description": "For gaining insights into Digital Shadows logs.", + "dataTypesDependencies": [ + "DigitalShadows_CL" + ], + "dataConnectorsDependencies": [ + "DigitalShadowsSearchlightAzureFunctions" + ], + "previewImagesFileNames": [ + "DigitalShadowsBlack1.png", + "DigitalShadowsBlack2.png", + "DigitalShadowsBlack3.png", + "DigitalShadowsWhite1.png", + "DigitalShadowsWhite2.png", + "DigitalShadowsWhite3.png" + ], + "version": "1.0.0", + "title": "Digital Shadows", + "templateRelativePath": "DigitalShadows.json", + "subtitle": "", + "provider": "Digital Shadows" + }, + { + "workbookKey": "SalesforceServiceCloudWorkbook", + "logoFileName": "salesforce_logo.svg", + "description": "Sets the time name for analysis.", + "dataTypesDependencies": [ + "SalesforceServiceCloud" + ], + "dataConnectorsDependencies": [ + "SalesforceServiceCloud_CL" + ], + "previewImagesFileNames": [], + "version": "1.0.0", + "title": "Salesforce Service Cloud", + "templateRelativePath": "SalesforceServiceCloud.json", + "subtitle": "", + "provider": "Salesforce" + }, + { + "workbookKey": "NetworkSessionSolution", + "logoFileName": "Azure_Sentinel.svg", + "description": "This workbook is included as part of Network Session Essentials solution and gives a summary of analyzed traffic, helps with threat analysis and investigating suspicious IP’s and traffic analysis. Network Session Essentials Solution also includes playbooks to periodically summarize the logs thus enhancing user experience and improving data search. For the effective usage of workbook, we highly recommend to enable the summarization playbooks that are provided with this solution.", + "dataTypesDependencies": [ + "AWSVPCFlow", + "DeviceNetworkEvents", + "SecurityEvent", + "WindowsEvent", + "CommonSecurityLog", + "Syslog", + "CommonSecurityLog", + "VMConnection", + "AzureDiagnostics", + "AzureDiagnostics", + "CommonSecurityLog", + "Corelight_CL", + "VectraStream", + "CommonSecurityLog", + "CommonSecurityLog", + "Syslog", + "CiscoMerakiNativePoller" + ], + "dataConnectorsDependencies": [ + "AWSS3", + "MicrosoftThreatProtection", + "SecurityEvents", + "WindowsForwardedEvents", + "Zscaler", + "MicrosoftSysmonForLinux", + "PaloAltoNetworks", + "AzureMonitor(VMInsights)", + "AzureFirewall", + "AzureNSG", + "CiscoASA", + "Corelight", + "AIVectraStream", + "CheckPoint", + "Fortinet", + "CiscoMeraki" + ], + "previewImagesFileNames": [], + "version": "1.0.0", + "title": "Network Session Essentials", + "templateRelativePath": "NetworkSessionEssentials.json", + "subtitle": "", + "provider": "Microsoft" + }, + { + "workbookKey": "SAPSODAnalysis", + "logoFileName": "AliterConsulting.svg", + "description": "SAP SOD Analysis", + "dataTypesDependencies": [ + "SAPAuditLog" + ], + "dataConnectorsDependencies": [ + "SAP" + ], + "previewImagesFileNames": [], + "version": "2.0.0", + "title": "SAP SOD Analysis", + "templateRelativePath": "SAP - Segregation of Duties v2.0 (by Aliter Consulting).json", + "subtitle": "", + "provider": "Aliter Consulting" + }, + { + "workbookKey": "TheomWorkbook", + "logoFileName": "theom-logo.svg", + "description": "Theom Alert Statistics", + "dataTypesDependencies": [ + "TheomAlerts_CL" + ], + "dataConnectorsDependencies": [ + "Theom" + ], + "previewImagesFileNames": [ + "TheomWorkbook-black.png", + "TheomWorkbook-white.png" + ], + "version": "1.0.0", + "title": "Theom", + "templateRelativePath": "Theom.json", + "subtitle": "", + "provider": "Theom" + }, + { + "workbookKey": "DynatraceWorkbooks", + "logoFileName": "dynatrace.svg", + "description": "This workbook brings together queries and visualizations to assist you in identifying potential threats surfaced by Dynatrace.", + "dataTypesDependencies": [ + "DynatraceAttacks_CL", + "DynatraceAuditLogs_CL", + "DynatraceProblems_CL", + "DynatraceSecurityProblems_CL" + ], + "dataConnectorsDependencies": [ + "DynatraceAttacks", + "DynatraceAuditLogs", + "DynatraceProblems", + "DynatraceRuntimeVulnerabilities" + ], + "previewImagesFileNames": [ + "DynatraceWorkbookBlack.png", + "DynatraceWorkbookWhite.png" + ], + "version": "2.0.0", + "title": "Dynatrace", + "templateRelativePath": "Dynatrace.json", + "subtitle": "", + "provider": "Dynatrace" + }, + { + "workbookKey": "MDOWorkbook", + "logoFileName": "", + "description": "Gain extensive insight into your organization's Microsoft Defender for Office Activity by analyzing, and correlating events.\nYou can track malware and phishing detection over time.", + "dataTypesDependencies": [ + "SecurityAlert" + ], + "dataConnectorsDependencies": [ + "MicrosoftThreatProtection" + ], + "previewImagesFileNames": [], + "version": "1.0.0", + "title": "Microsoft 365 Defender MDOWorkbook", + "templateRelativePath": "MDO Insights.json", + "subtitle": "", + "provider": "Microsoft" + }, + { + "workbookKey": "AnomaliesVisualizationWorkbook", + "logoFileName": "", + "description": "A workbook that provides contextual information to a user for better insight on Anomalies and their impact. The workbook will help with investigation of anomalies as well as identify patterns that can lead to a threat.", + "dataTypesDependencies": [ + "Anomalies" + ], + "dataConnectorsDependencies": [], + "previewImagesFileNames": [ + "AnomaliesVisualizationWorkbookWhite.png", + "AnomaliesVisualizationWorkbookBlack.png" + ], + "version": "1.0.0", + "title": "AnomaliesVisulization", + "templateRelativePath": "AnomaliesVisualization.json", + "subtitle": "", + "provider": "Microsoft Sentinel Community" + }, + { + "workbookKey": "AnomalyDataWorkbook", + "logoFileName": "", + "description": "A workbook providing details, related Incident, and related Hunting Workbook for a specific Anomaly.", + "dataTypesDependencies": [ + "Anomalies" + ], + "dataConnectorsDependencies": [], + "previewImagesFileNames": [ + "AnomalyDataWorkbookWhite.png", + "AnomalyDataWorkbookBlack.png" + ], + "version": "1.0.0", + "title": "AnomalyData", + "templateRelativePath": "AnomalyData.json", + "subtitle": "", + "provider": "Microsoft Sentinel Community" + }, + { + "workbookKey": "MicrosoftExchangeLeastPrivilegewithRBAC-Online", + "logoFileName": "Azure_Sentinel.svg", + "description": "This Workbook, dedicated to Exchange Online environments is built to have a simple view of non-standard RBAC delegations on an Exchange Online tenant. This Workbook allow you to go deep dive on custom delegation and roles and also members of each delegation, including the nested level and the group imbrication on your environment.", + "dataTypesDependencies": [ + "ESIExchangeOnlineConfig_CL" + ], + "dataConnectorsDependencies": [ + "ESI-ExchangeOnPremisesCollector", + "ESI-ExchangeAdminAuditLogEvents", + "ESI-ExchangeOnlineCollector" + ], + "previewImagesFileNames": [], + "version": "1.0.0", + "title": "Microsoft Exchange Least Privilege with RBAC - Online", + "templateRelativePath": "Microsoft Exchange Least Privilege with RBAC - Online.json", + "subtitle": "", + "provider": "Microsoft" + }, + { + "workbookKey": "MicrosoftExchangeLeastPrivilegewithRBAC", + "logoFileName": "Azure_Sentinel.svg", + "description": "This Workbook, dedicated to On-Premises environments is built to have a simple view of non-standard RBAC delegations on an On-Premises Exchange environment. This Workbook allow you to go deep dive on custom delegation and roles and also members of each delegation, including the nested level and the group imbrication on your environment.", + "dataTypesDependencies": [ + "ESIExchangeOnlineConfig_CL" + ], + "dataConnectorsDependencies": [ + "ESI-ExchangeOnPremisesCollector", + "ESI-ExchangeAdminAuditLogEvents", + "ESI-ExchangeOnlineCollector" + ], + "previewImagesFileNames": [], + "version": "1.0.0", + "title": "Microsoft Exchange Least Privilege with RBAC", + "templateRelativePath": "Microsoft Exchange Least Privilege with RBAC.json", + "subtitle": "", + "provider": "Microsoft" + }, + { + "workbookKey": "MicrosoftExchangeSearchAdminAuditLog", + "logoFileName": "Azure_Sentinel.svg", + "description": "This workbook is dedicated to On-Premises Exchange organizations. It uses the MSExchange Management event logs to give you a simple way to view administrators’ activities in your Exchange environment with Cmdlets usage statistics and multiple pivots to understand who and/or what is affected to modifications on your environment.", + "dataTypesDependencies": [ + "ESIExchangeOnlineConfig_CL" + ], + "dataConnectorsDependencies": [ + "ESI-ExchangeOnPremisesCollector", + "ESI-ExchangeAdminAuditLogEvents", + "ESI-ExchangeOnlineCollector" + ], + "previewImagesFileNames": [], + "version": "1.0.0", + "title": "Microsoft Exchange Search AdminAuditLog", + "templateRelativePath": "Microsoft Exchange Search AdminAuditLog.json", + "subtitle": "", + "provider": "Microsoft" + }, + { + "workbookKey": "MicrosoftExchangeSecurityMonitoring", + "logoFileName": "Azure_Sentinel.svg", + "description": "This Workbook is dedicated to On-Premises Exchange organizations. It uses the MSExchange Management event logs and Microsoft Exchange Security configuration collected by data connectors. It helps to track admin actions, especially on VIP Users and/or on Sensitive Cmdlets. This workbook allows also to list Exchange Services changes, local account activities and local logon on Exchange Servers.", + "dataTypesDependencies": [ + "ESIExchangeOnlineConfig_CL" + ], + "dataConnectorsDependencies": [ + "ESI-ExchangeOnPremisesCollector", + "ESI-ExchangeAdminAuditLogEvents", + "ESI-ExchangeOnlineCollector" + ], + "previewImagesFileNames": [], + "version": "1.0.0", + "title": "Microsoft Exchange Admin Activity", + "templateRelativePath": "Microsoft Exchange Admin Activity.json", + "subtitle": "", + "provider": "Microsoft" + }, + { + "workbookKey": "MicrosoftExchangeSecurityReview-Online", + "logoFileName": "Azure_Sentinel.svg", + "description": "This Workbook is dedicated to Exchange Online tenants. It displays and highlights current Security configuration on various Exchange components specific to Online including delegations, the transport configuration and the linked security risks, and risky protocols.", + "dataTypesDependencies": [ + "ESIExchangeOnlineConfig_CL" + ], + "dataConnectorsDependencies": [ + "ESI-ExchangeOnPremisesCollector", + "ESI-ExchangeAdminAuditLogEvents", + "ESI-ExchangeOnlineCollector" + ], + "previewImagesFileNames": [], + "version": "1.0.0", + "title": "Microsoft Exchange Security Review - Online", + "templateRelativePath": "Microsoft Exchange Security Review - Online.json", + "subtitle": "", + "provider": "Microsoft" + }, + { + "workbookKey": "MicrosoftExchangeSecurityReview", + "logoFileName": "Azure_Sentinel.svg", + "description": "This Workbook is dedicated to On-Premises Exchange organizations. It displays and highlights current Security configuration on various Exchange components including delegations, rights on databases, Exchange and most important AD Groups with members including nested groups, local administrators of servers. This workbook helps also to understand the transport configuration and the linked security risks.", + "dataTypesDependencies": [ + "ESIExchangeOnlineConfig_CL" + ], + "dataConnectorsDependencies": [ + "ESI-ExchangeOnPremisesCollector", + "ESI-ExchangeAdminAuditLogEvents", + "ESI-ExchangeOnlineCollector" + ], + "previewImagesFileNames": [], + "version": "1.0.0", + "title": "Microsoft Exchange Security Review", + "templateRelativePath": "Microsoft Exchange Security Review.json", + "subtitle": "", + "provider": "Microsoft" }, { - "workbookKey": "ActionableAlertsList", - "logoFileName": "", - "description": "None.", - "dataTypesDependencies": [ - "CyberSixgill_Alerts_CL" - ], - "dataConnectorsDependencies": [ - "CybersixgillActionableAlerts" - ], - "previewImagesFileNames": [], - "version": "1.0.0", - "title": "Cybersixgill Actionable Alerts List", - "templateRelativePath": "ActionableAlertsList.json", - "subtitle": "", - "provider": "Cybersixgill" - }, - { - "workbookKey": "ArgosCloudSecurityWorkbook", - "logoFileName": "argos-logo.svg", - "description": "The ARGOS Cloud Security integration for Microsoft Sentinel allows you to have all your important cloud security events in one place.", - "dataTypesDependencies": [ - "ARGOS_CL" - ], - "dataConnectorsDependencies": [ - "ARGOSCloudSecurity" - ], - "previewImagesFileNames": [ - "ARGOSCloudSecurityWorkbookBlack.png", - "ARGOSCloudSecurityWorkbookWhite.png" - ], - "version": "1.0.0", - "title": "ARGOS Cloud Security", - "templateRelativePath": "ARGOSCloudSecurityWorkbook.json", - "subtitle": "", - "provider": "ARGOS Cloud Security" - }, - { - "workbookKey": "JamfProtectWorkbook", - "logoFileName": "jamf_logo.svg", - "description": "This Jamf Protect Workbook for Microsoft Sentinel enables you to ingest Jamf Protect events forwarded into Microsoft Sentinel.\n Providing reports into all alerts, device controls and Unfied Logs.", - "dataTypesDependencies": [ - "jamfprotect_CL" - ], - "dataConnectorsDependencies": [], - "previewImagesFileNames": [ - "JamfProtectDashboardBlack.png", - "JamfProtectDashboardWhite.png" - ], - "version": "2.0.0", - "title": "Jamf Protect Workbook", - "templateRelativePath": "JamfProtectDashboard.json", - "subtitle": "", - "provider": "Jamf Software, LLC" + "workbookKey": "ibossMalwareAndC2Workbook", + "logoFileName": "", + "description": "A workbook providing insights into malware and C2 activity detected by iboss.", + "dataTypesDependencies": [], + "dataConnectorsDependencies": [], + "previewImagesFileNames": [], + "version": "1.0.0", + "title": "iboss Malware and C2", + "templateRelativePath": "ibossMalwareAndC2.json", + "subtitle": "", + "provider": "iboss" }, { - "workbookKey": "AIVectraStream", - "logoFileName": "", - "description": "", - "dataTypesDependencies": [ - "VectraStream_CL" - ], - "dataConnectorsDependencies": [ "AIVectraStream" ], - "previewImagesFileNames": [], - "version": "1.0.0", - "title": "AIVectraStreamWorkbook", - "templateRelativePath": "AIVectraStreamWorkbook.json", - "subtitle": "", - "provider": "Vectra AI" + "workbookKey": "ibossWebUsageWorkbook", + "logoFileName": "", + "description": "A workbook providing insights into web usage activity detected by iboss.", + "dataTypesDependencies": [], + "dataConnectorsDependencies": [], + "previewImagesFileNames": [], + "version": "1.0.0", + "title": "iboss Web Usage", + "templateRelativePath": "ibossWebUsage.json", + "subtitle": "", + "provider": "iboss" + }, + { + "workbookKey": "Fortiweb-workbook", + "logoFileName": "Azure_Sentinel.svg", + "description": "This workbook depends on a parser based on a Kusto Function to work as expected [**Fortiweb**](https://aka.ms/sentinel-FortiwebDataConnector-parser) which is deployed with the Microsoft Sentinel Solution.", + "dataTypesDependencies": [ + "CommonSecurityLog" + ], + "dataConnectorsDependencies": [ + "FortinetFortiWeb" + ], + "previewImagesFileNames": [], + "version": "1.0.0", + "title": "Fortiweb-workbook", + "templateRelativePath": "Fortiweb-workbook.json", + "subtitle": "", + "provider": "Microsoft" + }, + { + "workbookKey": "ReversingLabs-CapabilitiesOverview", + "logoFileName": "reversinglabs.svg", + "description": "The ReversingLabs-CapabilitiesOverview workbook provides a high level look at your threat intelligence capabilities and how they relate to your operations.", + "dataTypesDependencies": [], + "dataConnectorsDependencies": [], + "previewImagesFileNames": [ + "ReversingLabsTiSummary-White.png", + "ReversingLabsTiSummary-Black.png", + "ReversingLabsOpsSummary-White.png", + "ReversingLabsOpsSummary-Black.png" + ], + "version": "1.1.1", + "title": "ReversingLabs-CapabilitiesOverview", + "templateRelativePath": "ReversingLabs-CapabilitiesOverview.json", + "subtitle": "", + "provider": "ReversingLabs" + }, + { + "workbookKey": "TalonInsights", + "logoFileName": "Talon.svg", + "description": "This workbook provides Talon Security Insights on Log Analytics Query Logs", + "dataTypesDependencies": [], + "dataConnectorsDependencies": [], + "previewImagesFileNames": [ + "TalonInsightsBlack.png", + "TalonInsightsWhite.png" + ], + "version": "2.0.0", + "title": "Talon Insights", + "templateRelativePath": "TalonInsights.json", + "subtitle": "", + "provider": "Talon Security" + }, + { + "workbookKey": "vCenter", + "logoFileName": [], + "description": "This data connector depends on a parser based on Kusto Function **vCenter** to work as expected. [Follow steps to get this Kusto Function](https://aka.ms/sentinel-vCenter-parser)", + "dataTypesDependencies": [ + "vCenter_CL" + ], + "dataConnectorsDependencies": [ + "VMwarevCenter" + ], + "previewImagesFileNames": [], + "version": "1.0.0", + "title": "vCenter", + "templateRelativePath": "vCenter.json", + "subtitle": "", + "provider": "VMware" + }, + { + "workbookKey": "SAP-Monitors-AlertsandPerformance", + "logoFileName": "SAPVMIcon.svg", + "description": "SAP -Monitors- Alerts and Performance", + "dataTypesDependencies": [ + "SAPAuditLog" + ], + "dataConnectorsDependencies": [ + "SAP" + ], + "previewImagesFileNames": [ + "SAPVMIcon.svg" + ], + "version": "2.0.1", + "title": "SAP -Monitors- Alerts and Performance", + "templateRelativePath": "SAP -Monitors- Alerts and Performance.json", + "subtitle": "", + "provider": "Microsoft" + }, + { + "workbookKey": "SAP-SecurityAuditlogandInitialAccess", + "logoFileName": "SAPVMIcon.svg", + "description": "SAP -Security Audit log and Initial Access", + "dataTypesDependencies": [ + "SAPAuditLog" + ], + "dataConnectorsDependencies": [ + "SAP" + ], + "previewImagesFileNames": [ + "SAPVMIcon.svg" + ], + "version": "2.0.1", + "title": "SAP -Security Audit log and Initial Access", + "templateRelativePath": "SAP -Security Audit log and Initial Access.json", + "subtitle": "", + "provider": "Microsoft" + }, + { + "workbookKey": "DNSSolutionWorkbook", + "logoFileName": "", + "description": "This workbook is included as part of the DNS Essentials solution and gives a summary of analyzed DNS traffic. It also helps with threat analysis and investigating suspicious Domains, IPs and DNS traffic. DNS Essentials Solution also includes a playbook to periodically summarize the logs, thus enhancing the user experience and improving data search. For effective usage of workbook, we highly recommend enabling the summarization playbook that is provided with this solution.", + "dataTypesDependencies": [], + "dataConnectorsDependencies": [], + "previewImagesFileNames": [ + "DNSDomainWorkbookWhite.png", + "DNSDomainWorkbookBlack.png" + ], + "version": "1.0.0", + "title": "DNS Solution Workbook", + "templateRelativePath": "DNSSolutionWorkbook.json", + "subtitle": "", + "provider": "Microsoft" + }, + { + "workbookKey": "MicrosoftPowerBIActivityWorkbook", + "logoFileName": "", + "description": "This workbook provides details on Microsoft PowerBI Activity", + "dataTypesDependencies": [ + "PowerBIActivity" + ], + "dataConnectorsDependencies": [ + "Microsoft PowerBI (Preview)" + ], + "previewImagesFileNames": [ + "MicrosoftPowerBIActivityWorkbookBlack.png", + "MicrosoftPowerBIActivityWhite.png" + ], + "version": "1.0.0", + "title": "Microsoft PowerBI Activity Workbook", + "templateRelativePath": "MicrosoftPowerBIActivityWorkbook.json", + "subtitle": "", + "provider": "Microsoft" + }, + { + "workbookKey": "MicrosoftThreatIntelligenceWorkbook", + "logoFileName": "", + "description": "Gain insights into threat indicators ingestion and search for indicators at scale across Microsoft 1st Party, 3rd Party, On-Premises, Hybrid, and Multi-Cloud Workloads. Indicators Search facilitates a simple interface for finding IP, File, Hash, Sender and more across your data. Seamless pivots to correlate indicators with Microsoft Sentinel: Incidents to make your threat intelligence actionable.", + "dataTypesDependencies": [ + "ThreatIntelligenceIndicator", + "SecurityIncident" + ], + "dataConnectorsDependencies": [ + "ThreatIntelligence", + "ThreatIntelligenceTaxii" + ], + "previewImagesFileNames": [ + "ThreatIntelligenceWhite.png", + "ThreatIntelligenceBlack.png" + ], + "version": "1.0.0", + "title": "Threat Intelligence", + "templateRelativePath": "MicrosoftThreatIntelligence.json", + "subtitle": "", + "provider": "Microsoft" + }, + { + "workbookKey": "MicrosoftDefenderForEndPoint", + "logoFileName": "", + "description": "A wokbook to provide details about Microsoft Defender for Endpoint Advance Hunting to Overview & Analyse data brought through M365 Defender Connector.", + "dataTypesDependencies": [], + "dataConnectorsDependencies": [], + "previewImagesFileNames": [ + "microsoftdefenderforendpointwhite.png", + "microsoftdefenderforendpointblack.png" + ], + "version": "1.0.0", + "title": "Microsoft Defender For EndPoint", + "templateRelativePath": "MicrosoftDefenderForEndPoint.json", + "subtitle": "", + "provider": "Microsoft Sentinel Community" + }, + { + "workbookKey": "MicrosoftDefenderForIdentity", + "logoFileName": "", + "description": "Use this workbook to analyse the advance hunting data ingested for Defender For Identity.", + "dataTypesDependencies": [ + "IdentityLogonEvents", + "IdentityQueryEvents", + "IdentityDirectoryEvents", + "SecurityAlert" + ], + "dataConnectorsDependencies": [], + "previewImagesFileNames": [ + "microsoftdefenderforidentityblack.png", + "microsoftdefenderforidentitywhite.png" + ], + "version": "1.0.0", + "title": "Microsoft Defender For Identity", + "templateRelativePath": "MicrosoftDefenderForIdentity.json", + "subtitle": "", + "provider": "Microsoft Sentinel Community" + }, + { + "workbookKey": "EsetProtect", + "logoFileName": "", + "description": "Visualize events and threats from Eset protect.", + "dataTypesDependencies": [ + "ESETPROTECT" + ], + "dataConnectorsDependencies": [ + "ESETPROTECT" + ], + "previewImagesFileNames": [ + "ESETPROTECTBlack.png", + "ESETPROTECTWhite.png" + ], + "version": "1.0.0", + "title": "EsetProtect", + "templateRelativePath": "ESETPROTECT.json", + "subtitle": "", + "provider": "Community" + }, + { + "workbookKey": "CyberArkEPMWorkbook", + "logoFileName": "CyberArk_Logo.svg", + "description": "Sets the time name for analysis", + "dataTypesDependencies": [ + "CyberArkEPM_CL" + ], + "dataConnectorsDependencies": [ + "CyberArkEPM" + ], + "previewImagesFileNames": [ + "CyberArkEPMBlack.png", + "CyberArkEPMWhite.png" + ], + "version": "1.0.0", + "title": "CyberArk EPM", + "templateRelativePath": "CyberArkEPM.json", + "subtitle": "", + "provider": "CyberArk" + }, + { + "workbookKey": "NetskopeWorkbook", + "logoFileName": "Netskope_logo.svg", + "description": "Gain insights and comprehensive monitoring into Netskope events data by analyzing traffic and user activities.\nThis workbook provides insights into various Netskope events types such as Cloud Firewall, Network Private Access, Applications, Security Alerts as well as Web Transactions.\nYou can use this workbook to get visibility in to your Netskope Security Cloud and quickly identify threats, anamolies, traffic patterns, cloud application useage, blocked URL addresses and more.", + "dataTypesDependencies": [ + "Netskope_Events_CL", + "Netskope_Alerts_CL", + "Netskope_WebTX_CL" + ], + "dataConnectorsDependencies": [], + "previewImagesFileNames": [ + "Netskope-ApplicationEvents-Black.png", + "Netskope-ApplicationEvents-White.png", + "Netskope-SecurityAlerts-DLP-Black.png", + "Netskope-SecurityAlerts-DLP-White.png", + "Netskope-NetworkEvents-CFW-Black.png", + "Netskope-NetworkEvents-CFW-White.png", + "Netskope-SecurityAlerts-Malsite-Black.png", + "Netskope-SecurityAlerts-Malsite-White.png", + "Netskope-NetworkEvents-NPA-Black.png", + "Netskope-NetworkEvents-NPA-White.png", + "Netskope-SecurityAlerts-Malware-White.png", + "Netskope-SecurityAlerts-Malware-Black.png", + "Netskope-SecurityAlerts-BehaviorAnalytics-Black.png", + "Netskope-SecurityAlerts-BehaviorAnalytics-White.png", + "Netskope-SecurityAlerts-Overview-Black.png", + "Netskope-SecurityAlerts-Overview-White.png", + "Netskope-SecurityAlerts-CompormisedCredentials-Black.png", + "Netskope-SecurityAlerts-CompromisedCredentials-White.png", + "Netskope-WebTransactions-Black.png", + "Netskope-WebTransactions-White.png" + ], + "version": "1.0", + "title": "Netskope", + "templateRelativePath": "NetskopeEvents.json", + "subtitle": "", + "provider": "Netskope" + }, + { + "workbookKey": "AIShield", + "logoFileName": "", + "description": "Visualize events generated by AIShield. This workbook is dependent on a parser AIShield which is a part of the solution deployment.", + "dataTypesDependencies": [ + "AIShield" + ], + "dataConnectorsDependencies": [ + "AIShield" + ], + "previewImagesFileNames": [ + "AIShieldBlack.png", + "AIShieldWhite.png" + ], + "version": "1.0.0", + "title": "AIShield Workbook", + "templateRelativePath": "AIShield.json", + "subtitle": "", + "provider": "Community" + }, + { + "workbookKey": "AttackSurfaceReduction", + "logoFileName": "M365securityposturelogo.svg", + "description": "This workbook helps you implement the ASR rules of Windows/Defender, and to monitor them over time. The workbook can filter on ASR rules in Audit mode and Block mode.", + "dataTypesDependencies": [ + "DeviceEvents" + ], + "dataConnectorsDependencies": [ + "MicrosoftThreatProtection" + ], + "previewImagesFileNames": [ + "AttackSurfaceReductionWhite.png", + "AttackSurfaceReductionBlack.png" + ], + "version": "1.0.0", + "title": "Attack Surface Reduction Dashboard", + "templateRelativePath": "AttackSurfaceReduction.json", + "subtitle": "", + "provider": "Microsoft Sentinel community" + }, + { + "workbookKey": "IncidentTasksWorkbook", + "logoFileName": "", + "description": "Use this workbook to review and modify existing incidents with tasks. This workbook provides views that higlight incident tasks that are open, closed, or deleted, as well as incidents with tasks that are either owned or unassigned. The workbook also provides SOC metrics around incident task performance, such as percentage of incidents without tasks, average time to close tasks, and more.", + "dataTypesDependencies": [], + "dataConnectorsDependencies": [], + "previewImagesFileNames": [ + "Tasks-Black.png", + "Tasks-White.png" + ], + "version": "1.1.0", + "title": "Incident Tasks Workbook", + "templateRelativePath": "IncidentTasksWorkbook.json", + "subtitle": "", + "provider": "Microsoft", + "support": { + "tier": "Microsoft" + }, + "author": { + "name": "Microsoft Corporation" + }, + "source": { + "kind": "Community" + }, + "categories": { + "domains": [ + "Incident Management", + "SOC Reporting" + ] + } + }, + { + "workbookKey": "NetCleanProActiveWorkbook", + "logoFileName": "NetCleanImpactLogo.svg", + "description": "This workbook provides insights on NetClean ProActive Incidents.", + "dataTypesDependencies": [ + "Netclean_Incidents_CL" + ], + "dataConnectorsDependencies": [ + "Netclean_ProActive_Incidents" + ], + "previewImagesFileNames": [ + "NetCleanProActiveBlack1.png", + "NetCleanProActiveBlack2.png", + "NetCleanProActiveWhite1.png", + "NetCleanProActiveWhite2.png" + ], + "version": "1.0.0", + "title": "NetClean ProActive", + "templateRelativePath": "NetCleanProActiveWorkbook.json", + "subtitle": "", + "provider": "NetClean" + }, + { + "workbookKey": "AutomationHealth", + "logoFileName": "Azure_Sentinel.svg", + "description": "Have a holistic overview of your automation health, gain insights about failures, correlate Microsoft Sentinel health with Logic Apps diagnostics logs and deep dive automation details per incident", + "dataTypesDependencies": [ + "SentinelHealth" + ], + "dataConnectorsDependencies": [], + "previewImagesFileNames": [ + "AutomationHealthBlack.png", + "AutomationHealthWhite.png" + ], + "version": "2.0.0", + "title": "Automation health", + "templateRelativePath": "AutomationHealth.json", + "subtitle": "", + "provider": "Microsoft Sentinel Community" + }, + { + "workbookKey": "SAP-AuditControls", + "logoFileName": "SAPVMIcon.svg", + "description": "SAP -Audit Controls (Preview)", + "dataTypesDependencies": [ + "SAPAuditLog" + ], + "dataConnectorsDependencies": [ + "SAP" + ], + "previewImagesFileNames": [ + "SAPVMIcon.svg" + ], + "version": "1.0.0", + "title": "SAP -Audit Controls (Preview)", + "templateRelativePath": "SAP -Audit Controls (Preview).json", + "subtitle": "", + "provider": "Microsoft" }, { - "workbookKey": "SecurityScorecardWorkbook", + "workbookKey": "ZoomReports", "logoFileName": "", - "description": "This Workbook provides immediate insight into the data coming from SecurityScorecard’s three Sentinel data connectors: SecurityScorecard Cybersecurity Ratings, SecurityScorecard Cybersecurity Ratings - Factors, and SecurityScorecard Cybersecurity Ratings - Issues.", - "dataTypesDependencies": [ - "SecurityScorecardFactor_CL", - "SecurityScorecardIssues_CL", - "SecurityScorecardRatings_CL" - ], - "dataConnectorsDependencies": [ - "SecurityScorecardFactorAzureFunctions", - "SecurityScorecardIssueAzureFunctions", - "SecurityScorecardRatingsAzureFunctions" - ], - "previewImagesFileNames": [ - "SecurityScorecardBlack1.png", - "SecurityScorecardBlack2.png", - "SecurityScorecardBlack3.png", - "SecurityScorecardBlack4.png", - "SecurityScorecardBlack5.png", - "SecurityScorecardBlack6.png", - "SecurityScorecardWhite1.png", - "SecurityScorecardWhite2.png", - "SecurityScorecardWhite3.png", - "SecurityScorecardWhite4.png", - "SecurityScorecardWhite5.png", - "SecurityScorecardWhite6.png" - ], - "version": "1.0.0", - "title": "SecurityScorecard", - "templateRelativePath": "SecurityScorecardWorkbook.json", - "subtitle": "", - "provider": "SecurityScorecard" - }, - { - "workbookKey": "DigitalShadowsWorkbook", - "logoFileName": "DigitalShadowsLogo.svg", - "description": "For gaining insights into Digital Shadows logs.", - "dataTypesDependencies": [ - "DigitalShadows_CL" - ], - "dataConnectorsDependencies": [ - "DigitalShadowsSearchlightAzureFunctions" - ], - "previewImagesFileNames": [ - "DigitalShadowsBlack1.png", - "DigitalShadowsBlack2.png", - "DigitalShadowsBlack3.png", - "DigitalShadowsWhite1.png", - "DigitalShadowsWhite2.png", - "DigitalShadowsWhite3.png" - ], + "description": "Visualize various details & visuals on Zoom Report data ingested though the solution. This also have a dependency on the parser which is available as a part of Zoom solution named Zoom", + "dataTypesDependencies": [ "Zoom" ], + "dataConnectorsDependencies": ["Zoom Reports"], + "previewImagesFileNames": [ "ZoomReportsBlack.png", "ZoomReportsWhite.png" ], "version": "1.0.0", - "title": "Digital Shadows", - "templateRelativePath": "DigitalShadows.json", + "title": "Zoom Reports", + "templateRelativePath": "ZoomReports.json", "subtitle": "", - "provider": "Digital Shadows" - }, - { - "workbookKey": "SalesforceServiceCloudWorkbook", - "logoFileName": "salesforce_logo.svg", - "description": "Sets the time name for analysis.", - "dataTypesDependencies": [ - "SalesforceServiceCloud" - ], - "dataConnectorsDependencies": [ - "SalesforceServiceCloud_CL" - ], - "previewImagesFileNames": [], - "version": "1.0.0", - "title": "Salesforce Service Cloud", - "templateRelativePath": "SalesforceServiceCloud.json", - "subtitle": "", - "provider": "Salesforce" - }, - { - "workbookKey": "NetworkSessionSolution", - "logoFileName": "Azure_Sentinel.svg", - "description": "This workbook is included as part of Network Session Essentials solution and gives a summary of analyzed traffic, helps with threat analysis and investigating suspicious IP’s and traffic analysis. Network Session Essentials Solution also includes playbooks to periodically summarize the logs thus enhancing user experience and improving data search. For the effective usage of workbook, we highly recommend to enable the summarization playbooks that are provided with this solution.", - "dataTypesDependencies": [ - "AWSVPCFlow", - "DeviceNetworkEvents", - "SecurityEvent", - "WindowsEvent", - "CommonSecurityLog", - "Syslog", - "CommonSecurityLog", - "VMConnection", - "AzureDiagnostics", - "AzureDiagnostics", - "CommonSecurityLog", - "Corelight_CL", - "VectraStream", - "CommonSecurityLog", - "CommonSecurityLog", - "Syslog", - "CiscoMerakiNativePoller" - ], - "dataConnectorsDependencies": [ "AWSS3", "MicrosoftThreatProtection", "SecurityEvents", "WindowsForwardedEvents", "Zscaler", "MicrosoftSysmonForLinux", "PaloAltoNetworks", "AzureMonitor(VMInsights)", "AzureFirewall", "AzureNSG", "CiscoASA", "Corelight", "AIVectraStream", "CheckPoint", "Fortinet", "CiscoMeraki" ], - "previewImagesFileNames": [], - "version": "1.0.0", - "title": "Network Session Essentials", - "templateRelativePath": "NetworkSessionEssentials.json", - "subtitle": "", - "provider": "Microsoft" - }, - { - "workbookKey": "SAPSODAnalysis", - "logoFileName": "AliterConsulting.svg", - "description": "SAP SOD Analysis", - "dataTypesDependencies": [ - "SAPAuditLog" - ], - "dataConnectorsDependencies": [ - "SAP" - ], - "previewImagesFileNames": [], - "version": "2.0.0", - "title": "SAP SOD Analysis", - "templateRelativePath": "SAP - Segregation of Duties v2.0 (by Aliter Consulting).json", - "subtitle": "", - "provider": "Aliter Consulting" - }, - { - "workbookKey": "TheomWorkbook", - "logoFileName": "theom-logo.svg", - "description": "Theom Alert Statistics", - "dataTypesDependencies": [ - "TheomAlerts_CL" - ], - "dataConnectorsDependencies": [ - "Theom" - ], - "previewImagesFileNames": [ - "TheomWorkbook-black.png", - "TheomWorkbook-white.png" - ], - "version": "1.0.0", - "title": "Theom", - "templateRelativePath": "Theom.json", - "subtitle": "", - "provider": "Theom" - }, - { - "workbookKey": "DynatraceWorkbooks", - "logoFileName": "dynatrace.svg", - "description": "This workbook brings together queries and visualizations to assist you in identifying potential threats surfaced by Dynatrace.", - "dataTypesDependencies": [ - "DynatraceAttacks_CL", - "DynatraceAuditLogs_CL", - "DynatraceProblems_CL", - "DynatraceSecurityProblems_CL" - ], - "dataConnectorsDependencies": [ - "DynatraceAttacks", - "DynatraceAuditLogs", - "DynatraceProblems", - "DynatraceRuntimeVulnerabilities" - ], - "previewImagesFileNames": [ - "DynatraceWorkbookBlack.png", - "DynatraceWorkbookWhite.png" - ], - "version": "2.0.0", - "title": "Dynatrace", - "templateRelativePath": "Dynatrace.json", - "subtitle": "", - "provider": "Dynatrace" + "provider": "42Crunch" }, { - "workbookKey": "MDOWorkbook", - "logoFileName": "", - "description": "Gain extensive insight into your organization's Microsoft Defender for Office Activity by analyzing, and correlating events.\nYou can track malware and phishing detection over time.", - "dataTypesDependencies": [ - "SecurityAlert" - ], - "dataConnectorsDependencies": [ - "MicrosoftThreatProtection" - ], - "previewImagesFileNames": [], - "version": "1.0.0", - "title": "Microsoft 365 Defender MDOWorkbook", - "templateRelativePath": "MDO Insights.json", - "subtitle": "", - "provider": "Microsoft" - }, - { - "workbookKey": "AnomaliesVisualizationWorkbook", + "workbookKey": "ForcepointNGFWAdvanced", + "logoFileName": "FPAdvLogo.svg", + "description": "Gain threat intelligence correlated security and application insights on Forcepoint NGFW (Next Generation Firewall). Monitor Forcepoint logging servers health.", + "dataTypesDependencies": [ + "CommonSecurityLog", + "ThreatIntelligenceIndicator" + ], + "dataConnectorsDependencies": [ + "ForcepointNgfw", + "ThreatIntelligence" + ], + "previewImagesFileNames": [ + "ForcepointNGFWAdvancedWhite.png", + "ForcepointNGFWAdvancedBlack.png" + ], + "version": "1.0.0", + "title": "Forcepoint Next Generation Firewall (NGFW) Advanced Workbook", + "templateRelativePath": "ForcepointNGFWAdvanced.json", + "subtitle": "", + "provider": "Forcepoint" +}, +{ + "workbookKey": "AzureActivityWorkbook", + "logoFileName": "azureactivity_logo.svg", + "description": "Gain extensive insight into your organization's Azure Activity by analyzing, and correlating all user operations and events.\nYou can learn about all user operations, trends, and anomalous changes over time.\nThis workbook gives you the ability to drill down into caller activities and summarize detected failure and warning events.", + "dataTypesDependencies": [ + "AzureActivity" + ], + "dataConnectorsDependencies": [ + "AzureActivity" + ], + "previewImagesFileNames": [ + "AzureActivityWhite1.png", + "AzureActivityBlack1.png" + ], + "version": "2.0.0", + "title": "Azure Activity", + "templateRelativePath": "AzureActivity.json", + "subtitle": "", + "provider": "Microsoft" +}, +{ + "workbookKey": "IdentityAndAccessWorkbook", + "logoFileName": "Microsoft_logo.svg", + "description": "Gain insights into Identity and access operations by collecting and analyzing security logs, using the audit and sign-in logs to gather insights into use of Microsoft products.\nYou can view anomalies and trends across login events from all users and machines. This workbook also identifies suspicious entities from login and access events.", + "dataTypesDependencies": [ + "SecurityEvent" + ], + "dataConnectorsDependencies": [ + "SecurityEvents", + "WindowsSecurityEvents" + ], + "previewImagesFileNames": [ + "IdentityAndAccessWhite.png", + "IdentityAndAccessBlack.png" + ], + "version": "1.1.0", + "title": "Identity & Access", + "templateRelativePath": "IdentityAndAccess.json", + "subtitle": "", + "provider": "Microsoft" +}, +{ + "workbookKey": "CheckPointWorkbook", + "logoFileName": "checkpoint_logo.svg", + "description": "Gain insights into Check Point network activities, including number of gateways and servers, security incidents, and identify infected hosts.", + "dataTypesDependencies": [ + "CommonSecurityLog" + ], + "dataConnectorsDependencies": [ + "CheckPoint" + ], + "previewImagesFileNames": [ + "CheckPointWhite.png", + "CheckPointBlack.png" + ], + "version": "1.0.0", + "title": "Check Point Software Technologies", + "templateRelativePath": "CheckPoint.json", + "subtitle": "", + "provider": "Check Point" +}, +{ + "workbookKey": "CiscoWorkbook", + "logoFileName": "cisco_logo.svg", + "description": "Gain insights into your Cisco ASA firewalls by analyzing traffic, events, and firewall operations.\nThis workbook analyzes Cisco ASA threat events and identifies suspicious ports, users, protocols and IP addresses.\nYou can learn about trends across user and data traffic directions, and drill down into the Cisco filter results.\nEasily detect attacks on your organization by monitoring management operations, such as configuration and logins.", + "dataTypesDependencies": [ + "CommonSecurityLog" + ], + "dataConnectorsDependencies": [ + "CiscoASA" + ], + "previewImagesFileNames": [ + "CiscoWhite.png", + "CiscoBlack.png" + ], + "version": "1.1.0", + "title": "Cisco - ASA", + "templateRelativePath": "Cisco.json", + "subtitle": "", + "provider": "Microsoft" +}, +{ + "workbookKey": "ExchangeOnlineWorkbook", + "logoFileName": "office365_logo.svg", + "description": "Gain insights into Microsoft Exchange online by tracing and analyzing all Exchange operations and user activities.\nThis workbook let you monitor user activities, including logins, account operations, permission changes, and mailbox creations to discover suspicious trends among them.", + "dataTypesDependencies": [ + "OfficeActivity" + ], + "dataConnectorsDependencies": [ + "Office365" + ], + "previewImagesFileNames": [ + "ExchangeOnlineWhite.png", + "ExchangeOnlineBlack.png" + ], + "version": "2.0.0", + "title": "Exchange Online", + "templateRelativePath": "ExchangeOnline.json", + "subtitle": "", + "provider": "Microsoft" +}, +{ + "workbookKey": "PaloAltoOverviewWorkbook", + "logoFileName": "paloalto_logo.svg", + "description": "Gain insights and comprehensive monitoring into Palo Alto firewalls by analyzing traffic and activities.\nThis workbook correlates all Palo Alto data with threat events to identify suspicious entities and relationships.\nYou can learn about trends across user and data traffic, and drill down into Palo Alto Wildfire and filter results.", + "dataTypesDependencies": [ + "CommonSecurityLog" + ], + "dataConnectorsDependencies": [ + "PaloAltoNetworks" + ], + "previewImagesFileNames": [ + "PaloAltoOverviewWhite1.png", + "PaloAltoOverviewBlack1.png", + "PaloAltoOverviewWhite2.png", + "PaloAltoOverviewBlack2.png", + "PaloAltoOverviewWhite3.png", + "PaloAltoOverviewBlack3.png" + ], + "version": "1.2.0", + "title": "Palo Alto overview", + "templateRelativePath": "PaloAltoOverview.json", + "subtitle": "", + "provider": "Microsoft" +}, +{ + "workbookKey": "PaloAltoNetworkThreatWorkbook", + "logoFileName": "paloalto_logo.svg", + "description": "Gain insights into Palo Alto network activities by analyzing threat events.\nYou can extract meaningful security information by correlating data between threats, applications, and time.\nThis workbook makes it easy to track malware, vulnerability, and virus log events.", + "dataTypesDependencies": [ + "CommonSecurityLog" + ], + "dataConnectorsDependencies": [ + "PaloAltoNetworks" + ], + "previewImagesFileNames": [ + "PaloAltoNetworkThreatWhite1.png", + "PaloAltoNetworkThreatBlack1.png", + "PaloAltoNetworkThreatWhite2.png", + "PaloAltoNetworkThreatBlack2.png" + ], + "version": "1.1.0", + "title": "Palo Alto Network Threat", + "templateRelativePath": "PaloAltoNetworkThreat.json", + "subtitle": "", + "provider": "Palo Alto Networks" +}, +{ + "workbookKey": "EsetSMCWorkbook", + "logoFileName": "eset-logo.svg", + "description": "Visualize events and threats from Eset Security Management Center.", + "dataTypesDependencies": [ + "eset_CL" + ], + "dataConnectorsDependencies": [ + "EsetSMC" + ], + "previewImagesFileNames": [ + "esetSMCWorkbook-black.png", + "esetSMCWorkbook-white.png" + ], + "version": "1.0.0", + "title": "Eset Security Management Center Overview", + "templateRelativePath": "esetSMCWorkbook.json", + "subtitle": "", + "provider": "Community" +}, +{ + "workbookKey": "FortigateWorkbook", + "logoFileName": "fortinet_logo.svg", + "description": "Gain insights into Fortigate firewalls by analyzing traffic and activities.\nThis workbook finds correlations in Fortigate threat events and identifies suspicious ports, users, protocols and IP addresses.\nYou can learn about trends across user and data traffic, and drill down into the Fortigate filter results.\nEasily detect attacks on your organization by monitoring management operations such as configuration and logins.", + "dataTypesDependencies": [ + "CommonSecurityLog" + ], + "dataConnectorsDependencies": [ + "Fortinet" + ], + "previewImagesFileNames": [ + "FortigateWhite.png", + "FortigateBlack.png" + ], + "version": "1.1.0", + "title": "FortiGate", + "templateRelativePath": "Fortigate.json", + "subtitle": "", + "provider": "Microsoft" +}, +{ + "workbookKey": "DnsWorkbook", + "logoFileName": "dns_logo.svg", + "description": "Gain extensive insight into your organization's DNS by analyzing, collecting and correlating all DNS events.\nThis workbook exposes a variety of information about suspicious queries, malicious IP addresses and domain operations.", + "dataTypesDependencies": [ + "DnsInventory", + "DnsEvents" + ], + "dataConnectorsDependencies": [ + "DNS" + ], + "previewImagesFileNames": [ + "DnsWhite.png", + "DnsBlack.png" + ], + "version": "1.3.0", + "title": "DNS", + "templateRelativePath": "Dns.json", + "subtitle": "", + "provider": "Microsoft" +}, +{ + "workbookKey": "Office365Workbook", + "logoFileName": "office365_logo.svg", + "description": "Gain insights into Office 365 by tracing and analyzing all operations and activities. You can drill down into your SharePoint, OneDrive, and Exchange.\nThis workbook lets you find usage trends across users, files, folders, and mailboxes, making it easier to identify anomalies in your network.", + "dataTypesDependencies": [ + "OfficeActivity" + ], + "dataConnectorsDependencies": [ + "Office365" + ], + "previewImagesFileNames": [ + "Office365White1.png", + "Office365Black1.png", + "Office365White2.png", + "Office365Black2.png", + "Office365White3.png", + "Office365Black3.png" + ], + "version": "2.0.1", + "title": "Office 365", + "templateRelativePath": "Office365.json", + "subtitle": "", + "provider": "Microsoft" +}, +{ + "workbookKey": "SharePointAndOneDriveWorkbook", + "logoFileName": "office365_logo.svg", + "description": "Gain insights into SharePoint and OneDrive by tracing and analyzing all operations and activities.\nYou can view trends across user operation, find correlations between users and files, and identify interesting information such as user IP addresses.", + "dataTypesDependencies": [ + "OfficeActivity" + ], + "dataConnectorsDependencies": [ + "Office365" + ], + "previewImagesFileNames": [ + "SharePointAndOneDriveBlack1.png", + "SharePointAndOneDriveBlack2.png", + "SharePointAndOneDriveWhite1.png", + "SharePointAndOneDriveWhite2.png" + ], + "version": "2.0.0", + "title": "SharePoint & OneDrive", + "templateRelativePath": "SharePointAndOneDrive.json", + "subtitle": "", + "provider": "Microsoft" +}, +{ + "workbookKey": "AzureActiveDirectorySigninLogsWorkbook", + "logoFileName": "azureactivedirectory_logo.svg", + "description": "Gain insights into Azure Active Directory by connecting Microsoft Sentinel and using the sign-in logs to gather insights around Azure AD scenarios. \nYou can learn about sign-in operations, such as user sign-ins and locations, email addresses, and IP addresses of your users, as well as failed activities and the errors that triggered the failures.", + "dataTypesDependencies": [ + "SigninLogs" + ], + "dataConnectorsDependencies": [ + "AzureActiveDirectory" + ], + "previewImagesFileNames": [ + "AADsigninBlack1.png", + "AADsigninBlack2.png", + "AADsigninWhite1.png", + "AADsigninWhite2.png" + ], + "version": "2.4.0", + "title": "Azure AD Sign-in logs", + "templateRelativePath": "AzureActiveDirectorySignins.json", + "subtitle": "", + "provider": "Microsoft" +}, +{ + "workbookKey": "VirtualMachinesInsightsWorkbook", + "logoFileName": "azurevirtualmachine_logo.svg", + "description": "Gain rich insight into your organization's virtual machines from Azure Monitor, which analyzes and correlates data in your VM network. \nYou will get visibility on your VM parameters and behavior, and will be able to trace sent and received data. \nIdentify malicious attackers and their targets, and drill down into the protocols, source and destination IP addresses, countries, and ports the attacks occur across.", + "dataTypesDependencies": [ + "VMConnection", + "ServiceMapComputer_CL", + "ServiceMapProcess_CL" + ], + "dataConnectorsDependencies": [], + "previewImagesFileNames": [ + "VMInsightBlack1.png", + "VMInsightWhite1.png" + ], + "version": "1.3.0", + "title": "VM insights", + "templateRelativePath": "VirtualMachinesInsights.json", + "subtitle": "", + "provider": "Microsoft" +}, +{ + "workbookKey": "AzureActiveDirectoryAuditLogsWorkbook", + "logoFileName": "azureactivedirectory_logo.svg", + "description": "Gain insights into Azure Active Directory by connecting Microsoft Sentinel and using the audit logs to gather insights around Azure AD scenarios. \nYou can learn about user operations, including password and group management, device activities, and top active users and apps.", + "dataTypesDependencies": [ + "AuditLogs" + ], + "dataConnectorsDependencies": [ + "AzureActiveDirectory" + ], + "previewImagesFileNames": [ + "AzureADAuditLogsBlack1.png", + "AzureADAuditLogsWhite1.png" + ], + "version": "1.2.0", + "title": "Azure AD Audit logs", + "templateRelativePath": "AzureActiveDirectoryAuditLogs.json", + "subtitle": "", + "provider": "Microsoft" +}, +{ + "workbookKey": "ThreatIntelligenceWorkbook", + "logoFileName": "", + "description": "Gain insights into threat indicators ingestion and search for indicators at scale across Microsoft 1st Party, 3rd Party, On-Premises, Hybrid, and Multi-Cloud Workloads. Indicators Search facilitates a simple interface for finding IP, File, Hash, Sender and more across your data. Seamless pivots to correlate indicators with Microsoft Sentinel: Incidents to make your threat intelligence actionable.", + "dataTypesDependencies": [ + "ThreatIntelligenceIndicator", + "SecurityIncident" + ], + "dataConnectorsDependencies": [ + "ThreatIntelligence", + "ThreatIntelligenceTaxii" + ], + "previewImagesFileNames": [ + "ThreatIntelligenceWhite.png", + "ThreatIntelligenceBlack.png" + ], + "version": "5.0.0", + "title": "Threat Intelligence", + "templateRelativePath": "ThreatIntelligence.json", + "subtitle": "", + "provider": "Microsoft" +}, +{ + "workbookKey": "WebApplicationFirewallOverviewWorkbook", + "logoFileName": "waf_logo.svg", + "description": "Gain insights into your organization's Azure web application firewall (WAF). You will get a general overview of your application gateway firewall and application gateway access events.", + "dataTypesDependencies": [ + "AzureDiagnostics" + ], + "dataConnectorsDependencies": [ + "WAF" + ], + "previewImagesFileNames": [ + "WAFOverviewBlack.png", + "WAFOverviewWhite.png" + ], + "version": "1.1.0", + "title": "Microsoft Web Application Firewall (WAF) - overview", + "templateRelativePath": "WebApplicationFirewallOverview.json", + "subtitle": "", + "provider": "Microsoft" +}, +{ + "workbookKey": "WebApplicationFirewallFirewallEventsWorkbook", + "logoFileName": "waf_logo.svg", + "description": "Gain insights into your organization's Azure web application firewall (WAF). You will get visibility in to your application gateway firewall. You can view anomalies and trends across all firewall event triggers, attack events, blocked URL addresses and more.", + "dataTypesDependencies": [ + "AzureDiagnostics" + ], + "dataConnectorsDependencies": [ + "WAF" + ], + "previewImagesFileNames": [ + "WAFFirewallEventsBlack1.png", + "WAFFirewallEventsBlack2.png", + "WAFFirewallEventsWhite1.png", + "WAFFirewallEventsWhite2.png" + ], + "version": "1.1.0", + "title": "Microsoft Web Application Firewall (WAF) - firewall events", + "templateRelativePath": "WebApplicationFirewallFirewallEvents.json", + "subtitle": "", + "provider": "Microsoft" +}, +{ + "workbookKey": "WebApplicationFirewallGatewayAccessEventsWorkbook", + "logoFileName": "waf_logo.svg", + "description": "Gain insights into your organization's Azure web application firewall (WAF). You will get visibility in to your application gateway access events. You can view anomalies and trends across received and sent data, client IP addresses, URL addresses and more, and drill down into details.", + "dataTypesDependencies": [ + "AzureDiagnostics" + ], + "dataConnectorsDependencies": [ + "WAF" + ], + "previewImagesFileNames": [ + "WAFGatewayAccessEventsBlack1.png", + "WAFGatewayAccessEventsBlack2.png", + "WAFGatewayAccessEventsWhite1.png", + "WAFGatewayAccessEventsWhite2.png" + ], + "version": "1.2.0", + "title": "Microsoft Web Application Firewall (WAF) - gateway access events", + "templateRelativePath": "WebApplicationFirewallGatewayAccessEvents.json", + "subtitle": "", + "provider": "Microsoft" +}, +{ + "workbookKey": "LinuxMachinesWorkbook", + "logoFileName": "azurevirtualmachine_logo.svg", + "description": "Gain insights into your workspaces' Linux machines by connecting Microsoft Sentinel and using the logs to gather insights around Linux events and errors.", + "dataTypesDependencies": [ + "Syslog" + ], + "dataConnectorsDependencies": [ + "Syslog" + ], + "previewImagesFileNames": [ + "LinuxMachinesWhite.png", + "LinuxMachinesBlack.png" + ], + "version": "1.1.0", + "title": "Linux machines", + "templateRelativePath": "LinuxMachines.json", + "subtitle": "", + "provider": "Microsoft" +}, +{ + "workbookKey": "AzureFirewallWorkbook", + "logoFileName": "AzFirewalls.svg", + "description": "Gain insights into Azure Firewall events. You can learn about your application and network rules, see metrics for firewall activities across URLs, ports, and addresses across multiple workspaces.", + "dataTypesDependencies": [ + "AzureDiagnostics" + ], + "dataConnectorsDependencies": [ + "AzureFirewall" + ], + "previewImagesFileNames": [ + "AzureFirewallWorkbookWhite1.PNG", + "AzureFirewallWorkbookBlack1.PNG", + "AzureFirewallWorkbookWhite2.PNG", + "AzureFirewallWorkbookBlack2.PNG", + "AzureFirewallWorkbookWhite3.PNG", + "AzureFirewallWorkbookBlack3.PNG", + "AzureFirewallWorkbookWhite4.PNG", + "AzureFirewallWorkbookBlack4.PNG", + "AzureFirewallWorkbookWhite5.PNG", + "AzureFirewallWorkbookBlack5.PNG" + ], + "version": "1.3.0", + "title": "Azure Firewall", + "templateRelativePath": "AzureFirewallWorkbook.json", + "subtitle": "", + "provider": "Microsoft" +}, +{ + "workbookKey": "AzureDDoSStandardProtection", + "logoFileName": "AzDDoS.svg", + "description": "This workbook visualizes security-relevant Azure DDoS events across several filterable panels. Offering a summary tab, metrics and a investigate tabs across multiple workspaces.", + "dataTypesDependencies": [ + "AzureDiagnostics" + ], + "dataConnectorsDependencies": [ + "DDOS" + ], + "previewImagesFileNames": [ + "AzureDDoSWhite1.PNG", + "AzureDDoSBlack1.PNG", + "AzureDDoSWhite2.PNG", + "AzureDDoSBlack2.PNG", + "AzureDDoSWhite2.PNG", + "AzureDDoSBlack2.PNG" + ], + "version": "1.0.2", + "title": "Azure DDoS Protection Workbook", + "templateRelativePath": "AzDDoSStandardWorkbook.json", + "subtitle": "", + "provider": "Microsoft" +}, +{ + "workbookKey": "MicrosoftCloudAppSecurityWorkbook", + "logoFileName": "Microsoft_logo.svg", + "description": "Using this workbook, you can identify which cloud apps are being used in your organization, gain insights from usage trends and drill down to a specific user and application.", + "dataTypesDependencies": [ + "McasShadowItReporting" + ], + "dataConnectorsDependencies": [ + "MicrosoftCloudAppSecurity" + ], + "previewImagesFileNames": [ + "McasDiscoveryBlack.png", + "McasDiscoveryWhite.png" + ], + "version": "1.2.0", + "title": "Microsoft Cloud App Security - discovery logs", + "templateRelativePath": "MicrosoftCloudAppSecurity.json", + "subtitle": "", + "provider": "Microsoft" +}, +{ + "workbookKey": "F5BIGIPSytemMetricsWorkbook", + "logoFileName": "f5_logo.svg", + "description": "Gain insight into F5 BIG-IP health and performance. This workbook provides visibility of various metrics including CPU, memory, connectivity, throughput and disk utilization.", + "dataTypesDependencies": [ + "F5Telemetry_system_CL", + "F5Telemetry_AVR_CL" + ], + "dataConnectorsDependencies": [ + "F5BigIp" + ], + "previewImagesFileNames": [ + "F5SMBlack.png", + "F5SMWhite.png" + ], + "version": "1.1.0", + "title": "F5 BIG-IP System Metrics", + "templateRelativePath": "F5BIGIPSystemMetrics.json", + "subtitle": "", + "provider": "F5 Networks" +}, +{ + "workbookKey": "F5NetworksWorkbook", + "logoFileName": "f5_logo.svg", + "description": "Gain insights into F5 BIG-IP Application Security Manager (ASM), by analyzing traffic and activities.\nThis workbook provides insight into F5's web application firewall events and identifies attack traffic patterns across multiple ASM instances as well as overall BIG-IP health.", + "dataTypesDependencies": [ + "F5Telemetry_LTM_CL", + "F5Telemetry_system_CL", + "F5Telemetry_ASM_CL" + ], + "dataConnectorsDependencies": [ + "F5BigIp" + ], + "previewImagesFileNames": [ + "F5White.png", + "F5Black.png" + ], + "version": "1.1.0", + "title": "F5 BIG-IP ASM", + "templateRelativePath": "F5Networks.json", + "subtitle": "", + "provider": "F5 Networks" +}, +{ + "workbookKey": "AzureNetworkWatcherWorkbook", + "logoFileName": "networkwatcher_logo.svg", + "description": "Gain deeper understanding of your organization's Azure network traffic by analyzing, and correlating Network Security Group flow logs. \nYou can trace malicious traffic flows, and drill down into their protocols, source and destination IP addresses, machines, countries, and subnets. \nThis workbook also helps you protect your network by identifying weak NSG rules.", + "dataTypesDependencies": [ + "AzureNetworkAnalytics_CL" + ], + "dataConnectorsDependencies": [], + "previewImagesFileNames": [ + "AzureNetworkWatcherWhite.png", + "AzureNetworkWatcherBlack.png" + ], + "version": "1.1.0", + "title": "Azure Network Watcher", + "templateRelativePath": "AzureNetworkWatcher.json", + "subtitle": "", + "provider": "Microsoft" +}, +{ + "workbookKey": "ZscalerFirewallWorkbook", + "logoFileName": "zscaler_logo.svg", + "description": "Gain insights into your ZIA cloud firewall logs by connecting to Microsoft Sentinel.\nThe Zscaler firewall overview workbook provides an overview and ability to drill down into all cloud firewall activity in your Zscaler instance including non-web related networking events, security events, firewall rules, and bandwidth consumption", + "dataTypesDependencies": [ + "CommonSecurityLog" + ], + "dataConnectorsDependencies": [ + "Zscaler" + ], + "previewImagesFileNames": [ + "ZscalerFirewallWhite1.png", + "ZscalerFirewallBlack1.png", + "ZscalerFirewallWhite2.png", + "ZscalerFirewallBlack2.png" + ], + "version": "1.1.0", + "title": "Zscaler Firewall", + "templateRelativePath": "ZscalerFirewall.json", + "subtitle": "", + "provider": "Zscaler" +}, +{ + "workbookKey": "ZscalerWebOverviewWorkbook", + "logoFileName": "zscaler_logo.svg", + "description": "Gain insights into your ZIA web logs by connecting to Microsoft Sentinel.\nThe Zscaler web overview workbook provides a bird's eye view and ability to drill down into all the security and networking events related to web transactions, types of devices, and bandwidth consumption.", + "dataTypesDependencies": [ + "CommonSecurityLog" + ], + "dataConnectorsDependencies": [ + "Zscaler" + ], + "previewImagesFileNames": [ + "ZscalerWebOverviewWhite.png", + "ZscalerWebOverviewBlack.png" + ], + "version": "1.1.0", + "title": "Zscaler Web Overview", + "templateRelativePath": "ZscalerWebOverview.json", + "subtitle": "", + "provider": "Zscaler" +}, +{ + "workbookKey": "ZscalerThreatsOverviewWorkbook", + "logoFileName": "zscaler_logo.svg", + "description": "Gain insights into threats blocked by Zscaler Internet access on your network.\nThe Zscaler threat overview workbook shows your entire threat landscape including blocked malware, IPS/AV rules, and blocked cloud apps. Threats are displayed by threat categories, filetypes, inbound vs outbound threats, usernames, user location, and more.", + "dataTypesDependencies": [ + "CommonSecurityLog" + ], + "dataConnectorsDependencies": [ + "Zscaler" + ], + "previewImagesFileNames": [ + "ZscalerThreatsWhite.png", + "ZscalerThreatsBlack.png" + ], + "version": "1.2.0", + "title": "Zscaler Threats", + "templateRelativePath": "ZscalerThreats.json", + "subtitle": "", + "provider": "Zscaler" +}, +{ + "workbookKey": "ZscalerOffice365AppsWorkbook", + "logoFileName": "zscaler_logo.svg", + "description": "Gain insights into Office 365 use on your network.\nThe Zscaler Office 365 overview workbook shows you the Microsoft apps running on your network and their individual bandwidth consumption. It also helps identify phishing attempts in which attackers disguised themselves as Microsoft services.", + "dataTypesDependencies": [ + "CommonSecurityLog" + ], + "dataConnectorsDependencies": [ + "Zscaler" + ], + "previewImagesFileNames": [ + "ZscalerOffice365White.png", + "ZscalerOffice365Black.png" + ], + "version": "1.1.0", + "title": "Zscaler Office365 Apps", + "templateRelativePath": "ZscalerOffice365Apps.json", + "subtitle": "", + "provider": "Zscaler" +}, +{ + "workbookKey": "InsecureProtocolsWorkbook", + "logoFileName": "Microsoft_logo.svg", + "description": "Gain insights into insecure protocol traffic by collecting and analyzing security events from Microsoft products.\nYou can view analytics and quickly identify use of weak authentication as well as sources of legacy protocol traffic, like NTLM and SMBv1.\nYou will also have the ability to monitor use of weak ciphers, allowing you to find weak spots in your organization's security.", + "dataTypesDependencies": [ + "SecurityEvent", + "Event", + "SigninLogs" + ], + "dataConnectorsDependencies": [ + "SecurityEvents", + "AzureActiveDirectory", + "WindowsSecurityEvents" + ], + "previewImagesFileNames": [ + "InsecureProtocolsWhite1.png", + "InsecureProtocolsBlack1.png", + "InsecureProtocolsWhite2.png", + "InsecureProtocolsBlack2.png" + ], + "version": "2.1.0", + "title": "Insecure Protocols", + "templateRelativePath": "InsecureProtocols.json", + "subtitle": "", + "provider": "Microsoft" +}, +{ + "workbookKey": "AmazonWebServicesNetworkActivitiesWorkbook", + "logoFileName": "amazon_web_services_Logo.svg", + "description": "Gain insights into AWS network related resource activities, including the creation, update, and deletions of security groups, network ACLs and routes, gateways, elastic load balancers, VPCs, subnets, and network interfaces.", + "dataTypesDependencies": [ + "AWSCloudTrail" + ], + "dataConnectorsDependencies": [ + "AWS" + ], + "previewImagesFileNames": [ + "AwsNetworkActivitiesWhite.png", + "AwsNetworkActivitiesBlack.png" + ], + "version": "1.0.0", + "title": "AWS Network Activities", + "templateRelativePath": "AmazonWebServicesNetworkActivities.json", + "subtitle": "", + "provider": "Microsoft" +}, +{ + "workbookKey": "AmazonWebServicesUserActivitiesWorkbook", + "logoFileName": "amazon_web_services_Logo.svg", + "description": "Gain insights into AWS user activities, including failed sign-in attempts, IP addresses, regions, user agents, and identity types, as well as potential malicious user activities with assumed roles.", + "dataTypesDependencies": [ + "AWSCloudTrail" + ], + "dataConnectorsDependencies": [ + "AWS" + ], + "previewImagesFileNames": [ + "AwsUserActivitiesWhite.png", + "AwsUserActivitiesBlack.png" + ], + "version": "1.0.0", + "title": "AWS User Activities", + "templateRelativePath": "AmazonWebServicesUserActivities.json", + "subtitle": "", + "provider": "Microsoft" +}, +{ + "workbookKey": "TrendMicroDeepSecurityAttackActivityWorkbook", + "logoFileName": "trendmicro_logo.svg", + "description": "Visualize and gain insights into the MITRE ATT&CK related activity detected by Trend Micro Deep Security.", + "dataTypesDependencies": [ + "CommonSecurityLog" + ], + "dataConnectorsDependencies": [ + "TrendMicro" + ], + "previewImagesFileNames": [ + "TrendMicroDeepSecurityAttackActivityWhite.png", + "TrendMicroDeepSecurityAttackActivityBlack.png" + ], + "version": "1.0.0", + "title": "Trend Micro Deep Security ATT&CK Related Activity", + "templateRelativePath": "TrendMicroDeepSecurityAttackActivity.json", + "subtitle": "", + "provider": "Trend Micro" +}, +{ + "workbookKey": "TrendMicroDeepSecurityOverviewWorkbook", + "logoFileName": "trendmicro_logo.svg", + "description": "Gain insights into your Trend Micro Deep Security security event data by visualizing your Deep Security Anti-Malware, Firewall, Integrity Monitoring, Intrusion Prevention, Log Inspection, and Web Reputation event data.", + "dataTypesDependencies": [ + "CommonSecurityLog" + ], + "dataConnectorsDependencies": [ + "TrendMicro" + ], + "previewImagesFileNames": [ + "TrendMicroDeepSecurityOverviewWhite1.png", + "TrendMicroDeepSecurityOverviewBlack1.png", + "TrendMicroDeepSecurityOverviewWhite2.png", + "TrendMicroDeepSecurityOverviewBlack2.png" + ], + "version": "1.0.0", + "title": "Trend Micro Deep Security Events", + "templateRelativePath": "TrendMicroDeepSecurityOverview.json", + "subtitle": "", + "provider": "Trend Micro" +}, +{ + "workbookKey": "ExtraHopDetectionSummaryWorkbook", + "logoFileName": "extrahop_logo.svg", + "description": "Gain insights into ExtraHop Reveal(x) detections by analyzing traffic and activities.\nThis workbook provides an overview of security detections in your organization's network, including high-risk detections and top participants.", + "dataTypesDependencies": [ + "CommonSecurityLog" + ], + "dataConnectorsDependencies": [ + "ExtraHopNetworks" + ], + "previewImagesFileNames": [ + "ExtrahopWhite.png", + "ExtrahopBlack.png" + ], + "version": "1.0.0", + "title": "ExtraHop", + "templateRelativePath": "ExtraHopDetectionSummary.json", + "subtitle": "", + "provider": "ExtraHop Networks" +}, +{ + "workbookKey": "BarracudaCloudFirewallWorkbook", + "logoFileName": "barracuda_logo.svg", + "description": "Gain insights into your Barracuda CloudGen Firewall by analyzing firewall operations and events.\nThis workbook provides insights into rule enforcement, network activities, including number of connections, top users, and helps you identify applications that are popular on your network.", + "dataTypesDependencies": [ + "CommonSecurityLog", + "Syslog" + ], + "dataConnectorsDependencies": [ + "BarracudaCloudFirewall" + ], + "previewImagesFileNames": [ + "BarracudaWhite1.png", + "BarracudaBlack1.png", + "BarracudaWhite2.png", + "BarracudaBlack2.png" + ], + "version": "1.0.0", + "title": "Barracuda CloudGen FW", + "templateRelativePath": "Barracuda.json", + "subtitle": "", + "provider": "Barracuda" +}, +{ + "workbookKey": "CitrixWorkbook", + "logoFileName": "citrix_logo.svg", + "description": "Citrix Analytics for Security aggregates and correlates information across network traffic, users, files and endpoints in Citrix environments. This generates actionable insights that enable Citrix administrators and security teams to remediate user security threats through automation while optimizing IT operations. Machine learning and artificial intelligence empowers Citrix Analytics for Security to identify and take automated action to prevent data exfiltration. While delivered as a cloud service, Citrix Analytics for Security can generate insights from resources located on-premises, in the cloud, or in hybrid architectures. The Citrix Analytics Workbook further enhances the value of both your Citrix Analytics for Security and Microsoft Sentinel. The Workbook enables you to integrate data sources together, helping you gain even richer insights. It also gives Security Operations (SOC) teams the ability to correlate data from disparate logs, helping you identify and proactively remediate security risk quickly. Additionally, valuable dashboards that were unique to the Citrix Analytics for Security can now be implemented in Sentinel. You can also create new custom Workbooks that were not previously available, helping extend the value of both investments.", + "dataTypesDependencies": [ + "CitrixAnalytics_userProfile_CL", + "CitrixAnalytics_riskScoreChange_CL", + "CitrixAnalytics_indicatorSummary_CL", + "CitrixAnalytics_indicatorEventDetails_CL" + ], + "dataConnectorsDependencies": [ + "Citrix" + ], + "previewImagesFileNames": [ + "CitrixWhite.png", + "CitrixBlack.png" + ], + "version": "2.1.0", + "title": "Citrix Analytics", + "templateRelativePath": "Citrix.json", + "subtitle": "", + "provider": "Citrix Systems Inc." +}, +{ + "workbookKey": "OneIdentityWorkbook", + "logoFileName": "oneIdentity_logo.svg", + "description": "This simple workbook gives an overview of sessions going through your SafeGuard for Privileged Sessions device.", + "dataTypesDependencies": [ + "CommonSecurityLog" + ], + "dataConnectorsDependencies": [ + "OneIdentity" + ], + "previewImagesFileNames": [ + "OneIdentityWhite.png", + "OneIdentityBlack.png" + ], + "version": "1.0.0", + "title": "One Identity", + "templateRelativePath": "OneIdentity.json", + "subtitle": "", + "provider": "One Identity LLC." +}, +{ + "workbookKey": "SecurityStatusWorkbook", + "logoFileName": "", + "description": "This workbook gives an overview of Security Settings for VMs and Azure Arc.", + "dataTypesDependencies": [ + "CommonSecurityLog", + "SecurityEvent", + "Syslog" + ], + "dataConnectorsDependencies": [], + "previewImagesFileNames": [ + "AzureSentinelSecurityStatusBlack.png", + "AzureSentinelSecurityStatusWhite.png" + ], + "version": "1.3.0", + "title": "Security Status", + "templateRelativePath": "SecurityStatus.json", + "subtitle": "", + "provider": "Microsoft" +}, +{ + "workbookKey": "AzureSentinelSecurityAlertsWorkbook", + "logoFileName": "Azure_Sentinel.svg", + "description": "Security Alerts dashboard for alerts in your Microsoft Sentinel environment.", + "dataTypesDependencies": [ + "SecurityAlert" + ], + "dataConnectorsDependencies": [], + "previewImagesFileNames": [ + "AzureSentinelSecurityAlertsWhite.png", + "AzureSentinelSecurityAlertsBlack.png" + ], + "version": "1.1.0", + "title": "Security Alerts", + "templateRelativePath": "AzureSentinelSecurityAlerts.json", + "subtitle": "", + "provider": "Microsoft" +}, +{ + "workbookKey": "SquadraTechnologiesSecRMMWorkbook", + "logoFileName": "SquadraTechnologiesLogo.svg", + "description": "This workbook gives an overview of security data for removable storage activity such as USB thumb drives and USB connected mobile devices.", + "dataTypesDependencies": [ + "secRMM_CL" + ], + "dataConnectorsDependencies": [ + "SquadraTechnologiesSecRmm" + ], + "previewImagesFileNames": [ + "SquadraTechnologiesSecRMMWhite.PNG", + "SquadraTechnologiesSecRMMBlack.PNG" + ], + "version": "1.0.0", + "title": "Squadra Technologies SecRMM - USB removable storage security", + "templateRelativePath": "SquadraTechnologiesSecRMM.json", + "subtitle": "", + "provider": "Squadra Technologies" +}, +{ + "workbookKey": "IoT-Alerts", + "logoFileName": "IoTIcon.svg", + "description": "Gain insights into your IoT data workloads from Azure IoT Hub managed deployments, monitor alerts across all your IoT Hub deployments, detect devices at risk and act upon potential threats.", + "dataTypesDependencies": [ + "SecurityAlert" + ], + "dataConnectorsDependencies": [ + "IoT" + ], + "previewImagesFileNames": [ + "IOTBlack1.png", + "IOTWhite1.png" + ], + "version": "1.2.0", + "title": "Azure Defender for IoT Alerts", + "templateRelativePath": "IOT_Alerts.json", + "subtitle": "", + "provider": "Microsoft" +}, +{ + "workbookKey": "IoTAssetDiscovery", + "logoFileName": "IoTIcon.svg", + "description": "IoT Devices asset discovery from Firewall logs By Azure Defender for IoT", + "dataTypesDependencies": [ + "CommonSecurityLog" + ], + "dataConnectorsDependencies": [ + "Fortinet" + ], + "previewImagesFileNames": [ + "workbook-iotassetdiscovery-screenshot-Black.PNG", + "workbook-iotassetdiscovery-screenshot-White.PNG" + ], + "version": "1.0.0", + "title": "IoT Asset Discovery", + "templateRelativePath": "IoTAssetDiscovery.json", + "subtitle": "", + "provider": "Microsoft" +}, +{ + "workbookKey": "ForcepointCASBWorkbook", + "logoFileName": "FP_Green_Emblem_RGB-01.svg", + "description": "Get insights on user risk with the Forcepoint CASB (Cloud Access Security Broker) workbook.", + "dataTypesDependencies": [ + "CommonSecurityLog" + ], + "dataConnectorsDependencies": [ + "ForcepointCasb" + ], + "previewImagesFileNames": [ + "ForcepointCASBWhite.png", + "ForcepointCASBBlack.png" + ], + "version": "1.0.0", + "title": "Forcepoint Cloud Access Security Broker (CASB)", + "templateRelativePath": "ForcepointCASB.json", + "subtitle": "", + "provider": "Forcepoint" +}, +{ + "workbookKey": "ForcepointNGFWWorkbook", + "logoFileName": "FP_Green_Emblem_RGB-01.svg", + "description": "Get insights on firewall activities with the Forcepoint NGFW (Next Generation Firewall) workbook.", + "dataTypesDependencies": [ + "CommonSecurityLog" + ], + "dataConnectorsDependencies": [ + "ForcepointNgfw" + ], + "previewImagesFileNames": [ + "ForcepointNGFWWhite.png", + "ForcepointNGFWBlack.png" + ], + "version": "1.0.0", + "title": "Forcepoint Next Generation Firewall (NGFW)", + "templateRelativePath": "ForcepointNGFW.json", + "subtitle": "", + "provider": "Forcepoint" +}, +{ + "workbookKey": "ForcepointDLPWorkbook", + "logoFileName": "FP_Green_Emblem_RGB-01.svg", + "description": "Get insights on DLP incidents with the Forcepoint DLP (Data Loss Prevention) workbook.", + "dataTypesDependencies": [ + "ForcepointDLPEvents_CL" + ], + "dataConnectorsDependencies": [ + "ForcepointDlp" + ], + "previewImagesFileNames": [ + "ForcepointDLPWhite.png", + "ForcepointDLPBlack.png" + ], + "version": "1.0.0", + "title": "Forcepoint Data Loss Prevention (DLP)", + "templateRelativePath": "ForcepointDLP.json", + "subtitle": "", + "provider": "Forcepoint" +}, +{ + "workbookKey": "ZimperiumMTDWorkbook", + "logoFileName": "ZIMPERIUM-logo_square2.svg", + "description": "This workbook provides insights on Zimperium Mobile Threat Defense (MTD) threats and mitigations.", + "dataTypesDependencies": [ + "ZimperiumThreatLog_CL", + "ZimperiumMitigationLog_CL" + ], + "dataConnectorsDependencies": [ + "ZimperiumMtdAlerts" + ], + "previewImagesFileNames": [ + "ZimperiumWhite.png", + "ZimperiumBlack.png" + ], + "version": "1.0.0", + "title": "Zimperium Mobile Threat Defense (MTD)", + "templateRelativePath": "ZimperiumWorkbooks.json", + "subtitle": "", + "provider": "Zimperium" +}, +{ + "workbookKey": "AzureAuditActivityAndSigninWorkbook", + "logoFileName": "azureactivedirectory_logo.svg", + "description": "Gain insights into Azure Active Directory Audit, Activity and Signins with one workbook. This workbook can be used by Security and Azure administrators.", + "dataTypesDependencies": [ + "AzureActivity", + "AuditLogs", + "SigninLogs" + ], + "dataConnectorsDependencies": [ + "AzureActiveDirectory" + ], + "previewImagesFileNames": [ + "AzureAuditActivityAndSigninWhite1.png", + "AzureAuditActivityAndSigninWhite2.png", + "AzureAuditActivityAndSigninBlack1.png", + "AzureAuditActivityAndSigninBlack2.png" + ], + "version": "1.2.0", + "title": "Azure AD Audit, Activity and Sign-in logs", + "templateRelativePath": "AzureAuditActivityAndSignin.json", + "subtitle": "", + "provider": "Microsoft Sentinel community" +}, +{ + "workbookKey": "WindowsFirewall", + "logoFileName": "Microsoft_logo.svg", + "description": "Gain insights into Windows Firewall logs in combination with security and Azure signin logs", + "dataTypesDependencies": [ + "WindowsFirewall", + "SecurityEvent", + "SigninLogs" + ], + "dataConnectorsDependencies": [ + "SecurityEvents", + "WindowsFirewall", + "WindowsSecurityEvents" + ], + "previewImagesFileNames": [ + "WindowsFirewallWhite1.png", + "WindowsFirewallWhite2.png", + "WindowsFirewallBlack1.png", + "WindowsFirewallBlack2.png" + ], + "version": "1.0.0", + "title": "Windows Firewall", + "templateRelativePath": "WindowsFirewall.json", + "subtitle": "", + "provider": "Microsoft Sentinel community" +}, +{ + "workbookKey": "EventAnalyzerwWorkbook", + "logoFileName": "", + "description": "The Event Analyzer workbook allows to explore, audit and speed up analysis of Windows Event Logs, including all event details and attributes, such as security, application, system, setup, directory service, DNS and others.", + "dataTypesDependencies": [ + "SecurityEvent" + ], + "dataConnectorsDependencies": [ + "SecurityEvents", + "WindowsSecurityEvents" + ], + "previewImagesFileNames": [ + "EventAnalyzer-Workbook-White.png", + "EventAnalyzer-Workbook-Black.png" + ], + "version": "1.0.0", + "title": "Event Analyzer", + "templateRelativePath": "EventAnalyzer.json", + "subtitle": "", + "provider": "Microsoft Sentinel community" +}, +{ + "workbookKey": "ASC-ComplianceandProtection", + "logoFileName": "", + "description": "Gain insight into regulatory compliance, alert trends, security posture, and more with this workbook based on Azure Security Center data.", + "dataTypesDependencies": [ + "SecurityAlert", + "ProtectionStatus", + "SecurityRecommendation", + "SecurityBaseline", + "SecurityBaselineSummary", + "Update", + "ConfigurationChange" + ], + "dataConnectorsDependencies": [ + "AzureSecurityCenter" + ], + "previewImagesFileNames": [ + "ASCCaPBlack.png", + "ASCCaPWhite.png" + ], + "version": "1.2.0", + "title": "ASC Compliance and Protection", + "templateRelativePath": "ASC-ComplianceandProtection.json", + "subtitle": "", + "provider": "Microsoft Sentinel community" +}, +{ + "workbookKey": "AIVectraDetectWorkbook", + "logoFileName": "AIVectraDetect.svg", + "description": "Start investigating network attacks surfaced by Vectra Detect directly from Sentinel. View critical hosts, accounts, campaigns and detections. Also monitor Vectra system health and audit logs.", + "dataTypesDependencies": [ + "CommonSecurityLog" + ], + "dataConnectorsDependencies": [ + "AIVectraDetect" + ], + "previewImagesFileNames": [ + "AIVectraDetectWhite1.png", + "AIVectraDetectBlack1.png" + ], + "version": "1.1.1", + "title": "Vectra AI Detect", + "templateRelativePath": "AIVectraDetectWorkbook.json", + "subtitle": "", + "provider": "Vectra AI" +}, +{ + "workbookKey": "Perimeter81OverviewWorkbook", + "logoFileName": "Perimeter81_Logo.svg", + "description": "Gain insights and comprehensive monitoring into your Perimeter 81 account by analyzing activities.", + "dataTypesDependencies": [ + "Perimeter81_CL" + ], + "dataConnectorsDependencies": [ + "Perimeter81ActivityLogs" + ], + "previewImagesFileNames": [ + "Perimeter81OverviewWhite1.png", + "Perimeter81OverviewBlack1.png", + "Perimeter81OverviewWhite2.png", + "Perimeter81OverviewBlack2.png" + ], + "version": "1.0.0", + "title": "Perimeter 81 Overview", + "templateRelativePath": "Perimeter81OverviewWorkbook.json", + "subtitle": "", + "provider": "Perimeter 81" +}, +{ + "workbookKey": "SymantecProxySGWorkbook", + "logoFileName": "symantec_logo.svg", + "description": "Gain insight into Symantec ProxySG by analyzing, collecting and correlating proxy data.\nThis workbook provides visibility into ProxySG Access logs", + "dataTypesDependencies": [ + "Syslog" + ], + "dataConnectorsDependencies": [ + "SymantecProxySG" + ], + "previewImagesFileNames": [ + "SymantecProxySGWhite.png", + "SymantecProxySGBlack.png" + ], + "version": "1.0.0", + "title": "Symantec ProxySG", + "templateRelativePath": "SymantecProxySG.json", + "subtitle": "", + "provider": "Symantec" +}, +{ + "workbookKey": "IllusiveASMWorkbook", + "logoFileName": "illusive_logo_workbook.svg", + "description": "Gain insights into your organization's Cyber Hygiene and Attack Surface risk.\nIllusive ASM automates discovery and clean-up of credential violations, allows drill-down inspection of pathways to critical assets, and provides risk insights that inform intelligent decision-making to reduce attacker mobility.", + "dataTypesDependencies": [ + "CommonSecurityLog" + ], + "dataConnectorsDependencies": [ + "illusiveAttackManagementSystem" + ], + "previewImagesFileNames": [ + "IllusiveASMWhite.png", + "IllusiveASMBlack.png" + ], + "version": "1.0.0", + "title": "Illusive ASM Dashboard", + "templateRelativePath": "IllusiveASM.json", + "subtitle": "", + "provider": "Illusive" +}, +{ + "workbookKey": "IllusiveADSWorkbook", + "logoFileName": "illusive_logo_workbook.svg", + "description": "Gain insights into unauthorized lateral movement in your organization's network.\nIllusive ADS is designed to paralyzes attackers and eradicates in-network threats by creating a hostile environment for the attackers across all the layers of the attack surface.", + "dataTypesDependencies": [ + "CommonSecurityLog" + ], + "dataConnectorsDependencies": [ + "illusiveAttackManagementSystem" + ], + "previewImagesFileNames": [ + "IllusiveADSWhite.png", + "IllusiveADSBlack.png" + ], + "version": "1.0.0", + "title": "Illusive ADS Dashboard", + "templateRelativePath": "IllusiveADS.json", + "subtitle": "", + "provider": "Illusive" +}, +{ + "workbookKey": "PulseConnectSecureWorkbook", + "logoFileName": "", + "description": "Gain insight into Pulse Secure VPN by analyzing, collecting and correlating vulnerability data.\nThis workbook provides visibility into user VPN activities", + "dataTypesDependencies": [ + "Syslog" + ], + "dataConnectorsDependencies": [ + "PulseConnectSecure" + ], + "previewImagesFileNames": [ + "PulseConnectSecureWhite.png", + "PulseConnectSecureBlack.png" + ], + "version": "1.0.0", + "title": "Pulse Connect Secure", + "templateRelativePath": "PulseConnectSecure.json", + "subtitle": "", + "provider": "Pulse Secure" +}, +{ + "workbookKey": "InfobloxNIOSWorkbook", + "logoFileName": "infoblox_logo.svg", + "description": "Gain insight into Infoblox NIOS by analyzing, collecting and correlating DHCP and DNS data.\nThis workbook provides visibility into DHCP and DNS traffic", + "dataTypesDependencies": [ + "Syslog" + ], + "dataConnectorsDependencies": [ + "InfobloxNIOS" + ], + "previewImagesFileNames": [], + "version": "1.1.0", + "title": "Infoblox NIOS", + "templateRelativePath": "Infoblox-Workbook-V2.json", + "subtitle": "", + "provider": "Infoblox" +}, +{ + "workbookKey": "SymantecVIPWorkbook", + "logoFileName": "symantec_logo.svg", + "description": "Gain insight into Symantec VIP by analyzing, collecting and correlating strong authentication data.\nThis workbook provides visibility into user authentications", + "dataTypesDependencies": [ + "Syslog" + ], + "dataConnectorsDependencies": [ + "SymantecVIP" + ], + "previewImagesFileNames": [ + "SymantecVIPWhite.png", + "SymantecVIPBlack.png" + ], + "version": "1.0.0", + "title": "Symantec VIP", + "templateRelativePath": "SymantecVIP.json", + "subtitle": "", + "provider": "Symantec" +}, +{ + "workbookKey": "ProofPointTAPWorkbook", + "logoFileName": "proofpointlogo.svg", + "description": "Gain extensive insight into Proofpoint Targeted Attack Protection (TAP) by analyzing, collecting and correlating TAP log events.\nThis workbook provides visibility into message and click events that were permitted, delivered, or blocked", + "dataTypesDependencies": [ + "ProofPointTAPMessagesBlocked_CL", + "ProofPointTAPMessagesDelivered_CL", + "ProofPointTAPClicksPermitted_CL", + "ProofPointTAPClicksBlocked_CL" + ], + "dataConnectorsDependencies": [ + "ProofpointTAP" + ], + "previewImagesFileNames": [ + "ProofpointTAPWhite.png", + "ProofpointTAPBlack.png" + ], + "version": "1.0.0", + "title": "Proofpoint TAP", + "templateRelativePath": "ProofpointTAP.json", + "subtitle": "", + "provider": "Proofpoint" +}, +{ + "workbookKey": "QualysVMWorkbook", + "logoFileName": "qualys_logo.svg", + "description": "Gain insight into Qualys Vulnerability Management by analyzing, collecting and correlating vulnerability data.\nThis workbook provides visibility into vulnerabilities detected from vulnerability scans", + "dataTypesDependencies": [ + "QualysHostDetection_CL" + ], + "dataConnectorsDependencies": [ + "QualysVulnerabilityManagement" + ], + "previewImagesFileNames": [ + "QualysVMWhite.png", + "QualysVMBlack.png" + ], + "version": "1.0.0", + "title": "Qualys Vulnerability Management", + "templateRelativePath": "QualysVM.json", + "subtitle": "", + "provider": "Qualys" +}, +{ + "workbookKey": "QualysVMV2Workbook", + "logoFileName": "qualys_logo.svg", + "description": "Gain insight into Qualys Vulnerability Management by analyzing, collecting and correlating vulnerability data.\nThis workbook provides visibility into vulnerabilities detected from vulnerability scans", + "dataTypesDependencies": [ + "QualysHostDetectionV2_CL" + ], + "dataConnectorsDependencies": [ + "QualysVulnerabilityManagement" + ], + "previewImagesFileNames": [ + "QualysVMWhite.png", + "QualysVMBlack.png" + ], + "version": "1.0.0", + "title": "Qualys Vulnerability Management", + "templateRelativePath": "QualysVMv2.json", + "subtitle": "", + "provider": "Qualys" +}, +{ + "workbookKey": "GitHubSecurityWorkbook", + "logoFileName": "GitHub.svg", + "description": "Gain insights to GitHub activities that may be interesting for security.", + "dataTypesDependencies": [ + "Github_CL", + "GitHubRepoLogs_CL" + ], + "dataConnectorsDependencies": [], + "previewImagesFileNames": [ + "GitHubSecurityWhite.png", + "GitHubSecurityBlack.png" + ], + "version": "1.0.0", + "title": "GitHub Security", + "templateRelativePath": "GitHubSecurityWorkbook.json", + "subtitle": "", + "provider": "Microsoft Sentinel community" +}, +{ + "workbookKey": "VisualizationDemo", + "logoFileName": "", + "description": "Learn and explore the many ways of displaying information within Microsoft Sentinel workbooks", + "dataTypesDependencies": [ + "SecurityAlert" + ], + "dataConnectorsDependencies": [], + "previewImagesFileNames": [ + "VisualizationDemoBlack.png", + "VisualizationDemoWhite.png" + ], + "version": "1.0.0", + "title": "Visualizations Demo", + "templateRelativePath": "VisualizationDemo.json", + "subtitle": "", + "provider": "Microsoft Sentinel Community" +}, +{ + "workbookKey": "SophosXGFirewallWorkbook", + "logoFileName": "sophos_logo.svg", + "description": "Gain insight into Sophos XG Firewall by analyzing, collecting and correlating firewall data.\nThis workbook provides visibility into network traffic", + "dataTypesDependencies": [ + "Syslog" + ], + "dataConnectorsDependencies": [ + "SophosXGFirewall" + ], + "previewImagesFileNames": [ + "SophosXGFirewallWhite.png", + "SophosXGFirewallBlack.png" + ], + "version": "1.0.0", + "title": "Sophos XG Firewall", + "templateRelativePath": "SophosXGFirewall.json", + "subtitle": "", + "provider": "Sophos" +}, +{ + "workbookKey": "SysmonThreatHuntingWorkbook", + "logoFileName": "", + "description": "Simplify your threat hunts using Sysmon data mapped to MITRE ATT&CK data. This workbook gives you the ability to drilldown into system activity based on known ATT&CK techniques as well as other threat hunting entry points such as user activity, network connections or virtual machine Sysmon events.\nPlease note that for this workbook to work you must have deployed Sysmon on your virtual machines in line with the instructions at https://github.com/BlueTeamLabs/sentinel-attack/wiki/Onboarding-sysmon-data-to-Azure-Sentinel", + "dataTypesDependencies": [ + "Event" + ], + "dataConnectorsDependencies": [], + "previewImagesFileNames": [ + "SysmonThreatHuntingWhite1.png", + "SysmonThreatHuntingBlack1.png" + ], + "version": "1.4.0", + "title": "Sysmon Threat Hunting", + "templateRelativePath": "SysmonThreatHunting.json", + "subtitle": "", + "provider": "Microsoft Sentinel community" +}, +{ + "workbookKey": "WebApplicationFirewallWAFTypeEventsWorkbook", + "logoFileName": "webapplicationfirewall(WAF)_logo.svg", + "description": "Gain insights into your organization's Azure web application firewall (WAF) across various services such as Azure Front Door Service and Application Gateway. You can view event triggers, full messages, attacks over time, among other data. Several aspects of the workbook are interactable to allow users to further understand their data", + "dataTypesDependencies": [ + "AzureDiagnostics" + ], + "dataConnectorsDependencies": [ + "WAF" + ], + "previewImagesFileNames": [ + "WAFFirewallWAFTypeEventsBlack1.PNG", + "WAFFirewallWAFTypeEventsBlack2.PNG", + "WAFFirewallWAFTypeEventsBlack3.PNG", + "WAFFirewallWAFTypeEventsBlack4.PNG", + "WAFFirewallWAFTypeEventsWhite1.png", + "WAFFirewallWAFTypeEventsWhite2.PNG", + "WAFFirewallWAFTypeEventsWhite3.PNG", + "WAFFirewallWAFTypeEventsWhite4.PNG" + ], + "version": "1.1.0", + "title": "Microsoft Web Application Firewall (WAF) - Azure WAF", + "templateRelativePath": "WebApplicationFirewallWAFTypeEvents.json", + "subtitle": "", + "provider": "Microsoft" +}, +{ + "workbookKey": "OrcaAlertsOverviewWorkbook", + "logoFileName": "Orca_logo.svg", + "description": "A visualized overview of Orca security alerts.\nExplore, analize and learn about your security posture using Orca alerts Overview", + "dataTypesDependencies": [ + "OrcaAlerts_CL" + ], + "dataConnectorsDependencies": [ + "OrcaSecurityAlerts" + ], + "previewImagesFileNames": [ + "OrcaAlertsWhite.png", + "OrcaAlertsBlack.png" + ], + "version": "1.1.0", + "title": "Orca alerts overview", + "templateRelativePath": "OrcaAlerts.json", + "subtitle": "", + "provider": "Orca Security" +}, +{ + "workbookKey": "CyberArkWorkbook", + "logoFileName": "CyberArk_Logo.svg", + "description": "The CyberArk Syslog connector allows you to easily connect all your CyberArk security solution logs with your Microsoft Sentinel, to view dashboards, create custom alerts, and improve investigation. Integration between CyberArk and Microsoft Sentinel makes use of the CEF Data Connector to properly parse and display CyberArk Syslog messages.", + "dataTypesDependencies": [ + "CommonSecurityLog" + ], + "dataConnectorsDependencies": [ + "CyberArk" + ], + "previewImagesFileNames": [ + "CyberArkActivitiesWhite.PNG", + "CyberArkActivitiesBlack.PNG" + ], + "version": "1.1.0", + "title": "CyberArk EPV Events", + "templateRelativePath": "CyberArkEPV.json", + "subtitle": "", + "provider": "CyberArk" +}, +{ + "workbookKey": "UserEntityBehaviorAnalyticsWorkbook", + "logoFileName": "Azure_Sentinel.svg", + "description": "Identify compromised users and insider threats using User and Entity Behavior Analytics. Gain insights into anomalous user behavior from baselines learned from behavior patterns", + "dataTypesDependencies": [ + "BehaviorAnalytics" + ], + "dataConnectorsDependencies": [], + "previewImagesFileNames": [ + "UserEntityBehaviorAnalyticsBlack1.png", + "UserEntityBehaviorAnalyticsWhite1.png" + ], + "version": "1.2.0", + "title": "User And Entity Behavior Analytics", + "templateRelativePath": "UserEntityBehaviorAnalytics.json", + "subtitle": "", + "provider": "Microsoft" +}, +{ + "workbookKey": "CitrixWAF", + "logoFileName": "citrix_logo.svg", + "description": "Gain insight into the Citrix WAF logs", + "dataTypesDependencies": [ + "CommonSecurityLog" + ], + "dataConnectorsDependencies": [ + "CitrixWAF" + ], + "previewImagesFileNames": [ + "CitrixWAFBlack.png", + "CitrixWAFWhite.png" + ], + "version": "1.0.0", + "title": "Citrix WAF (Web App Firewall)", + "templateRelativePath": "CitrixWAF.json", + "subtitle": "", + "provider": "Citrix Systems Inc." +}, +{ + "workbookKey": "UnifiSGWorkbook", + "logoFileName": "", + "description": "Gain insights into Unifi Security Gateways analyzing traffic and activities.", + "dataTypesDependencies": [ + "CommonSecurityLog" + ], + "dataConnectorsDependencies": [], + "previewImagesFileNames": [ + "UnifiSGBlack.png", + "UnifiSGWhite.png" + ], + "version": "1.0.0", + "title": "Unifi Security Gateway", + "templateRelativePath": "UnfiSG.json", + "subtitle": "", + "provider": "Microsoft Sentinel community" +}, +{ + "workbookKey": "UnifiSGNetflowWorkbook", + "logoFileName": "", + "description": "Gain insights into Unifi Security Gateways analyzing traffic and activities using Netflow.", + "dataTypesDependencies": [ + "netflow_CL" + ], + "dataConnectorsDependencies": [], + "previewImagesFileNames": [ + "UnifiSGNetflowBlack.png", + "UnifiSGNetflowWhite.png" + ], + "version": "1.0.0", + "title": "Unifi Security Gateway - NetFlow", + "templateRelativePath": "UnfiSGNetflow.json", + "subtitle": "", + "provider": "Microsoft Sentinel community" +}, +{ + "workbookKey": "NormalizedNetworkEventsWorkbook", + "logoFileName": "Azure_Sentinel.svg", + "description": "See insights on multiple networking appliances and other network sessions, that have been parsed or mapped to the normalized networking sessions table. Note this requires enabling parsers for the different products - to learn more, visit https://aka.ms/sentinelnormalizationdocs", + "dataTypesDependencies": [], + "dataConnectorsDependencies": [], + "previewImagesFileNames": [ + "NormalizedNetworkEventsWhite.png", + "NormalizedNetworkEventsBlack.png" + ], + "version": "1.0.0", + "title": "Normalized network events", + "templateRelativePath": "NormalizedNetworkEvents.json", + "subtitle": "", + "provider": "Microsoft" +}, +{ + "workbookKey": "WorkspaceAuditingWorkbook", + "logoFileName": "Azure_Sentinel.svg", + "description": "Workspace auditing report\r\nUse this report to understand query runs across your workspace.", + "dataTypesDependencies": [ + "LAQueryLogs" + ], + "dataConnectorsDependencies": [], + "previewImagesFileNames": [ + "WorkspaceAuditingWhite.png", + "WorkspaceAuditingBlack.png" + ], + "version": "1.0.0", + "title": "Workspace audit", + "templateRelativePath": "WorkspaceAuditing.json", + "subtitle": "", + "provider": "Microsoft Sentinel community" +}, +{ + "workbookKey": "MITREATTACKWorkbook", + "logoFileName": "Azure_Sentinel.svg", + "description": "Workbook to showcase MITRE ATT&CK Coverage for Microsoft Sentinel", + "dataTypesDependencies": [], + "dataConnectorsDependencies": [], + "previewImagesFileNames": [ + "MITREATTACKWhite1.PNG", + "MITREATTACKWhite2.PNG", + "MITREATTACKBlack1.PNG", + "MITREATTACKBlack2.PNG" + ], + "version": "1.0.0", + "title": "MITRE ATT&CK Workbook", + "templateRelativePath": "MITREAttack.json", + "subtitle": "", + "provider": "Microsoft Sentinel community" +}, +{ + "workbookKey": "BETTERMTDWorkbook", + "logoFileName": "BETTER_MTD_logo.svg", + "description": "Workbook using the BETTER Mobile Threat Defense (MTD) connector, to give insights into your mobile devices, installed application and overall device security posture.", + "dataTypesDependencies": [ + "BetterMTDDeviceLog_CL", + "BetterMTDAppLog_CL", + "BetterMTDIncidentLog_CL", + "BetterMTDNetflowLog_CL" + ], + "dataConnectorsDependencies": [ + "BetterMTD" + ], + "previewImagesFileNames": [ + "BetterMTDWorkbookPreviewWhite1.png", + "BetterMTDWorkbookPreviewWhite2.png", + "BetterMTDWorkbookPreviewWhite3.png", + "BetterMTDWorkbookPreviewBlack1.png", + "BetterMTDWorkbookPreviewBlack2.png", + "BetterMTDWorkbookPreviewBlack3.png" + ], + "version": "1.1.0", + "title": "BETTER Mobile Threat Defense (MTD)", + "templateRelativePath": "BETTER_MTD_Workbook.json", + "subtitle": "", + "provider": "BETTER Mobile" +}, +{ + "workbookKey": "AlsidIoEWorkbook", + "logoFileName": "Alsid.svg", + "description": "Workbook showcasing the state and evolution of your Alsid for AD Indicators of Exposures alerts.", + "dataTypesDependencies": [ + "AlsidForADLog_CL" + ], + "dataConnectorsDependencies": [ + "AlsidForAD" + ], + "previewImagesFileNames": [ + "AlsidIoEBlack1.png", + "AlsidIoEBlack2.png", + "AlsidIoEBlack3.png", + "AlsidIoEWhite1.png", + "AlsidIoEWhite2.png", + "AlsidIoEWhite3.png" + ], + "version": "1.0.0", + "title": "Alsid for AD | Indicators of Exposure", + "templateRelativePath": "AlsidIoE.json", + "subtitle": "", + "provider": "Alsid" +}, +{ + "workbookKey": "AlsidIoAWorkbook", + "logoFileName": "Alsid.svg", + "description": "Workbook showcasing the state and evolution of your Alsid for AD Indicators of Attack alerts.", + "dataTypesDependencies": [ + "AlsidForADLog_CL" + ], + "dataConnectorsDependencies": [ + "AlsidForAD" + ], + "previewImagesFileNames": [ + "AlsidIoABlack1.png", + "AlsidIoABlack2.png", + "AlsidIoABlack3.png", + "AlsidIoAWhite1.png", + "AlsidIoAWhite2.png", + "AlsidIoAWhite3.png" + ], + "version": "1.0.0", + "title": "Alsid for AD | Indicators of Attack", + "templateRelativePath": "AlsidIoA.json", + "subtitle": "", + "provider": "Alsid" +}, +{ + "workbookKey": "InvestigationInsightsWorkbook", + "logoFileName": "Microsoft_logo.svg", + "description": "Help analysts gain insight into incident, bookmark and entity data through the Investigation Insights Workbook. This workbook provides common queries and detailed visualizations to help an analyst investigate suspicious activities quickly with an easy to use interface. Analysts can start their investigation from a Sentinel incident, bookmark, or by simply entering the entity data into the workbook manually.", + "dataTypesDependencies": [ + "AuditLogs", + "AzureActivity", + "CommonSecurityLog", + "OfficeActivity", + "SecurityEvent", + "SigninLogs", + "ThreatIntelligenceIndicator" + ], + "dataConnectorsDependencies": [ + "AzureActivity", + "SecurityEvents", + "Office365", + "AzureActiveDirectory", + "ThreatIntelligence", + "ThreatIntelligenceTaxii", + "WindowsSecurityEvents" + ], + "previewImagesFileNames": [ + "InvestigationInsightsWhite1.png", + "InvestigationInsightsBlack1.png", + "InvestigationInsightsWhite2.png", + "InvestigationInsightsBlack2.png" + ], + "version": "1.4.0", + "title": "Investigation Insights", + "templateRelativePath": "InvestigationInsights.json", + "subtitle": "", + "provider": "Microsoft Sentinel community" +}, +{ + "workbookKey": "AksSecurityWorkbook", + "logoFileName": "Kubernetes_services.svg", + "description": "See insights about the security of your AKS clusters. The workbook helps to identify sensitive operations in the clusters and get insights based on Azure Defender alerts.", + "dataTypesDependencies": [ + "SecurityAlert", + "AzureDiagnostics" + ], + "dataConnectorsDependencies": [ + "AzureSecurityCenter", + "AzureKubernetes" + ], + "previewImagesFileNames": [ + "AksSecurityWhite.png", + "AksSecurityBlack.png" + ], + "version": "1.5.0", + "title": "Azure Kubernetes Service (AKS) Security", + "templateRelativePath": "AksSecurity.json", + "subtitle": "", + "provider": "Microsoft" +}, +{ + "workbookKey": "AzureKeyVaultWorkbook", + "logoFileName": "KeyVault.svg", + "description": "See insights about the security of your Azure key vaults. The workbook helps to identify sensitive operations in the key vaults and get insights based on Azure Defender alerts.", + "dataTypesDependencies": [ + "SecurityAlert", + "AzureDiagnostics" + ], + "dataConnectorsDependencies": [ + "AzureSecurityCenter", + "AzureKeyVault" + ], + "previewImagesFileNames": [ + "AkvSecurityWhite.png", + "AkvSecurityBlack.png" + ], + "version": "1.1.0", + "title": "Azure Key Vault Security", + "templateRelativePath": "AzureKeyVaultWorkbook.json", + "subtitle": "", + "provider": "Microsoft" +}, +{ + "workbookKey": "IncidentOverview", + "logoFileName": "Azure_Sentinel.svg", + "description": "The Incident Overview workbook is designed to assist in triaging and investigation by providing in-depth information about the incident, including:\r\n* General information\r\n* Entity data\r\n* Triage time (time between incident creation and first response)\r\n* Mitigation time (time between incident creation and closing)\r\n* Comments\r\n\r\nCustomize this workbook by saving and editing it. \r\nYou can reach this workbook template from the incidents panel as well. Once you have customized it, the link from the incident panel will open the customized workbook instead of the template.\r\n", + "dataTypesDependencies": [ + "SecurityAlert", + "SecurityIncident" + ], + "dataConnectorsDependencies": [], + "previewImagesFileNames": [ + "IncidentOverviewBlack1.png", + "IncidentOverviewWhite1.png", + "IncidentOverviewBlack2.png", + "IncidentOverviewWhite2.png" + ], + "version": "2.1.0", + "title": "Incident overview", + "templateRelativePath": "IncidentOverview.json", + "subtitle": "", + "provider": "Microsoft" +}, +{ + "workbookKey": "SecurityOperationsEfficiency", + "logoFileName": "Azure_Sentinel.svg", + "description": "Security operations center managers can view overall efficiency metrics and measures regarding the performance of their team. They can find operations by multiple indicators over time including severity, MITRE tactics, mean time to triage, mean time to resolve and more. The SOC manager can develop a picture of the performance in both general and specific areas over time and use it to improve efficiency.", + "dataTypesDependencies": [ + "SecurityAlert", + "SecurityIncident" + ], + "dataConnectorsDependencies": [], + "previewImagesFileNames": [ + "SecurityEfficiencyWhite1.png", + "SecurityEfficiencyWhite2.png", + "SecurityEfficiencyBlack1.png", + "SecurityEfficiencyBlack2.png" + ], + "version": "1.5.0", + "title": "Security Operations Efficiency", + "templateRelativePath": "SecurityOperationsEfficiency.json", + "subtitle": "", + "provider": "Microsoft" +}, +{ + "workbookKey": "DataCollectionHealthMonitoring", + "logoFileName": "Azure_Sentinel.svg", + "description": "Gain insights into your workspace's data ingestion status. In this workbook, you can view additional monitors and detect anomalies that will help you determine your workspace\u2019s data collection health.", + "dataTypesDependencies": [], + "dataConnectorsDependencies": [], + "previewImagesFileNames": [ + "HealthMonitoringWhite1.png", + "HealthMonitoringWhite2.png", + "HealthMonitoringWhite3.png", + "HealthMonitoringBlack1.png", + "HealthMonitoringBlack2.png", + "HealthMonitoringBlack3.png" + ], + "version": "1.0.0", + "title": "Data collection health monitoring", + "templateRelativePath": "DataCollectionHealthMonitoring.json", + "subtitle": "", + "provider": "Microsoft" +}, +{ + "workbookKey": "OnapsisAlarmsWorkbook", + "logoFileName": "onapsis_logo.svg", + "description": "Gain insights into what is going on in your SAP Systems with this overview of the alarms triggered in the Onapsis Platform. Incidents are enriched with context and next steps to help your Security team respond effectively.", + "dataTypesDependencies": [ + "CommonSecurityLog" + ], + "dataConnectorsDependencies": [ + "OnapsisPlatform" + ], + "previewImagesFileNames": [ + "OnapsisWhite1.PNG", + "OnapsisBlack1.PNG", + "OnapsisWhite2.PNG", + "OnapsisBlack2.PNG" + ], + "version": "1.0.0", + "title": "Onapsis Alarms Overview", + "templateRelativePath": "OnapsisAlarmsOverview.json", + "subtitle": "", + "provider": "Onapsis" +}, +{ + "workbookKey": "DelineaWorkbook", + "logoFileName": "DelineaLogo.svg", + "description": "The Delinea Secret Server Syslog connector", + "dataTypesDependencies": [ + "CommonSecurityLog" + ], + "dataConnectorsDependencies": [ + "DelineaSecretServer_CEF" + ], + "previewImagesFileNames": [ + "DelineaWorkbookWhite.PNG", + "DelineaWorkbookBlack.PNG" + ], + "version": "1.0.0", + "title": "Delinea Secret Server Workbook", + "templateRelativePath": "DelineaWorkbook.json", + "subtitle": "", + "provider": "Delinea" +}, +{ + "workbookKey": "ForcepointCloudSecurityGatewayWorkbook", + "logoFileName": "Forcepoint_new_logo.svg", + "description": "Use this report to understand query runs across your workspace.", + "dataTypesDependencies": [ + "CommonSecurityLog" + ], + "dataConnectorsDependencies": [ + "ForcepointCSG" + ], + "previewImagesFileNames": [ + "ForcepointCloudSecurityGatewayWhite.png", + "ForcepointCloudSecurityGatewayBlack.png" + ], + "version": "1.0.0", + "title": "Forcepoint Cloud Security Gateway Workbook", + "templateRelativePath": "ForcepointCloudSecuirtyGatewayworkbook.json", + "subtitle": "", + "provider": "Forcepoint" +}, +{ + "workbookKey": "IntsightsIOCWorkbook", + "logoFileName": "IntSights_logo.svg", + "description": "", + "dataTypesDependencies": [ + "ThreatIntelligenceIndicator", + "SecurityAlert" + ], + "dataConnectorsDependencies": [ + "ThreatIntelligenceTaxii" + ], + "previewImagesFileNames": [ + "IntsightsIOCWhite.png", + "IntsightsMatchedWhite.png", + "IntsightsMatchedBlack.png", + "IntsightsIOCBlack.png" + ], + "version": "2.0.0", + "title": "IntSights IOC Workbook", + "templateRelativePath": "IntsightsIOCWorkbook.json", + "subtitle": "", + "provider": "IntSights Cyber Intelligence" +}, +{ + "workbookKey": "DarktraceSummaryWorkbook", + "logoFileName": "Darktrace.svg", + "description": "A workbook containing relevant KQL queries to help you visualise the data in model breaches from the Darktrace Connector", + "dataTypesDependencies": [ + "CommonSecurityLog" + ], + "dataConnectorsDependencies": [ + "Darktrace" + ], + "previewImagesFileNames": [ + "AIA-DarktraceSummaryWhite.png", + "AIA-DarktraceSummaryBlack.png" + ], + "version": "1.1.0", + "title": "AI Analyst Darktrace Model Breach Summary", + "templateRelativePath": "AIA-Darktrace.json", + "subtitle": "", + "provider": "Darktrace" +}, +{ + "workbookKey": "TrendMicroXDR", + "logoFileName": "trendmicro_logo.svg", + "description": "Gain insights from Trend Vision One with this overview of the Alerts triggered.", + "dataTypesDependencies": [ + "TrendMicro_XDR_WORKBENCH_CL" + ], + "dataConnectorsDependencies": [ + "TrendMicroXDR" + ], + "previewImagesFileNames": [ + "TrendMicroXDROverviewWhite.png", + "TrendMicroXDROverviewBlack.png" + ], + "version": "1.3.0", + "title": "Trend Vision One Alert Overview", + "templateRelativePath": "TrendMicroXDROverview.json", + "subtitle": "", + "provider": "Trend Micro" +}, +{ + "workbookKey": "CyberpionOverviewWorkbook", + "logoFileName": "cyberpion_logo.svg", + "description": "Use Cyberpion's Security Logs and this workbook, to get an overview of your online assets, gain insights into their current state, and find ways to better secure your ecosystem.", + "dataTypesDependencies": [ + "CyberpionActionItems_CL" + ], + "dataConnectorsDependencies": [ + "CyberpionSecurityLogs" + ], + "previewImagesFileNames": [ + "CyberpionActionItemsBlack.png", + "CyberpionActionItemsWhite.png" + ], + "version": "1.0.0", + "title": "Cyberpion Overview", + "templateRelativePath": "CyberpionOverviewWorkbook.json", + "subtitle": "", + "provider": "Cyberpion" +}, +{ + "workbookKey": "SolarWindsPostCompromiseHuntingWorkbook", + "logoFileName": "MSTIC-Logo.svg", + "description": "This hunting workbook is intended to help identify activity related to the Solorigate compromise and subsequent attacks discovered in December 2020", + "dataTypesDependencies": [ + "CommonSecurityLog", + "SigninLogs", + "AuditLogs", + "AADServicePrincipalSignInLogs", + "OfficeActivity", + "BehaviorAnalytics", + "SecurityEvent", + "DeviceProcessEvents", + "SecurityAlert", + "DnsEvents" + ], + "dataConnectorsDependencies": [ + "AzureActiveDirectory", + "SecurityEvents", + "Office365", + "MicrosoftThreatProtection", + "DNS", + "WindowsSecurityEvents" + ], + "previewImagesFileNames": [ + "SolarWindsPostCompromiseHuntingWhite.png", + "SolarWindsPostCompromiseHuntingBlack.png" + ], + "version": "1.5.0", + "title": "SolarWinds Post Compromise Hunting", + "templateRelativePath": "SolarWindsPostCompromiseHunting.json", + "subtitle": "", + "provider": "Microsoft" +}, +{ + "workbookKey": "ProofpointPODWorkbook", + "logoFileName": "proofpointlogo.svg", + "description": "Gain insights into your Proofpoint on Demand Email Security activities, including maillog and messages data. The Workbook provides users with an executive dashboard showing the reporting capabilities, message traceability and monitoring.", + "dataTypesDependencies": [ + "ProofpointPOD_maillog_CL", + "ProofpointPOD_message_CL" + ], + "dataConnectorsDependencies": [ + "ProofpointPOD" + ], + "previewImagesFileNames": [ + "ProofpointPODMainBlack1.png", + "ProofpointPODMainBlack2.png", + "ProofpointPODMainWhite1.png", + "ProofpointPODMainWhite2.png", + "ProofpointPODMessageSummaryBlack.png", + "ProofpointPODMessageSummaryWhite.png", + "ProofpointPODTLSBlack.png", + "ProofpointPODTLSWhite.png" + ], + "version": "1.0.0", + "title": "Proofpoint On-Demand Email Security", + "templateRelativePath": "ProofpointPOD.json", + "subtitle": "", + "provider": "Proofpoint" +}, +{ + "workbookKey": "CiscoUmbrellaWorkbook", + "logoFileName": "cisco_logo.svg", + "description": "Gain insights into Cisco Umbrella activities, including the DNS, Proxy and Cloud Firewall data. Workbook shows general information along with threat landscape including categories, blocked destinations and URLs.", + "dataTypesDependencies": [ + "Cisco_Umbrella_dns_CL", + "Cisco_Umbrella_proxy_CL", + "Cisco_Umbrella_ip_CL", + "Cisco_Umbrella_cloudfirewall_CL" + ], + "dataConnectorsDependencies": [ + "CiscoUmbrellaDataConnector" + ], + "previewImagesFileNames": [ + "CiscoUmbrellaDNSBlack1.png", + "CiscoUmbrellaDNSBlack2.png", + "CiscoUmbrellaDNSWhite1.png", + "CiscoUmbrellaDNSWhite2.png", + "CiscoUmbrellaFirewallBlack.png", + "CiscoUmbrellaFirewallWhite.png", + "CiscoUmbrellaMainBlack1.png", + "CiscoUmbrellaMainBlack2.png", + "CiscoUmbrellaMainWhite1.png", + "CiscoUmbrellaMainWhite2.png", + "CiscoUmbrellaProxyBlack1.png", + "CiscoUmbrellaProxyBlack2.png", + "CiscoUmbrellaProxyWhite1.png", + "CiscoUmbrellaProxyWhite2.png" + ], + "version": "1.0.0", + "title": "Cisco Umbrella", + "templateRelativePath": "CiscoUmbrella.json", + "subtitle": "", + "provider": "Cisco" +}, +{ + "workbookKey": "AnalyticsEfficiencyWorkbook", + "logoFileName": "Azure_Sentinel.svg", + "description": "Gain insights into the efficacy of your analytics rules. In this workbook you can analyze and monitor the analytics rules found in your workspace to achieve better performance by your SOC.", + "dataTypesDependencies": [ + "SecurityAlert", + "SecurityIncident" + ], + "dataConnectorsDependencies": [], + "previewImagesFileNames": [ + "AnalyticsEfficiencyBlack.png", + "AnalyticsEfficiencyWhite.png" + ], + "version": "1.2.0", + "title": "Analytics Efficiency", + "templateRelativePath": "AnalyticsEfficiency.json", + "subtitle": "", + "provider": "Microsoft" +}, +{ + "workbookKey": "WorkspaceUsage", + "logoFileName": "Azure_Sentinel.svg", + "description": "Gain insights into your workspace's usage. In this workbook, you can view your workspace\u2019s data consumption, latency, recommended tasks and Cost and Usage statistics.", + "dataTypesDependencies": [], + "dataConnectorsDependencies": [], + "previewImagesFileNames": [ + "WorkspaceUsageBlack.png", + "WorkspaceUsageWhite.png" + ], + "version": "1.6.0", + "title": "Workspace Usage Report", + "templateRelativePath": "WorkspaceUsage.json", + "subtitle": "", + "provider": "Microsoft Sentinel community" +}, +{ + "workbookKey": "SentinelCentral", + "logoFileName": "Azure_Sentinel.svg", + "description": "Use this report to view Incident (and Alert data) across many workspaces, this works with Azure Lighthouse and across any subscription you have access to.", + "dataTypesDependencies": [], + "dataConnectorsDependencies": [], + "previewImagesFileNames": [ + "SentinelCentralBlack.png", + "SentinelCentralWhite.png" + ], + "version": "2.1.0", + "title": "Sentinel Central", + "templateRelativePath": "SentinelCentral.json", + "subtitle": "", + "provider": "Microsoft Sentinel community" +}, +{ + "workbookKey": "CognniIncidentsWorkbook", + "logoFileName": "cognni-logo.svg", + "description": "Gain intelligent insights into the risks to your important financial, legal, HR, and governance information. This workbook lets you monitor your at-risk information to determine when and why incidents occurred, as well as who was involved. These incidents are broken into high, medium, and low risk incidents for each information category.", + "dataTypesDependencies": [ + "CognniIncidents_CL" + ], + "dataConnectorsDependencies": [ + "CognniSentinelDataConnector" + ], + "previewImagesFileNames": [ + "CognniBlack.PNG", + "CognniWhite.PNG" + ], + "version": "1.0.0", + "title": "Cognni Important Information Incidents", + "templateRelativePath": "CognniIncidentsWorkbook.json", + "subtitle": "", + "provider": "Cognni" +}, +{ + "workbookKey": "pfsense", + "logoFileName": "pfsense_logo.svg", + "description": "Gain insights into pfsense logs from both filterlog and nginx.", + "dataTypesDependencies": [ + "CommonSecurityLog" + ], + "dataConnectorsDependencies": [], + "previewImagesFileNames": [ + "pfsenseBlack.png", + "pfsenseWhite.png" + ], + "version": "1.0.0", + "title": "pfsense", + "templateRelativePath": "pfsense.json", + "subtitle": "", + "provider": "Microsoft Sentinel community" +}, +{ + "workbookKey": "ExchangeCompromiseHunting", + "logoFileName": "MSTIC-Logo.svg", + "description": "This workbook is intended to help defenders in responding to the Exchange Server vulnerabilities disclosed in March 2021, as well as hunting for potential compromise activity. More details on these vulnearbilities can be found at: https://aka.ms/exchangevulns", + "dataTypesDependencies": [ + "SecurityEvent", + "W3CIISLog" + ], + "dataConnectorsDependencies": [ + "SecurityEvents", + "AzureMonitor(IIS)", + "WindowsSecurityEvents" + ], + "previewImagesFileNames": [ + "ExchangeBlack.png", + "ExchangeWhite.png" + ], + "version": "1.0.0", + "title": "Exchange Compromise Hunting", + "templateRelativePath": "ExchangeCompromiseHunting.json", + "subtitle": "", + "provider": "Microsoft" +}, +{ + "workbookKey": "SOCProcessFrameworkWorkbook", + "logoFileName": "Azure_Sentinel.svg", + "description": "Built by Microsoft's Sentinel GBB's - This workbook contains years of SOC Best Practices and is intended to help SOCs mature and leverage industry standards in Operationalizing their SOC in using Microsoft Sentinel. It contains Processes and Procedures every SOC should consider and builds a high level of operational excellence.", + "dataTypesDependencies": [], + "dataConnectorsDependencies": [], + "previewImagesFileNames": [ + "SOCProcessFrameworkCoverImage1White.png", + "SOCProcessFrameworkCoverImage1Black.png", + "SOCProcessFrameworkCoverImage2White.png", + "SOCProcessFrameworkCoverImage2Black.png" + ], + "version": "1.1.0", + "title": "SOC Process Framework", + "templateRelativePath": "SOCProcessFramework.json", + "subtitle": "", + "provider": "Microsoft Sentinel Community" +}, +{ + "workbookKey": "Building_a_SOCLargeStaffWorkbook", + "logoFileName": "Azure_Sentinel.svg", + "description": "Built by Microsoft's Sentinel GBB's - This workbook contains years of SOC Best Practices and is intended to help SOCs mature and leverage industry standards in Operationalizing their SOC in using Microsoft Sentinel. It contains Processes and Procedures every SOC should consider and builds a high level of operational excellence.", + "dataTypesDependencies": [], + "dataConnectorsDependencies": [], + "previewImagesFileNames": [ + "SOCProcessFrameworkCoverImage1White.png", + "SOCProcessFrameworkCoverImage1Black.png", + "SOCProcessFrameworkCoverImage2White.png", + "SOCProcessFrameworkCoverImage2Black.png" + ], + "version": "1.1.0", + "title": "SOC Large Staff", + "templateRelativePath": "Building_a_SOCLargeStaff.json", + "subtitle": "", + "provider": "Microsoft Sentinel Community" +}, +{ + "workbookKey": "Building_a_SOCMediumStaffWorkbook", + "logoFileName": "Azure_Sentinel.svg", + "description": "Built by Microsoft's Sentinel GBB's - This workbook contains years of SOC Best Practices and is intended to help SOCs mature and leverage industry standards in Operationalizing their SOC in using Microsoft Sentinel. It contains Processes and Procedures every SOC should consider and builds a high level of operational excellence.", + "dataTypesDependencies": [], + "dataConnectorsDependencies": [], + "previewImagesFileNames": [ + "SOCProcessFrameworkCoverImage1White.png", + "SOCProcessFrameworkCoverImage1Black.png", + "SOCProcessFrameworkCoverImage2White.png", + "SOCProcessFrameworkCoverImage2Black.png" + ], + "version": "1.1.0", + "title": "SOC Medium Staff", + "templateRelativePath": "Building_a_SOCMediumStaff.json", + "subtitle": "", + "provider": "Microsoft Sentinel Community" +}, +{ + "workbookKey": "Building_a_SOCPartTimeStaffWorkbook", + "logoFileName": "Azure_Sentinel.svg", + "description": "Built by Microsoft's Sentinel GBB's - This workbook contains years of SOC Best Practices and is intended to help SOCs mature and leverage industry standards in Operationalizing their SOC in using Microsoft Sentinel. It contains Processes and Procedures every SOC should consider and builds a high level of operational excellence.", + "dataTypesDependencies": [], + "dataConnectorsDependencies": [], + "previewImagesFileNames": [ + "SOCProcessFrameworkCoverImage1White.png", + "SOCProcessFrameworkCoverImage1Black.png", + "SOCProcessFrameworkCoverImage2White.png", + "SOCProcessFrameworkCoverImage2Black.png" + ], + "version": "1.1.0", + "title": "SOC Part Time Staff", + "templateRelativePath": "Building_a_SOCPartTimeStaff.json", + "subtitle": "", + "provider": "Microsoft Sentinel Community" +}, +{ + "workbookKey": "Building_a_SOCSmallStaffWorkbook", + "logoFileName": "Azure_Sentinel.svg", + "description": "Built by Microsoft's Sentinel GBB's - This workbook contains years of SOC Best Practices and is intended to help SOCs mature and leverage industry standards in Operationalizing their SOC in using Microsoft Sentinel. It contains Processes and Procedures every SOC should consider and builds a high level of operational excellence.", + "dataTypesDependencies": [], + "dataConnectorsDependencies": [], + "previewImagesFileNames": [ + "SOCProcessFrameworkCoverImage1White.png", + "SOCProcessFrameworkCoverImage1Black.png", + "SOCProcessFrameworkCoverImage2White.png", + "SOCProcessFrameworkCoverImage2Black.png" + ], + "version": "1.1.0", + "title": "SOC Small Staff", + "templateRelativePath": "Building_a_SOCSmallStaff.json", + "subtitle": "", + "provider": "Microsoft Sentinel Community" +}, +{ + "workbookKey": "SOCIRPlanningWorkbook", + "logoFileName": "Azure_Sentinel.svg", + "description": "Built by Microsoft's Sentinel GBB's - This workbook contains years of SOC Best Practices and is intended to help SOCs mature and leverage industry standards in Operationalizing their SOC in using Microsoft Sentinel. It contains Processes and Procedures every SOC should consider and builds a high level of operational excellence.", + "dataTypesDependencies": [], + "dataConnectorsDependencies": [], + "previewImagesFileNames": [ + "SOCProcessFrameworkCoverImage1White.png", + "SOCProcessFrameworkCoverImage1Black.png", + "SOCProcessFrameworkCoverImage2White.png", + "SOCProcessFrameworkCoverImage2Black.png" + ], + "version": "1.1.0", + "title": "SOC IR Planning", + "templateRelativePath": "SOCIRPlanning.json", + "subtitle": "", + "provider": "Microsoft Sentinel Community" +}, +{ + "workbookKey": "UpdateSOCMaturityScoreWorkbook", + "logoFileName": "Azure_Sentinel.svg", + "description": "Built by Microsoft's Sentinel GBB's - This workbook contains years of SOC Best Practices and is intended to help SOCs mature and leverage industry standards in Operationalizing their SOC in using Microsoft Sentinel. It contains Processes and Procedures every SOC should consider and builds a high level of operational excellence.", + "dataTypesDependencies": [], + "dataConnectorsDependencies": [], + "previewImagesFileNames": [ + "SOCProcessFrameworkCoverImage1White.png", + "SOCProcessFrameworkCoverImage1Black.png", + "SOCProcessFrameworkCoverImage2White.png", + "SOCProcessFrameworkCoverImage2Black.png" + ], + "version": "1.1.0", + "title": "Update SOC Maturity Score", + "templateRelativePath": "UpdateSOCMaturityScore.json", + "subtitle": "", + "provider": "Microsoft Sentinel Community" +}, +{ + "workbookKey": "Microsoft365SecurityPosture", + "logoFileName": "M365securityposturelogo.svg", + "description": "This workbook presents security posture data collected from Azure Security Center, M365 Defender, Defender for Endpoint, and Microsoft Cloud App Security. This workbook relies on the M365 Security Posture Playbook in order to bring the data in.", + "dataTypesDependencies": [ + "M365SecureScore_CL", + "MDfESecureScore_CL", + "MDfEExposureScore_CL", + "MDfERecommendations_CL", + "MDfEVulnerabilitiesList_CL", + "McasShadowItReporting" + ], + "dataConnectorsDependencies": [], + "previewImagesFileNames": [ + "M365securitypostureblack.png", + "M365securityposturewhite.png" + ], + "version": "1.0.0", + "title": "Microsoft 365 Security Posture", + "templateRelativePath": "M365SecurityPosture.json", + "subtitle": "", + "provider": "Microsoft Sentinel Community" +}, +{ + "workbookKey": "AzureSentinelCost", + "logoFileName": "Azure_Sentinel.svg", + "description": "This workbook provides an estimated cost across the main billed items in Microsoft Sentinel: ingestion, retention and automation. It also provides insight about the possible impact of the Microsoft 365 E5 offer.", + "dataTypesDependencies": [], + "dataConnectorsDependencies": [], + "previewImagesFileNames": [ + "AzureSentinelCostWhite.png", + "AzureSentinelCostBlack.png" + ], + "version": "1.5.0", + "title": "Microsoft Sentinel Cost", + "templateRelativePath": "AzureSentinelCost.json", + "subtitle": "", + "provider": "Microsoft Sentinel Community" +}, +{ + "workbookKey": "ADXvsLA", + "logoFileName": "Azure_Sentinel.svg", + "description": "This workbook shows the tables from Microsoft Sentinel which are backed up in ADX. It also provides a comparison between the entries in the Microsoft Sentinel tables and the ADX tables. Lastly some general information about the queries and ingestion on ADX is shown.", + "dataTypesDependencies": [], + "dataConnectorsDependencies": [], + "previewImagesFileNames": [ + "ADXvsLABlack.PNG", + "ADXvsLAWhite.PNG" + ], + "version": "1.0.0", + "title": "ADXvsLA", + "templateRelativePath": "ADXvsLA.json", + "subtitle": "", + "provider": "Microsoft Sentinel Community" +}, +{ + "workbookKey": "MicrosoftDefenderForOffice365", + "logoFileName": "office365_logo.svg", + "description": "Gain insights into your Microsoft Defender for Office 365 raw data logs. This workbook lets you look at trends in email senders, attachments and embedded URL data to find anomalies. You can also search by, sender, recipient, subject, attachment or embedded URL to find where the related messages have been sent.", + "dataTypesDependencies": [ + "EmailEvents", + "EmailUrlInfo", + "EmailAttachmentInfo" + ], + "dataConnectorsDependencies": [], + "previewImagesFileNames": [ + "MDOWhite1.png", + "MDOBlack1.png", + "MDOWhite2.png", + "MDOBlack2.png" + ], + "version": "1.0.0", + "title": "Microsoft Defender For Office 365", + "templateRelativePath": "MicrosoftDefenderForOffice365.json", + "subtitle": "", + "provider": "Microsoft Sentinel Community" +}, +{ + "workbookKey": "ProofPointThreatDashboard", + "logoFileName": "", + "description": "Provides an overview of email threat activity based on log data provided by ProofPoint", + "dataTypesDependencies": [ + "ProofpointPOD_message_CL", + "ProofpointPOD_maillog_CL", + "ProofPointTAPClicksBlocked_CL", + "ProofPointTAPClicksPermitted_CL", + "ProofPointTAPMessagesBlocked_CL", + "ProofPointTAPMessagesDelivered_CL" + ], + "dataConnectorsDependencies": [ + "ProofpointTAP", + "ProofpointPOD" + ], + "previewImagesFileNames": [ + "ProofPointThreatDashboardBlack1.png", + "ProofPointThreatDashboardWhite1.png" + ], + "version": "1.0.0", + "title": "ProofPoint Threat Dashboard", + "templateRelativePath": "ProofPointThreatDashboard.json", + "subtitle": "", + "provider": "Microsoft Sentinel Community" +}, +{ + "workbookKey": "AMAmigrationTracker", + "logoFileName": "Azure_Sentinel.svg", + "description": "See what Azure and Azure Arc servers have Log Analytics agent or Azure Monitor agent installed. Review what DCR (data collection rules) apply to your machines and whether you are collecting logs from those machines into your selected workspaces.", + "dataTypesDependencies": [], + "dataConnectorsDependencies": [], + "previewImagesFileNames": [ + "AMAtrackingWhite1.png", + "AMAtrackingWhite2.png", + "AMAtrackingWhite3.png", + "AMAtrackingBlack1.png", + "AMAtrackingBlack2.png", + "AMAtrackingBlack3.png" + ], + "version": "1.1.0", + "title": "AMA migration tracker", + "templateRelativePath": "AMAmigrationTracker.json", + "subtitle": "", + "provider": "Microsoft Sentinel Community" +}, +{ + "workbookKey": "AdvancedKQL", + "logoFileName": "Azure_Sentinel.svg", + "description": "This interactive Workbook is designed to improve your KQL proficiency by using a use-case driven approach.", + "dataTypesDependencies": [], + "dataConnectorsDependencies": [], + "previewImagesFileNames": [ + "AdvancedKQLWhite.png", + "AdvancedKQLBlack.png" + ], + "version": "1.3.0", + "title": "Advanced KQL for Microsoft Sentinel", + "templateRelativePath": "AdvancedKQL.json", + "subtitle": "", + "provider": "Microsoft Sentinel Community" +}, +{ + "workbookKey": "DSTIMWorkbook", + "logoFileName": "DSTIM.svg", + "description": "Identify sensitive data blast radius (i.e., who accessed sensitive data, what kinds of sensitive data, from where and when) in a given data security incident investigation or as part of Threat Hunting. Prioritize your investigation based on insights provided with integrations with Watchlists(VIPUsers, TerminatedEmployees and HighValueAssets), Threat Intelligence feed, UEBA baselines and much more.", + "dataTypesDependencies": [ + "DSMAzureBlobStorageLogs", + "DSMDataClassificationLogs", + "DSMDataLabelingLogs", + "Anomalies", + "ThreatIntelligenceIndicator", + "AADManagedIdentitySignInLogs", + "SecurityAlert", + "SigninLogs" + ], + "dataConnectorsDependencies": [], + "previewImagesFileNames": [ + "DSTIMWorkbookBlack.png", + "DSTIMWorkbookWhite.png" + ], + "version": "1.9.0", + "title": "Data Security - Sensitive Data Impact Assessment", + "templateRelativePath": "DSTIMWorkbook.json", + "subtitle": "", + "provider": "Microsoft", + "featureFlag": "DSTIMWorkbook" +}, +{ + "workbookKey": "IntrotoKQLWorkbook", + "logoFileName": "", + "description": "Learn and practice the Kusto Query Language. This workbook introduces and provides 100 to 200 level content for new and existing users looking to learn KQL. This workbook will be updated with content over time.", + "dataTypesDependencies": [], + "dataConnectorsDependencies": [], + "previewImagesFileNames": [ + "IntrotoKQL-black.png", + "IntrotoKQL-white.png" + ], + "version": "1.0.0", + "title": "Intro to KQL", + "templateRelativePath": "IntrotoKQL.json", + "subtitle": "", + "provider": "Microsoft Sentinel Community" +}, +{ + "workbookKey": "Log4jPostCompromiseHuntingWorkbook", + "logoFileName": "", + "description": "This hunting workbook is intended to help identify activity related to the Log4j compromise discovered in December 2021.", + "dataTypesDependencies": [ + "SecurityNestedRecommendation", + "AzureDiagnostics", + "OfficeActivity", + "W3CIISLog", + "AWSCloudTrail", + "SigninLogs", + "AADNonInteractiveUserSignInLogs", + "imWebSessions", + "imNetworkSession" + ], + "dataConnectorsDependencies": [], + "previewImagesFileNames": [ + "Log4jPostCompromiseHuntingBlack.png", + "Log4jPostCompromiseHuntingWhite.png" + ], + "version": "1.0.0", + "title": "Log4j Post Compromise Hunting", + "templateRelativePath": "Log4jPostCompromiseHunting.json", + "subtitle": "", + "provider": "Microsoft Sentinel Community" +}, +{ + "workbookKey": "Log4jImpactAssessmentWorkbook", + "logoFileName": "", + "description": "This hunting workbook is intended to help identify activity related to the Log4j compromise discovered in December 2021.", + "dataTypesDependencies": [ + "SecurityIncident", + "SecurityAlert", + "AzureSecurityCenter", + "MDfESecureScore_CL", + "MDfEExposureScore_CL", + "MDfERecommendations_CL", + "MDfEVulnerabilitiesList_CL" + ], + "dataConnectorsDependencies": [], + "previewImagesFileNames": [], + "version": "1.0.0", + "title": "Log4j Impact Assessment", + "templateRelativePath": "Log4jImpactAssessment.json", + "subtitle": "", + "provider": "Microsoft Sentinel Community" +}, +{ + "workbookKey": "UserMap", + "logoFileName": "", + "description": "This Workbook shows MaliciousIP, User SigninLog Data (this shows user Signin Locations and distance between as well as order visited) and WAF information.", + "dataTypesDependencies": [ + "SigninLogs", + "AzureDiagnostics", + "WireData", + "VMconnection", + "CommonSecurityLog", + "WindowsFirewall", + "W3CIISLog", + "DnsEvents" + ], + "dataConnectorsDependencies": [ + "AzureActiveDirectory" + ], + "previewImagesFileNames": [ + "UserMapBlack.png", + "UserMapWhite.png" + ], + "version": "1.0.0", + "title": "User Map information", + "templateRelativePath": "UserMap.json", + "subtitle": "", + "provider": "Microsoft Sentinel Community" +}, +{ + "workbookKey": "AWSS3", + "logoFileName": "", + "description": ".", + "dataTypesDependencies": [ + "AWSCloudTrail", + "AWSGuardDuty", + "AWSVPCFlow" + ], + "dataConnectorsDependencies": [ + "AWSS3" + ], + "previewImagesFileNames": [ + "AWSS3Black.png", + "AWSS3White.png", + "AWSS3White1.png" + ], + "version": "1.0.0", + "title": "AWS S3 Workbook", + "templateRelativePath": "AWSS3.json", + "subtitle": "", + "provider": "Microsoft Sentinel Community" +}, +{ + "workbookKey": "LogSourcesAndAnalyticRulesCoverageWorkbook", + "logoFileName": "", + "description": "This workbook is intended to show how the different tables in a Log Analytics workspace are being used by the different Microsoft Sentinel features, like analytics, hunting queries, playbooks and queries in general.", + "dataTypesDependencies": [], + "dataConnectorsDependencies": [], + "previewImagesFileNames": [ + "LogSourcesAndAnalyticRulesCoverageBlack.png", + "LogSourcesAndAnalyticRulesCoverageWhite.png" + ], + "version": "1.1.0", + "title": "Log Sources & Analytic Rules Coverage", + "templateRelativePath": "LogSourcesAndAnalyticRulesCoverage.json", + "subtitle": "", + "provider": "Microsoft Sentinel Community" +}, +{ + "workbookKey": "CiscoFirepower", + "logoFileName": "", + "description": "Gain insights into your Cisco Firepower firewalls. This workbook analyzes Cisco Firepower device logs.", + "dataTypesDependencies": [ + "CommonSecurityLog" + ], + "dataConnectorsDependencies": [], + "previewImagesFileNames": [ + "CiscoFirepowerBlack.png", + "CiscoFirepowerWhite.png" + ], + "version": "1.0.0", + "title": "Cisco Firepower", + "templateRelativePath": "CiscoFirepower.json", + "subtitle": "", + "provider": "Microsoft Sentinel Community" +}, +{ + "workbookKey": "MicrorosftTeams", + "logoFileName": "microsoftteams.svg", + "description": "This workbook is intended to identify the activities on Microrsoft Teams.", + "dataTypesDependencies": [ + "OfficeActivity" + ], + "dataConnectorsDependencies": [], + "previewImagesFileNames": [ + "MicrosoftTeamsBlack.png", + "MicrosoftTeamsWhite.png" + ], + "version": "1.0.0", + "title": "Microsoft Teams", + "templateRelativePath": "MicrosoftTeams.json", + "subtitle": "", + "provider": "Microsoft Sentinel Community" +}, +{ + "workbookKey": "ArchivingBasicLogsRetention", + "logoFileName": "ArchivingBasicLogsRetention.svg", + "description": "This workbooks shows workspace and table retention periods, basic logs, and search & restore tables. It also allows you to update table retention periods, plans, and delete search or restore tables.", + "dataTypesDependencies": [], + "dataConnectorsDependencies": [], + "previewImagesFileNames": [ + "ArchivingBasicLogsRetentionBlack1.png", + "ArchivingBasicLogsRetentionWhite1.png" + ], + "version": "1.1.0", + "title": "Archiving, Basic Logs, and Retention", + "templateRelativePath": "ArchivingBasicLogsRetention.json", + "subtitle": "", + "provider": "Microsoft Sentinel Community" +}, +{ + "workbookKey": "OktaSingleSignOnWorkbook", + "logoFileName": "okta_logo.svg", + "description": "Gain extensive insight into Okta Single Sign-On (SSO) by analyzing, collecting and correlating Audit and Event events.\nThis workbook provides visibility into message and click events that were permitted, delivered, or blocked", + "dataTypesDependencies": [ + "Okta_CL" + ], + "dataConnectorsDependencies": [ + "OktaSSO" + ], + "previewImagesFileNames": [ + "OktaSingleSignOnWhite.png", + "OktaSingleSignOnBlack.png" + ], + "version": "1.2", + "title": "Okta Single Sign-On", + "templateRelativePath": "OktaSingleSignOn.json", + "subtitle": "", + "provider": "Okta" +}, +{ + "workbookKey": "MicrosoftDefenderForEndPoint", + "logoFileName": "", + "description": "A wokbook to provide details about Microsoft Defender for Endpoint Advance Hunting to Overview & Analyse data brought through M365 Defender Connector.", + "dataTypesDependencies": [], + "dataConnectorsDependencies": [], + "previewImagesFileNames": [ + "microsoftdefenderforendpointwhite.png", + "microsoftdefenderforendpointblack.png" + ], + "version": "1.0.0", + "title": "MicrosoftDefenderForEndPoint", + "templateRelativePath": "MicrosoftDefenderForEndPoint.json", + "subtitle": "", + "provider": "Microsoft Sentinel Community" +}, +{ + "workbookKey": "Dynamics365Workbooks", + "logoFileName": "DynamicsLogo.svg", + "description": "This workbook brings together queries and visualizations to assist you in identifying potential threats in your Dynamics 365 audit data.", + "dataTypesDependencies": [ + "Dynamics365Activity" + ], + "dataConnectorsDependencies": [ + "Dynamics365" + ], + "previewImagesFileNames": [ + "Dynamics365WorkbookBlack.png", + "Dynamics365WorkbookWhite.png" + ], + "version": "1.0.3", + "title": "Dynamics365Workbooks", + "templateRelativePath": "Dynamics365Workbooks.json", + "subtitle": "", + "provider": "Microsoft Sentinel Community" +}, +{ + "workbookKey": "CiscoMerakiWorkbook", + "logoFileName": "", + "description": "Gain insights into the Events from Cisco Meraki Solution and analyzing all the different types of Security Events. This workbook also helps in identifying the Events from affected devices, IPs and the nodes where malware was successfully detected.\nIP data received in Events is correlated with Threat Intelligence to identify if the reported IP address is known bad based on threat intelligence data.", + "dataTypesDependencies": [ + "meraki_CL", + "CiscoMerakiNativePoller", + "ThreatIntelligenceIndicator" + ], + "dataConnectorsDependencies": [ + "CiscoMeraki", + "CiscoMerakiNativePolling", + "ThreatIntelligence" + ], + "previewImagesFileNames": [ + "CiscoMerakiWorkbookWhite.png", + "CiscoMerakiWorkbookBlack.png" + ], + "version": "1.0.0", + "title": "CiscoMerakiWorkbook", + "templateRelativePath": "CiscoMerakiWorkbook.json", + "subtitle": "", + "provider": "Microsoft" +}, +{ + "workbookKey": "SentinelOneWorkbook", + "logoFileName": "", + "description": "Sets the time name for analysis.", + "dataTypesDependencies": [ + "SentinelOne_CL" + ], + "dataConnectorsDependencies": [ + "SentinelOne" + ], + "previewImagesFileNames": [ + "SentinelOneBlack.png", + "SentinelOneWhite.png" + ], + "version": "1.0.0", + "title": "SentinelOneWorkbook", + "templateRelativePath": "SentinelOne.json", + "subtitle": "", + "provider": "Microsoft" +}, +{ + "workbookKey": "TrendMicroApexOneWorkbook", + "logoFileName": "trendmicro_logo.svg", + "description": "Sets the time name for analysis.", + "dataTypesDependencies": [ + "CommonSecurityLog" + ], + "dataConnectorsDependencies": [ + "TrendMicroApexOne" + ], + "previewImagesFileNames": [ + "TrendMicroApexOneBlack.png", + "TrendMicroApexOneWhite.png" + ], + "version": "1.0.0", + "title": "Trend Micro Apex One", + "templateRelativePath": "TrendMicroApexOne.json", + "subtitle": "", + "provider": "TrendMicro" +}, +{ + "workbookKey": "ContrastProtect", + "logoFileName": "contrastsecurity_logo.svg", + "description": "Select the time range for this Overview.", + "dataTypesDependencies": [ + "CommonSecurityLog" + ], + "dataConnectorsDependencies": [ + "ContrastProtect" + ], + "previewImagesFileNames": [ + "ContrastProtectAllBlack.png", + "ContrastProtectAllWhite.png", + "ContrastProtectEffectiveBlack.png", + "ContrastProtectEffectiveWhite.png", + "ContrastProtectSummaryBlack.png", + "ContrastProtectSummaryWhite.png" + ], + "version": "1.0.0", + "title": "Contrast Protect", + "templateRelativePath": "ContrastProtect.json", + "subtitle": "", + "provider": "contrast security" +}, +{ + "workbookKey": "ArmorbloxOverview", + "logoFileName": "armorblox.svg", + "description": "INCIDENTS FROM SELECTED TIME RANGE", + "dataTypesDependencies": [ + "Armorblox_CL" + ], + "dataConnectorsDependencies": [ + "Armorblox" + ], + "previewImagesFileNames": [ + "ArmorbloxOverviewBlack01.png", + "ArmorbloxOverviewBlack02.png", + "ArmorbloxOverviewWhite01.png", + "ArmorbloxOverviewWhite02.png" + ], + "version": "1.0.0", + "title": "Armorblox", + "templateRelativePath": "ArmorbloxOverview.json", + "subtitle": "", + "provider": "Armorblox" +}, +{ + "workbookKey": "PaloAltoCDL", + "logoFileName": "paloalto_logo.svg", + "description": "Sets the time name for analysis", + "dataTypesDependencies": [ + "CommonSecurityLog" + ], + "dataConnectorsDependencies": [ + "PaloAltoCDL" + ], + "previewImagesFileNames": [ + "PaloAltoBlack.png", + "PaloAltoWhite.png" + ], + "version": "1.0.0", + "title": "Palo Alto Networks Cortex Data Lake", + "templateRelativePath": "PaloAltoCDL.json", + "subtitle": "", + "provider": "Palo Alto Networks" +}, +{ + "workbookKey": "VMwareCarbonBlack", + "logoFileName": "Azure_Sentinel.svg", + "description": "Sets the time name for analysis", + "dataTypesDependencies": [ + "CarbonBlackEvents_CL", + "CarbonBlackAuditLogs_CL", + "CarbonBlackNotifications_CL" + ], + "dataConnectorsDependencies": [ + "VMwareCarbonBlack" + ], + "previewImagesFileNames": [ + "VMwareCarbonBlack.png", + "VMwareCarbonWhite.png" + ], + "version": "1.0.0", + "title": "VMware Carbon Black Cloud", + "templateRelativePath": "VMwareCarbonBlack.json", + "subtitle": "", + "provider": "Microsoft" +}, +{ + "workbookKey": "arista-networks", + "logoFileName": "AristaAwakeSecurity.svg", + "description": "Sets the time name for analysis", + "dataTypesDependencies": [ + "CommonSecurityLog" + ], + "dataConnectorsDependencies": [ + "AristaAwakeSecurity" + ], + "previewImagesFileNames": [ + "AristaAwakeSecurityDevicesBlack.png", + "AristaAwakeSecurityDevicesWhite.png", + "AristaAwakeSecurityModelsBlack.png", + "AristaAwakeSecurityModelsWhite.png", + "AristaAwakeSecurityOverviewBlack.png", + "AristaAwakeSecurityOverviewWhite.png" + ], + "version": "1.0.0", + "title": "Arista Awake", + "templateRelativePath": "AristaAwakeSecurityWorkbook.json", + "subtitle": "", + "provider": "Arista Networks" +}, +{ + "workbookKey": "TomcatWorkbook", + "logoFileName": "Azure_Sentinel.svg", + "description": "Sets the time name for analysis", + "dataTypesDependencies": [ + "Tomcat_CL" + ], + "dataConnectorsDependencies": [ + "ApacheTomcat" + ], + "previewImagesFileNames": [ + "TomcatBlack.png", + "TomcatWhite.png" + ], + "version": "1.0.0", + "title": "ApacheTomcat", + "templateRelativePath": "Tomcat.json", + "subtitle": "", + "provider": "Apache" +}, +{ + "workbookKey": "ClarotyWorkbook", + "logoFileName": "Azure_Sentinel.svg", + "description": "Sets the time name for analysis", + "dataTypesDependencies": [ + "CommonSecurityLog" + ], + "dataConnectorsDependencies": [ + "Claroty" + ], + "previewImagesFileNames": [ + "ClarotyBlack.png", + "ClarotyWhite.png" + ], + "version": "1.0.0", + "title": "Claroty", + "templateRelativePath": "ClarotyOverview.json", + "subtitle": "", + "provider": "Claroty" +}, +{ + "workbookKey": "ApacheHTTPServerWorkbook", + "logoFileName": "apache.svg", + "description": "Sets the time name for analysis", + "dataTypesDependencies": [ + "ApacheHTTPServer_CL" + ], + "dataConnectorsDependencies": [ + "ApacheHTTPServer" + ], + "previewImagesFileNames": [ + "ApacheHTTPServerOverviewBlack01.png", + "ApacheHTTPServerOverviewBlack02.png", + "ApacheHTTPServerOverviewWhite01.png", + "ApacheHTTPServerOverviewWhite02.png" + ], + "version": "1.0.0", + "title": "Apache HTTP Server", + "templateRelativePath": "ApacheHTTPServer.json", + "subtitle": "", + "provider": "Apache Software Foundation" +}, +{ + "workbookKey": "OCIWorkbook", + "logoFileName": "Azure_Sentinel.svg", + "description": "Sets the time name for analysis", + "dataTypesDependencies": [ + "OCI_Logs_CL" + ], + "dataConnectorsDependencies": [ + "OracleCloudInfrastructureLogsConnector" + ], + "previewImagesFileNames": [ + "OCIBlack.png", + "OCIWhite.png" + ], + "version": "1.0.0", + "title": "Oracle Cloud Infrastructure", + "templateRelativePath": "OracleCloudInfrastructureOCI.json", + "subtitle": "", + "provider": "Microsoft" +}, +{ + "workbookKey": "OracleWeblogicServerWorkbook", + "logoFileName": "Azure_Sentinel.svg", + "description": "Sets the time name for analysis", + "dataTypesDependencies": [ + "OracleWebLogicServer_CL" + ], + "dataConnectorsDependencies": [ + "OracleWebLogicServer" + ], + "previewImagesFileNames": [ + "OracleWeblogicServerBlack.png", + "OracleWeblogicServerWhite.png" + ], + "version": "1.0.0", + "title": "Oracle WebLogic Server", + "templateRelativePath": "OracleWorkbook.json", + "subtitle": "", + "provider": "Oracle" +}, +{ + "workbookKey": "BitglassWorkbook", + "logoFileName": "Azure_Sentinel.svg", + "description": "Sets the time name for analysis", + "dataTypesDependencies": [ + "BitglassLogs_CL" + ], + "dataConnectorsDependencies": [ + "Bitglass" + ], + "previewImagesFileNames": [ + "BitglassBlack.png", + "BitglassWhite.png" + ], + "version": "1.0.0", + "title": "Bitglass", + "templateRelativePath": "Bitglass.json", + "subtitle": "", + "provider": "Bitglass" +}, +{ + "workbookKey": "NGINXWorkbook", + "logoFileName": "Azure_Sentinel.svg", + "description": "Sets the time name for analysis", + "dataTypesDependencies": [ + "NGINX_CL" + ], + "dataConnectorsDependencies": [ + "NGINXHTTPServer" + ], + "previewImagesFileNames": [ + "NGINXOverviewBlack01.png", + "NGINXOverviewBlack02.png", + "NGINXOverviewWhite01.png", + "NGINXOverviewWhite02.png" + ], + "version": "1.0.0", + "title": "NGINX HTTP Server", + "templateRelativePath": "NGINX.json", + "subtitle": "", + "provider": "Microsoft" +}, +{ + "workbookKey": "vArmourAppContollerWorkbook", + "logoFileName": "varmour-logo.svg", + "description": "Sets the time name for analysis", + "dataTypesDependencies": [ + "CommonSecurityLog" + ], + "dataConnectorsDependencies": [ + "vArmourAC" + ], + "previewImagesFileNames": [ + "vArmourAppControllerAppBlack.png", + "vArmourAppControllerAppBlack-1.png", + "vArmourAppControllerAppBlack-2.png", + "vArmourAppControllerAppBlack-3.png", + "vArmourAppControllerAppBlack-4.png", + "vArmourAppControllerAppBlack-5.png", + "vArmourAppControllerAppBlack-6.png", + "vArmourAppControllerAppBlack-7.png", + "vArmourAppControllerAppWhite.png", + "vArmourAppControllerAppWhite-1.png", + "vArmourAppControllerAppWhite-2.png", + "vArmourAppControllerAppWhite-3.png", + "vArmourAppControllerAppWhite-4.png", + "vArmourAppControllerAppWhite-5.png", + "vArmourAppControllerAppWhite-6.png", + "vArmourAppControllerAppWhite-7.png" + ], + "version": "1.0.0", + "title": "vArmour Application Controller", + "templateRelativePath": "vArmour_AppContoller_Workbook.json", + "subtitle": "", + "provider": "vArmour" +}, +{ + "workbookKey": "CorelightWorkbook", + "logoFileName": "corelight.svg", + "description": "Sets the time name for analysis", + "dataTypesDependencies": [ + "Corelight_CL" + ], + "dataConnectorsDependencies": [ + "Corelight" + ], + "previewImagesFileNames": [ + "CorelightConnectionsBlack1.png", + "CorelightConnectionsBlack2.png", + "CorelightConnectionsWhite1.png", + "CorelightConnectionsWhite2.png", + "CorelightDNSBlack1.png", + "CorelightDNSWhite1.png", + "CorelightFileBlack1.png", + "CorelightFileBlack2.png", + "CorelightFileWhite1.png", + "CorelightFileWhite2.png", + "CorelightMainBlack1.png", + "CorelightMainWhite1.png", + "CorelightSoftwareBlack1.png", + "CorelightSoftwareWhite1.png" + ], + "version": "1.0.0", + "title": "Corelight", + "templateRelativePath": "Corelight.json", + "subtitle": "", + "provider": "Corelight" +}, +{ + "workbookKey": "LookoutEvents", + "logoFileName": "lookout.svg", + "description": "Sets the time name for analysis", + "dataTypesDependencies": [ + "Lookout_CL" + ], + "dataConnectorsDependencies": [ + "LookoutAPI" + ], + "previewImagesFileNames": [ + "SampleLookoutWorkBookBlack.png", + "SampleLookoutWorkBookWhite.png" + ], + "version": "1.0.0", + "title": "Lookout", + "templateRelativePath": "LookoutEvents.json", + "subtitle": "", + "provider": "Lookout" +}, +{ + "workbookKey": "sentinel-MicrosoftPurview", + "logoFileName": "MicrosoftPurview.svg", + "description": "Sets the time name for analysis", + "dataTypesDependencies": [ + "AzureDiagnostics" + ], + "dataConnectorsDependencies": [ + "MicrosoftAzurePurview" + ], + "previewImagesFileNames": [ + "" + ], + "version": "1.0.0", + "title": "Microsoft Purview", + "templateRelativePath": "MicrosoftPurview.json", + "subtitle": "", + "provider": "Microsoft" +}, +{ + "workbookKey": "InfobloxCDCB1TDWorkbook", + "logoFileName": "infoblox_logo.svg", + "description": "Sets the time name for analysis", + "dataTypesDependencies": [ + "CommonSecurityLog" + ], + "dataConnectorsDependencies": [ + "InfobloxCloudDataConnector" + ], + "previewImagesFileNames": [ + "InfobloxCDCB1TDBlack.png", + "InfobloxCDCB1TDWhite.png" + ], + "version": "1.0.0", + "title": "Infoblox Cloud Data Connector", + "templateRelativePath": "InfobloxCDCB1TDWorkbook.json", + "subtitle": "", + "provider": "InfoBlox" +}, +{ + "workbookKey": "UbiquitiUniFiWorkbook", + "logoFileName": "ubiquiti.svg", + "description": "Sets the time name for analysis", + "dataTypesDependencies": [ + "Ubiquiti_CL" + ], + "dataConnectorsDependencies": [ + "UbiquitiUnifi" + ], + "previewImagesFileNames": [ + "UbiquitiOverviewBlack01.png", + "UbiquitiOverviewBlack02.png", + "UbiquitiOverviewWhite01.png", + "UbiquitiOverviewWhite02.png" + ], + "version": "1.0.0", + "title": "Ubiquiti UniFi", + "templateRelativePath": "Ubiquiti.json", + "subtitle": "", + "provider": "Microsoft" +}, +{ + "workbookKey": "VMwareESXiWorkbook", + "logoFileName": "Azure_Sentinel.svg", + "description": "Sets the time name for analysis", + "dataTypesDependencies": [ + "Syslog" + ], + "dataConnectorsDependencies": [ + "VMwareESXi" + ], + "previewImagesFileNames": [ + "VMWareESXiBlack.png", + "VMWareESXiWhite.png" + ], + "version": "1.0.0", + "title": "VMware ESXi", + "templateRelativePath": "VMWareESXi.json", + "subtitle": "", + "provider": "Microsoft" +}, +{ + "workbookKey": "SnowflakeWorkbook", + "logoFileName": "Azure_Sentinel.svg", + "description": "Sets the time name for analysis", + "dataTypesDependencies": [ + "Snowflake_CL" + ], + "dataConnectorsDependencies": [ + "SnowflakeDataConnector" + ], + "previewImagesFileNames": [ + "SnowflakeBlack.png", + "SnowflakeWhite.png" + ], + "version": "1.0.0", + "title": "Snowflake", + "templateRelativePath": "Snowflake.json", + "subtitle": "", + "provider": "Snowflake" +}, +{ + "workbookKey": "LastPassWorkbook", + "logoFileName": "LastPass.svg", + "description": "Sets the time name for analysis", + "dataTypesDependencies": [ + "LastPassNativePoller_CL" + ], + "dataConnectorsDependencies": [ + "LastPassAPIConnector" + ], + "previewImagesFileNames": [ + "LastPassBlack.png", + "LastPassWhite.png" + ], + "version": "1.0.0", + "title": "Lastpass Enterprise Activity Monitoring", + "templateRelativePath": "LastPassWorkbook.json", + "subtitle": "", + "provider": "LastPass" +}, +{ + "workbookKey": "SecurityBridgeWorkbook", + "logoFileName": "SecurityBridgeLogo-Vector-TM_75x75.svg", + "description": "Sets the time name for analysis", + "dataTypesDependencies": [ + "SecurityBridgeLogs" + ], + "dataConnectorsDependencies": [ + "SecurityBridgeSAP" + ], + "previewImagesFileNames": [ + "SecurityBridgeThreatDetectionWhite.png", + "SecurityBridgeThreatDetectionWhite1.png" + ], + "version": "1.0.0", + "title": "SecurityBridge App", + "templateRelativePath": "SecurityBridgeThreatDetectionforSAP.json", + "subtitle": "", + "provider": "SecurityBridge" +}, +{ + "workbookKey": "PaloAltoPrismaCloudWorkbook", + "logoFileName": "paloalto_logo.svg", + "description": "Sets the time name for analysis.", + "dataTypesDependencies": [ + "PaloAltoPrismaCloudAlert_CL", + "PaloAltoPrismaCloudAudit_CL" + ], + "dataConnectorsDependencies": [ + "PaloAltoPrismaCloud" + ], + "previewImagesFileNames": [ + "PaloAltoPrismaCloudBlack01.png", + "PaloAltoPrismaCloudBlack02.png", + "PaloAltoPrismaCloudWhite01.png", + "PaloAltoPrismaCloudWhite02.png" + ], + "version": "1.0.0", + "title": "Palo Alto Prisma", + "templateRelativePath": "PaloAltoPrismaCloudOverview.json", + "subtitle": "", + "provider": "Microsoft" +}, +{ + "workbookKey": "PingFederateWorkbook", + "logoFileName": "PingIdentity.svg", + "description": "Sets the time name for analysis", + "dataTypesDependencies": [ + "PingFederateEvent" + ], + "dataConnectorsDependencies": [ + "PingFederate" + ], + "previewImagesFileNames": [ + "PingFederateBlack1.png", + "PingFederateWhite1.png" + ], + "version": "1.0.0", + "title": "PingFederate", + "templateRelativePath": "PingFederate.json", + "subtitle": "", + "provider": "Microsoft" +}, +{ + "workbookKey": "McAfeeePOWorkbook", + "logoFileName": "mcafee_logo.svg", + "description": "Sets the time name for analysis", + "dataTypesDependencies": [ + "McAfeeEPOEvent" + ], + "dataConnectorsDependencies": [ + "McAfeeePO" + ], + "previewImagesFileNames": [ + "McAfeeePOBlack1.png", + "McAfeeePOBlack2.png", + "McAfeeePOWhite1.png", + "McAfeeePOWhite2.png" + ], + "version": "1.0.0", + "title": "McAfee ePolicy Orchestrator", + "templateRelativePath": "McAfeeePOOverview.json", + "subtitle": "", + "provider": "Microsoft" +}, +{ + "workbookKey": "OracleDatabaseAudit", + "logoFileName": "oracle_logo.svg", + "description": "Sets the time name for analysis", + "dataTypesDependencies": [ + "Syslog" + ], + "dataConnectorsDependencies": [ + "OracleDatabaseAudit" + ], + "previewImagesFileNames": [ + "OracleDatabaseAuditBlack1.png", + "OracleDatabaseAuditBlack2.png", + "OracleDatabaseAuditWhite1.png", + "OracleDatabaseAuditWhite2.png" + ], + "version": "1.0.0", + "title": "Oracle Database Audit", + "templateRelativePath": "OracleDatabaseAudit.json", + "subtitle": "", + "provider": "Oracle" +}, +{ + "workbookKey": "SenservaProAnalyticsWorkbook", + "logoFileName": "SenservaPro_logo.svg", + "description": "Sets the time name for analysis", + "dataTypesDependencies": [ + "SenservaPro_CL" + ], + "dataConnectorsDependencies": [ + "SenservaPro" + ], + "previewImagesFileNames": [ + "SenservaProAnalyticsBlack.png", + "SenservaProAnalyticsWhite.png" + ], + "version": "1.0.0", + "title": "SenservaProAnalytics", + "templateRelativePath": "SenservaProAnalyticsWorkbook.json", + "subtitle": "", + "provider": "Senserva Pro" +}, +{ + "workbookKey": "SenservaProMultipleWorkspaceWorkbook", + "logoFileName": "SenservaPro_logo.svg", + "description": "Sets the time name for analysis", + "dataTypesDependencies": [ + "SenservaPro_CL" + ], + "dataConnectorsDependencies": [ + "SenservaPro" + ], + "previewImagesFileNames": [ + "SenservaProMultipleWorkspaceWorkbookBlack.png", + "SenservaProMultipleWorkspaceWorkbookWhite.png" + ], + "version": "1.0.0", + "title": "SenservaProMultipleWorkspace", + "templateRelativePath": "SenservaProMultipleWorkspaceWorkbook.json", + "subtitle": "", + "provider": "Senserva Pro" +}, +{ + "workbookKey": "SenservaProSecureScoreMultiTenantWorkbook", + "logoFileName": "SenservaPro_logo.svg", + "description": "Sets the time name for analysis", + "dataTypesDependencies": [ + "SenservaPro_CL" + ], + "dataConnectorsDependencies": [ + "SenservaPro" + ], + "previewImagesFileNames": [ + "SenservaProSecureScoreMultiTenantBlack.png", + "SenservaProSecureScoreMultiTenantWhite.png" + ], + "version": "1.0.0", + "title": "SenservaProSecureScoreMultiTenant", + "templateRelativePath": "SenservaProSecureScoreMultiTenantWorkbook.json", + "subtitle": "", + "provider": "Senserva Pro" +}, +{ + "workbookKey": "CiscoSecureEndpointOverviewWorkbook", + "logoFileName": "cisco-logo-72px.svg", + "description": "Sets the time name for analysis", + "dataTypesDependencies": [ + "CiscoSecureEndpoint" + ], + "dataConnectorsDependencies": [ + "CiscoSecureEndpoint" + ], + "previewImagesFileNames": [ + "CiscoSecureEndpointBlack.png", + "CiscoSecureEndpointWhite.png" + ], + "version": "1.0.0", + "title": "Cisco Secure Endpoint", + "templateRelativePath": "Cisco Secure Endpoint Overview.json", + "subtitle": "", + "provider": "Cisco" +}, +{ + "workbookKey": "InfoSecGlobalWorkbook", + "logoFileName": "infosecglobal.svg", + "description": "Sets the time name for analysis.", + "dataTypesDependencies": [ + "InfoSecAnalytics_CL" + ], + "dataConnectorsDependencies": [ + "InfoSecDataConnector" + ], + "previewImagesFileNames": [ + "InfoSecGlobalWorkbookBlack.png", + "InfoSecGlobalWorkbookWhite.png" + ], + "version": "1.0.0", + "title": "AgileSec Analytics Connector", + "templateRelativePath": "InfoSecGlobal.json", + "subtitle": "", + "provider": "InfoSecGlobal" +}, +{ + "workbookKey": "CrowdStrikeFalconEndpointProtectionWorkbook", + "logoFileName": "crowdstrike.svg", + "description": "Sets the time name for analysis", + "dataTypesDependencies": [ + "CrowdstrikeReplicatorLogs_CL" + ], + "dataConnectorsDependencies": [ + "CrowdstrikeReplicator" + ], + "previewImagesFileNames": [ + "CrowdStrikeFalconEndpointProtectionBlack.png", + "CrowdStrikeFalconEndpointProtectionWhite.png" + ], + "version": "1.0.0", + "title": "CrowdStrike Falcon Endpoint Protection", + "templateRelativePath": "CrowdStrikeFalconEndpointProtection.json", + "subtitle": "", + "provider": "Microsoft" +}, +{ + "workbookKey": "IronDefenseAlertDashboard", + "logoFileName": "IronNet.svg", + "description": "Sets the time name for analysis", + "dataTypesDependencies": [ + "CommonSecurityLog" + ], + "dataConnectorsDependencies": [ + "IronNetIronDefense" + ], + "previewImagesFileNames": [ + "IronDefenseDashboardBlack.png", + "IronDefenseDashboardWhit.png" + ], + "version": "1.0.0", + "title": "IronDefenseAlertDashboard", + "templateRelativePath": "IronDefenseAlertDashboard.json", + "subtitle": "", + "provider": "Microsoft" +}, +{ + "workbookKey": "IronDefenseAlertDetails", + "logoFileName": "IronNet.svg", + "description": "Sets the time name for analysis", + "dataTypesDependencies": [ + "CommonSecurityLog" + ], + "dataConnectorsDependencies": [ + "IronNetIronDefense" + ], + "previewImagesFileNames": [ + "IronDefenseAlertsBlack.png", + "IronDefenseAlertsWhite.png" + ], + "version": "1.0.0", + "title": "IronDefenseAlertDetails", + "templateRelativePath": "IronDefenseAlertDetails.json", + "subtitle": "", + "provider": "Microsoft" +}, +{ + "workbookKey": "CiscoSEGWorkbook", + "logoFileName": "cisco-logo-72px.svg", + "description": "Sets the time name for analysis", + "dataTypesDependencies": [ + "CommonSecurityLog" + ], + "dataConnectorsDependencies": [ + "CiscoSEG" + ], + "previewImagesFileNames": [ + "CiscoSEGBlack.png", + "CiscoSEGWhite.png" + ], + "version": "1.0.0", + "title": "Cisco Secure Email Gateway", + "templateRelativePath": "CiscoSEG.json", + "subtitle": "", + "provider": "Cisco" +}, +{ + "workbookKey": "EatonForeseerHealthAndAccess", + "logoFileName": "Azure_Sentinel.svg", + "description": "This workbook gives an insight into the health of all the Windows VMs in this subscription running Eaton Foreseer and the unauthorized access into the Eaton Foreseer application running on these VMs.", + "dataTypesDependencies": [ + "SecurityEvent" + ], + "dataConnectorsDependencies": [], + "previewImagesFileNames": [ + "EatonForeseerHealthAndAccessBlack.png", + "EatonForeseerHealthAndAccessWhite.png" + ], + "version": "1.0.0", + "title": "EatonForeseerHealthAndAccess", + "templateRelativePath": "EatonForeseerHealthAndAccess.json", + "subtitle": "", + "provider": "Eaton" +}, +{ + "workbookKey": "PCIDSSComplianceWorkbook", + "logoFileName": "Azure_Sentinel.svg", + "description": "Choose your subscription and workspace in which PCI assets are deployed", + "dataTypesDependencies": [ + "AzureDaignostics", + "SecurityEvent", + "SecurityAlert", + "OracleDatabaseAuditEvent", + "Syslog", + "Anomalies" + ], + "dataConnectorsDependencies": [], + "previewImagesFileNames": [ + "PCIDSSComplianceBlack01.PNG", + "PCIDSSComplianceBlack02.PNG", + "PCIDSSComplianceWhite01.PNG", + "PCIDSSComplianceWhite02.PNG" + ], + "version": "1.0.0", + "title": "PCI DSS Compliance", + "templateRelativePath": "PCIDSSCompliance.json", + "subtitle": "", + "provider": "Microsoft" +}, +{ + "workbookKey": "SonraiSecurityWorkbook", + "logoFileName": "Sonrai.svg", + "description": "Sets the time name for analysis", + "dataTypesDependencies": [ + "Sonrai_Tickets_CL" + ], + "dataConnectorsDependencies": [ + "SonraiDataConnector" + ], + "previewImagesFileNames": [ + "SonraiWorkbookBlack.png", + "SonraiWorkbookWhite.png" + ], + "version": "1.0.0", + "title": "Sonrai", + "templateRelativePath": "Sonrai.json", + "subtitle": "", + "provider": "Sonrai" +}, +{ + "workbookKey": "CloudflareWorkbook", + "logoFileName": "cloudflare.svg", + "description": "Sets the time name for analysis", + "dataTypesDependencies": [ + "Cloudflare_CL" + ], + "dataConnectorsDependencies": [ + "CloudflareDataConnector" + ], + "previewImagesFileNames": [ + "CloudflareOverviewBlack01.png", + "CloudflareOverviewBlack02.png", + "CloudflareOverviewWhite01.png", + "CloudflareOverviewWhite02.png" + ], + "version": "1.0.0", + "title": "Cloudflare", + "templateRelativePath": "Cloudflare.json", + "subtitle": "", + "provider": "Cloudflare" +}, +{ + "workbookKey": "SemperisDSPWorkbook", + "logoFileName": "Semperis.svg", + "description": "Specify the time range on which to query the data", + "dataTypesDependencies": [ + "dsp_parser" + ], + "dataConnectorsDependencies": [ + "SemperisDSP" + ], + "previewImagesFileNames": [ + "SemperisDSPOverview1Black.png", + "SemperisDSPOverview1White.png", + "SemperisDSPOverview2Black.png", + "SemperisDSPOverview2White.png", + "SemperisDSPOverview3Black.png", + "SemperisDSPOverview3White.png" + ], + "version": "1.0.0", + "title": "Semperis Directory Services Protector", + "templateRelativePath": "SemperisDSPWorkbook.json", + "subtitle": "", + "provider": "Semperis" +}, +{ + "workbookKey": "BoxWorkbook", + "logoFileName": "box.svg", + "description": "Sets the time name for analysis", + "dataTypesDependencies": [ + "BoxEvents_CL" + ], + "dataConnectorsDependencies": [ + "BoxDataConnector" + ], + "previewImagesFileNames": [ + "BoxBlack1.png", + "BoxWhite1.png", + "BoxBlack2.png", + "BoxWhite2.png" + ], + "version": "1.0.0", + "title": "Box", + "templateRelativePath": "Box.json", + "subtitle": "", + "provider": "Box" +}, +{ + "workbookKey": "SymantecEndpointProtection", + "logoFileName": "symantec_logo.svg", + "description": "Sets the time name for analysis", + "dataTypesDependencies": [ + "SymantecEndpointProtection" + ], + "dataConnectorsDependencies": [ + "SymantecEndpointProtection" + ], + "previewImagesFileNames": [ + "SymantecEndpointProtectionBlack.png", + "SymantecEndpointProtectionWhite.png" + ], + "version": "1.0.0", + "title": "Symantec Endpoint Protection", + "templateRelativePath": "SymantecEndpointProtection.json", + "subtitle": "", + "provider": "Symantec" +}, +{ + "workbookKey": "DynamicThreatModeling&Response", + "logoFileName": "", + "description": "Sets the time name for analysis", + "dataTypesDependencies": [ + "SecurityAlert" + ], + "dataConnectorsDependencies": [], + "previewImagesFileNames": [ + "ThreatAnalysis&ResponseWhite1.png", + "ThreatAnalysis&ResponseWhite2.png" + ], + "version": "1.0.0", + "title": "Dynamic Threat Modeling Response", + "templateRelativePath": "DynamicThreatModeling&Response.json", + "subtitle": "", + "provider": "Microsoft" +}, +{ + "workbookKey": "ThreatAnalysis&Response", + "logoFileName": "", + "description": "The Defenders for IoT workbook provide guided investigations for OT entities based on open incidents, alert notifications, and activities for OT assets. They also provide a hunting experience across the MITRE ATT&CK® framework for ICS, and are designed to enable analysts, security engineers, and MSSPs to gain situational awareness of OT security posture.", + "dataTypesDependencies": [ + "SecurityAlert" + ], + "dataConnectorsDependencies": [], + "previewImagesFileNames": [ + "ThreatAnalysis&ResponseWhite.png" + ], + "version": "1.0.1", + "title": "Threat Analysis Response", + "templateRelativePath": "ThreatAnalysis&Response.json", + "subtitle": "", + "provider": "Microsoft" +}, +{ + "workbookKey": "TrendMicroCAS", + "logoFileName": "Trend_Micro_Logo.svg", + "description": "Sets the time name for analysis", + "dataTypesDependencies": [ + "TrendMicroCAS_CL" + ], + "dataConnectorsDependencies": [ + "TrendMicroCAS" + ], + "previewImagesFileNames": [ + "TrendMicroCASBlack.png", + "TrendMicroCASWhite.png" + ], + "version": "1.0.0", + "title": "TrendMicroCAS", + "templateRelativePath": "TrendMicroCAS.json", + "subtitle": "", + "provider": "TrendMicro" +}, +{ + "workbookKey": "GitHubSecurityWorkbook", + "logoFileName": "GitHub.svg", + "description": "Gain insights to GitHub activities that may be interesting for security.", + "dataTypesDependencies": [ + "GitHubAuditLogPolling_CL" + ], + "dataConnectorsDependencies": [ + "GitHubEcAuditLogPolling" + ], + "previewImagesFileNames": [], + "version": "1.0.0", + "title": "GithubWorkbook", + "templateRelativePath": "GitHubWorkbook.json", + "subtitle": "", + "provider": "Microsoft" +}, +{ + "workbookKey": "GCPDNSWorkbook", + "logoFileName": "google_logo.svg", + "description": "Sets the time name for analysis", + "dataTypesDependencies": [ + "GCPCloudDNS" + ], + "dataConnectorsDependencies": [ + "GCPDNSDataConnector" + ], + "previewImagesFileNames": [ + "GCPDNSBlack.png", + "GCPDNSWhite.png" + ], + "version": "1.0.0", + "title": "Google Cloud Platform DNS", + "templateRelativePath": "GCPDNS.json", + "subtitle": "", + "provider": "Microsoft" +}, +{ + "workbookKey": "AtlassianJiraAuditWorkbook", + "logoFileName": "", + "description": "Sets the time name for analysis", + "dataTypesDependencies": [ + "AtlassianJiraNativePoller_CL" + ], + "dataConnectorsDependencies": [ + "AtlassianJira" + ], + "previewImagesFileNames": [ + "AtlassianJiraAuditWhite.png", + "AtlassianJiraAuditBlack.png" + ], + "version": "1.0.0", + "title": "AtlassianJiraAudit", + "templateRelativePath": "AtlassianJiraAudit.json", + "subtitle": "", + "provider": "Atlassian" +}, +{ + "workbookKey": "DigitalGuardianWorkbook", + "logoFileName": "Azure_Sentinel.svg", + "description": "Sets the time name for analysis", + "dataTypesDependencies": [ + "DigitalGuardianDLPEvent" + ], + "dataConnectorsDependencies": [ + "DigitalGuardianDLP" + ], + "previewImagesFileNames": [ + "DigitalGuardianBlack.png", + "DigitalGuardianWhite.png" + ], + "version": "1.0.0", + "title": "DigitalGuardianDLP", + "templateRelativePath": "DigitalGuardian.json", + "subtitle": "", + "provider": "Digital Guardian" +}, +{ + "workbookKey": "CiscoDuoWorkbook", + "logoFileName": "cisco-logo-72px.svg", + "description": "Sets the time name for analysis", + "dataTypesDependencies": [ + "CiscoDuo_CL" + ], + "dataConnectorsDependencies": [ + "CiscoDuoSecurity" + ], + "previewImagesFileNames": [ + "CiscoDuoWhite.png", + "CiscoDuoBlack.png" + ], + "version": "1.0.0", + "title": "CiscoDuoSecurity", + "templateRelativePath": "CiscoDuo.json", + "subtitle": "", + "provider": "Cisco" +}, +{ + "workbookKey": "SlackAudit", + "logoFileName": "slacklogo.svg", + "description": "Sets the time name for analysis", + "dataTypesDependencies": [ + "SlackAudit_CL" + ], + "dataConnectorsDependencies": [ + "SlackAuditAPI" + ], + "previewImagesFileNames": [ + "SlackAuditApplicationActivityBlack1.png", + "SlackAuditApplicationActivityWhite1.png" + ], + "version": "1.0.0", + "title": "SlackAudit", + "templateRelativePath": "SlackAudit.json", + "subtitle": "", + "provider": "Slack" +}, +{ + "workbookKey": "CiscoWSAWorkbook", + "logoFileName": "cisco-logo-72px.svg", + "description": "Sets the time name for analysis", + "dataTypesDependencies": [ + "Syslog" + ], + "dataConnectorsDependencies": [ + "CiscoWSA" + ], + "previewImagesFileNames": [ + "CiscoWSAWhite.png", + "CiscoWSABlack.png" + ], + "version": "1.0.0", + "title": "CiscoWSA", + "templateRelativePath": "CiscoWSA.json", + "subtitle": "", + "provider": "Cisco" +}, +{ + "workbookKey": "GCP-IAM-Workbook", + "logoFileName": "google_logo.svg", + "description": "Sets the time name for analysis", + "dataTypesDependencies": [ + "GCP_IAM_CL" + ], + "dataConnectorsDependencies": [ + "GCPIAMDataConnector" + ], + "previewImagesFileNames": [ + "GCPIAMBlack01.png", + "GCPIAMBlack02.png", + "GCPIAMWhite01.png", + "GCPIAMWhite02.png" + ], + "version": "1.0.0", + "title": "Google Cloud Platform IAM", + "templateRelativePath": "GCP_IAM.json", + "subtitle": "", + "provider": "Google" +}, +{ + "workbookKey": "ImpervaWAFCloudWorkbook", + "logoFileName": "Imperva_DarkGrey_final_75x75.svg", + "description": "Sets the time name for analysis.", + "dataTypesDependencies": [ + "ImpervaWAFCloud_CL" + ], + "dataConnectorsDependencies": [ + "ImpervaWAFCloudAPI" + ], + "previewImagesFileNames": [ + "ImpervaWAFCloudBlack01.png", + "ImpervaWAFCloudBlack02.png", + "ImpervaWAFCloudWhite01.png", + "ImpervaWAFCloudWhite02.png" + ], + "version": "1.0.0", + "title": "Imperva WAF Cloud Overview", + "templateRelativePath": "Imperva WAF Cloud Overview.json", + "subtitle": "", + "provider": "Microsoft" +}, +{ + "workbookKey": "ZscalerZPAWorkbook", + "logoFileName": "ZscalerLogo.svg", + "description": "Select the time range for this Overview.", + "dataTypesDependencies": [ + "ZPA_CL" + ], + "dataConnectorsDependencies": [ + "ZscalerPrivateAccess" + ], + "previewImagesFileNames": [ + "ZscalerZPABlack.png", + "ZscalerZPAWhite.png" + ], + "version": "1.0.0", + "title": "Zscaler Private Access (ZPA)", + "templateRelativePath": "ZscalerZPA.json", + "subtitle": "", + "provider": "Zscaler" +}, +{ + "workbookKey": "GoogleWorkspaceWorkbook", + "logoFileName": "google_logo.svg", + "description": "Sets the time name for analysis", + "dataTypesDependencies": [ + "GWorkspace_ReportsAPI_admin_CL", + "GWorkspace_ReportsAPI_calendar_CL", + "GWorkspace_ReportsAPI_drive_CL", + "GWorkspace_ReportsAPI_login_CL", + "GWorkspace_ReportsAPI_login_CL", + "GWorkspace_ReportsAPI_mobile_CL" + ], + "dataConnectorsDependencies": [ + "GoogleWorkspaceReportsAPI" + ], + "previewImagesFileNames": [ + "GoogleWorkspaceBlack.png", + "GoogleWorkspaceWhite.png" + ], + "version": "1.0.0", + "title": "GoogleWorkspaceReports", + "templateRelativePath": "GoogleWorkspace.json", + "subtitle": "", + "provider": "Microsoft" +}, +{ + "workbookKey": "NCProtectWorkbook", + "logoFileName": "NCProtectIcon.svg", + "description": "Sets the time name for analysis", + "dataTypesDependencies": [ + "NCProtectUAL_CL" + ], + "dataConnectorsDependencies": [ + "NucleusCyberNCProtect" + ], + "previewImagesFileNames": [ + "", + "" + ], + "version": "1.0.0", + "title": "NucleusCyberProtect", + "templateRelativePath": "NucleusCyber_NCProtect_Workbook.json", + "subtitle": "", + "provider": "archTIS" +}, +{ + "workbookKey": "CiscoISEWorkbook", + "logoFileName": "cisco-logo-72px.svg", + "description": "Sets the time name for analysis", + "dataTypesDependencies": [ + "Syslog" + ], + "dataConnectorsDependencies": [ + "CiscoISE" + ], + "previewImagesFileNames": [], + "version": "1.0.0", + "title": "Cisco ISE", + "templateRelativePath": "CiscoISE.json", + "subtitle": "", + "provider": "Cisco" +}, +{ + "workbookKey": "IoTOTThreatMonitoringwithDefenderforIoTWorkbook", + "logoFileName": "", + "description": "The OT Threat Monitoring with Defender for IoT Workbook features OT filtering for Security Alerts, Incidents, Vulnerabilities and Asset Inventory. The workbook features a dynamic assessment of the MITRE ATT&CK for ICS matrix across your environment to analyze and respond to OT-based threats. This workbook is designed to enable SecOps Analysts, Security Engineers, and MSSPs to gain situational awareness for IT/OT security posture.", + "dataTypesDependencies": [ + "SecurityAlert", + "SecurityIncident" + ], + "dataConnectorsDependencies": [], + "previewImagesFileNames": [], + "version": "1.0.0", + "title": "Microsoft Defender for IoT", + "templateRelativePath": "IoTOTThreatMonitoringwithDefenderforIoT.json", + "subtitle": "", + "provider": "Microsoft" +}, +{ + "workbookKey": "ZeroTrust(TIC3.0)Workbook", + "logoFileName": "Azure_Sentinel.svg", + "description": "Sets the time name for analysis", + "dataTypesDependencies": [ + "SecurityRecommendation" + ], + "dataConnectorsDependencies": [], + "previewImagesFileNames": [ + "ZeroTrust(TIC3.0)Black1.PNG", + "ZeroTrust(TIC3.0)White1.PNG" + ], + "version": "1.0.0", + "title": "ZeroTrust(TIC3.0)", + "templateRelativePath": "ZeroTrustTIC3.json", + "subtitle": "", + "provider": "Microsoft" +}, +{ + "workbookKey": "InsiderRiskManagementWorkbook", + "logoFileName": "Azure_Sentinel.svg", + "description": "The Microsoft Insider Risk Management Workbook integrates telemetry from 25+ Microsoft security products to provide actionable insights into insider risk management. Reporting tools provide \u201cGo to Alert\u201d links to provide deeper integration between products and a simplified user experience for exploring alerts. ", + "dataTypesDependencies": [ + "SigninLogsSigninLogs", + "AuditLogs", + "AzureActivity", + "OfficeActivity", + "InformationProtectionLogs_CL", + "SecurityIncident" + ], + "dataConnectorsDependencies": [], + "previewImagesFileNames": [ + "InsiderRiskManagementBlack1.png" + ], + "version": "1.0.0", + "title": "Insider Risk Management", + "templateRelativePath": "InsiderRiskManagement.json", + "subtitle": "", + "provider": "Microsoft" +}, +{ + "workbookKey": "CybersecurityMaturityModelCertification(CMMC)2.0Workbook", + "logoFileName": "", + "description": "Sets the time name for analysis.", + "dataTypesDependencies": [ + "InformationProtectionLogs_CL", + "AuditLogs", + "SecurityIncident", + "SigninLogs", + "AzureActivity" + ], + "dataConnectorsDependencies": [], + "previewImagesFileNames": [], + "version": "1.0.0", + "title": "CybersecurityMaturityModelCertification(CMMC)2.0", + "templateRelativePath": "CybersecurityMaturityModelCertification_CMMCV2.json", + "subtitle": "", + "provider": "Microsoft" +}, +{ + "workbookKey": "NISTSP80053Workbook", "logoFileName": "", - "description": "A workbook that provides contextual information to a user for better insight on Anomalies and their impact. The workbook will help with investigation of anomalies as well as identify patterns that can lead to a threat.", + "description": "Sets the time name for analysis.", + "dataTypesDependencies": [ + "SigninLogs", + "AuditLogs", + "AzureActivity", + "OfficeActivity", + "SecurityEvents", + "CommonSecurityLog", + "SecurityIncident", + "SecurityRecommendation" + ], + "dataConnectorsDependencies": [ + "SecurityEvents" + ], + "previewImagesFileNames": [], + "version": "1.0.0", + "title": "NISTSP80053workbook", + "templateRelativePath": "NISTSP80053.json", + "subtitle": "", + "provider": "Microsoft" +}, +{ + "workbookKey": "DarktraceWorkbook", + "logoFileName": "Darktrace.svg", + "description": "The Darktrace Workbook visualises Model Breach and AI Analyst data received by the Darktrace Data Connector and visualises events across the network, SaaS, IaaS and Email.", "dataTypesDependencies": [ - "Anomalies" + "darktrace_model_alerts_CL" + ], + "dataConnectorsDependencies": [ + "DarktraceRESTConnector" ], - "dataConnectorsDependencies": [], "previewImagesFileNames": [ - "AnomaliesVisualizationWorkbookWhite.png", - "AnomaliesVisualizationWorkbookBlack.png" + "DarktraceWorkbookBlack01.png", + "DarktraceWorkbookBlack02.png", + "DarktraceWorkbookWhite01.png", + "DarktraceWorkbookWhite02.png" + ], + "version": "1.0.1", + "title": "Darktrace", + "templateRelativePath": "DarktraceWorkbook.json", + "subtitle": "", + "provider": "Darktrace" +}, +{ + "workbookKey": "RecordedFutureDomainC2DNSWorkbook", + "logoFileName": "RecordedFuture.svg", + "description": "Sets the time name for DNS Events and Threat Intelligence Time Range", + "dataTypesDependencies": [ + "ThreatIntelligenceIndicator" ], + "dataConnectorsDependencies": [], + "previewImagesFileNames": [], "version": "1.0.0", - "title": "AnomaliesVisulization", - "templateRelativePath": "AnomaliesVisualization.json", + "title": "Recorded Future - C&C DNS Name to DNS Events - Correlation&Threat Hunting", + "templateRelativePath": "Recorded Future - C&C DNS Name to DNS Events - Correlation&Threat Hunting.json", "subtitle": "", - "provider": "Microsoft Sentinel Community" + "provider": "Recorded Future" }, { - "workbookKey": "AnomalyDataWorkbook", - "logoFileName": "", - "description": "A workbook providing details, related Incident, and related Hunting Workbook for a specific Anomaly.", + "workbookKey": "RecordedFutureIPActiveC2Workbook", + "logoFileName": "RecordedFuture.svg", + "description": "Sets the time name for DNS Events and Threat Intelligence Time Range", "dataTypesDependencies": [ - "Anomalies" + "ThreatIntelligenceIndicator" ], "dataConnectorsDependencies": [], + "previewImagesFileNames": [], + "version": "1.0.0", + "title": "Recorded Future - Actively Communicating C&C IPs to DNS Events - Correlation&Threat Hunting", + "templateRelativePath": "Recorded Future - Actively Communicating C&C IPs to DNS Events - Correlation&Threat Hunting.json", + "subtitle": "", + "provider": "Recorded Future" +}, +{ + "workbookKey": "MaturityModelForEventLogManagement_M2131", + "logoFileName": "contrastsecurity_logo.svg", + "description": "Select the time range for this Overview.", + "dataTypesDependencies": [], + "dataConnectorsDependencies": [], "previewImagesFileNames": [ - "AnomalyDataWorkbookWhite.png", - "AnomalyDataWorkbookBlack.png" + "MaturityModelForEventLogManagement_M2131Black.png" ], "version": "1.0.0", - "title": "AnomalyData", - "templateRelativePath": "AnomalyData.json", + "title": "MaturityModelForEventLogManagementM2131", + "templateRelativePath": "MaturityModelForEventLogManagement_M2131.json", "subtitle": "", - "provider": "Microsoft Sentinel Community" + "provider": "Microsoft" }, { - "workbookKey": "MicrosoftExchangeLeastPrivilegewithRBAC-Online", - "logoFileName": "Azure_Sentinel.svg", - "description": "This Workbook, dedicated to Exchange Online environments is built to have a simple view of non-standard RBAC delegations on an Exchange Online tenant. This Workbook allow you to go deep dive on custom delegation and roles and also members of each delegation, including the nested level and the group imbrication on your environment.", + "workbookKey": "AzureSQLSecurityWorkbook", + "logoFileName": "AzureSQL.svg", + "description": "Sets the time window in days to search around the alert", "dataTypesDependencies": [ - "ESIExchangeOnlineConfig_CL" + "AzureDiagnostics", + "SecurityAlert", + "SecurityIncident" ], "dataConnectorsDependencies": [ - "ESI-ExchangeOnPremisesCollector", - "ESI-ExchangeAdminAuditLogEvents", - "ESI-ExchangeOnlineCollector" + "AzureSql" ], "previewImagesFileNames": [], "version": "1.0.0", - "title": "Microsoft Exchange Least Privilege with RBAC - Online", - "templateRelativePath": "Microsoft Exchange Least Privilege with RBAC - Online.json", + "title": "Azure SQL Database Workbook", + "templateRelativePath": "Workbook-AzureSQLSecurity.json", "subtitle": "", "provider": "Microsoft" }, { - "workbookKey": "MicrosoftExchangeLeastPrivilegewithRBAC", - "logoFileName": "Azure_Sentinel.svg", - "description": "This Workbook, dedicated to On-Premises environments is built to have a simple view of non-standard RBAC delegations on an On-Premises Exchange environment. This Workbook allow you to go deep dive on custom delegation and roles and also members of each delegation, including the nested level and the group imbrication on your environment.", + "workbookKey": "ContinuousDiagnostics&Mitigation", + "logoFileName": "", + "description": "Select the time range for this Overview.", + "dataTypesDependencies": [], + "dataConnectorsDependencies": [], + "previewImagesFileNames": [ + "ContinuousDiagnostics&MitigationBlack.png" + ], + "version": "1.0.0", + "title": "ContinuousDiagnostics&Mitigation", + "templateRelativePath": "ContinuousDiagnostics&Mitigation.json", + "subtitle": "", + "provider": "Microsoft" +}, +{ + "workbookKey": "UserWorkbook-alexdemichieli-github-update-1", + "logoFileName": "GitHub.svg", + "description": "Repository selector.", "dataTypesDependencies": [ - "ESIExchangeOnlineConfig_CL" + "githubscanaudit_CL" ], "dataConnectorsDependencies": [ - "ESI-ExchangeOnPremisesCollector", - "ESI-ExchangeAdminAuditLogEvents", - "ESI-ExchangeOnlineCollector" + "GitHubWebhook" ], "previewImagesFileNames": [], "version": "1.0.0", - "title": "Microsoft Exchange Least Privilege with RBAC", - "templateRelativePath": "Microsoft Exchange Least Privilege with RBAC.json", + "title": "GithubWorkbook-update-to-workbook-1", + "templateRelativePath": "update-to-workbook-1.json", "subtitle": "", "provider": "Microsoft" }, { - "workbookKey": "MicrosoftExchangeSearchAdminAuditLog", - "logoFileName": "Azure_Sentinel.svg", - "description": "This workbook is dedicated to On-Premises Exchange organizations. It uses the MSExchange Management event logs to give you a simple way to view administrators’ activities in your Exchange environment with Cmdlets usage statistics and multiple pivots to understand who and/or what is affected to modifications on your environment.", + "workbookKey": "AtlasianJiraAuditWorkbook", + "logoFileName": "", + "description": "Select the time range for this Overview.", "dataTypesDependencies": [ - "ESIExchangeOnlineConfig_CL" + "AtlassianJiraNativePoller_CL" ], "dataConnectorsDependencies": [ - "ESI-ExchangeOnPremisesCollector", - "ESI-ExchangeAdminAuditLogEvents", - "ESI-ExchangeOnlineCollector" + "AtlassianJira" + ], + "previewImagesFileNames": [ + "AtlassianJiraAuditBlack.png", + "AtlassianJiraAuditWhite.png" ], - "previewImagesFileNames": [], "version": "1.0.0", - "title": "Microsoft Exchange Search AdminAuditLog", - "templateRelativePath": "Microsoft Exchange Search AdminAuditLog.json", + "title": "AtlasianJiraAuditWorkbook", + "templateRelativePath": "AtlasianJiraAuditWorkbook.json", "subtitle": "", "provider": "Microsoft" }, { - "workbookKey": "MicrosoftExchangeSecurityMonitoring", - "logoFileName": "Azure_Sentinel.svg", - "description": "This Workbook is dedicated to On-Premises Exchange organizations. It uses the MSExchange Management event logs and Microsoft Exchange Security configuration collected by data connectors. It helps to track admin actions, especially on VIP Users and/or on Sensitive Cmdlets. This workbook allows also to list Exchange Services changes, local account activities and local logon on Exchange Servers.", + "workbookKey": "AzureSecurityBenchmark", + "logoFileName": "", + "description": "Azure Security Benchmark v3 Workbook provides a mechanism for viewing log queries, azure resource graph, and policies aligned to ASB controls across Microsoft security offerings, Azure, Microsoft 365, 3rd Party, On-Premises, and Multi-cloud workloads. This workbook enables Security Architects, Engineers, SecOps Analysts, Managers, and IT Pros to gain situational awareness visibility for the security posture of cloud workloads. There are also recommendations for selecting, designing, deploying, and configuring Microsoft offerings for alignment with respective ASB requirements and practices.", + "dataTypesDependencies": [ + "SecurityRegulatoryCompliance", + "AzureDiagnostics", + "SecurityIncident", + "SigninLogs", + "SecurityAlert" + ], + "dataConnectorsDependencies": [], + "previewImagesFileNames": [ + "AzureSecurityBenchmark1.png", + "AzureSecurityBenchmark2.png", + "AzureSecurityBenchmark3.png" + ], + "version": "1.0.0", + "title": "Azure Security Benchmark", + "templateRelativePath": "AzureSecurityBenchmark.json", + "subtitle": "", + "provider": "Microsoft" +}, +{ + "workbookKey": "ZNAccessOchestratorAudit", + "logoFileName": "", + "description": "This workbook provides a summary of ZeroNetworks data.", "dataTypesDependencies": [ - "ESIExchangeOnlineConfig_CL" + "ZNAccessOrchestratorAudit_CL", + "ZNAccessOrchestratorAuditNativePoller_CL" ], "dataConnectorsDependencies": [ - "ESI-ExchangeOnPremisesCollector", - "ESI-ExchangeAdminAuditLogEvents", - "ESI-ExchangeOnlineCollector" + "ZeroNetworksAccessOrchestratorAuditFunction", + "ZeroNetworksAccessOrchestratorAuditNativePoller" ], "previewImagesFileNames": [], "version": "1.0.0", - "title": "Microsoft Exchange Admin Activity", - "templateRelativePath": "Microsoft Exchange Admin Activity.json", + "title": "Zero NetWork", + "templateRelativePath": "ZNSegmentAudit.json", "subtitle": "", - "provider": "Microsoft" + "provider": "Zero Networks" }, { - "workbookKey": "MicrosoftExchangeSecurityReview-Online", - "logoFileName": "Azure_Sentinel.svg", - "description": "This Workbook is dedicated to Exchange Online tenants. It displays and highlights current Security configuration on various Exchange components specific to Online including delegations, the transport configuration and the linked security risks, and risky protocols.", + "workbookKey": "FireworkWorkbook", + "logoFileName": "FlareSystems.svg", + "description": "Select the time range for this Overview.", + "dataTypesDependencies": [ + "Firework_CL" + ], + "dataConnectorsDependencies": [ + "FlareSystemsFirework" + ], + "previewImagesFileNames": [ + "FireworkOverviewBlack01.png", + "FireworkOverviewBlack02.png", + "FireworkOverviewWhite01.png", + "FireworkOverviewWhite02.png" + ], + "version": "1.0.0", + "title": "FlareSystemsFirework", + "templateRelativePath": "FlareSystemsFireworkOverview.json", + "subtitle": "", + "provider": "Flare Systems" +}, +{ + "workbookKey": "UserWorkbook-alexdemichieli-github-update-1", + "logoFileName": "GitHub.svg", + "description": "Gain insights to GitHub activities that may be interesting for security.", "dataTypesDependencies": [ - "ESIExchangeOnlineConfig_CL" + "GitHubAuditLogPolling_CL" ], "dataConnectorsDependencies": [ - "ESI-ExchangeOnPremisesCollector", - "ESI-ExchangeAdminAuditLogEvents", - "ESI-ExchangeOnlineCollector" + "GitHubEcAuditLogPolling" ], "previewImagesFileNames": [], "version": "1.0.0", - "title": "Microsoft Exchange Security Review - Online", - "templateRelativePath": "Microsoft Exchange Security Review - Online.json", + "title": "GitHub Security", + "templateRelativePath": "GitHubAdvancedSecurity.json", "subtitle": "", "provider": "Microsoft" }, { - "workbookKey": "MicrosoftExchangeSecurityReview", - "logoFileName": "Azure_Sentinel.svg", - "description": "This Workbook is dedicated to On-Premises Exchange organizations. It displays and highlights current Security configuration on various Exchange components including delegations, rights on databases, Exchange and most important AD Groups with members including nested groups, local administrators of servers. This workbook helps also to understand the transport configuration and the linked security risks.", + "workbookKey": "TaniumWorkbook", + "logoFileName": "Tanium.svg", + "description": "Visualize Tanium endpoint and module data", + "dataTypesDependencies": [ + "TaniumComplyCompliance_CL", + "TaniumComplyVulnerabilities_CL", + "TaniumDefenderHealth_CL", + "TaniumDiscoverUnmanagedAssets_CL", + "TaniumHighUptime_CL", + "TaniumMainAsset_CL", + "TaniumPatchListApplicability_CL", + "TaniumPatchListCompliance_CL", + "TaniumSCCMClientHealth_CL", + "TaniumThreatResponse_CL" + ], + "dataConnectorsDependencies": [], + "previewImagesFileNames": [ + "TaniumComplyDark.png", + "TaniumComplyLight.png", + "TaniumDiscoverDark.png", + "TaniumDiscoverLight.png", + "TaniumMSToolingHealthDark.png", + "TaniumMSToolingHealthLight.png", + "TaniumPatchDark.png", + "TaniumPatchLight.png", + "TaniumThreatResponseAlertsDark.png", + "TaniumThreatResponseAlertsLight.png", + "TaniumThreatResponseDark.png", + "TaniumThreatResponseLight.png" + ], + "version": "1.0", + "title": "Tanium Workbook", + "templateRelativePath": "TaniumWorkbook.json", + "subtitle": "", + "provider": "Tanium" +}, +{ + "workbookKey": "ActionableAlertsDashboard", + "logoFileName": "", + "description": "None.", "dataTypesDependencies": [ - "ESIExchangeOnlineConfig_CL" + "CyberSixgill_Alerts_CL" ], "dataConnectorsDependencies": [ - "ESI-ExchangeOnPremisesCollector", - "ESI-ExchangeAdminAuditLogEvents", - "ESI-ExchangeOnlineCollector" + "CybersixgillActionableAlerts" ], "previewImagesFileNames": [], "version": "1.0.0", - "title": "Microsoft Exchange Security Review", - "templateRelativePath": "Microsoft Exchange Security Review.json", + "title": "Cybersixgill Actionable Alerts Dashboard", + "templateRelativePath": "ActionableAlertsDashboard.json", "subtitle": "", - "provider": "Microsoft" + "provider": "Cybersixgill" }, { - "workbookKey": "ibossMalwareAndC2Workbook", + "workbookKey": "ActionableAlertsList", "logoFileName": "", - "description": "A workbook providing insights into malware and C2 activity detected by iboss.", + "description": "None.", + "dataTypesDependencies": [ + "CyberSixgill_Alerts_CL" + ], + "dataConnectorsDependencies": [ + "CybersixgillActionableAlerts" + ], + "previewImagesFileNames": [], + "version": "1.0.0", + "title": "Cybersixgill Actionable Alerts List", + "templateRelativePath": "ActionableAlertsList.json", + "subtitle": "", + "provider": "Cybersixgill" +}, +{ + "workbookKey": "ArgosCloudSecurityWorkbook", + "logoFileName": "argos-logo.svg", + "description": "The ARGOS Cloud Security integration for Microsoft Sentinel allows you to have all your important cloud security events in one place.", "dataTypesDependencies": [ + "ARGOS_CL" ], "dataConnectorsDependencies": [ + "ARGOSCloudSecurity" + ], + "previewImagesFileNames": [ + "ARGOSCloudSecurityWorkbookBlack.png", + "ARGOSCloudSecurityWorkbookWhite.png" + ], + "version": "1.0.0", + "title": "ARGOS Cloud Security", + "templateRelativePath": "ARGOSCloudSecurityWorkbook.json", + "subtitle": "", + "provider": "ARGOS Cloud Security" +}, +{ + "workbookKey": "JamfProtectWorkbook", + "logoFileName": "jamf_logo.svg", + "description": "This Jamf Protect Workbook for Microsoft Sentinel enables you to ingest Jamf Protect events forwarded into Microsoft Sentinel.\n Providing reports into all alerts, device controls and Unfied Logs.", + "dataTypesDependencies": [ + "jamfprotect_CL" ], + "dataConnectorsDependencies": [], "previewImagesFileNames": [ + "JamfProtectDashboardBlack.png", + "JamfProtectDashboardWhite.png" + ], + "version": "2.0.0", + "title": "Jamf Protect Workbook", + "templateRelativePath": "JamfProtectDashboard.json", + "subtitle": "", + "provider": "Jamf Software, LLC" +}, +{ + "workbookKey": "AIVectraStream", + "logoFileName": "", + "description": "", + "dataTypesDependencies": [ + "VectraStream_CL" ], + "dataConnectorsDependencies": [ "AIVectraStream" ], + "previewImagesFileNames": [], "version": "1.0.0", - "title": "iboss Malware and C2", - "templateRelativePath": "ibossMalwareAndC2.json", + "title": "AIVectraStreamWorkbook", + "templateRelativePath": "AIVectraStreamWorkbook.json", "subtitle": "", - "provider": "iboss" + "provider": "Vectra AI" }, { - "workbookKey": "ibossWebUsageWorkbook", + "workbookKey": "SecurityScorecardWorkbook", "logoFileName": "", - "description": "A workbook providing insights into web usage activity detected by iboss.", + "description": "This Workbook provides immediate insight into the data coming from SecurityScorecard’s three Sentinel data connectors: SecurityScorecard Cybersecurity Ratings, SecurityScorecard Cybersecurity Ratings - Factors, and SecurityScorecard Cybersecurity Ratings - Issues.", "dataTypesDependencies": [ + "SecurityScorecardFactor_CL", + "SecurityScorecardIssues_CL", + "SecurityScorecardRatings_CL" ], "dataConnectorsDependencies": [ + "SecurityScorecardFactorAzureFunctions", + "SecurityScorecardIssueAzureFunctions", + "SecurityScorecardRatingsAzureFunctions" ], "previewImagesFileNames": [ + "SecurityScorecardBlack1.png", + "SecurityScorecardBlack2.png", + "SecurityScorecardBlack3.png", + "SecurityScorecardBlack4.png", + "SecurityScorecardBlack5.png", + "SecurityScorecardBlack6.png", + "SecurityScorecardWhite1.png", + "SecurityScorecardWhite2.png", + "SecurityScorecardWhite3.png", + "SecurityScorecardWhite4.png", + "SecurityScorecardWhite5.png", + "SecurityScorecardWhite6.png" ], "version": "1.0.0", - "title": "iboss Web Usage", - "templateRelativePath": "ibossWebUsage.json", + "title": "SecurityScorecard", + "templateRelativePath": "SecurityScorecardWorkbook.json", "subtitle": "", - "provider": "iboss" + "provider": "SecurityScorecard" }, { - "workbookKey": "Fortiweb-workbook", - "logoFileName": "Azure_Sentinel.svg", - "description": "This workbook depends on a parser based on a Kusto Function to work as expected [**Fortiweb**](https://aka.ms/sentinel-FortiwebDataConnector-parser) which is deployed with the Microsoft Sentinel Solution.", + "workbookKey": "DigitalShadowsWorkbook", + "logoFileName": "DigitalShadowsLogo.svg", + "description": "test", "dataTypesDependencies": [ - "CommonSecurityLog" + "DigitalShadows_CL" + ], + "dataConnectorsDependencies": [ + "DigitalShadowsSearchlightAzureFunctions" + ], + "previewImagesFileNames": [ + "DigitalShadowsBlack1.png", + "DigitalShadowsBlack2.png", + "DigitalShadowsBlack3.png", + "DigitalShadowsWhite1.png", + "DigitalShadowsWhite2.png", + "DigitalShadowsWhite3.png" + ], + "version": "1.0.0", + "title": "Digital Shadows", + "templateRelativePath": "DigitalShadows.json", + "subtitle": "", + "provider": "Digital Shadows" +}, +{ + "workbookKey": "SalesforceServiceCloudWorkbook", + "logoFileName": "salesforce_logo.svg", + "description": "Sets the time name for analysis.", + "dataTypesDependencies": [ + "SalesforceServiceCloud" ], "dataConnectorsDependencies": [ - "FortinetFortiWeb" + "SalesforceServiceCloud_CL" ], "previewImagesFileNames": [], "version": "1.0.0", - "title": "Fortiweb-workbook", - "templateRelativePath": "Fortiweb-workbook.json", + "title": "Salesforce Service Cloud", + "templateRelativePath": "SalesforceServiceCloud.json", "subtitle": "", - "provider": "Microsoft" + "provider": "Salesforce" }, { - "workbookKey": "ReversingLabs-CapabilitiesOverview", - "logoFileName": "reversinglabs.svg", - "description": "The ReversingLabs-CapabilitiesOverview workbook provides a high level look at your threat intelligence capabilities and how they relate to your operations.", - "dataTypesDependencies": [ - ], - "dataConnectorsDependencies": [ - ], - "previewImagesFileNames": [ - "ReversingLabsTiSummary-White.png", - "ReversingLabsTiSummary-Black.png", - "ReversingLabsOpsSummary-White.png", - "ReversingLabsOpsSummary-Black.png" + "workbookKey": "NetworkSessionSolution", + "logoFileName": "Azure_Sentinel.svg", + "description": "This workbook is included as part of Network Session Essentials solution and gives a summary of analyzed traffic, helps with threat analysis and investigating suspicious IP’s and traffic analysis. Network Session Essentials Solution also includes playbooks to periodically summarize the logs thus enhancing user experience and improving data search. For the effective usage of workbook, we highly recommend to enable the summarization playbooks that are provided with this solution.", + "dataTypesDependencies": [ + "AWSVPCFlow", + "DeviceNetworkEvents", + "SecurityEvent", + "WindowsEvent", + "CommonSecurityLog", + "Syslog", + "CommonSecurityLog", + "VMConnection", + "AzureDiagnostics", + "AzureDiagnostics", + "CommonSecurityLog", + "Corelight_CL", + "VectraStream", + "CommonSecurityLog", + "CommonSecurityLog", + "Syslog", + "CiscoMerakiNativePoller" ], - "version": "1.1.1", - "title": "ReversingLabs-CapabilitiesOverview", - "templateRelativePath": "ReversingLabs-CapabilitiesOverview.json", + "dataConnectorsDependencies": [ "AWSS3", "MicrosoftThreatProtection", "SecurityEvents", "WindowsForwardedEvents", "Zscaler", "MicrosoftSysmonForLinux", "PaloAltoNetworks", "AzureMonitor(VMInsights)", "AzureFirewall", "AzureNSG", "CiscoASA", "Corelight", "AIVectraStream", "CheckPoint", "Fortinet", "CiscoMeraki" ], + "previewImagesFileNames": [], + "version": "1.0.0", + "title": "Network Session Essentials", + "templateRelativePath": "NetworkSessionEssentials.json", "subtitle": "", - "provider": "ReversingLabs" + "provider": "Microsoft" }, { - "workbookKey": "TalonInsights", - "logoFileName": "Talon.svg", - "description": "This workbook provides Talon Security Insights on Log Analytics Query Logs", - "dataTypesDependencies": [], - "dataConnectorsDependencies": [], - "previewImagesFileNames": [ "TalonInsightsBlack.png", "TalonInsightsWhite.png"], + "workbookKey": "SAPSODAnalysis", + "logoFileName": "AliterConsulting.svg", + "description": "SAP SOD Analysis", + "dataTypesDependencies": [ + "SAPAuditLog" + ], + "dataConnectorsDependencies": [ + "SAP" + ], + "previewImagesFileNames": [], "version": "2.0.0", - "title": "Talon Insights", - "templateRelativePath": "TalonInsights.json", + "title": "SAP SOD Analysis", + "templateRelativePath": "SAP - Segregation of Duties v2.0 (by Aliter Consulting).json", + "subtitle": "", + "provider": "Aliter Consulting" + }, + { + "workbookKey": "TheomWorkbook", + "logoFileName": "theom-logo.svg", + "description": "Theom Alert Statistics", + "dataTypesDependencies": [ + "TheomAlerts_CL" + ], + "dataConnectorsDependencies": [ + "Theom" + ], + "previewImagesFileNames": [ + "TheomWorkbook-black.png", + "TheomWorkbook-white.png" + ], + "version": "1.0.0", + "title": "Theom", + "templateRelativePath": "Theom.json", "subtitle": "", - "provider": "Talon Security" + "provider": "Theom" }, { - "workbookKey": "vCenter", - "logoFileName": [], - "description": "This data connector depends on a parser based on Kusto Function **vCenter** to work as expected. [Follow steps to get this Kusto Function](https://aka.ms/sentinel-vCenter-parser)", - "dataTypesDependencies": ["vCenter_CL"], - "dataConnectorsDependencies": ["VMwarevCenter"], - "previewImagesFileNames": [ ], - "version": "1.0.0", - "title": "vCenter", - "templateRelativePath": "vCenter.json", + "workbookKey": "DynatraceWorkbooks", + "logoFileName": "dynatrace.svg", + "description": "This workbook brings together queries and visualizations to assist you in identifying potential threats surfaced by Dynatrace.", + "dataTypesDependencies": [ + "DynatraceAttacks_CL", + "DynatraceAuditLogs_CL", + "DynatraceProblems_CL", + "DynatraceSecurityProblems_CL" + ], + "dataConnectorsDependencies": [ + "DynatraceAttacks", + "DynatraceAuditLogs", + "DynatraceProblems", + "DynatraceRuntimeVulnerabilities" + ], + "previewImagesFileNames": [ + "DynatraceWorkbookBlack.png", + "DynatraceWorkbookWhite.png" + ], + "version": "2.0.0", + "title": "Dynatrace", + "templateRelativePath": "Dynatrace.json", "subtitle": "", - "provider": "VMware" + "provider": "Dynatrace" }, - { - "workbookKey": "SAP-Monitors-AlertsandPerformance", - "logoFileName": "SAPVMIcon.svg", - "description": "SAP -Monitors- Alerts and Performance", - "dataTypesDependencies": ["SAPAuditLog"], - "dataConnectorsDependencies": [ "SAP"], - "previewImagesFileNames": ["SAPVMIcon.svg"], - "version": "2.0.1", - "title": "SAP -Monitors- Alerts and Performance", - "templateRelativePath": "SAP -Monitors- Alerts and Performance.json", + "workbookKey": "MDOWorkbook", + "logoFileName": "", + "description": "Gain extensive insight into your organization's Microsoft Defender for Office Activity by analyzing, and correlating events.\nYou can track malware and phishing detection over time.", + "dataTypesDependencies": [ + "SecurityAlert" + ], + "dataConnectorsDependencies": [ + "MicrosoftThreatProtection" + ], + "previewImagesFileNames": [], + "version": "1.0.0", + "title": "Microsoft 365 Defender MDOWorkbook", + "templateRelativePath": "MDO Insights.json", "subtitle": "", "provider": "Microsoft" }, { - "workbookKey": "SAP-SecurityAuditlogandInitialAccess", - "logoFileName": "SAPVMIcon.svg", - "description": "SAP -Security Audit log and Initial Access", - "dataTypesDependencies": [ "SAPAuditLog"], - "dataConnectorsDependencies": [ "SAP" ], - "previewImagesFileNames": ["SAPVMIcon.svg"], - "version": "2.0.1", - "title": "SAP -Security Audit log and Initial Access", - "templateRelativePath": "SAP -Security Audit log and Initial Access.json", +"workbookKey": "AnomaliesVisualizationWorkbook", +"logoFileName": "", +"description": "A workbook that provides contextual information to a user for better insight on Anomalies and their impact. The workbook will help with investigation of anomalies as well as identify patterns that can lead to a threat.", +"dataTypesDependencies": [ + "Anomalies" +], +"dataConnectorsDependencies": [], +"previewImagesFileNames": [ + "AnomaliesVisualizationWorkbookWhite.png", + "AnomaliesVisualizationWorkbookBlack.png" +], +"version": "1.0.0", +"title": "AnomaliesVisulization", +"templateRelativePath": "AnomaliesVisualization.json", +"subtitle": "", +"provider": "Microsoft Sentinel Community" +}, +{ +"workbookKey": "AnomalyDataWorkbook", +"logoFileName": "", +"description": "A workbook providing details, related Incident, and related Hunting Workbook for a specific Anomaly.", +"dataTypesDependencies": [ + "Anomalies" +], +"dataConnectorsDependencies": [], +"previewImagesFileNames": [ + "AnomalyDataWorkbookWhite.png", + "AnomalyDataWorkbookBlack.png" +], +"version": "1.0.0", +"title": "AnomalyData", +"templateRelativePath": "AnomalyData.json", +"subtitle": "", +"provider": "Microsoft Sentinel Community" +}, +{ +"workbookKey": "MicrosoftExchangeLeastPrivilegewithRBAC-Online", +"logoFileName": "Azure_Sentinel.svg", +"description": "This Workbook, dedicated to Exchange Online environments is built to have a simple view of non-standard RBAC delegations on an Exchange Online tenant. This Workbook allow you to go deep dive on custom delegation and roles and also members of each delegation, including the nested level and the group imbrication on your environment.", +"dataTypesDependencies": [ + "ESIExchangeOnlineConfig_CL" +], +"dataConnectorsDependencies": [ +"ESI-ExchangeOnPremisesCollector", +"ESI-ExchangeAdminAuditLogEvents", +"ESI-ExchangeOnlineCollector" +], +"previewImagesFileNames": [], +"version": "1.0.0", +"title": "Microsoft Exchange Least Privilege with RBAC - Online", +"templateRelativePath": "Microsoft Exchange Least Privilege with RBAC - Online.json", +"subtitle": "", +"provider": "Microsoft" +}, +{ +"workbookKey": "MicrosoftExchangeLeastPrivilegewithRBAC", +"logoFileName": "Azure_Sentinel.svg", +"description": "This Workbook, dedicated to On-Premises environments is built to have a simple view of non-standard RBAC delegations on an On-Premises Exchange environment. This Workbook allow you to go deep dive on custom delegation and roles and also members of each delegation, including the nested level and the group imbrication on your environment.", +"dataTypesDependencies": [ + "ESIExchangeOnlineConfig_CL" +], +"dataConnectorsDependencies": [ +"ESI-ExchangeOnPremisesCollector", +"ESI-ExchangeAdminAuditLogEvents", +"ESI-ExchangeOnlineCollector" +], +"previewImagesFileNames": [], +"version": "1.0.0", +"title": "Microsoft Exchange Least Privilege with RBAC", +"templateRelativePath": "Microsoft Exchange Least Privilege with RBAC.json", +"subtitle": "", +"provider": "Microsoft" +}, +{ +"workbookKey": "MicrosoftExchangeSearchAdminAuditLog", +"logoFileName": "Azure_Sentinel.svg", +"description": "This workbook is dedicated to On-Premises Exchange organizations. It uses the MSExchange Management event logs to give you a simple way to view administrators’ activities in your Exchange environment with Cmdlets usage statistics and multiple pivots to understand who and/or what is affected to modifications on your environment.", +"dataTypesDependencies": [ + "ESIExchangeOnlineConfig_CL" +], +"dataConnectorsDependencies": [ +"ESI-ExchangeOnPremisesCollector", +"ESI-ExchangeAdminAuditLogEvents", +"ESI-ExchangeOnlineCollector" +], +"previewImagesFileNames": [], +"version": "1.0.0", +"title": "Microsoft Exchange Search AdminAuditLog", +"templateRelativePath": "Microsoft Exchange Search AdminAuditLog.json", +"subtitle": "", +"provider": "Microsoft" +}, +{ +"workbookKey": "MicrosoftExchangeSecurityMonitoring", +"logoFileName": "Azure_Sentinel.svg", +"description": "This Workbook is dedicated to On-Premises Exchange organizations. It uses the MSExchange Management event logs and Microsoft Exchange Security configuration collected by data connectors. It helps to track admin actions, especially on VIP Users and/or on Sensitive Cmdlets. This workbook allows also to list Exchange Services changes, local account activities and local logon on Exchange Servers.", +"dataTypesDependencies": [ + "ESIExchangeOnlineConfig_CL" +], +"dataConnectorsDependencies": [ +"ESI-ExchangeOnPremisesCollector", +"ESI-ExchangeAdminAuditLogEvents", +"ESI-ExchangeOnlineCollector" +], +"previewImagesFileNames": [], +"version": "1.0.0", +"title": "Microsoft Exchange Admin Activity", +"templateRelativePath": "Microsoft Exchange Admin Activity.json", +"subtitle": "", +"provider": "Microsoft" +}, +{ +"workbookKey": "MicrosoftExchangeSecurityReview-Online", +"logoFileName": "Azure_Sentinel.svg", +"description": "This Workbook is dedicated to Exchange Online tenants. It displays and highlights current Security configuration on various Exchange components specific to Online including delegations, the transport configuration and the linked security risks, and risky protocols.", +"dataTypesDependencies": [ + "ESIExchangeOnlineConfig_CL" +], +"dataConnectorsDependencies": [ +"ESI-ExchangeOnPremisesCollector", +"ESI-ExchangeAdminAuditLogEvents", +"ESI-ExchangeOnlineCollector" +], +"previewImagesFileNames": [], +"version": "1.0.0", +"title": "Microsoft Exchange Security Review - Online", +"templateRelativePath": "Microsoft Exchange Security Review - Online.json", +"subtitle": "", +"provider": "Microsoft" +}, +{ +"workbookKey": "MicrosoftExchangeSecurityReview", +"logoFileName": "Azure_Sentinel.svg", +"description": "This Workbook is dedicated to On-Premises Exchange organizations. It displays and highlights current Security configuration on various Exchange components including delegations, rights on databases, Exchange and most important AD Groups with members including nested groups, local administrators of servers. This workbook helps also to understand the transport configuration and the linked security risks.", +"dataTypesDependencies": [ + "ESIExchangeOnlineConfig_CL" +], +"dataConnectorsDependencies": [ +"ESI-ExchangeOnPremisesCollector", +"ESI-ExchangeAdminAuditLogEvents", +"ESI-ExchangeOnlineCollector" +], +"previewImagesFileNames": [], +"version": "1.0.0", +"title": "Microsoft Exchange Security Review", +"templateRelativePath": "Microsoft Exchange Security Review.json", +"subtitle": "", +"provider": "Microsoft" +}, +{ +"workbookKey": "ibossMalwareAndC2Workbook", +"logoFileName": "", +"description": "A workbook providing insights into malware and C2 activity detected by iboss.", +"dataTypesDependencies": [ +], +"dataConnectorsDependencies": [ +], +"previewImagesFileNames": [ +], +"version": "1.0.0", +"title": "iboss Malware and C2", +"templateRelativePath": "ibossMalwareAndC2.json", +"subtitle": "", +"provider": "iboss" +}, +{ +"workbookKey": "ibossWebUsageWorkbook", +"logoFileName": "", +"description": "A workbook providing insights into web usage activity detected by iboss.", +"dataTypesDependencies": [ +], +"dataConnectorsDependencies": [ +], +"previewImagesFileNames": [ +], +"version": "1.0.0", +"title": "iboss Web Usage", +"templateRelativePath": "ibossWebUsage.json", +"subtitle": "", +"provider": "iboss" +}, +{ +"workbookKey": "Fortiweb-workbook", +"logoFileName": "Azure_Sentinel.svg", +"description": "This workbook depends on a parser based on a Kusto Function to work as expected [**Fortiweb**](https://aka.ms/sentinel-FortiwebDataConnector-parser) which is deployed with the Microsoft Sentinel Solution.", +"dataTypesDependencies": [ + "CommonSecurityLog" +], +"dataConnectorsDependencies": [ +"FortinetFortiWeb" +], +"previewImagesFileNames": [], +"version": "1.0.0", +"title": "Fortiweb-workbook", +"templateRelativePath": "Fortiweb-workbook.json", +"subtitle": "", +"provider": "Microsoft" +}, +{ +"workbookKey": "ReversingLabs-CapabilitiesOverview", +"logoFileName": "reversinglabs.svg", +"description": "The ReversingLabs-CapabilitiesOverview workbook provides a high level look at your threat intelligence capabilities and how they relate to your operations.", +"dataTypesDependencies": [ +], +"dataConnectorsDependencies": [ +], +"previewImagesFileNames": [ +"ReversingLabsTiSummary-White.png", +"ReversingLabsTiSummary-Black.png", +"ReversingLabsOpsSummary-White.png", +"ReversingLabsOpsSummary-Black.png" +], +"version": "1.1.1", +"title": "ReversingLabs-CapabilitiesOverview", +"templateRelativePath": "ReversingLabs-CapabilitiesOverview.json", +"subtitle": "", +"provider": "ReversingLabs" +}, +{ +"workbookKey": "TalonInsights", +"logoFileName": "Talon.svg", +"description": "This workbook provides Talon Security Insights on Log Analytics Query Logs", +"dataTypesDependencies": [], +"dataConnectorsDependencies": [], +"previewImagesFileNames": [ "TalonInsightsBlack.png", "TalonInsightsWhite.png"], +"version": "2.0.0", +"title": "Talon Insights", +"templateRelativePath": "TalonInsights.json", +"subtitle": "", +"provider": "Talon Security" +}, +{ +"workbookKey": "vCenter", +"logoFileName": [], +"description": "This data connector depends on a parser based on Kusto Function **vCenter** to work as expected. [Follow steps to get this Kusto Function](https://aka.ms/sentinel-vCenter-parser)", +"dataTypesDependencies": ["vCenter_CL"], +"dataConnectorsDependencies": ["VMwarevCenter"], +"previewImagesFileNames": [ ], +"version": "1.0.0", +"title": "vCenter", +"templateRelativePath": "vCenter.json", +"subtitle": "", +"provider": "VMware" +}, + +{ +"workbookKey": "SAP-Monitors-AlertsandPerformance", +"logoFileName": "SAPVMIcon.svg", +"description": "SAP -Monitors- Alerts and Performance", +"dataTypesDependencies": ["SAPAuditLog"], +"dataConnectorsDependencies": [ "SAP"], +"previewImagesFileNames": ["SAPVMIcon.svg"], +"version": "2.0.1", +"title": "SAP -Monitors- Alerts and Performance", +"templateRelativePath": "SAP -Monitors- Alerts and Performance.json", +"subtitle": "", +"provider": "Microsoft" +}, +{ +"workbookKey": "SAP-SecurityAuditlogandInitialAccess", +"logoFileName": "SAPVMIcon.svg", +"description": "SAP -Security Audit log and Initial Access", +"dataTypesDependencies": [ "SAPAuditLog"], +"dataConnectorsDependencies": [ "SAP" ], +"previewImagesFileNames": ["SAPVMIcon.svg"], +"version": "2.0.1", +"title": "SAP -Security Audit log and Initial Access", +"templateRelativePath": "SAP -Security Audit log and Initial Access.json", +"subtitle": "", +"provider": "Microsoft" +}, +{ +"workbookKey": "DNSSolutionWorkbook", +"logoFileName": "", +"description": "This workbook is included as part of the DNS Essentials solution and gives a summary of analyzed DNS traffic. It also helps with threat analysis and investigating suspicious Domains, IPs and DNS traffic. DNS Essentials Solution also includes a playbook to periodically summarize the logs, thus enhancing the user experience and improving data search. For effective usage of workbook, we highly recommend enabling the summarization playbook that is provided with this solution.", +"dataTypesDependencies": [], +"dataConnectorsDependencies": [], +"previewImagesFileNames": [ + "DNSDomainWorkbookWhite.png", + "DNSDomainWorkbookBlack.png" +], +"version": "1.0.0", +"title": "DNS Solution Workbook", +"templateRelativePath": "DNSSolutionWorkbook.json", +"subtitle": "", +"provider": "Microsoft" +}, +{ +"workbookKey": "MicrosoftPowerBIActivityWorkbook", +"logoFileName": "", +"description": "This workbook provides details on Microsoft PowerBI Activity", +"dataTypesDependencies": ["PowerBIActivity"], +"dataConnectorsDependencies": ["Microsoft PowerBI (Preview)"], +"previewImagesFileNames": [ "MicrosoftPowerBIActivityWorkbookBlack.png", "MicrosoftPowerBIActivityWhite.png"], +"version": "1.0.0", +"title": "Microsoft PowerBI Activity Workbook", +"templateRelativePath": "MicrosoftPowerBIActivityWorkbook.json", +"subtitle": "", +"provider": "Microsoft" +}, +{ + "workbookKey": "MicrosoftThreatIntelligenceWorkbook", + "logoFileName": "", + "description": "Gain insights into threat indicators ingestion and search for indicators at scale across Microsoft 1st Party, 3rd Party, On-Premises, Hybrid, and Multi-Cloud Workloads. Indicators Search facilitates a simple interface for finding IP, File, Hash, Sender and more across your data. Seamless pivots to correlate indicators with Microsoft Sentinel: Incidents to make your threat intelligence actionable.", + "dataTypesDependencies": [ "ThreatIntelligenceIndicator", "SecurityIncident" ], + "dataConnectorsDependencies": [ "ThreatIntelligence", "ThreatIntelligenceTaxii" ], + "previewImagesFileNames": [ "ThreatIntelligenceWhite.png", "ThreatIntelligenceBlack.png" ], + "version": "1.0.0", + "title": "Threat Intelligence", + "templateRelativePath": "MicrosoftThreatIntelligence.json", "subtitle": "", "provider": "Microsoft" }, { - "workbookKey": "DNSSolutionWorkbook", + "workbookKey": "MicrosoftDefenderForEndPoint", "logoFileName": "", - "description": "This workbook is included as part of the DNS Essentials solution and gives a summary of analyzed DNS traffic. It also helps with threat analysis and investigating suspicious Domains, IPs and DNS traffic. DNS Essentials Solution also includes a playbook to periodically summarize the logs, thus enhancing the user experience and improving data search. For effective usage of workbook, we highly recommend enabling the summarization playbook that is provided with this solution.", + "description": "A wokbook to provide details about Microsoft Defender for Endpoint Advance Hunting to Overview & Analyse data brought through M365 Defender Connector.", "dataTypesDependencies": [], "dataConnectorsDependencies": [], + "previewImagesFileNames": [ "microsoftdefenderforendpointwhite.png", "microsoftdefenderforendpointblack.png" ], + "version": "1.0.0", + "title": "Microsoft Defender For EndPoint", + "templateRelativePath": "MicrosoftDefenderForEndPoint.json", + "subtitle": "", + "provider": "Microsoft Sentinel Community" +}, +{ + "workbookKey": "MicrosoftDefenderForIdentity", + "logoFileName": "", + "description": "Use this workbook to analyse the advance hunting data ingested for Defender For Identity.", + "dataTypesDependencies": [ "IdentityLogonEvents", "IdentityQueryEvents", "IdentityDirectoryEvents", "SecurityAlert" ], + "dataConnectorsDependencies": [], + "previewImagesFileNames": [ "microsoftdefenderforidentityblack.png", "microsoftdefenderforidentitywhite.png" ], + "version": "1.0.0", + "title": "Microsoft Defender For Identity", + "templateRelativePath": "MicrosoftDefenderForIdentity.json", + "subtitle": "", + "provider": "Microsoft Sentinel Community" +}, +{ + "workbookKey": "EsetProtect", + "logoFileName": "", + "description": "Visualize events and threats from Eset protect.", + "dataTypesDependencies": [ "ESETPROTECT" ], + "dataConnectorsDependencies": ["ESETPROTECT"], + "previewImagesFileNames": [ "ESETPROTECTBlack.png", "ESETPROTECTWhite.png" ], + "version": "1.0.0", + "title": "EsetProtect", + "templateRelativePath": "ESETPROTECT.json", + "subtitle": "", + "provider": "Community" +}, +{ + "workbookKey": "CyberArkEPMWorkbook", + "logoFileName": "CyberArk_Logo.svg", + "description": "Sets the time name for analysis", + "dataTypesDependencies": [ + "CyberArkEPM_CL" + ], + "dataConnectorsDependencies": [ + "CyberArkEPM" + ], "previewImagesFileNames": [ - "DNSDomainWorkbookWhite.png", - "DNSDomainWorkbookBlack.png" + "CyberArkEPMBlack.png", + "CyberArkEPMWhite.png" ], "version": "1.0.0", - "title": "DNS Solution Workbook", - "templateRelativePath": "DNSSolutionWorkbook.json", + "title": "CyberArk EPM", + "templateRelativePath": "CyberArkEPM.json", "subtitle": "", - "provider": "Microsoft" + "provider": "CyberArk" }, { - "workbookKey": "MicrosoftPowerBIActivityWorkbook", + "workbookKey": "WebSessionEssentialsWorkbook", "logoFileName": "", - "description": "This workbook provides details on Microsoft PowerBI Activity", - "dataTypesDependencies": ["PowerBIActivity"], - "dataConnectorsDependencies": ["Microsoft PowerBI (Preview)"], - "previewImagesFileNames": [ "MicrosoftPowerBIActivityWorkbookBlack.png", "MicrosoftPowerBIActivityWhite.png"], + "description": "The 'Web Session Essentials' workbook provides real-time insights into activity and potential threats in your network. This workbook is designed for network teams, security architects, analysts, and consultants to monitor, identify and investigate threats on Web servers, Web Proxies and Web Security Gateways assets. This Workbook gives a summary of analysed web traffic and helps with threat analysis and investigating suspicious http traffic.", + "dataTypesDependencies": [], + "dataConnectorsDependencies": [], + "previewImagesFileNames": [ + "WebSessionEssentialsWorkbookWhite.png", + "WebSessionEssentialsWorkbookBlack.png" + ], "version": "1.0.0", - "title": "Microsoft PowerBI Activity Workbook", - "templateRelativePath": "MicrosoftPowerBIActivityWorkbook.json", + "title": "Web Session Essentials Workbook", + "templateRelativePath": "WebSessionEssentials.json", "subtitle": "", "provider": "Microsoft" }, { - "workbookKey": "MicrosoftThreatIntelligenceWorkbook", - "logoFileName": "", - "description": "Gain insights into threat indicators ingestion and search for indicators at scale across Microsoft 1st Party, 3rd Party, On-Premises, Hybrid, and Multi-Cloud Workloads. Indicators Search facilitates a simple interface for finding IP, File, Hash, Sender and more across your data. Seamless pivots to correlate indicators with Microsoft Sentinel: Incidents to make your threat intelligence actionable.", - "dataTypesDependencies": [ "ThreatIntelligenceIndicator", "SecurityIncident" ], - "dataConnectorsDependencies": [ "ThreatIntelligence", "ThreatIntelligenceTaxii" ], - "previewImagesFileNames": [ "ThreatIntelligenceWhite.png", "ThreatIntelligenceBlack.png" ], - "version": "1.0.0", - "title": "Threat Intelligence", - "templateRelativePath": "MicrosoftThreatIntelligence.json", - "subtitle": "", - "provider": "Microsoft" -}, -{ - "workbookKey": "MicrosoftDefenderForEndPoint", - "logoFileName": "", - "description": "A wokbook to provide details about Microsoft Defender for Endpoint Advance Hunting to Overview & Analyse data brought through M365 Defender Connector.", - "dataTypesDependencies": [], - "dataConnectorsDependencies": [], - "previewImagesFileNames": [ "microsoftdefenderforendpointwhite.png", "microsoftdefenderforendpointblack.png" ], - "version": "1.0.0", - "title": "Microsoft Defender For EndPoint", - "templateRelativePath": "MicrosoftDefenderForEndPoint.json", - "subtitle": "", - "provider": "Microsoft Sentinel Community" - }, - { - "workbookKey": "MicrosoftDefenderForIdentity", - "logoFileName": "", - "description": "Use this workbook to analyse the advance hunting data ingested for Defender For Identity.", - "dataTypesDependencies": [ "IdentityLogonEvents", "IdentityQueryEvents", "IdentityDirectoryEvents", "SecurityAlert" ], - "dataConnectorsDependencies": [], - "previewImagesFileNames": [ "microsoftdefenderforidentityblack.png", "microsoftdefenderforidentitywhite.png" ], - "version": "1.0.0", - "title": "Microsoft Defender For Identity", - "templateRelativePath": "MicrosoftDefenderForIdentity.json", - "subtitle": "", - "provider": "Microsoft Sentinel Community" - }, - { - "workbookKey": "EsetProtect", - "logoFileName": "", - "description": "Visualize events and threats from Eset protect.", - "dataTypesDependencies": [ "ESETPROTECT" ], - "dataConnectorsDependencies": ["ESETPROTECT"], - "previewImagesFileNames": [ "ESETPROTECTBlack.png", "ESETPROTECTWhite.png" ], - "version": "1.0.0", - "title": "EsetProtect", - "templateRelativePath": "ESETPROTECT.json", - "subtitle": "", - "provider": "Community" - }, - { - "workbookKey": "CyberArkEPMWorkbook", - "logoFileName": "CyberArk_Logo.svg", - "description": "Sets the time name for analysis", - "dataTypesDependencies": [ - "CyberArkEPM_CL" - ], - "dataConnectorsDependencies": [ - "CyberArkEPM" - ], - "previewImagesFileNames": [ - "CyberArkEPMBlack.png", - "CyberArkEPMWhite.png" - ], - "version": "1.0.0", - "title": "CyberArk EPM", - "templateRelativePath": "CyberArkEPM.json", - "subtitle": "", - "provider": "CyberArk" - }, - { - "workbookKey": "NetskopeWorkbook", - "logoFileName": "Netskope_logo.svg", - "description": "Gain insights and comprehensive monitoring into Netskope events data by analyzing traffic and user activities.\nThis workbook provides insights into various Netskope events types such as Cloud Firewall, Network Private Access, Applications, Security Alerts as well as Web Transactions.\nYou can use this workbook to get visibility in to your Netskope Security Cloud and quickly identify threats, anamolies, traffic patterns, cloud application useage, blocked URL addresses and more.", - "dataTypesDependencies": [ - "Netskope_Events_CL", - "Netskope_Alerts_CL", - "Netskope_WebTX_CL" - ], - "dataConnectorsDependencies": [], - "previewImagesFileNames": [ - "Netskope-ApplicationEvents-Black.png", - "Netskope-ApplicationEvents-White.png", - "Netskope-SecurityAlerts-DLP-Black.png", - "Netskope-SecurityAlerts-DLP-White.png", - "Netskope-NetworkEvents-CFW-Black.png", - "Netskope-NetworkEvents-CFW-White.png", - "Netskope-SecurityAlerts-Malsite-Black.png", - "Netskope-SecurityAlerts-Malsite-White.png", - "Netskope-NetworkEvents-NPA-Black.png", - "Netskope-NetworkEvents-NPA-White.png", - "Netskope-SecurityAlerts-Malware-White.png", - "Netskope-SecurityAlerts-Malware-Black.png", - "Netskope-SecurityAlerts-BehaviorAnalytics-Black.png", - "Netskope-SecurityAlerts-BehaviorAnalytics-White.png", - "Netskope-SecurityAlerts-Overview-Black.png", - "Netskope-SecurityAlerts-Overview-White.png", - "Netskope-SecurityAlerts-CompormisedCredentials-Black.png", - "Netskope-SecurityAlerts-CompromisedCredentials-White.png", - "Netskope-WebTransactions-Black.png", - "Netskope-WebTransactions-White.png" - ], - "version": "1.0", - "title": "Netskope", - "templateRelativePath": "NetskopeEvents.json", - "subtitle": "", - "provider": "Netskope" - }, - { - "workbookKey": "AIShield", - "logoFileName": "", - "description": "Visualize events generated by AIShield. This workbook is dependent on a parser AIShield which is a part of the solution deployment.", - "dataTypesDependencies": [ "AIShield" ], - "dataConnectorsDependencies": ["AIShield"], - "previewImagesFileNames": [ "AIShieldBlack.png", "AIShieldWhite.png" ], - "version": "1.0.0", - "title": "AIShield Workbook", - "templateRelativePath": "AIShield.json", - "subtitle": "", - "provider": "Community" - }, - { - "workbookKey": "AttackSurfaceReduction", - "logoFileName": "M365securityposturelogo.svg", - "description": "This workbook helps you implement the ASR rules of Windows/Defender, and to monitor them over time. The workbook can filter on ASR rules in Audit mode and Block mode.", - "dataTypesDependencies": [ "DeviceEvents" ], - "dataConnectorsDependencies": [ "MicrosoftThreatProtection" ], - "previewImagesFileNames": [ "AttackSurfaceReductionWhite.png", "AttackSurfaceReductionBlack.png" ], - "version": "1.0.0", - "title": "Attack Surface Reduction Dashboard", - "templateRelativePath": "AttackSurfaceReduction.json", - "subtitle": "", - "provider": "Microsoft Sentinel community" - } -] + "workbookKey": "SalemDashboard", + "logoFileName": "salem_logo.svg", + "description": "Monitor Salem Performance", + "dataTypesDependencies": [ "SalemAlerts_CL" ], + "dataConnectorsDependencies": [], + "previewImagesFileNames": [], + "version": "1.0.0", + "title": "Salem Alerts Workbook", + "templateRelativePath": "SalemDashboard.json", + "subtitle": "", + "provider": "SalemCyber" +} +] \ No newline at end of file From 2d71f150fb4184f9326f4dd4ec310a20aefdae26 Mon Sep 17 00:00:00 2001 From: jonbagg Date: Tue, 11 Jul 2023 09:44:08 -0400 Subject: [PATCH 08/26] resolve more conflicts --- .../WorkbookMetadata/WorkbooksMetadata.json | 28466 ++++++++++------ 1 file changed, 18278 insertions(+), 10188 deletions(-) diff --git a/Tools/Create-Azure-Sentinel-Solution/V2/WorkbookMetadata/WorkbooksMetadata.json b/Tools/Create-Azure-Sentinel-Solution/V2/WorkbookMetadata/WorkbooksMetadata.json index e17b3d3f259..77ecf00cfc2 100644 --- a/Tools/Create-Azure-Sentinel-Solution/V2/WorkbookMetadata/WorkbooksMetadata.json +++ b/Tools/Create-Azure-Sentinel-Solution/V2/WorkbookMetadata/WorkbooksMetadata.json @@ -1,10296 +1,18386 @@ [ - { - "workbookKey": "42CrunchAPIProtectionWorkbook", - "logoFileName": "42CrunchLogo.svg", - "description": "Monitor and protect APIs using the 42Crunch API microfirewall", - "dataTypesDependencies": [ - "apifirewall_log_1_CL" - ], - "dataConnectorsDependencies": [ - "42CrunchAPIProtection" - ], - "previewImagesFileNames": [ - "42CrunchInstancesBlack.png", - "42CrunchInstancesWhite.png", - "42CrunchRequestsBlack.png", - "42CrunchRequestsWhite.png", - "42CrunchStatusBlack.png", - "42CrunchStatusWhite.png" - ], - "version": "1.0.0", - "title": "42Crunch API Protection Workbook", - "templateRelativePath": "42CrunchAPIProtectionWorkbook.json", - "subtitle": "", - "provider": "42Crunch" - }, - { - "workbookKey": "ForcepointNGFWAdvanced", - "logoFileName": "FPAdvLogo.svg", - "description": "Gain threat intelligence correlated security and application insights on Forcepoint NGFW (Next Generation Firewall). Monitor Forcepoint logging servers health.", - "dataTypesDependencies": [ - "CommonSecurityLog", - "ThreatIntelligenceIndicator" - ], - "dataConnectorsDependencies": [ - "ForcepointNgfw", - "ThreatIntelligence" - ], - "previewImagesFileNames": [ - "ForcepointNGFWAdvancedWhite.png", - "ForcepointNGFWAdvancedBlack.png" - ], - "version": "1.0.0", - "title": "Forcepoint Next Generation Firewall (NGFW) Advanced Workbook", - "templateRelativePath": "ForcepointNGFWAdvanced.json", - "subtitle": "", - "provider": "Forcepoint" - }, - { - "workbookKey": "AzureActivityWorkbook", - "logoFileName": "azureactivity_logo.svg", - "description": "Gain extensive insight into your organization's Azure Activity by analyzing, and correlating all user operations and events.\nYou can learn about all user operations, trends, and anomalous changes over time.\nThis workbook gives you the ability to drill down into caller activities and summarize detected failure and warning events.", - "dataTypesDependencies": [ - "AzureActivity" - ], - "dataConnectorsDependencies": [ - "AzureActivity" - ], - "previewImagesFileNames": [ - "AzureActivityWhite1.png", - "AzureActivityBlack1.png" - ], - "version": "2.0.0", - "title": "Azure Activity", - "templateRelativePath": "AzureActivity.json", - "subtitle": "", - "provider": "Microsoft" - }, - { - "workbookKey": "IdentityAndAccessWorkbook", - "logoFileName": "Microsoft_logo.svg", - "description": "Gain insights into Identity and access operations by collecting and analyzing security logs, using the audit and sign-in logs to gather insights into use of Microsoft products.\nYou can view anomalies and trends across login events from all users and machines. This workbook also identifies suspicious entities from login and access events.", - "dataTypesDependencies": [ - "SecurityEvent" - ], - "dataConnectorsDependencies": [ - "SecurityEvents", - "WindowsSecurityEvents" - ], - "previewImagesFileNames": [ - "IdentityAndAccessWhite.png", - "IdentityAndAccessBlack.png" - ], - "version": "1.1.0", - "title": "Identity & Access", - "templateRelativePath": "IdentityAndAccess.json", - "subtitle": "", - "provider": "Microsoft" - }, - { - "workbookKey": "CheckPointWorkbook", - "logoFileName": "checkpoint_logo.svg", - "description": "Gain insights into Check Point network activities, including number of gateways and servers, security incidents, and identify infected hosts.", - "dataTypesDependencies": [ - "CommonSecurityLog" - ], - "dataConnectorsDependencies": [ - "CheckPoint" - ], - "previewImagesFileNames": [ - "CheckPointWhite.png", - "CheckPointBlack.png" - ], - "version": "1.0.0", - "title": "Check Point Software Technologies", - "templateRelativePath": "CheckPoint.json", - "subtitle": "", - "provider": "Check Point" - }, - { - "workbookKey": "CiscoWorkbook", - "logoFileName": "cisco_logo.svg", - "description": "Gain insights into your Cisco ASA firewalls by analyzing traffic, events, and firewall operations.\nThis workbook analyzes Cisco ASA threat events and identifies suspicious ports, users, protocols and IP addresses.\nYou can learn about trends across user and data traffic directions, and drill down into the Cisco filter results.\nEasily detect attacks on your organization by monitoring management operations, such as configuration and logins.", - "dataTypesDependencies": [ - "CommonSecurityLog" - ], - "dataConnectorsDependencies": [ - "CiscoASA" - ], - "previewImagesFileNames": [ - "CiscoWhite.png", - "CiscoBlack.png" - ], - "version": "1.1.0", - "title": "Cisco - ASA", - "templateRelativePath": "Cisco.json", - "subtitle": "", - "provider": "Microsoft" - }, - { - "workbookKey": "ExchangeOnlineWorkbook", - "logoFileName": "office365_logo.svg", - "description": "Gain insights into Microsoft Exchange online by tracing and analyzing all Exchange operations and user activities.\nThis workbook let you monitor user activities, including logins, account operations, permission changes, and mailbox creations to discover suspicious trends among them.", - "dataTypesDependencies": [ - "OfficeActivity" - ], - "dataConnectorsDependencies": [ - "Office365" - ], - "previewImagesFileNames": [ - "ExchangeOnlineWhite.png", - "ExchangeOnlineBlack.png" - ], - "version": "2.0.0", - "title": "Exchange Online", - "templateRelativePath": "ExchangeOnline.json", - "subtitle": "", - "provider": "Microsoft" - }, - { - "workbookKey": "PaloAltoOverviewWorkbook", - "logoFileName": "paloalto_logo.svg", - "description": "Gain insights and comprehensive monitoring into Palo Alto firewalls by analyzing traffic and activities.\nThis workbook correlates all Palo Alto data with threat events to identify suspicious entities and relationships.\nYou can learn about trends across user and data traffic, and drill down into Palo Alto Wildfire and filter results.", - "dataTypesDependencies": [ - "CommonSecurityLog" - ], - "dataConnectorsDependencies": [ - "PaloAltoNetworks" - ], - "previewImagesFileNames": [ - "PaloAltoOverviewWhite1.png", - "PaloAltoOverviewBlack1.png", - "PaloAltoOverviewWhite2.png", - "PaloAltoOverviewBlack2.png", - "PaloAltoOverviewWhite3.png", - "PaloAltoOverviewBlack3.png" - ], - "version": "1.2.0", - "title": "Palo Alto overview", - "templateRelativePath": "PaloAltoOverview.json", - "subtitle": "", - "provider": "Microsoft" - }, - { - "workbookKey": "PaloAltoNetworkThreatWorkbook", - "logoFileName": "paloalto_logo.svg", - "description": "Gain insights into Palo Alto network activities by analyzing threat events.\nYou can extract meaningful security information by correlating data between threats, applications, and time.\nThis workbook makes it easy to track malware, vulnerability, and virus log events.", - "dataTypesDependencies": [ - "CommonSecurityLog" - ], - "dataConnectorsDependencies": [ - "PaloAltoNetworks" - ], - "previewImagesFileNames": [ - "PaloAltoNetworkThreatWhite1.png", - "PaloAltoNetworkThreatBlack1.png", - "PaloAltoNetworkThreatWhite2.png", - "PaloAltoNetworkThreatBlack2.png" - ], - "version": "1.1.0", - "title": "Palo Alto Network Threat", - "templateRelativePath": "PaloAltoNetworkThreat.json", - "subtitle": "", - "provider": "Palo Alto Networks" - }, - { - "workbookKey": "EsetSMCWorkbook", - "logoFileName": "eset-logo.svg", - "description": "Visualize events and threats from Eset Security Management Center.", - "dataTypesDependencies": [ - "eset_CL" - ], - "dataConnectorsDependencies": [ - "EsetSMC" - ], - "previewImagesFileNames": [ - "esetSMCWorkbook-black.png", - "esetSMCWorkbook-white.png" - ], - "version": "1.0.0", - "title": "Eset Security Management Center Overview", - "templateRelativePath": "esetSMCWorkbook.json", - "subtitle": "", - "provider": "Community" - }, - { - "workbookKey": "FortigateWorkbook", - "logoFileName": "fortinet_logo.svg", - "description": "Gain insights into Fortigate firewalls by analyzing traffic and activities.\nThis workbook finds correlations in Fortigate threat events and identifies suspicious ports, users, protocols and IP addresses.\nYou can learn about trends across user and data traffic, and drill down into the Fortigate filter results.\nEasily detect attacks on your organization by monitoring management operations such as configuration and logins.", - "dataTypesDependencies": [ - "CommonSecurityLog" - ], - "dataConnectorsDependencies": [ - "Fortinet" - ], - "previewImagesFileNames": [ - "FortigateWhite.png", - "FortigateBlack.png" - ], - "version": "1.1.0", - "title": "FortiGate", - "templateRelativePath": "Fortigate.json", - "subtitle": "", - "provider": "Microsoft" - }, - { - "workbookKey": "DnsWorkbook", - "logoFileName": "dns_logo.svg", - "description": "Gain extensive insight into your organization's DNS by analyzing, collecting and correlating all DNS events.\nThis workbook exposes a variety of information about suspicious queries, malicious IP addresses and domain operations.", - "dataTypesDependencies": [ - "DnsInventory", - "DnsEvents" - ], - "dataConnectorsDependencies": [ - "DNS" - ], - "previewImagesFileNames": [ - "DnsWhite.png", - "DnsBlack.png" - ], - "version": "1.3.0", - "title": "DNS", - "templateRelativePath": "Dns.json", - "subtitle": "", - "provider": "Microsoft" - }, - { - "workbookKey": "Office365Workbook", - "logoFileName": "office365_logo.svg", - "description": "Gain insights into Office 365 by tracing and analyzing all operations and activities. You can drill down into your SharePoint, OneDrive, and Exchange.\nThis workbook lets you find usage trends across users, files, folders, and mailboxes, making it easier to identify anomalies in your network.", - "dataTypesDependencies": [ - "OfficeActivity" - ], - "dataConnectorsDependencies": [ - "Office365" - ], - "previewImagesFileNames": [ - "Office365White1.png", - "Office365Black1.png", - "Office365White2.png", - "Office365Black2.png", - "Office365White3.png", - "Office365Black3.png" - ], - "version": "2.0.1", - "title": "Office 365", - "templateRelativePath": "Office365.json", - "subtitle": "", - "provider": "Microsoft" - }, - { - "workbookKey": "SharePointAndOneDriveWorkbook", - "logoFileName": "office365_logo.svg", - "description": "Gain insights into SharePoint and OneDrive by tracing and analyzing all operations and activities.\nYou can view trends across user operation, find correlations between users and files, and identify interesting information such as user IP addresses.", - "dataTypesDependencies": [ - "OfficeActivity" - ], - "dataConnectorsDependencies": [ - "Office365" - ], - "previewImagesFileNames": [ - "SharePointAndOneDriveBlack1.png", - "SharePointAndOneDriveBlack2.png", - "SharePointAndOneDriveWhite1.png", - "SharePointAndOneDriveWhite2.png" - ], - "version": "2.0.0", - "title": "SharePoint & OneDrive", - "templateRelativePath": "SharePointAndOneDrive.json", - "subtitle": "", - "provider": "Microsoft" - }, - { - "workbookKey": "AzureActiveDirectorySigninLogsWorkbook", - "logoFileName": "azureactivedirectory_logo.svg", - "description": "Gain insights into Azure Active Directory by connecting Microsoft Sentinel and using the sign-in logs to gather insights around Azure AD scenarios. \nYou can learn about sign-in operations, such as user sign-ins and locations, email addresses, and IP addresses of your users, as well as failed activities and the errors that triggered the failures.", - "dataTypesDependencies": [ - "SigninLogs" - ], - "dataConnectorsDependencies": [ - "AzureActiveDirectory" - ], - "previewImagesFileNames": [ - "AADsigninBlack1.png", - "AADsigninBlack2.png", - "AADsigninWhite1.png", - "AADsigninWhite2.png" - ], - "version": "2.4.0", - "title": "Azure AD Sign-in logs", - "templateRelativePath": "AzureActiveDirectorySignins.json", - "subtitle": "", - "provider": "Microsoft" - }, - { - "workbookKey": "VirtualMachinesInsightsWorkbook", - "logoFileName": "azurevirtualmachine_logo.svg", - "description": "Gain rich insight into your organization's virtual machines from Azure Monitor, which analyzes and correlates data in your VM network. \nYou will get visibility on your VM parameters and behavior, and will be able to trace sent and received data. \nIdentify malicious attackers and their targets, and drill down into the protocols, source and destination IP addresses, countries, and ports the attacks occur across.", - "dataTypesDependencies": [ - "VMConnection", - "ServiceMapComputer_CL", - "ServiceMapProcess_CL" - ], - "dataConnectorsDependencies": [], - "previewImagesFileNames": [ - "VMInsightBlack1.png", - "VMInsightWhite1.png" - ], - "version": "1.3.0", - "title": "VM insights", - "templateRelativePath": "VirtualMachinesInsights.json", - "subtitle": "", - "provider": "Microsoft" - }, - { - "workbookKey": "AzureActiveDirectoryAuditLogsWorkbook", - "logoFileName": "azureactivedirectory_logo.svg", - "description": "Gain insights into Azure Active Directory by connecting Microsoft Sentinel and using the audit logs to gather insights around Azure AD scenarios. \nYou can learn about user operations, including password and group management, device activities, and top active users and apps.", - "dataTypesDependencies": [ - "AuditLogs" - ], - "dataConnectorsDependencies": [ - "AzureActiveDirectory" - ], - "previewImagesFileNames": [ - "AzureADAuditLogsBlack1.png", - "AzureADAuditLogsWhite1.png" - ], - "version": "1.2.0", - "title": "Azure AD Audit logs", - "templateRelativePath": "AzureActiveDirectoryAuditLogs.json", - "subtitle": "", - "provider": "Microsoft" - }, - { - "workbookKey": "ThreatIntelligenceWorkbook", - "logoFileName": "", - "description": "Gain insights into threat indicators ingestion and search for indicators at scale across Microsoft 1st Party, 3rd Party, On-Premises, Hybrid, and Multi-Cloud Workloads. Indicators Search facilitates a simple interface for finding IP, File, Hash, Sender and more across your data. Seamless pivots to correlate indicators with Microsoft Sentinel: Incidents to make your threat intelligence actionable.", - "dataTypesDependencies": [ - "ThreatIntelligenceIndicator", - "SecurityIncident" - ], - "dataConnectorsDependencies": [ - "ThreatIntelligence", - "ThreatIntelligenceTaxii" - ], - "previewImagesFileNames": [ - "ThreatIntelligenceWhite.png", - "ThreatIntelligenceBlack.png" - ], - "version": "5.0.0", - "title": "Threat Intelligence", - "templateRelativePath": "ThreatIntelligence.json", - "subtitle": "", - "provider": "Microsoft" - }, - { - "workbookKey": "WebApplicationFirewallOverviewWorkbook", - "logoFileName": "waf_logo.svg", - "description": "Gain insights into your organization's Azure web application firewall (WAF). You will get a general overview of your application gateway firewall and application gateway access events.", - "dataTypesDependencies": [ - "AzureDiagnostics" - ], - "dataConnectorsDependencies": [ - "WAF" - ], - "previewImagesFileNames": [ - "WAFOverviewBlack.png", - "WAFOverviewWhite.png" - ], - "version": "1.1.0", - "title": "Microsoft Web Application Firewall (WAF) - overview", - "templateRelativePath": "WebApplicationFirewallOverview.json", - "subtitle": "", - "provider": "Microsoft" - }, - { - "workbookKey": "WebApplicationFirewallFirewallEventsWorkbook", - "logoFileName": "waf_logo.svg", - "description": "Gain insights into your organization's Azure web application firewall (WAF). You will get visibility in to your application gateway firewall. You can view anomalies and trends across all firewall event triggers, attack events, blocked URL addresses and more.", - "dataTypesDependencies": [ - "AzureDiagnostics" - ], - "dataConnectorsDependencies": [ - "WAF" - ], - "previewImagesFileNames": [ - "WAFFirewallEventsBlack1.png", - "WAFFirewallEventsBlack2.png", - "WAFFirewallEventsWhite1.png", - "WAFFirewallEventsWhite2.png" - ], - "version": "1.1.0", - "title": "Microsoft Web Application Firewall (WAF) - firewall events", - "templateRelativePath": "WebApplicationFirewallFirewallEvents.json", - "subtitle": "", - "provider": "Microsoft" - }, - { - "workbookKey": "WebApplicationFirewallGatewayAccessEventsWorkbook", - "logoFileName": "waf_logo.svg", - "description": "Gain insights into your organization's Azure web application firewall (WAF). You will get visibility in to your application gateway access events. You can view anomalies and trends across received and sent data, client IP addresses, URL addresses and more, and drill down into details.", - "dataTypesDependencies": [ - "AzureDiagnostics" - ], - "dataConnectorsDependencies": [ - "WAF" - ], - "previewImagesFileNames": [ - "WAFGatewayAccessEventsBlack1.png", - "WAFGatewayAccessEventsBlack2.png", - "WAFGatewayAccessEventsWhite1.png", - "WAFGatewayAccessEventsWhite2.png" - ], - "version": "1.2.0", - "title": "Microsoft Web Application Firewall (WAF) - gateway access events", - "templateRelativePath": "WebApplicationFirewallGatewayAccessEvents.json", - "subtitle": "", - "provider": "Microsoft" - }, - { - "workbookKey": "LinuxMachinesWorkbook", - "logoFileName": "azurevirtualmachine_logo.svg", - "description": "Gain insights into your workspaces' Linux machines by connecting Microsoft Sentinel and using the logs to gather insights around Linux events and errors.", - "dataTypesDependencies": [ - "Syslog" - ], - "dataConnectorsDependencies": [ - "Syslog" - ], - "previewImagesFileNames": [ - "LinuxMachinesWhite.png", - "LinuxMachinesBlack.png" - ], - "version": "1.1.0", - "title": "Linux machines", - "templateRelativePath": "LinuxMachines.json", - "subtitle": "", - "provider": "Microsoft" - }, - { - "workbookKey": "AzureFirewallWorkbook", - "logoFileName": "AzFirewalls.svg", - "description": "Gain insights into Azure Firewall events. You can learn about your application and network rules, see metrics for firewall activities across URLs, ports, and addresses across multiple workspaces.", - "dataTypesDependencies": [ - "AzureDiagnostics" - ], - "dataConnectorsDependencies": [ - "AzureFirewall" - ], - "previewImagesFileNames": [ - "AzureFirewallWorkbookWhite1.PNG", - "AzureFirewallWorkbookBlack1.PNG", - "AzureFirewallWorkbookWhite2.PNG", - "AzureFirewallWorkbookBlack2.PNG", - "AzureFirewallWorkbookWhite3.PNG", - "AzureFirewallWorkbookBlack3.PNG", - "AzureFirewallWorkbookWhite4.PNG", - "AzureFirewallWorkbookBlack4.PNG", - "AzureFirewallWorkbookWhite5.PNG", - "AzureFirewallWorkbookBlack5.PNG" - ], - "version": "1.3.0", - "title": "Azure Firewall", - "templateRelativePath": "AzureFirewallWorkbook.json", - "subtitle": "", - "provider": "Microsoft" - }, - { - "workbookKey": "AzureFirewallWorkbook-StructuredLogs", - "logoFileName": "AzFirewalls.svg", - "description": "Gain insights into Azure Firewall events using the new Structured Logs for Azure Firewall. You can learn about your application and network rules, see metrics for firewall activities across URLs, ports, and addresses across multiple workspaces.", - "dataTypesDependencies": [ - "AZFWNetworkRule", - "AZFWApplicationRule", - "AZFWDnsQuery", - "AZFWThreatIntel" - ], - "dataConnectorsDependencies": [ - "AzureFirewall" - ], - "previewImagesFileNames": [ - "AzureFirewallWorkbookWhite1.PNG", - "AzureFirewallWorkbookBlack1.PNG", - "AzureFirewallWorkbookWhite2.PNG", - "AzureFirewallWorkbookBlack2.PNG", - "AzureFirewallWorkbookWhite3.PNG", - "AzureFirewallWorkbookBlack3.PNG", - "AzureFirewallWorkbookWhite4.PNG", - "AzureFirewallWorkbookBlack4.PNG", - "AzureFirewallWorkbookWhite5.PNG", - "AzureFirewallWorkbookBlack5.PNG" - ], - "version": "1.0.0", - "title": "Azure Firewall Structured Logs", - "templateRelativePath": "AzureFirewallWorkbook-StructuredLogs.json", - "subtitle": "", - "provider": "Microsoft" - }, - { - "workbookKey": "AzureDDoSStandardProtection", - "logoFileName": "AzDDoS.svg", - "description": "This workbook visualizes security-relevant Azure DDoS events across several filterable panels. Offering a summary tab, metrics and a investigate tabs across multiple workspaces.", - "dataTypesDependencies": [ - "AzureDiagnostics" - ], - "dataConnectorsDependencies": [ - "DDOS" - ], - "previewImagesFileNames": [ - "AzureDDoSWhite1.PNG", - "AzureDDoSBlack1.PNG", - "AzureDDoSWhite2.PNG", - "AzureDDoSBlack2.PNG", - "AzureDDoSWhite2.PNG", - "AzureDDoSBlack2.PNG" - ], - "version": "1.0.2", - "title": "Azure DDoS Protection Workbook", - "templateRelativePath": "AzDDoSStandardWorkbook.json", - "subtitle": "", - "provider": "Microsoft" - }, - { - "workbookKey": "MicrosoftCloudAppSecurityWorkbook", - "logoFileName": "Microsoft_logo.svg", - "description": "Using this workbook, you can identify which cloud apps are being used in your organization, gain insights from usage trends and drill down to a specific user and application.", - "dataTypesDependencies": [ - "McasShadowItReporting" - ], - "dataConnectorsDependencies": [ - "MicrosoftCloudAppSecurity" - ], - "previewImagesFileNames": [ - "McasDiscoveryBlack.png", - "McasDiscoveryWhite.png" - ], - "version": "1.2.0", - "title": "Microsoft Cloud App Security - discovery logs", - "templateRelativePath": "MicrosoftCloudAppSecurity.json", - "subtitle": "", - "provider": "Microsoft" - }, - { - "workbookKey": "F5BIGIPSytemMetricsWorkbook", - "logoFileName": "f5_logo.svg", - "description": "Gain insight into F5 BIG-IP health and performance. This workbook provides visibility of various metrics including CPU, memory, connectivity, throughput and disk utilization.", - "dataTypesDependencies": [ - "F5Telemetry_system_CL", - "F5Telemetry_AVR_CL" - ], - "dataConnectorsDependencies": [ - "F5BigIp" - ], - "previewImagesFileNames": [ - "F5SMBlack.png", - "F5SMWhite.png" - ], - "version": "1.1.0", - "title": "F5 BIG-IP System Metrics", - "templateRelativePath": "F5BIGIPSystemMetrics.json", - "subtitle": "", - "provider": "F5 Networks" - }, - { - "workbookKey": "F5NetworksWorkbook", - "logoFileName": "f5_logo.svg", - "description": "Gain insights into F5 BIG-IP Application Security Manager (ASM), by analyzing traffic and activities.\nThis workbook provides insight into F5's web application firewall events and identifies attack traffic patterns across multiple ASM instances as well as overall BIG-IP health.", - "dataTypesDependencies": [ - "F5Telemetry_LTM_CL", - "F5Telemetry_system_CL", - "F5Telemetry_ASM_CL" - ], - "dataConnectorsDependencies": [ - "F5BigIp" - ], - "previewImagesFileNames": [ - "F5White.png", - "F5Black.png" - ], - "version": "1.1.0", - "title": "F5 BIG-IP ASM", - "templateRelativePath": "F5Networks.json", - "subtitle": "", - "provider": "F5 Networks" - }, - { - "workbookKey": "AzureNetworkWatcherWorkbook", - "logoFileName": "networkwatcher_logo.svg", - "description": "Gain deeper understanding of your organization's Azure network traffic by analyzing, and correlating Network Security Group flow logs. \nYou can trace malicious traffic flows, and drill down into their protocols, source and destination IP addresses, machines, countries, and subnets. \nThis workbook also helps you protect your network by identifying weak NSG rules.", - "dataTypesDependencies": [ - "AzureNetworkAnalytics_CL" - ], - "dataConnectorsDependencies": [], - "previewImagesFileNames": [ - "AzureNetworkWatcherWhite.png", - "AzureNetworkWatcherBlack.png" - ], - "version": "1.1.0", - "title": "Azure Network Watcher", - "templateRelativePath": "AzureNetworkWatcher.json", - "subtitle": "", - "provider": "Microsoft" - }, - { - "workbookKey": "ZscalerFirewallWorkbook", - "logoFileName": "zscaler_logo.svg", - "description": "Gain insights into your ZIA cloud firewall logs by connecting to Microsoft Sentinel.\nThe Zscaler firewall overview workbook provides an overview and ability to drill down into all cloud firewall activity in your Zscaler instance including non-web related networking events, security events, firewall rules, and bandwidth consumption", - "dataTypesDependencies": [ - "CommonSecurityLog" - ], - "dataConnectorsDependencies": [ - "Zscaler" - ], - "previewImagesFileNames": [ - "ZscalerFirewallWhite1.png", - "ZscalerFirewallBlack1.png", - "ZscalerFirewallWhite2.png", - "ZscalerFirewallBlack2.png" - ], - "version": "1.1.0", - "title": "Zscaler Firewall", - "templateRelativePath": "ZscalerFirewall.json", - "subtitle": "", - "provider": "Zscaler" - }, - { - "workbookKey": "ZscalerWebOverviewWorkbook", - "logoFileName": "zscaler_logo.svg", - "description": "Gain insights into your ZIA web logs by connecting to Microsoft Sentinel.\nThe Zscaler web overview workbook provides a bird's eye view and ability to drill down into all the security and networking events related to web transactions, types of devices, and bandwidth consumption.", - "dataTypesDependencies": [ - "CommonSecurityLog" - ], - "dataConnectorsDependencies": [ - "Zscaler" - ], - "previewImagesFileNames": [ - "ZscalerWebOverviewWhite.png", - "ZscalerWebOverviewBlack.png" - ], - "version": "1.1.0", - "title": "Zscaler Web Overview", - "templateRelativePath": "ZscalerWebOverview.json", - "subtitle": "", - "provider": "Zscaler" - }, - { - "workbookKey": "ZscalerThreatsOverviewWorkbook", - "logoFileName": "zscaler_logo.svg", - "description": "Gain insights into threats blocked by Zscaler Internet access on your network.\nThe Zscaler threat overview workbook shows your entire threat landscape including blocked malware, IPS/AV rules, and blocked cloud apps. Threats are displayed by threat categories, filetypes, inbound vs outbound threats, usernames, user location, and more.", - "dataTypesDependencies": [ - "CommonSecurityLog" - ], - "dataConnectorsDependencies": [ - "Zscaler" - ], - "previewImagesFileNames": [ - "ZscalerThreatsWhite.png", - "ZscalerThreatsBlack.png" - ], - "version": "1.2.0", - "title": "Zscaler Threats", - "templateRelativePath": "ZscalerThreats.json", - "subtitle": "", - "provider": "Zscaler" - }, - { - "workbookKey": "ZscalerOffice365AppsWorkbook", - "logoFileName": "zscaler_logo.svg", - "description": "Gain insights into Office 365 use on your network.\nThe Zscaler Office 365 overview workbook shows you the Microsoft apps running on your network and their individual bandwidth consumption. It also helps identify phishing attempts in which attackers disguised themselves as Microsoft services.", - "dataTypesDependencies": [ - "CommonSecurityLog" - ], - "dataConnectorsDependencies": [ - "Zscaler" - ], - "previewImagesFileNames": [ - "ZscalerOffice365White.png", - "ZscalerOffice365Black.png" - ], - "version": "1.1.0", - "title": "Zscaler Office365 Apps", - "templateRelativePath": "ZscalerOffice365Apps.json", - "subtitle": "", - "provider": "Zscaler" - }, - { - "workbookKey": "InsecureProtocolsWorkbook", - "logoFileName": "Microsoft_logo.svg", - "description": "Gain insights into insecure protocol traffic by collecting and analyzing security events from Microsoft products.\nYou can view analytics and quickly identify use of weak authentication as well as sources of legacy protocol traffic, like NTLM and SMBv1.\nYou will also have the ability to monitor use of weak ciphers, allowing you to find weak spots in your organization's security.", - "dataTypesDependencies": [ - "SecurityEvent", - "Event", - "SigninLogs" - ], - "dataConnectorsDependencies": [ - "SecurityEvents", - "AzureActiveDirectory", - "WindowsSecurityEvents" - ], - "previewImagesFileNames": [ - "InsecureProtocolsWhite1.png", - "InsecureProtocolsBlack1.png", - "InsecureProtocolsWhite2.png", - "InsecureProtocolsBlack2.png" - ], - "version": "2.1.0", - "title": "Insecure Protocols", - "templateRelativePath": "InsecureProtocols.json", - "subtitle": "", - "provider": "Microsoft" - }, - { - "workbookKey": "AmazonWebServicesNetworkActivitiesWorkbook", - "logoFileName": "amazon_web_services_Logo.svg", - "description": "Gain insights into AWS network related resource activities, including the creation, update, and deletions of security groups, network ACLs and routes, gateways, elastic load balancers, VPCs, subnets, and network interfaces.", - "dataTypesDependencies": [ - "AWSCloudTrail" - ], - "dataConnectorsDependencies": [ - "AWS" - ], - "previewImagesFileNames": [ - "AwsNetworkActivitiesWhite.png", - "AwsNetworkActivitiesBlack.png" - ], - "version": "1.0.0", - "title": "AWS Network Activities", - "templateRelativePath": "AmazonWebServicesNetworkActivities.json", - "subtitle": "", - "provider": "Microsoft" - }, - { - "workbookKey": "AmazonWebServicesUserActivitiesWorkbook", - "logoFileName": "amazon_web_services_Logo.svg", - "description": "Gain insights into AWS user activities, including failed sign-in attempts, IP addresses, regions, user agents, and identity types, as well as potential malicious user activities with assumed roles.", - "dataTypesDependencies": [ - "AWSCloudTrail" - ], - "dataConnectorsDependencies": [ - "AWS" - ], - "previewImagesFileNames": [ - "AwsUserActivitiesWhite.png", - "AwsUserActivitiesBlack.png" - ], - "version": "1.0.0", - "title": "AWS User Activities", - "templateRelativePath": "AmazonWebServicesUserActivities.json", - "subtitle": "", - "provider": "Microsoft" - }, - { - "workbookKey": "TrendMicroDeepSecurityAttackActivityWorkbook", - "logoFileName": "trendmicro_logo.svg", - "description": "Visualize and gain insights into the MITRE ATT&CK related activity detected by Trend Micro Deep Security.", - "dataTypesDependencies": [ - "CommonSecurityLog" - ], - "dataConnectorsDependencies": [ - "TrendMicro" - ], - "previewImagesFileNames": [ - "TrendMicroDeepSecurityAttackActivityWhite.png", - "TrendMicroDeepSecurityAttackActivityBlack.png" - ], - "version": "1.0.0", - "title": "Trend Micro Deep Security ATT&CK Related Activity", - "templateRelativePath": "TrendMicroDeepSecurityAttackActivity.json", - "subtitle": "", - "provider": "Trend Micro" - }, - { - "workbookKey": "TrendMicroDeepSecurityOverviewWorkbook", - "logoFileName": "trendmicro_logo.svg", - "description": "Gain insights into your Trend Micro Deep Security security event data by visualizing your Deep Security Anti-Malware, Firewall, Integrity Monitoring, Intrusion Prevention, Log Inspection, and Web Reputation event data.", - "dataTypesDependencies": [ - "CommonSecurityLog" - ], - "dataConnectorsDependencies": [ - "TrendMicro" - ], - "previewImagesFileNames": [ - "TrendMicroDeepSecurityOverviewWhite1.png", - "TrendMicroDeepSecurityOverviewBlack1.png", - "TrendMicroDeepSecurityOverviewWhite2.png", - "TrendMicroDeepSecurityOverviewBlack2.png" - ], - "version": "1.0.0", - "title": "Trend Micro Deep Security Events", - "templateRelativePath": "TrendMicroDeepSecurityOverview.json", - "subtitle": "", - "provider": "Trend Micro" - }, - { - "workbookKey": "ExtraHopDetectionSummaryWorkbook", - "logoFileName": "extrahop_logo.svg", - "description": "Gain insights into ExtraHop Reveal(x) detections by analyzing traffic and activities.\nThis workbook provides an overview of security detections in your organization's network, including high-risk detections and top participants.", - "dataTypesDependencies": [ - "CommonSecurityLog" - ], - "dataConnectorsDependencies": [ - "ExtraHopNetworks" - ], - "previewImagesFileNames": [ - "ExtrahopWhite.png", - "ExtrahopBlack.png" - ], - "version": "1.0.0", - "title": "ExtraHop", - "templateRelativePath": "ExtraHopDetectionSummary.json", - "subtitle": "", - "provider": "ExtraHop Networks" - }, - { - "workbookKey": "BarracudaCloudFirewallWorkbook", - "logoFileName": "barracuda_logo.svg", - "description": "Gain insights into your Barracuda CloudGen Firewall by analyzing firewall operations and events.\nThis workbook provides insights into rule enforcement, network activities, including number of connections, top users, and helps you identify applications that are popular on your network.", - "dataTypesDependencies": [ - "CommonSecurityLog", - "Syslog" - ], - "dataConnectorsDependencies": [ - "BarracudaCloudFirewall" - ], - "previewImagesFileNames": [ - "BarracudaWhite1.png", - "BarracudaBlack1.png", - "BarracudaWhite2.png", - "BarracudaBlack2.png" - ], - "version": "1.0.0", - "title": "Barracuda CloudGen FW", - "templateRelativePath": "Barracuda.json", - "subtitle": "", - "provider": "Barracuda" - }, - { - "workbookKey": "CitrixWorkbook", - "logoFileName": "citrix_logo.svg", - "description": "Citrix Analytics for Security aggregates and correlates information across network traffic, users, files and endpoints in Citrix environments. This generates actionable insights that enable Citrix administrators and security teams to remediate user security threats through automation while optimizing IT operations. Machine learning and artificial intelligence empowers Citrix Analytics for Security to identify and take automated action to prevent data exfiltration. While delivered as a cloud service, Citrix Analytics for Security can generate insights from resources located on-premises, in the cloud, or in hybrid architectures. The Citrix Analytics Workbook further enhances the value of both your Citrix Analytics for Security and Microsoft Sentinel. The Workbook enables you to integrate data sources together, helping you gain even richer insights. It also gives Security Operations (SOC) teams the ability to correlate data from disparate logs, helping you identify and proactively remediate security risk quickly. Additionally, valuable dashboards that were unique to the Citrix Analytics for Security can now be implemented in Sentinel. You can also create new custom Workbooks that were not previously available, helping extend the value of both investments.", - "dataTypesDependencies": [ - "CitrixAnalytics_userProfile_CL", - "CitrixAnalytics_riskScoreChange_CL", - "CitrixAnalytics_indicatorSummary_CL", - "CitrixAnalytics_indicatorEventDetails_CL" - ], - "dataConnectorsDependencies": [ - "Citrix" - ], - "previewImagesFileNames": [ - "CitrixWhite.png", - "CitrixBlack.png" - ], - "version": "2.1.0", - "title": "Citrix Analytics", - "templateRelativePath": "Citrix.json", - "subtitle": "", - "provider": "Citrix Systems Inc." - }, - { - "workbookKey": "OneIdentityWorkbook", - "logoFileName": "oneIdentity_logo.svg", - "description": "This simple workbook gives an overview of sessions going through your SafeGuard for Privileged Sessions device.", - "dataTypesDependencies": [ - "CommonSecurityLog" - ], - "dataConnectorsDependencies": [ - "OneIdentity" - ], - "previewImagesFileNames": [ - "OneIdentityWhite.png", - "OneIdentityBlack.png" - ], - "version": "1.0.0", - "title": "One Identity", - "templateRelativePath": "OneIdentity.json", - "subtitle": "", - "provider": "One Identity LLC." - }, - { - "workbookKey": "SecurityStatusWorkbook", - "logoFileName": "", - "description": "This workbook gives an overview of Security Settings for VMs and Azure Arc.", - "dataTypesDependencies": [ - "CommonSecurityLog", - "SecurityEvent", - "Syslog" - ], - "dataConnectorsDependencies": [], - "previewImagesFileNames": [ - "AzureSentinelSecurityStatusBlack.png", - "AzureSentinelSecurityStatusWhite.png" - ], - "version": "1.3.0", - "title": "Security Status", - "templateRelativePath": "SecurityStatus.json", - "subtitle": "", - "provider": "Microsoft" - }, - { - "workbookKey": "AzureSentinelSecurityAlertsWorkbook", - "logoFileName": "Azure_Sentinel.svg", - "description": "Security Alerts dashboard for alerts in your Microsoft Sentinel environment.", - "dataTypesDependencies": [ - "SecurityAlert" - ], - "dataConnectorsDependencies": [], - "previewImagesFileNames": [ - "AzureSentinelSecurityAlertsWhite.png", - "AzureSentinelSecurityAlertsBlack.png" - ], - "version": "1.1.0", - "title": "Security Alerts", - "templateRelativePath": "AzureSentinelSecurityAlerts.json", - "subtitle": "", - "provider": "Microsoft" - }, - { - "workbookKey": "SquadraTechnologiesSecRMMWorkbook", - "logoFileName": "SquadraTechnologiesLogo.svg", - "description": "This workbook gives an overview of security data for removable storage activity such as USB thumb drives and USB connected mobile devices.", - "dataTypesDependencies": [ - "secRMM_CL" - ], - "dataConnectorsDependencies": [ - "SquadraTechnologiesSecRmm" - ], - "previewImagesFileNames": [ - "SquadraTechnologiesSecRMMWhite.PNG", - "SquadraTechnologiesSecRMMBlack.PNG" - ], - "version": "1.0.0", - "title": "Squadra Technologies SecRMM - USB removable storage security", - "templateRelativePath": "SquadraTechnologiesSecRMM.json", - "subtitle": "", - "provider": "Squadra Technologies" - }, - { - "workbookKey": "IoT-Alerts", - "logoFileName": "IoTIcon.svg", - "description": "Gain insights into your IoT data workloads from Azure IoT Hub managed deployments, monitor alerts across all your IoT Hub deployments, detect devices at risk and act upon potential threats.", - "dataTypesDependencies": [ - "SecurityAlert" - ], - "dataConnectorsDependencies": [ - "IoT" - ], - "previewImagesFileNames": [ - "IOTBlack1.png", - "IOTWhite1.png" - ], - "version": "1.2.0", - "title": "Azure Defender for IoT Alerts", - "templateRelativePath": "IOT_Alerts.json", - "subtitle": "", - "provider": "Microsoft" - }, - { - "workbookKey": "IoTAssetDiscovery", - "logoFileName": "IoTIcon.svg", - "description": "IoT Devices asset discovery from Firewall logs By Azure Defender for IoT", - "dataTypesDependencies": [ - "CommonSecurityLog" - ], - "dataConnectorsDependencies": [ - "Fortinet" - ], - "previewImagesFileNames": [ - "workbook-iotassetdiscovery-screenshot-Black.PNG", - "workbook-iotassetdiscovery-screenshot-White.PNG" - ], - "version": "1.0.0", - "title": "IoT Asset Discovery", - "templateRelativePath": "IoTAssetDiscovery.json", - "subtitle": "", - "provider": "Microsoft" - }, - { - "workbookKey": "ForcepointCASBWorkbook", - "logoFileName": "FP_Green_Emblem_RGB-01.svg", - "description": "Get insights on user risk with the Forcepoint CASB (Cloud Access Security Broker) workbook.", - "dataTypesDependencies": [ - "CommonSecurityLog" - ], - "dataConnectorsDependencies": [ - "ForcepointCasb" - ], - "previewImagesFileNames": [ - "ForcepointCASBWhite.png", - "ForcepointCASBBlack.png" - ], - "version": "1.0.0", - "title": "Forcepoint Cloud Access Security Broker (CASB)", - "templateRelativePath": "ForcepointCASB.json", - "subtitle": "", - "provider": "Forcepoint" - }, - { - "workbookKey": "ForcepointNGFWWorkbook", - "logoFileName": "FP_Green_Emblem_RGB-01.svg", - "description": "Get insights on firewall activities with the Forcepoint NGFW (Next Generation Firewall) workbook.", - "dataTypesDependencies": [ - "CommonSecurityLog" - ], - "dataConnectorsDependencies": [ - "ForcepointNgfw" - ], - "previewImagesFileNames": [ - "ForcepointNGFWWhite.png", - "ForcepointNGFWBlack.png" - ], - "version": "1.0.0", - "title": "Forcepoint Next Generation Firewall (NGFW)", - "templateRelativePath": "ForcepointNGFW.json", - "subtitle": "", - "provider": "Forcepoint" - }, - { - "workbookKey": "ForcepointDLPWorkbook", - "logoFileName": "FP_Green_Emblem_RGB-01.svg", - "description": "Get insights on DLP incidents with the Forcepoint DLP (Data Loss Prevention) workbook.", - "dataTypesDependencies": [ - "ForcepointDLPEvents_CL" - ], - "dataConnectorsDependencies": [ - "ForcepointDlp" - ], - "previewImagesFileNames": [ - "ForcepointDLPWhite.png", - "ForcepointDLPBlack.png" - ], - "version": "1.0.0", - "title": "Forcepoint Data Loss Prevention (DLP)", - "templateRelativePath": "ForcepointDLP.json", - "subtitle": "", - "provider": "Forcepoint" - }, - { - "workbookKey": "ZimperiumMTDWorkbook", - "logoFileName": "ZIMPERIUM-logo_square2.svg", - "description": "This workbook provides insights on Zimperium Mobile Threat Defense (MTD) threats and mitigations.", - "dataTypesDependencies": [ - "ZimperiumThreatLog_CL", - "ZimperiumMitigationLog_CL" - ], - "dataConnectorsDependencies": [ - "ZimperiumMtdAlerts" - ], - "previewImagesFileNames": [ - "ZimperiumWhite.png", - "ZimperiumBlack.png" - ], - "version": "1.0.0", - "title": "Zimperium Mobile Threat Defense (MTD)", - "templateRelativePath": "ZimperiumWorkbooks.json", - "subtitle": "", - "provider": "Zimperium" - }, - { - "workbookKey": "AzureAuditActivityAndSigninWorkbook", - "logoFileName": "azureactivedirectory_logo.svg", - "description": "Gain insights into Azure Active Directory Audit, Activity and Signins with one workbook. This workbook can be used by Security and Azure administrators.", - "dataTypesDependencies": [ - "AzureActivity", - "AuditLogs", - "SigninLogs" - ], - "dataConnectorsDependencies": [ - "AzureActiveDirectory" - ], - "previewImagesFileNames": [ - "AzureAuditActivityAndSigninWhite1.png", - "AzureAuditActivityAndSigninWhite2.png", - "AzureAuditActivityAndSigninBlack1.png", - "AzureAuditActivityAndSigninBlack2.png" - ], - "version": "1.2.0", - "title": "Azure AD Audit, Activity and Sign-in logs", - "templateRelativePath": "AzureAuditActivityAndSignin.json", - "subtitle": "", - "provider": "Microsoft Sentinel community" - }, - { - "workbookKey": "WindowsFirewall", - "logoFileName": "Microsoft_logo.svg", - "description": "Gain insights into Windows Firewall logs in combination with security and Azure signin logs", - "dataTypesDependencies": [ - "WindowsFirewall", - "SecurityEvent", - "SigninLogs" - ], - "dataConnectorsDependencies": [ - "SecurityEvents", - "WindowsFirewall", - "WindowsSecurityEvents" - ], - "previewImagesFileNames": [ - "WindowsFirewallWhite1.png", - "WindowsFirewallWhite2.png", - "WindowsFirewallBlack1.png", - "WindowsFirewallBlack2.png" - ], - "version": "1.0.0", - "title": "Windows Firewall", - "templateRelativePath": "WindowsFirewall.json", - "subtitle": "", - "provider": "Microsoft Sentinel community" - }, - { - "workbookKey": "EventAnalyzerwWorkbook", - "logoFileName": "", - "description": "The Event Analyzer workbook allows to explore, audit and speed up analysis of Windows Event Logs, including all event details and attributes, such as security, application, system, setup, directory service, DNS and others.", - "dataTypesDependencies": [ - "SecurityEvent" - ], - "dataConnectorsDependencies": [ - "SecurityEvents", - "WindowsSecurityEvents" - ], - "previewImagesFileNames": [ - "EventAnalyzer-Workbook-White.png", - "EventAnalyzer-Workbook-Black.png" - ], - "version": "1.0.0", - "title": "Event Analyzer", - "templateRelativePath": "EventAnalyzer.json", - "subtitle": "", - "provider": "Microsoft Sentinel community" - }, - { - "workbookKey": "ASC-ComplianceandProtection", - "logoFileName": "", - "description": "Gain insight into regulatory compliance, alert trends, security posture, and more with this workbook based on Azure Security Center data.", - "dataTypesDependencies": [ - "SecurityAlert", - "ProtectionStatus", - "SecurityRecommendation", - "SecurityBaseline", - "SecurityBaselineSummary", - "Update", - "ConfigurationChange" - ], - "dataConnectorsDependencies": [ - "AzureSecurityCenter" - ], - "previewImagesFileNames": [ - "ASCCaPBlack.png", - "ASCCaPWhite.png" - ], - "version": "1.2.0", - "title": "ASC Compliance and Protection", - "templateRelativePath": "ASC-ComplianceandProtection.json", - "subtitle": "", - "provider": "Microsoft Sentinel community" - }, - { - "workbookKey": "AIVectraDetectWorkbook", - "logoFileName": "AIVectraDetect.svg", - "description": "Start investigating network attacks surfaced by Vectra Detect directly from Sentinel. View critical hosts, accounts, campaigns and detections. Also monitor Vectra system health and audit logs.", - "dataTypesDependencies": [ - "CommonSecurityLog" - ], - "dataConnectorsDependencies": [ - "AIVectraDetect" - ], - "previewImagesFileNames": [ - "AIVectraDetectWhite1.png", - "AIVectraDetectBlack1.png" - ], - "version": "1.1.1", - "title": "Vectra AI Detect", - "templateRelativePath": "AIVectraDetectWorkbook.json", - "subtitle": "", - "provider": "Vectra AI" - }, - { - "workbookKey": "Perimeter81OverviewWorkbook", - "logoFileName": "Perimeter81_Logo.svg", - "description": "Gain insights and comprehensive monitoring into your Perimeter 81 account by analyzing activities.", - "dataTypesDependencies": [ - "Perimeter81_CL" - ], - "dataConnectorsDependencies": [ - "Perimeter81ActivityLogs" - ], - "previewImagesFileNames": [ - "Perimeter81OverviewWhite1.png", - "Perimeter81OverviewBlack1.png", - "Perimeter81OverviewWhite2.png", - "Perimeter81OverviewBlack2.png" - ], - "version": "1.0.0", - "title": "Perimeter 81 Overview", - "templateRelativePath": "Perimeter81OverviewWorkbook.json", - "subtitle": "", - "provider": "Perimeter 81" - }, - { - "workbookKey": "SymantecProxySGWorkbook", - "logoFileName": "symantec_logo.svg", - "description": "Gain insight into Symantec ProxySG by analyzing, collecting and correlating proxy data.\nThis workbook provides visibility into ProxySG Access logs", - "dataTypesDependencies": [ - "Syslog" - ], - "dataConnectorsDependencies": [ - "SymantecProxySG" - ], - "previewImagesFileNames": [ - "SymantecProxySGWhite.png", - "SymantecProxySGBlack.png" - ], - "version": "1.0.0", - "title": "Symantec ProxySG", - "templateRelativePath": "SymantecProxySG.json", - "subtitle": "", - "provider": "Symantec" - }, - { - "workbookKey": "IllusiveASMWorkbook", - "logoFileName": "illusive_logo_workbook.svg", - "description": "Gain insights into your organization's Cyber Hygiene and Attack Surface risk.\nIllusive ASM automates discovery and clean-up of credential violations, allows drill-down inspection of pathways to critical assets, and provides risk insights that inform intelligent decision-making to reduce attacker mobility.", - "dataTypesDependencies": [ - "CommonSecurityLog" - ], - "dataConnectorsDependencies": [ - "illusiveAttackManagementSystem" - ], - "previewImagesFileNames": [ - "IllusiveASMWhite.png", - "IllusiveASMBlack.png" - ], - "version": "1.0.0", - "title": "Illusive ASM Dashboard", - "templateRelativePath": "IllusiveASM.json", - "subtitle": "", - "provider": "Illusive" - }, - { - "workbookKey": "IllusiveADSWorkbook", - "logoFileName": "illusive_logo_workbook.svg", - "description": "Gain insights into unauthorized lateral movement in your organization's network.\nIllusive ADS is designed to paralyzes attackers and eradicates in-network threats by creating a hostile environment for the attackers across all the layers of the attack surface.", - "dataTypesDependencies": [ - "CommonSecurityLog" - ], - "dataConnectorsDependencies": [ - "illusiveAttackManagementSystem" - ], - "previewImagesFileNames": [ - "IllusiveADSWhite.png", - "IllusiveADSBlack.png" - ], - "version": "1.0.0", - "title": "Illusive ADS Dashboard", - "templateRelativePath": "IllusiveADS.json", - "subtitle": "", - "provider": "Illusive" - }, - { - "workbookKey": "PulseConnectSecureWorkbook", - "logoFileName": "", - "description": "Gain insight into Pulse Secure VPN by analyzing, collecting and correlating vulnerability data.\nThis workbook provides visibility into user VPN activities", - "dataTypesDependencies": [ - "Syslog" - ], - "dataConnectorsDependencies": [ - "PulseConnectSecure" - ], - "previewImagesFileNames": [ - "PulseConnectSecureWhite.png", - "PulseConnectSecureBlack.png" - ], - "version": "1.0.0", - "title": "Pulse Connect Secure", - "templateRelativePath": "PulseConnectSecure.json", - "subtitle": "", - "provider": "Pulse Secure" - }, - { - "workbookKey": "InfobloxNIOSWorkbook", - "logoFileName": "infoblox_logo.svg", - "description": "Gain insight into Infoblox NIOS by analyzing, collecting and correlating DHCP and DNS data.\nThis workbook provides visibility into DHCP and DNS traffic", - "dataTypesDependencies": [ - "Syslog" - ], - "dataConnectorsDependencies": [ - "InfobloxNIOS" - ], - "previewImagesFileNames": [], - "version": "1.1.0", - "title": "Infoblox NIOS", - "templateRelativePath": "Infoblox-Workbook-V2.json", - "subtitle": "", - "provider": "Infoblox" - }, - { - "workbookKey": "SymantecVIPWorkbook", - "logoFileName": "symantec_logo.svg", - "description": "Gain insight into Symantec VIP by analyzing, collecting and correlating strong authentication data.\nThis workbook provides visibility into user authentications", - "dataTypesDependencies": [ - "Syslog" - ], - "dataConnectorsDependencies": [ - "SymantecVIP" - ], - "previewImagesFileNames": [ - "SymantecVIPWhite.png", - "SymantecVIPBlack.png" - ], - "version": "1.0.0", - "title": "Symantec VIP", - "templateRelativePath": "SymantecVIP.json", - "subtitle": "", - "provider": "Symantec" - }, - { - "workbookKey": "ProofPointTAPWorkbook", - "logoFileName": "proofpointlogo.svg", - "description": "Gain extensive insight into Proofpoint Targeted Attack Protection (TAP) by analyzing, collecting and correlating TAP log events.\nThis workbook provides visibility into message and click events that were permitted, delivered, or blocked", - "dataTypesDependencies": [ - "ProofPointTAPMessagesBlocked_CL", - "ProofPointTAPMessagesDelivered_CL", - "ProofPointTAPClicksPermitted_CL", - "ProofPointTAPClicksBlocked_CL" - ], - "dataConnectorsDependencies": [ - "ProofpointTAP" - ], - "previewImagesFileNames": [ - "ProofpointTAPWhite.png", - "ProofpointTAPBlack.png" - ], - "version": "1.0.0", - "title": "Proofpoint TAP", - "templateRelativePath": "ProofpointTAP.json", - "subtitle": "", - "provider": "Proofpoint" - }, - { - "workbookKey": "QualysVMV2Workbook", - "logoFileName": "qualys_logo.svg", - "description": "Gain insight into Qualys Vulnerability Management by analyzing, collecting and correlating vulnerability data.\nThis workbook provides visibility into vulnerabilities detected from vulnerability scans", - "dataTypesDependencies": [ - "QualysHostDetectionV2_CL" - ], - "dataConnectorsDependencies": [ - "QualysVulnerabilityManagement" - ], - "previewImagesFileNames": [ - "QualysVMWhite.png", - "QualysVMBlack.png" - ], - "version": "1.0.0", - "title": "Qualys Vulnerability Management", - "templateRelativePath": "QualysVMv2.json", - "subtitle": "", - "provider": "Qualys" - }, - { - "workbookKey": "GitHubSecurityWorkbook", - "logoFileName": "GitHub.svg", - "description": "Gain insights to GitHub activities that may be interesting for security.", - "dataTypesDependencies": [ - "Github_CL", - "GitHubRepoLogs_CL" - ], - "dataConnectorsDependencies": [], - "previewImagesFileNames": [ - "GitHubSecurityWhite.png", - "GitHubSecurityBlack.png" - ], - "version": "1.0.0", - "title": "GitHub Security", - "templateRelativePath": "GitHubSecurityWorkbook.json", - "subtitle": "", - "provider": "Microsoft Sentinel community" - }, - { - "workbookKey": "VisualizationDemo", - "logoFileName": "", - "description": "Learn and explore the many ways of displaying information within Microsoft Sentinel workbooks", - "dataTypesDependencies": [ - "SecurityAlert" - ], - "dataConnectorsDependencies": [], - "previewImagesFileNames": [ - "VisualizationDemoBlack.png", - "VisualizationDemoWhite.png" - ], - "version": "1.0.0", - "title": "Visualizations Demo", - "templateRelativePath": "VisualizationDemo.json", - "subtitle": "", - "provider": "Microsoft Sentinel Community" - }, - { - "workbookKey": "SophosXGFirewallWorkbook", - "logoFileName": "sophos_logo.svg", - "description": "Gain insight into Sophos XG Firewall by analyzing, collecting and correlating firewall data.\nThis workbook provides visibility into network traffic", - "dataTypesDependencies": [ - "Syslog" - ], - "dataConnectorsDependencies": [ - "SophosXGFirewall" - ], - "previewImagesFileNames": [ - "SophosXGFirewallWhite.png", - "SophosXGFirewallBlack.png" - ], - "version": "1.0.0", - "title": "Sophos XG Firewall", - "templateRelativePath": "SophosXGFirewall.json", - "subtitle": "", - "provider": "Sophos" - }, - { - "workbookKey": "SysmonThreatHuntingWorkbook", - "logoFileName": "", - "description": "Simplify your threat hunts using Sysmon data mapped to MITRE ATT&CK data. This workbook gives you the ability to drilldown into system activity based on known ATT&CK techniques as well as other threat hunting entry points such as user activity, network connections or virtual machine Sysmon events.\nPlease note that for this workbook to work you must have deployed Sysmon on your virtual machines in line with the instructions at https://github.com/BlueTeamLabs/sentinel-attack/wiki/Onboarding-sysmon-data-to-Azure-Sentinel", - "dataTypesDependencies": [ - "Event" - ], - "dataConnectorsDependencies": [], - "previewImagesFileNames": [ - "SysmonThreatHuntingWhite1.png", - "SysmonThreatHuntingBlack1.png" - ], - "version": "1.4.0", - "title": "Sysmon Threat Hunting", - "templateRelativePath": "SysmonThreatHunting.json", - "subtitle": "", - "provider": "Microsoft Sentinel community" - }, - { - "workbookKey": "WebApplicationFirewallWAFTypeEventsWorkbook", - "logoFileName": "webapplicationfirewall(WAF)_logo.svg", - "description": "Gain insights into your organization's Azure web application firewall (WAF) across various services such as Azure Front Door Service and Application Gateway. You can view event triggers, full messages, attacks over time, among other data. Several aspects of the workbook are interactable to allow users to further understand their data", - "dataTypesDependencies": [ - "AzureDiagnostics" - ], - "dataConnectorsDependencies": [ - "WAF" - ], - "previewImagesFileNames": [ - "WAFFirewallWAFTypeEventsBlack1.PNG", - "WAFFirewallWAFTypeEventsBlack2.PNG", - "WAFFirewallWAFTypeEventsBlack3.PNG", - "WAFFirewallWAFTypeEventsBlack4.PNG", - "WAFFirewallWAFTypeEventsWhite1.png", - "WAFFirewallWAFTypeEventsWhite2.PNG", - "WAFFirewallWAFTypeEventsWhite3.PNG", - "WAFFirewallWAFTypeEventsWhite4.PNG" - ], - "version": "1.1.0", - "title": "Microsoft Web Application Firewall (WAF) - Azure WAF", - "templateRelativePath": "WebApplicationFirewallWAFTypeEvents.json", - "subtitle": "", - "provider": "Microsoft" - }, - { - "workbookKey": "OrcaAlertsOverviewWorkbook", - "logoFileName": "Orca_logo.svg", - "description": "A visualized overview of Orca security alerts.\nExplore, analize and learn about your security posture using Orca alerts Overview", - "dataTypesDependencies": [ - "OrcaAlerts_CL" - ], - "dataConnectorsDependencies": [ - "OrcaSecurityAlerts" - ], - "previewImagesFileNames": [ - "OrcaAlertsWhite.png", - "OrcaAlertsBlack.png" - ], - "version": "1.1.0", - "title": "Orca alerts overview", - "templateRelativePath": "OrcaAlerts.json", - "subtitle": "", - "provider": "Orca Security" - }, - { - "workbookKey": "CyberArkWorkbook", - "logoFileName": "CyberArk_Logo.svg", - "description": "The CyberArk Syslog connector allows you to easily connect all your CyberArk security solution logs with your Microsoft Sentinel, to view dashboards, create custom alerts, and improve investigation. Integration between CyberArk and Microsoft Sentinel makes use of the CEF Data Connector to properly parse and display CyberArk Syslog messages.", - "dataTypesDependencies": [ - "CommonSecurityLog" - ], - "dataConnectorsDependencies": [ - "CyberArk" - ], - "previewImagesFileNames": [ - "CyberArkActivitiesWhite.PNG", - "CyberArkActivitiesBlack.PNG" - ], - "version": "1.1.0", - "title": "CyberArk EPV Events", - "templateRelativePath": "CyberArkEPV.json", - "subtitle": "", - "provider": "CyberArk" - }, - { - "workbookKey": "UserEntityBehaviorAnalyticsWorkbook", - "logoFileName": "Azure_Sentinel.svg", - "description": "Identify compromised users and insider threats using User and Entity Behavior Analytics. Gain insights into anomalous user behavior from baselines learned from behavior patterns", - "dataTypesDependencies": [ - "BehaviorAnalytics" - ], - "dataConnectorsDependencies": [], - "previewImagesFileNames": [ - "UserEntityBehaviorAnalyticsBlack1.png", - "UserEntityBehaviorAnalyticsWhite1.png" - ], - "version": "1.2.0", - "title": "User And Entity Behavior Analytics", - "templateRelativePath": "UserEntityBehaviorAnalytics.json", - "subtitle": "", - "provider": "Microsoft" - }, - { - "workbookKey": "CitrixWAF", - "logoFileName": "citrix_logo.svg", - "description": "Gain insight into the Citrix WAF logs", - "dataTypesDependencies": [ - "CommonSecurityLog" - ], - "dataConnectorsDependencies": [ - "CitrixWAF" - ], - "previewImagesFileNames": [ - "CitrixWAFBlack.png", - "CitrixWAFWhite.png" - ], - "version": "1.0.0", - "title": "Citrix WAF (Web App Firewall)", - "templateRelativePath": "CitrixWAF.json", - "subtitle": "", - "provider": "Citrix Systems Inc." - }, - { - "workbookKey": "UnifiSGWorkbook", - "logoFileName": "", - "description": "Gain insights into Unifi Security Gateways analyzing traffic and activities.", - "dataTypesDependencies": [ - "CommonSecurityLog" - ], - "dataConnectorsDependencies": [], - "previewImagesFileNames": [ - "UnifiSGBlack.png", - "UnifiSGWhite.png" - ], - "version": "1.0.0", - "title": "Unifi Security Gateway", - "templateRelativePath": "UnfiSG.json", - "subtitle": "", - "provider": "Microsoft Sentinel community" - }, - { - "workbookKey": "UnifiSGNetflowWorkbook", - "logoFileName": "", - "description": "Gain insights into Unifi Security Gateways analyzing traffic and activities using Netflow.", - "dataTypesDependencies": [ - "netflow_CL" - ], - "dataConnectorsDependencies": [], - "previewImagesFileNames": [ - "UnifiSGNetflowBlack.png", - "UnifiSGNetflowWhite.png" - ], - "version": "1.0.0", - "title": "Unifi Security Gateway - NetFlow", - "templateRelativePath": "UnfiSGNetflow.json", - "subtitle": "", - "provider": "Microsoft Sentinel community" - }, - { - "workbookKey": "NormalizedNetworkEventsWorkbook", - "logoFileName": "Azure_Sentinel.svg", - "description": "See insights on multiple networking appliances and other network sessions, that have been parsed or mapped to the normalized networking sessions table. Note this requires enabling parsers for the different products - to learn more, visit https://aka.ms/sentinelnormalizationdocs", - "dataTypesDependencies": [], - "dataConnectorsDependencies": [], - "previewImagesFileNames": [ - "NormalizedNetworkEventsWhite.png", - "NormalizedNetworkEventsBlack.png" - ], - "version": "1.0.0", - "title": "Normalized network events", - "templateRelativePath": "NormalizedNetworkEvents.json", - "subtitle": "", - "provider": "Microsoft" - }, - { - "workbookKey": "WorkspaceAuditingWorkbook", - "logoFileName": "Azure_Sentinel.svg", - "description": "Workspace auditing report\r\nUse this report to understand query runs across your workspace.", - "dataTypesDependencies": [ - "LAQueryLogs" - ], - "dataConnectorsDependencies": [], - "previewImagesFileNames": [ - "WorkspaceAuditingWhite.png", - "WorkspaceAuditingBlack.png" - ], - "version": "1.0.0", - "title": "Workspace audit", - "templateRelativePath": "WorkspaceAuditing.json", - "subtitle": "", - "provider": "Microsoft Sentinel community" - }, - { - "workbookKey": "MITREATTACKWorkbook", - "logoFileName": "Azure_Sentinel.svg", - "description": "Workbook to showcase MITRE ATT&CK Coverage for Microsoft Sentinel", - "dataTypesDependencies": [ - "SecurityAlert" - ], - "dataConnectorsDependencies": [], - "previewImagesFileNames": [ - "MITREATTACKWhite1.PNG", - "MITREATTACKWhite2.PNG", - "MITREATTACKBlack1.PNG", - "MITREATTACKBlack2.PNG" - ], - "version": "1.0.1", - "title": "MITRE ATT&CK Workbook", - "templateRelativePath": "MITREAttack.json", - "subtitle": "", - "provider": "Microsoft Sentinel community" - }, - { - "workbookKey": "BETTERMTDWorkbook", - "logoFileName": "BETTER_MTD_logo.svg", - "description": "Workbook using the BETTER Mobile Threat Defense (MTD) connector, to give insights into your mobile devices, installed application and overall device security posture.", - "dataTypesDependencies": [ - "BetterMTDDeviceLog_CL", - "BetterMTDAppLog_CL", - "BetterMTDIncidentLog_CL", - "BetterMTDNetflowLog_CL" - ], - "dataConnectorsDependencies": [ - "BetterMTD" - ], - "previewImagesFileNames": [ - "BetterMTDWorkbookPreviewWhite1.png", - "BetterMTDWorkbookPreviewWhite2.png", - "BetterMTDWorkbookPreviewWhite3.png", - "BetterMTDWorkbookPreviewBlack1.png", - "BetterMTDWorkbookPreviewBlack2.png", - "BetterMTDWorkbookPreviewBlack3.png" - ], - "version": "1.1.0", - "title": "BETTER Mobile Threat Defense (MTD)", - "templateRelativePath": "BETTER_MTD_Workbook.json", - "subtitle": "", - "provider": "BETTER Mobile" - }, - { - "workbookKey": "AlsidIoEWorkbook", - "logoFileName": "Alsid.svg", - "description": "Workbook showcasing the state and evolution of your Alsid for AD Indicators of Exposures alerts.", - "dataTypesDependencies": [ - "AlsidForADLog_CL" - ], - "dataConnectorsDependencies": [ - "AlsidForAD" - ], - "previewImagesFileNames": [ - "AlsidIoEBlack1.png", - "AlsidIoEBlack2.png", - "AlsidIoEBlack3.png", - "AlsidIoEWhite1.png", - "AlsidIoEWhite2.png", - "AlsidIoEWhite3.png" - ], - "version": "1.0.0", - "title": "Alsid for AD | Indicators of Exposure", - "templateRelativePath": "AlsidIoE.json", - "subtitle": "", - "provider": "Alsid" - }, - { - "workbookKey": "AlsidIoAWorkbook", - "logoFileName": "Alsid.svg", - "description": "Workbook showcasing the state and evolution of your Alsid for AD Indicators of Attack alerts.", - "dataTypesDependencies": [ - "AlsidForADLog_CL" - ], - "dataConnectorsDependencies": [ - "AlsidForAD" - ], - "previewImagesFileNames": [ - "AlsidIoABlack1.png", - "AlsidIoABlack2.png", - "AlsidIoABlack3.png", - "AlsidIoAWhite1.png", - "AlsidIoAWhite2.png", - "AlsidIoAWhite3.png" - ], - "version": "1.0.0", - "title": "Alsid for AD | Indicators of Attack", - "templateRelativePath": "AlsidIoA.json", - "subtitle": "", - "provider": "Alsid" - }, - { - "workbookKey": "InvestigationInsightsWorkbook", - "logoFileName": "Microsoft_logo.svg", - "description": "Help analysts gain insight into incident, bookmark and entity data through the Investigation Insights Workbook. This workbook provides common queries and detailed visualizations to help an analyst investigate suspicious activities quickly with an easy to use interface. Analysts can start their investigation from a Microsoft Sentinel incident, bookmark, or by simply entering the entity data into the workbook manually.", - "dataTypesDependencies": [ - "AuditLogs", - "AzureActivity", - "CommonSecurityLog", - "OfficeActivity", - "SecurityEvent", - "SigninLogs", - "ThreatIntelligenceIndicator" - ], - "dataConnectorsDependencies": [ - "AzureActivity", - "SecurityEvents", - "Office365", - "AzureActiveDirectory", - "ThreatIntelligence", - "ThreatIntelligenceTaxii", - "WindowsSecurityEvents" - ], - "previewImagesFileNames": [ - "InvestigationInsightsWhite1.png", - "InvestigationInsightsBlack1.png", - "InvestigationInsightsWhite2.png", - "InvestigationInsightsBlack2.png" - ], - "version": "1.4.0", - "title": "Investigation Insights", - "templateRelativePath": "InvestigationInsights.json", - "subtitle": "", - "provider": "Microsoft Sentinel community" - }, - { - "workbookKey": "AksSecurityWorkbook", - "logoFileName": "Kubernetes_services.svg", - "description": "See insights about the security of your AKS clusters. The workbook helps to identify sensitive operations in the clusters and get insights based on Azure Defender alerts.", - "dataTypesDependencies": [ - "SecurityAlert", - "AzureDiagnostics" - ], - "dataConnectorsDependencies": [ - "AzureSecurityCenter", - "AzureKubernetes" - ], - "previewImagesFileNames": [ - "AksSecurityWhite.png", - "AksSecurityBlack.png" - ], - "version": "1.5.0", - "title": "Azure Kubernetes Service (AKS) Security", - "templateRelativePath": "AksSecurity.json", - "subtitle": "", - "provider": "Microsoft" - }, - { - "workbookKey": "AzureKeyVaultWorkbook", - "logoFileName": "KeyVault.svg", - "description": "See insights about the security of your Azure key vaults. The workbook helps to identify sensitive operations in the key vaults and get insights based on Azure Defender alerts.", - "dataTypesDependencies": [ - "SecurityAlert", - "AzureDiagnostics" - ], - "dataConnectorsDependencies": [ - "AzureSecurityCenter", - "AzureKeyVault" - ], - "previewImagesFileNames": [ - "AkvSecurityWhite.png", - "AkvSecurityBlack.png" - ], - "version": "1.1.0", - "title": "Azure Key Vault Security", - "templateRelativePath": "AzureKeyVaultWorkbook.json", - "subtitle": "", - "provider": "Microsoft" - }, - { - "workbookKey": "IncidentOverview", - "logoFileName": "Azure_Sentinel.svg", - "description": "The Incident Overview workbook is designed to assist in triaging and investigation by providing in-depth information about the incident, including:\r\n* General information\r\n* Entity data\r\n* Triage time (time between incident creation and first response)\r\n* Mitigation time (time between incident creation and closing)\r\n* Comments\r\n\r\nCustomize this workbook by saving and editing it. \r\nYou can reach this workbook template from the incidents panel as well. Once you have customized it, the link from the incident panel will open the customized workbook instead of the template.\r\n", - "dataTypesDependencies": [ - "SecurityAlert", - "SecurityIncident" - ], - "dataConnectorsDependencies": [], - "previewImagesFileNames": [ - "IncidentOverviewBlack1.png", - "IncidentOverviewWhite1.png", - "IncidentOverviewBlack2.png", - "IncidentOverviewWhite2.png" - ], - "version": "2.1.0", - "title": "Incident overview", - "templateRelativePath": "IncidentOverview.json", - "subtitle": "", - "provider": "Microsoft" - }, - { - "workbookKey": "SecurityOperationsEfficiency", - "logoFileName": "Azure_Sentinel.svg", - "description": "Security operations center managers can view overall efficiency metrics and measures regarding the performance of their team. They can find operations by multiple indicators over time including severity, MITRE tactics, mean time to triage, mean time to resolve and more. The SOC manager can develop a picture of the performance in both general and specific areas over time and use it to improve efficiency.", - "dataTypesDependencies": [ - "SecurityAlert", - "SecurityIncident" - ], - "dataConnectorsDependencies": [], - "previewImagesFileNames": [ - "SecurityEfficiencyWhite1.png", - "SecurityEfficiencyWhite2.png", - "SecurityEfficiencyBlack1.png", - "SecurityEfficiencyBlack2.png" - ], - "version": "1.5.0", - "title": "Security Operations Efficiency", - "templateRelativePath": "SecurityOperationsEfficiency.json", - "subtitle": "", - "provider": "Microsoft" - }, - { - "workbookKey": "DataCollectionHealthMonitoring", - "logoFileName": "Azure_Sentinel.svg", - "description": "Gain insights into your workspace's data ingestion status. In this workbook, you can view additional monitors and detect anomalies that will help you determine your workspace\u2019s data collection health.", - "dataTypesDependencies": [], - "dataConnectorsDependencies": [], - "previewImagesFileNames": [ - "HealthMonitoringWhite1.png", - "HealthMonitoringWhite2.png", - "HealthMonitoringWhite3.png", - "HealthMonitoringBlack1.png", - "HealthMonitoringBlack2.png", - "HealthMonitoringBlack3.png" - ], - "version": "1.0.0", - "title": "Data collection health monitoring", - "templateRelativePath": "DataCollectionHealthMonitoring.json", - "subtitle": "", - "provider": "Microsoft" - }, - { - "workbookKey": "OnapsisAlarmsWorkbook", - "logoFileName": "onapsis_logo.svg", - "description": "Gain insights into what is going on in your SAP Systems with this overview of the alarms triggered in the Onapsis Platform. Incidents are enriched with context and next steps to help your Security team respond effectively.", - "dataTypesDependencies": [ - "CommonSecurityLog" - ], - "dataConnectorsDependencies": [ - "OnapsisPlatform" - ], - "previewImagesFileNames": [ - "OnapsisWhite1.PNG", - "OnapsisBlack1.PNG", - "OnapsisWhite2.PNG", - "OnapsisBlack2.PNG" - ], - "version": "1.0.0", - "title": "Onapsis Alarms Overview", - "templateRelativePath": "OnapsisAlarmsOverview.json", - "subtitle": "", - "provider": "Onapsis" - }, - { - "workbookKey": "DelineaWorkbook", - "logoFileName": "DelineaLogo.svg", - "description": "The Delinea Secret Server Syslog connector", - "dataTypesDependencies": [ - "CommonSecurityLog" - ], - "dataConnectorsDependencies": [ - "DelineaSecretServer_CEF" - ], - "previewImagesFileNames": [ - "DelineaWorkbookWhite.PNG", - "DelineaWorkbookBlack.PNG" - ], - "version": "1.0.0", - "title": "Delinea Secret Server Workbook", - "templateRelativePath": "DelineaWorkbook.json", - "subtitle": "", - "provider": "Delinea" - }, - { - "workbookKey": "ForcepointCloudSecurityGatewayWorkbook", - "logoFileName": "Forcepoint_new_logo.svg", - "description": "Use this report to understand query runs across your workspace.", - "dataTypesDependencies": [ - "CommonSecurityLog" - ], - "dataConnectorsDependencies": [ - "ForcepointCSG" - ], - "previewImagesFileNames": [ - "ForcepointCloudSecurityGatewayWhite.png", - "ForcepointCloudSecurityGatewayBlack.png" - ], - "version": "1.0.0", - "title": "Forcepoint Cloud Security Gateway Workbook", - "templateRelativePath": "ForcepointCloudSecuirtyGatewayworkbook.json", - "subtitle": "", - "provider": "Forcepoint" - }, - { - "workbookKey": "IntsightsIOCWorkbook", - "logoFileName": "IntSights_logo.svg", - "description": "This Microsoft Sentinel workbook provides an overview of Indicators of Compromise (IOCs) and their correlations allowing users to analyze and visualize indicators based on severity, type, and other parameters.", - "dataTypesDependencies": [ - "ThreatIntelligenceIndicator", - "SecurityAlert" - ], - "dataConnectorsDependencies": [ - "ThreatIntelligenceTaxii" - ], - "previewImagesFileNames": [ - "IntsightsIOCWhite.png", - "IntsightsMatchedWhite.png", - "IntsightsMatchedBlack.png", - "IntsightsIOCBlack.png" - ], - "version": "2.0.0", - "title": "IntSights IOC Workbook", - "templateRelativePath": "IntsightsIOCWorkbook.json", - "subtitle": "", - "provider": "IntSights Cyber Intelligence" - }, - { - "workbookKey": "DarktraceSummaryWorkbook", - "logoFileName": "Darktrace.svg", - "description": "A workbook containing relevant KQL queries to help you visualise the data in model breaches from the Darktrace Connector", - "dataTypesDependencies": [ - "CommonSecurityLog" - ], - "dataConnectorsDependencies": [ - "Darktrace" - ], - "previewImagesFileNames": [ - "AIA-DarktraceSummaryWhite.png", - "AIA-DarktraceSummaryBlack.png" - ], - "version": "1.1.0", - "title": "AI Analyst Darktrace Model Breach Summary", - "templateRelativePath": "AIA-Darktrace.json", - "subtitle": "", - "provider": "Darktrace" - }, - { - "workbookKey": "TrendMicroXDR", - "logoFileName": "trendmicro_logo.svg", - "description": "Gain insights from Trend Vision One with this overview of the Alerts triggered.", - "dataTypesDependencies": [ - "TrendMicro_XDR_WORKBENCH_CL" - ], - "dataConnectorsDependencies": [ - "TrendMicroXDR" - ], - "previewImagesFileNames": [ - "TrendMicroXDROverviewWhite.png", - "TrendMicroXDROverviewBlack.png" - ], - "version": "1.3.0", - "title": "Trend Vision One Alert Overview", - "templateRelativePath": "TrendMicroXDROverview.json", - "subtitle": "", - "provider": "Trend Micro" - }, - { - "workbookKey": "CyberpionOverviewWorkbook", - "logoFileName": "cyberpion_logo.svg", - "description": "Use Cyberpion's Security Logs and this workbook, to get an overview of your online assets, gain insights into their current state, and find ways to better secure your ecosystem.", - "dataTypesDependencies": [ - "CyberpionActionItems_CL" - ], - "dataConnectorsDependencies": [ - "CyberpionSecurityLogs" - ], - "previewImagesFileNames": [ - "CyberpionActionItemsBlack.png", - "CyberpionActionItemsWhite.png" - ], - "version": "1.0.0", - "title": "Cyberpion Overview", - "templateRelativePath": "CyberpionOverviewWorkbook.json", - "subtitle": "", - "provider": "Cyberpion" - }, - { - "workbookKey": "SolarWindsPostCompromiseHuntingWorkbook", - "logoFileName": "MSTIC-Logo.svg", - "description": "This hunting workbook is intended to help identify activity related to the Solorigate compromise and subsequent attacks discovered in December 2020", - "dataTypesDependencies": [ - "CommonSecurityLog", - "SigninLogs", - "AuditLogs", - "AADServicePrincipalSignInLogs", - "OfficeActivity", - "BehaviorAnalytics", - "SecurityEvent", - "DeviceProcessEvents", - "SecurityAlert", - "DnsEvents" - ], - "dataConnectorsDependencies": [ - "AzureActiveDirectory", - "SecurityEvents", - "Office365", - "MicrosoftThreatProtection", - "DNS", - "WindowsSecurityEvents" - ], - "previewImagesFileNames": [ - "SolarWindsPostCompromiseHuntingWhite.png", - "SolarWindsPostCompromiseHuntingBlack.png" - ], - "version": "1.5.0", - "title": "SolarWinds Post Compromise Hunting", - "templateRelativePath": "SolarWindsPostCompromiseHunting.json", - "subtitle": "", - "provider": "Microsoft" - }, - { - "workbookKey": "ProofpointPODWorkbook", - "logoFileName": "proofpointlogo.svg", - "description": "Gain insights into your Proofpoint on Demand Email Security activities, including maillog and messages data. The Workbook provides users with an executive dashboard showing the reporting capabilities, message traceability and monitoring.", - "dataTypesDependencies": [ - "ProofpointPOD_maillog_CL", - "ProofpointPOD_message_CL" - ], - "dataConnectorsDependencies": [ - "ProofpointPOD" - ], - "previewImagesFileNames": [ - "ProofpointPODMainBlack1.png", - "ProofpointPODMainBlack2.png", - "ProofpointPODMainWhite1.png", - "ProofpointPODMainWhite2.png", - "ProofpointPODMessageSummaryBlack.png", - "ProofpointPODMessageSummaryWhite.png", - "ProofpointPODTLSBlack.png", - "ProofpointPODTLSWhite.png" - ], - "version": "1.0.0", - "title": "Proofpoint On-Demand Email Security", - "templateRelativePath": "ProofpointPOD.json", - "subtitle": "", - "provider": "Proofpoint" - }, - { - "workbookKey": "CiscoUmbrellaWorkbook", - "logoFileName": "cisco_logo.svg", - "description": "Gain insights into Cisco Umbrella activities, including the DNS, Proxy and Cloud Firewall data. Workbook shows general information along with threat landscape including categories, blocked destinations and URLs.", - "dataTypesDependencies": [ - "Cisco_Umbrella_dns_CL", - "Cisco_Umbrella_proxy_CL", - "Cisco_Umbrella_ip_CL", - "Cisco_Umbrella_cloudfirewall_CL" - ], - "dataConnectorsDependencies": [ - "CiscoUmbrellaDataConnector" - ], - "previewImagesFileNames": [ - "CiscoUmbrellaDNSBlack1.png", - "CiscoUmbrellaDNSBlack2.png", - "CiscoUmbrellaDNSWhite1.png", - "CiscoUmbrellaDNSWhite2.png", - "CiscoUmbrellaFirewallBlack.png", - "CiscoUmbrellaFirewallWhite.png", - "CiscoUmbrellaMainBlack1.png", - "CiscoUmbrellaMainBlack2.png", - "CiscoUmbrellaMainWhite1.png", - "CiscoUmbrellaMainWhite2.png", - "CiscoUmbrellaProxyBlack1.png", - "CiscoUmbrellaProxyBlack2.png", - "CiscoUmbrellaProxyWhite1.png", - "CiscoUmbrellaProxyWhite2.png" - ], - "version": "1.0.0", - "title": "Cisco Umbrella", - "templateRelativePath": "CiscoUmbrella.json", - "subtitle": "", - "provider": "Cisco" - }, - { - "workbookKey": "AnalyticsEfficiencyWorkbook", - "logoFileName": "Azure_Sentinel.svg", - "description": "Gain insights into the efficacy of your analytics rules. In this workbook you can analyze and monitor the analytics rules found in your workspace to achieve better performance by your SOC.", - "dataTypesDependencies": [ - "SecurityAlert", - "SecurityIncident" - ], - "dataConnectorsDependencies": [], - "previewImagesFileNames": [ - "AnalyticsEfficiencyBlack.png", - "AnalyticsEfficiencyWhite.png" - ], - "version": "1.2.0", - "title": "Analytics Efficiency", - "templateRelativePath": "AnalyticsEfficiency.json", - "subtitle": "", - "provider": "Microsoft" - }, - { - "workbookKey": "WorkspaceUsage", - "logoFileName": "Azure_Sentinel.svg", - "description": "Gain insights into your workspace's usage. In this workbook, you can view your workspace\u2019s data consumption, latency, recommended tasks and Cost and Usage statistics.", - "dataTypesDependencies": [], - "dataConnectorsDependencies": [], - "previewImagesFileNames": [ - "WorkspaceUsageBlack.png", - "WorkspaceUsageWhite.png" - ], - "version": "1.6.0", - "title": "Workspace Usage Report", - "templateRelativePath": "WorkspaceUsage.json", - "subtitle": "", - "provider": "Microsoft Sentinel community" - }, - { - "workbookKey": "SentinelCentral", - "logoFileName": "Azure_Sentinel.svg", - "description": "Use this report to view Incident (and Alert data) across many workspaces, this works with Azure Lighthouse and across any subscription you have access to.", - "dataTypesDependencies": [ - "SecurityIncident" - ], - "dataConnectorsDependencies": [], - "previewImagesFileNames": [ - "SentinelCentralBlack.png", - "SentinelCentralWhite.png" - ], - "version": "2.1.1", - "title": "Microsoft Sentinel Central", - "templateRelativePath": "SentinelCentral.json", - "subtitle": "", - "provider": "Microsoft Sentinel community" - }, - { - "workbookKey": "CognniIncidentsWorkbook", - "logoFileName": "cognni-logo.svg", - "description": "Gain intelligent insights into the risks to your important financial, legal, HR, and governance information. This workbook lets you monitor your at-risk information to determine when and why incidents occurred, as well as who was involved. These incidents are broken into high, medium, and low risk incidents for each information category.", - "dataTypesDependencies": [ - "CognniIncidents_CL" - ], - "dataConnectorsDependencies": [ - "CognniSentinelDataConnector" - ], - "previewImagesFileNames": [ - "CognniBlack.PNG", - "CognniWhite.PNG" - ], - "version": "1.0.0", - "title": "Cognni Important Information Incidents", - "templateRelativePath": "CognniIncidentsWorkbook.json", - "subtitle": "", - "provider": "Cognni" - }, - { - "workbookKey": "pfsense", - "logoFileName": "pfsense_logo.svg", - "description": "Gain insights into pfsense logs from both filterlog and nginx.", - "dataTypesDependencies": [ - "CommonSecurityLog" - ], - "dataConnectorsDependencies": [], - "previewImagesFileNames": [ - "pfsenseBlack.png", - "pfsenseWhite.png" - ], - "version": "1.0.0", - "title": "pfsense", - "templateRelativePath": "pfsense.json", - "subtitle": "", - "provider": "Microsoft Sentinel community" - }, - { - "workbookKey": "ExchangeCompromiseHunting", - "logoFileName": "MSTIC-Logo.svg", - "description": "This workbook is intended to help defenders in responding to the Exchange Server vulnerabilities disclosed in March 2021, as well as hunting for potential compromise activity. More details on these vulnearbilities can be found at: https://aka.ms/exchangevulns", - "dataTypesDependencies": [ - "SecurityEvent", - "W3CIISLog" - ], - "dataConnectorsDependencies": [ - "SecurityEvents", - "AzureMonitor(IIS)", - "WindowsSecurityEvents" - ], - "previewImagesFileNames": [ - "ExchangeBlack.png", - "ExchangeWhite.png" - ], - "version": "1.0.0", - "title": "Exchange Compromise Hunting", - "templateRelativePath": "ExchangeCompromiseHunting.json", - "subtitle": "", - "provider": "Microsoft" - }, - { - "workbookKey": "SOCProcessFrameworkWorkbook", - "logoFileName": "Azure_Sentinel.svg", - "description": "Built by Microsoft's Sentinel GBB's - This workbook contains years of SOC Best Practices and is intended to help SOCs mature and leverage industry standards in Operationalizing their SOC in using Microsoft Sentinel. It contains Processes and Procedures every SOC should consider and builds a high level of operational excellence.", - "dataTypesDependencies": [], - "dataConnectorsDependencies": [], - "previewImagesFileNames": [ - "SOCProcessFrameworkCoverImage1White.png", - "SOCProcessFrameworkCoverImage1Black.png", - "SOCProcessFrameworkCoverImage2White.png", - "SOCProcessFrameworkCoverImage2Black.png" - ], - "version": "1.1.0", - "title": "SOC Process Framework", - "templateRelativePath": "SOCProcessFramework.json", - "subtitle": "", - "provider": "Microsoft Sentinel Community" - }, - { - "workbookKey": "Building_a_SOCLargeStaffWorkbook", - "logoFileName": "Azure_Sentinel.svg", - "description": "Built by Microsoft's Sentinel GBB's - This workbook contains years of SOC Best Practices and is intended to help SOCs mature and leverage industry standards in Operationalizing their SOC in using Microsoft Sentinel. It contains Processes and Procedures every SOC should consider and builds a high level of operational excellence.", - "dataTypesDependencies": [], - "dataConnectorsDependencies": [], - "previewImagesFileNames": [ - "SOCProcessFrameworkCoverImage1White.png", - "SOCProcessFrameworkCoverImage1Black.png", - "SOCProcessFrameworkCoverImage2White.png", - "SOCProcessFrameworkCoverImage2Black.png" - ], - "version": "1.1.0", - "title": "SOC Large Staff", - "templateRelativePath": "Building_a_SOCLargeStaff.json", - "subtitle": "", - "provider": "Microsoft Sentinel Community" - }, - { - "workbookKey": "Building_a_SOCMediumStaffWorkbook", - "logoFileName": "Azure_Sentinel.svg", - "description": "Built by Microsoft's Sentinel GBB's - This workbook contains years of SOC Best Practices and is intended to help SOCs mature and leverage industry standards in Operationalizing their SOC in using Microsoft Sentinel. It contains Processes and Procedures every SOC should consider and builds a high level of operational excellence.", - "dataTypesDependencies": [], - "dataConnectorsDependencies": [], - "previewImagesFileNames": [ - "SOCProcessFrameworkCoverImage1White.png", - "SOCProcessFrameworkCoverImage1Black.png", - "SOCProcessFrameworkCoverImage2White.png", - "SOCProcessFrameworkCoverImage2Black.png" - ], - "version": "1.1.0", - "title": "SOC Medium Staff", - "templateRelativePath": "Building_a_SOCMediumStaff.json", - "subtitle": "", - "provider": "Microsoft Sentinel Community" - }, - { - "workbookKey": "Building_a_SOCPartTimeStaffWorkbook", - "logoFileName": "Azure_Sentinel.svg", - "description": "Built by Microsoft's Sentinel GBB's - This workbook contains years of SOC Best Practices and is intended to help SOCs mature and leverage industry standards in Operationalizing their SOC in using Microsoft Sentinel. It contains Processes and Procedures every SOC should consider and builds a high level of operational excellence.", - "dataTypesDependencies": [], - "dataConnectorsDependencies": [], - "previewImagesFileNames": [ - "SOCProcessFrameworkCoverImage1White.png", - "SOCProcessFrameworkCoverImage1Black.png", - "SOCProcessFrameworkCoverImage2White.png", - "SOCProcessFrameworkCoverImage2Black.png" - ], - "version": "1.1.0", - "title": "SOC Part Time Staff", - "templateRelativePath": "Building_a_SOCPartTimeStaff.json", - "subtitle": "", - "provider": "Microsoft Sentinel Community" - }, - { - "workbookKey": "Building_a_SOCSmallStaffWorkbook", - "logoFileName": "Azure_Sentinel.svg", - "description": "Built by Microsoft's Sentinel GBB's - This workbook contains years of SOC Best Practices and is intended to help SOCs mature and leverage industry standards in Operationalizing their SOC in using Microsoft Sentinel. It contains Processes and Procedures every SOC should consider and builds a high level of operational excellence.", - "dataTypesDependencies": [], - "dataConnectorsDependencies": [], - "previewImagesFileNames": [ - "SOCProcessFrameworkCoverImage1White.png", - "SOCProcessFrameworkCoverImage1Black.png", - "SOCProcessFrameworkCoverImage2White.png", - "SOCProcessFrameworkCoverImage2Black.png" - ], - "version": "1.1.0", - "title": "SOC Small Staff", - "templateRelativePath": "Building_a_SOCSmallStaff.json", - "subtitle": "", - "provider": "Microsoft Sentinel Community" - }, - { - "workbookKey": "SOCIRPlanningWorkbook", - "logoFileName": "Azure_Sentinel.svg", - "description": "Built by Microsoft's Sentinel GBB's - This workbook contains years of SOC Best Practices and is intended to help SOCs mature and leverage industry standards in Operationalizing their SOC in using Microsoft Sentinel. It contains Processes and Procedures every SOC should consider and builds a high level of operational excellence.", - "dataTypesDependencies": [], - "dataConnectorsDependencies": [], - "previewImagesFileNames": [ - "SOCProcessFrameworkCoverImage1White.png", - "SOCProcessFrameworkCoverImage1Black.png", - "SOCProcessFrameworkCoverImage2White.png", - "SOCProcessFrameworkCoverImage2Black.png" - ], - "version": "1.1.0", - "title": "SOC IR Planning", - "templateRelativePath": "SOCIRPlanning.json", - "subtitle": "", - "provider": "Microsoft Sentinel Community" - }, - { - "workbookKey": "UpdateSOCMaturityScoreWorkbook", - "logoFileName": "Azure_Sentinel.svg", - "description": "Built by Microsoft's Sentinel GBB's - This workbook contains years of SOC Best Practices and is intended to help SOCs mature and leverage industry standards in Operationalizing their SOC in using Microsoft Sentinel. It contains Processes and Procedures every SOC should consider and builds a high level of operational excellence.", - "dataTypesDependencies": [], - "dataConnectorsDependencies": [], - "previewImagesFileNames": [ - "SOCProcessFrameworkCoverImage1White.png", - "SOCProcessFrameworkCoverImage1Black.png", - "SOCProcessFrameworkCoverImage2White.png", - "SOCProcessFrameworkCoverImage2Black.png" - ], - "version": "1.1.0", - "title": "Update SOC Maturity Score", - "templateRelativePath": "UpdateSOCMaturityScore.json", - "subtitle": "", - "provider": "Microsoft Sentinel Community" - }, - { - "workbookKey": "Microsoft365SecurityPosture", - "logoFileName": "M365securityposturelogo.svg", - "description": "This workbook presents security posture data collected from Azure Security Center, M365 Defender, Defender for Endpoint, and Microsoft Cloud App Security. This workbook relies on the M365 Security Posture Playbook in order to bring the data in.", - "dataTypesDependencies": [ - "M365SecureScore_CL", - "MDfESecureScore_CL", - "MDfEExposureScore_CL", - "MDfERecommendations_CL", - "MDfEVulnerabilitiesList_CL", - "McasShadowItReporting" - ], - "dataConnectorsDependencies": [], - "previewImagesFileNames": [ - "M365securitypostureblack.png", - "M365securityposturewhite.png" - ], - "version": "1.0.0", - "title": "Microsoft 365 Security Posture", - "templateRelativePath": "M365SecurityPosture.json", - "subtitle": "", - "provider": "Microsoft Sentinel Community" - }, - { - "workbookKey": "AzureSentinelCost", - "logoFileName": "Azure_Sentinel.svg", - "description": "This workbook provides an estimated cost across the main billed items in Microsoft Sentinel: ingestion, retention and automation. It also provides insight about the possible impact of the Microsoft 365 E5 offer.", - "dataTypesDependencies": [ - "Usage" - ], - "dataConnectorsDependencies": [], - "previewImagesFileNames": [ - "AzureSentinelCostWhite.png", - "AzureSentinelCostBlack.png" - ], - "version": "1.5.1", - "title": "Microsoft Sentinel Cost", - "templateRelativePath": "AzureSentinelCost.json", - "subtitle": "", - "provider": "Microsoft Sentinel Community" - }, - { - "workbookKey": "ADXvsLA", - "logoFileName": "Azure_Sentinel.svg", - "description": "This workbook shows the tables from Microsoft Sentinel which are backed up in ADX. It also provides a comparison between the entries in the Microsoft Sentinel tables and the ADX tables. Lastly some general information about the queries and ingestion on ADX is shown.", - "dataTypesDependencies": [], - "dataConnectorsDependencies": [], - "previewImagesFileNames": [ - "ADXvsLABlack.PNG", - "ADXvsLAWhite.PNG" - ], - "version": "1.0.0", - "title": "ADXvsLA", - "templateRelativePath": "ADXvsLA.json", - "subtitle": "", - "provider": "Microsoft Sentinel Community" - }, - { - "workbookKey": "MicrosoftDefenderForOffice365", - "logoFileName": "office365_logo.svg", - "description": "Gain insights into your Microsoft Defender for Office 365 raw data logs. This workbook lets you look at trends in email senders, attachments and embedded URL data to find anomalies. You can also search by, sender, recipient, subject, attachment or embedded URL to find where the related messages have been sent.", - "dataTypesDependencies": [ - "EmailEvents", - "EmailUrlInfo", - "EmailAttachmentInfo" - ], - "dataConnectorsDependencies": [], - "previewImagesFileNames": [ - "MDOWhite1.png", - "MDOBlack1.png", - "MDOWhite2.png", - "MDOBlack2.png" - ], - "version": "1.0.0", - "title": "Microsoft Defender For Office 365", - "templateRelativePath": "MicrosoftDefenderForOffice365.json", - "subtitle": "", - "provider": "Microsoft Sentinel Community" - }, - { - "workbookKey": "ProofPointThreatDashboard", - "logoFileName": "", - "description": "Provides an overview of email threat activity based on log data provided by ProofPoint", - "dataTypesDependencies": [ - "ProofpointPOD_message_CL", - "ProofpointPOD_maillog_CL", - "ProofPointTAPClicksBlocked_CL", - "ProofPointTAPClicksPermitted_CL", - "ProofPointTAPMessagesBlocked_CL", - "ProofPointTAPMessagesDelivered_CL" - ], - "dataConnectorsDependencies": [ - "ProofpointTAP", - "ProofpointPOD" - ], - "previewImagesFileNames": [ - "ProofPointThreatDashboardBlack1.png", - "ProofPointThreatDashboardWhite1.png" - ], - "version": "1.0.0", - "title": "ProofPoint Threat Dashboard", - "templateRelativePath": "ProofPointThreatDashboard.json", - "subtitle": "", - "provider": "Microsoft Sentinel Community" - }, - { - "workbookKey": "AMAmigrationTracker", - "logoFileName": "Azure_Sentinel.svg", - "description": "See what Azure and Azure Arc servers have Log Analytics agent or Azure Monitor agent installed. Review what DCR (data collection rules) apply to your machines and whether you are collecting logs from those machines into your selected workspaces.", - "dataTypesDependencies": [], - "dataConnectorsDependencies": [], - "previewImagesFileNames": [ - "AMAtrackingWhite1.png", - "AMAtrackingWhite2.png", - "AMAtrackingWhite3.png", - "AMAtrackingBlack1.png", - "AMAtrackingBlack2.png", - "AMAtrackingBlack3.png" - ], - "version": "1.1.0", - "title": "AMA migration tracker", - "templateRelativePath": "AMAmigrationTracker.json", - "subtitle": "", - "provider": "Microsoft Sentinel Community" - }, - { - "workbookKey": "AdvancedKQL", - "logoFileName": "Azure_Sentinel.svg", - "description": "This interactive Workbook is designed to improve your KQL proficiency by using a use-case driven approach.", - "dataTypesDependencies": [], - "dataConnectorsDependencies": [], - "previewImagesFileNames": [ - "AdvancedKQLWhite.png", - "AdvancedKQLBlack.png" - ], - "version": "1.3.0", - "title": "Advanced KQL for Microsoft Sentinel", - "templateRelativePath": "AdvancedKQL.json", - "subtitle": "", - "provider": "Microsoft Sentinel Community" - }, - { - "workbookKey": "DSTIMWorkbook", - "logoFileName": "DSTIM.svg", - "description": "Identify sensitive data blast radius (i.e., who accessed sensitive data, what kinds of sensitive data, from where and when) in a given data security incident investigation or as part of Threat Hunting. Prioritize your investigation based on insights provided with integrations with Watchlists(VIPUsers, TerminatedEmployees and HighValueAssets), Threat Intelligence feed, UEBA baselines and much more.", - "dataTypesDependencies": [ - "DSMAzureBlobStorageLogs", - "DSMDataClassificationLogs", - "DSMDataLabelingLogs", - "Anomalies", - "ThreatIntelligenceIndicator", - "AADManagedIdentitySignInLogs", - "SecurityAlert", - "SigninLogs" - ], - "dataConnectorsDependencies": [], - "previewImagesFileNames": [ - "DSTIMWorkbookBlack.png", - "DSTIMWorkbookWhite.png" - ], - "version": "1.9.0", - "title": "Data Security - Sensitive Data Impact Assessment", - "templateRelativePath": "DSTIMWorkbook.json", - "subtitle": "", - "provider": "Microsoft", - "featureFlag": "DSTIMWorkbook" - }, - { - "workbookKey": "IntrotoKQLWorkbook", - "logoFileName": "", - "description": "Learn and practice the Kusto Query Language. This workbook introduces and provides 100 to 200 level content for new and existing users looking to learn KQL. This workbook will be updated with content over time.", - "dataTypesDependencies": [], - "dataConnectorsDependencies": [], - "previewImagesFileNames": [ - "IntrotoKQL-black.png", - "IntrotoKQL-white.png" - ], - "version": "1.0.0", - "title": "Intro to KQL", - "templateRelativePath": "IntrotoKQL.json", - "subtitle": "", - "provider": "Microsoft Sentinel Community" - }, - { - "workbookKey": "Log4jPostCompromiseHuntingWorkbook", - "logoFileName": "", - "description": "This hunting workbook is intended to help identify activity related to the Log4j compromise discovered in December 2021.", - "dataTypesDependencies": [ - "SecurityNestedRecommendation", - "AzureDiagnostics", - "OfficeActivity", - "W3CIISLog", - "AWSCloudTrail", - "SigninLogs", - "AADNonInteractiveUserSignInLogs", - "imWebSessions", - "imNetworkSession" - ], - "dataConnectorsDependencies": [], - "previewImagesFileNames": [ - "Log4jPostCompromiseHuntingBlack.png", - "Log4jPostCompromiseHuntingWhite.png" - ], - "version": "1.0.0", - "title": "Log4j Post Compromise Hunting", - "templateRelativePath": "Log4jPostCompromiseHunting.json", - "subtitle": "", - "provider": "Microsoft Sentinel Community" - }, - { - "workbookKey": "Log4jImpactAssessmentWorkbook", - "logoFileName": "", - "description": "This hunting workbook is intended to help identify activity related to the Log4j compromise discovered in December 2021.", - "dataTypesDependencies": [ - "SecurityIncident", - "SecurityAlert", - "AzureSecurityCenter", - "MDfESecureScore_CL", - "MDfEExposureScore_CL", - "MDfERecommendations_CL", - "MDfEVulnerabilitiesList_CL" - ], - "dataConnectorsDependencies": [], - "previewImagesFileNames": [], - "version": "1.0.0", - "title": "Log4j Impact Assessment", - "templateRelativePath": "Log4jImpactAssessment.json", - "subtitle": "", - "provider": "Microsoft Sentinel Community" - }, - { - "workbookKey": "UserMap", - "logoFileName": "", - "description": "This Workbook shows MaliciousIP, User SigninLog Data (this shows user Signin Locations and distance between as well as order visited) and WAF information.", - "dataTypesDependencies": [ - "SigninLogs", - "AzureDiagnostics", - "WireData", - "VMconnection", - "CommonSecurityLog", - "WindowsFirewall", - "W3CIISLog", - "DnsEvents" - ], - "dataConnectorsDependencies": [ - "AzureActiveDirectory" - ], - "previewImagesFileNames": [ - "UserMapBlack.png", - "UserMapWhite.png" - ], - "version": "1.0.0", - "title": "User Map information", - "templateRelativePath": "UserMap.json", - "subtitle": "", - "provider": "Microsoft Sentinel Community" - }, - { - "workbookKey": "AWSS3", - "logoFileName": "", - "description": ".", - "dataTypesDependencies": [ - "AWSCloudTrail", - "AWSGuardDuty", - "AWSVPCFlow" - ], - "dataConnectorsDependencies": [ - "AWSS3" - ], - "previewImagesFileNames": [ - "AWSS3Black.png", - "AWSS3White.png", - "AWSS3White1.png" - ], - "version": "1.0.0", - "title": "AWS S3 Workbook", - "templateRelativePath": "AWSS3.json", - "subtitle": "", - "provider": "Microsoft Sentinel Community" - }, - { - "workbookKey": "LogSourcesAndAnalyticRulesCoverageWorkbook", - "logoFileName": "", - "description": "This workbook is intended to show how the different tables in a Log Analytics workspace are being used by the different Microsoft Sentinel features, like analytics, hunting queries, playbooks and queries in general.", - "dataTypesDependencies": [], - "dataConnectorsDependencies": [], - "previewImagesFileNames": [ - "LogSourcesAndAnalyticRulesCoverageBlack.png", - "LogSourcesAndAnalyticRulesCoverageWhite.png" - ], - "version": "1.1.0", - "title": "Log Sources & Analytic Rules Coverage", - "templateRelativePath": "LogSourcesAndAnalyticRulesCoverage.json", - "subtitle": "", - "provider": "Microsoft Sentinel Community" - }, - { - "workbookKey": "CiscoFirepower", - "logoFileName": "", - "description": "Gain insights into your Cisco Firepower firewalls. This workbook analyzes Cisco Firepower device logs.", - "dataTypesDependencies": [ - "CommonSecurityLog" - ], - "dataConnectorsDependencies": [], - "previewImagesFileNames": [ - "CiscoFirepowerBlack.png", - "CiscoFirepowerWhite.png" - ], - "version": "1.0.0", - "title": "Cisco Firepower", - "templateRelativePath": "CiscoFirepower.json", - "subtitle": "", - "provider": "Microsoft Sentinel Community" - }, - { - "workbookKey": "MicrorosftTeams", - "logoFileName": "microsoftteams.svg", - "description": "This workbook is intended to identify the activities on Microrsoft Teams.", - "dataTypesDependencies": [ - "OfficeActivity" - ], - "dataConnectorsDependencies": [], - "previewImagesFileNames": [ - "MicrosoftTeamsBlack.png", - "MicrosoftTeamsWhite.png" - ], - "version": "1.0.0", - "title": "Microsoft Teams", - "templateRelativePath": "MicrosoftTeams.json", - "subtitle": "", - "provider": "Microsoft Sentinel Community" - }, - { - "workbookKey": "ArchivingBasicLogsRetention", - "logoFileName": "ArchivingBasicLogsRetention.svg", - "description": "This workbooks shows workspace and table retention periods, basic logs, and search & restore tables. It also allows you to update table retention periods, plans, and delete search or restore tables.", - "dataTypesDependencies": [], - "dataConnectorsDependencies": [], - "previewImagesFileNames": [ - "ArchivingBasicLogsRetentionBlack1.png", - "ArchivingBasicLogsRetentionWhite1.png" - ], - "version": "1.1.0", - "title": "Archiving, Basic Logs, and Retention", - "templateRelativePath": "ArchivingBasicLogsRetention.json", - "subtitle": "", - "provider": "Microsoft Sentinel Community" - }, - { - "workbookKey": "OktaSingleSignOnWorkbook", - "logoFileName": "okta_logo.svg", - "description": "Gain extensive insight into Okta Single Sign-On (SSO) by analyzing, collecting and correlating Audit and Event events.\nThis workbook provides visibility into message and click events that were permitted, delivered, or blocked", - "dataTypesDependencies": [ - "Okta_CL" - ], - "dataConnectorsDependencies": [ - "OktaSSO" - ], - "previewImagesFileNames": [ - "OktaSingleSignOnWhite.png", - "OktaSingleSignOnBlack.png" - ], - "version": "1.2", - "title": "Okta Single Sign-On", - "templateRelativePath": "OktaSingleSignOn.json", - "subtitle": "", - "provider": "Okta" - }, - { - "workbookKey": "Dynamics365Workbooks", - "logoFileName": "DynamicsLogo.svg", - "description": "This workbook brings together queries and visualizations to assist you in identifying potential threats in your Dynamics 365 audit data.", - "dataTypesDependencies": [ - "Dynamics365Activity" - ], - "dataConnectorsDependencies": [ - "Dynamics365" - ], - "previewImagesFileNames": [ - "Dynamics365WorkbookBlack.png", - "Dynamics365WorkbookWhite.png" - ], - "version": "1.0.3", - "title": "Dynamics365Workbooks", - "templateRelativePath": "Dynamics365Workbooks.json", - "subtitle": "", - "provider": "Microsoft Sentinel Community" - }, - { - "workbookKey": "CiscoMerakiWorkbook", - "logoFileName": "", - "description": "Gain insights into the Events from Cisco Meraki Solution and analyzing all the different types of Security Events. This workbook also helps in identifying the Events from affected devices, IPs and the nodes where malware was successfully detected.\nIP data received in Events is correlated with Threat Intelligence to identify if the reported IP address is known bad based on threat intelligence data.", - "dataTypesDependencies": [ - "meraki_CL", - "CiscoMerakiNativePoller", - "ThreatIntelligenceIndicator" - ], - "dataConnectorsDependencies": [ - "CiscoMeraki", - "CiscoMerakiNativePolling", - "ThreatIntelligence" - ], - "previewImagesFileNames": [ - "CiscoMerakiWorkbookWhite.png", - "CiscoMerakiWorkbookBlack.png" - ], - "version": "1.0.0", - "title": "CiscoMerakiWorkbook", - "templateRelativePath": "CiscoMerakiWorkbook.json", - "subtitle": "", - "provider": "Microsoft" - }, - { - "workbookKey": "SentinelOneWorkbook", - "logoFileName": "", - "description": "Sets the time name for analysis.", - "dataTypesDependencies": [ - "SentinelOne_CL" - ], - "dataConnectorsDependencies": [ - "SentinelOne" - ], - "previewImagesFileNames": [ - "SentinelOneBlack.png", - "SentinelOneWhite.png" - ], - "version": "1.0.0", - "title": "SentinelOneWorkbook", - "templateRelativePath": "SentinelOne.json", - "subtitle": "", - "provider": "Microsoft" - }, - { - "workbookKey": "TrendMicroApexOneWorkbook", - "logoFileName": "trendmicro_logo.svg", - "description": "Sets the time name for analysis.", - "dataTypesDependencies": [ - "CommonSecurityLog" - ], - "dataConnectorsDependencies": [ - "TrendMicroApexOne" - ], - "previewImagesFileNames": [ - "TrendMicroApexOneBlack.png", - "TrendMicroApexOneWhite.png" - ], - "version": "1.0.0", - "title": "Trend Micro Apex One", - "templateRelativePath": "TrendMicroApexOne.json", - "subtitle": "", - "provider": "TrendMicro" - }, - { - "workbookKey": "ContrastProtect", - "logoFileName": "contrastsecurity_logo.svg", - "description": "Select the time range for this Overview.", - "dataTypesDependencies": [ - "CommonSecurityLog" - ], - "dataConnectorsDependencies": [ - "ContrastProtect" - ], - "previewImagesFileNames": [ - "ContrastProtectAllBlack.png", - "ContrastProtectAllWhite.png", - "ContrastProtectEffectiveBlack.png", - "ContrastProtectEffectiveWhite.png", - "ContrastProtectSummaryBlack.png", - "ContrastProtectSummaryWhite.png" - ], - "version": "1.0.0", - "title": "Contrast Protect", - "templateRelativePath": "ContrastProtect.json", - "subtitle": "", - "provider": "contrast security" - }, - { - "workbookKey": "ArmorbloxOverview", - "logoFileName": "armorblox.svg", - "description": "INCIDENTS FROM SELECTED TIME RANGE", - "dataTypesDependencies": [ - "Armorblox_CL" - ], - "dataConnectorsDependencies": [ - "Armorblox" - ], - "previewImagesFileNames": [ - "ArmorbloxOverviewBlack01.png", - "ArmorbloxOverviewBlack02.png", - "ArmorbloxOverviewWhite01.png", - "ArmorbloxOverviewWhite02.png" - ], - "version": "1.0.0", - "title": "Armorblox", - "templateRelativePath": "ArmorbloxOverview.json", - "subtitle": "", - "provider": "Armorblox" - }, - { - "workbookKey": "PaloAltoCDL", - "logoFileName": "paloalto_logo.svg", - "description": "Sets the time name for analysis", - "dataTypesDependencies": [ - "CommonSecurityLog" - ], - "dataConnectorsDependencies": [ - "PaloAltoCDL" - ], - "previewImagesFileNames": [ - "PaloAltoBlack.png", - "PaloAltoWhite.png" - ], - "version": "1.0.0", - "title": "Palo Alto Networks Cortex Data Lake", - "templateRelativePath": "PaloAltoCDL.json", - "subtitle": "", - "provider": "Palo Alto Networks" - }, - { - "workbookKey": "VMwareCarbonBlack", - "logoFileName": "Azure_Sentinel.svg", - "description": "Sets the time name for analysis", - "dataTypesDependencies": [ - "CarbonBlackEvents_CL", - "CarbonBlackAuditLogs_CL", - "CarbonBlackNotifications_CL" - ], - "dataConnectorsDependencies": [ - "VMwareCarbonBlack" - ], - "previewImagesFileNames": [ - "VMwareCarbonBlack.png", - "VMwareCarbonWhite.png" - ], - "version": "1.0.0", - "title": "VMware Carbon Black Cloud", - "templateRelativePath": "VMwareCarbonBlack.json", - "subtitle": "", - "provider": "Microsoft" - }, - { - "workbookKey": "arista-networks", - "logoFileName": "AristaAwakeSecurity.svg", - "description": "Sets the time name for analysis", - "dataTypesDependencies": [ - "CommonSecurityLog" - ], - "dataConnectorsDependencies": [ - "AristaAwakeSecurity" - ], - "previewImagesFileNames": [ - "AristaAwakeSecurityDevicesBlack.png", - "AristaAwakeSecurityDevicesWhite.png", - "AristaAwakeSecurityModelsBlack.png", - "AristaAwakeSecurityModelsWhite.png", - "AristaAwakeSecurityOverviewBlack.png", - "AristaAwakeSecurityOverviewWhite.png" - ], - "version": "1.0.0", - "title": "Arista Awake", - "templateRelativePath": "AristaAwakeSecurityWorkbook.json", - "subtitle": "", - "provider": "Arista Networks" - }, - { - "workbookKey": "TomcatWorkbook", - "logoFileName": "Azure_Sentinel.svg", - "description": "Sets the time name for analysis", - "dataTypesDependencies": [ - "Tomcat_CL" - ], - "dataConnectorsDependencies": [ - "ApacheTomcat" - ], - "previewImagesFileNames": [ - "TomcatBlack.png", - "TomcatWhite.png" - ], - "version": "1.0.0", - "title": "ApacheTomcat", - "templateRelativePath": "Tomcat.json", - "subtitle": "", - "provider": "Apache" - }, - { - "workbookKey": "ClarotyWorkbook", - "logoFileName": "Azure_Sentinel.svg", - "description": "Sets the time name for analysis", - "dataTypesDependencies": [ - "CommonSecurityLog" - ], - "dataConnectorsDependencies": [ - "Claroty" - ], - "previewImagesFileNames": [ - "ClarotyBlack.png", - "ClarotyWhite.png" - ], - "version": "1.0.0", - "title": "Claroty", - "templateRelativePath": "ClarotyOverview.json", - "subtitle": "", - "provider": "Claroty" - }, - { - "workbookKey": "ApacheHTTPServerWorkbook", - "logoFileName": "apache.svg", - "description": "Sets the time name for analysis", - "dataTypesDependencies": [ - "ApacheHTTPServer_CL" - ], - "dataConnectorsDependencies": [ - "ApacheHTTPServer" - ], - "previewImagesFileNames": [ - "ApacheHTTPServerOverviewBlack01.png", - "ApacheHTTPServerOverviewBlack02.png", - "ApacheHTTPServerOverviewWhite01.png", - "ApacheHTTPServerOverviewWhite02.png" - ], - "version": "1.0.0", - "title": "Apache HTTP Server", - "templateRelativePath": "ApacheHTTPServer.json", - "subtitle": "", - "provider": "Apache Software Foundation" - }, - { - "workbookKey": "OCIWorkbook", - "logoFileName": "Azure_Sentinel.svg", - "description": "Sets the time name for analysis", - "dataTypesDependencies": [ - "OCI_Logs_CL" - ], - "dataConnectorsDependencies": [ - "OracleCloudInfrastructureLogsConnector" - ], - "previewImagesFileNames": [ - "OCIBlack.png", - "OCIWhite.png" - ], - "version": "1.0.0", - "title": "Oracle Cloud Infrastructure", - "templateRelativePath": "OracleCloudInfrastructureOCI.json", - "subtitle": "", - "provider": "Microsoft" - }, - { - "workbookKey": "OracleWeblogicServerWorkbook", - "logoFileName": "Azure_Sentinel.svg", - "description": "Sets the time name for analysis", - "dataTypesDependencies": [ - "OracleWebLogicServer_CL" - ], - "dataConnectorsDependencies": [ - "OracleWebLogicServer" - ], - "previewImagesFileNames": [ - "OracleWeblogicServerBlack.png", - "OracleWeblogicServerWhite.png" - ], - "version": "1.0.0", - "title": "Oracle WebLogic Server", - "templateRelativePath": "OracleWorkbook.json", - "subtitle": "", - "provider": "Oracle" - }, - { - "workbookKey": "BitglassWorkbook", - "logoFileName": "Azure_Sentinel.svg", - "description": "Sets the time name for analysis", - "dataTypesDependencies": [ - "BitglassLogs_CL" - ], - "dataConnectorsDependencies": [ - "Bitglass" - ], - "previewImagesFileNames": [ - "BitglassBlack.png", - "BitglassWhite.png" - ], - "version": "1.0.0", - "title": "Bitglass", - "templateRelativePath": "Bitglass.json", - "subtitle": "", - "provider": "Bitglass" - }, - { - "workbookKey": "NGINXWorkbook", - "logoFileName": "Azure_Sentinel.svg", - "description": "Sets the time name for analysis", - "dataTypesDependencies": [ - "NGINX_CL" - ], - "dataConnectorsDependencies": [ - "NGINXHTTPServer" - ], - "previewImagesFileNames": [ - "NGINXOverviewBlack01.png", - "NGINXOverviewBlack02.png", - "NGINXOverviewWhite01.png", - "NGINXOverviewWhite02.png" - ], - "version": "1.0.0", - "title": "NGINX HTTP Server", - "templateRelativePath": "NGINX.json", - "subtitle": "", - "provider": "Microsoft" - }, - { - "workbookKey": "vArmourAppContollerWorkbook", - "logoFileName": "varmour-logo.svg", - "description": "Sets the time name for analysis", - "dataTypesDependencies": [ - "CommonSecurityLog" - ], - "dataConnectorsDependencies": [ - "vArmourAC" - ], - "previewImagesFileNames": [ - "vArmourAppControllerAppBlack.png", - "vArmourAppControllerAppBlack-1.png", - "vArmourAppControllerAppBlack-2.png", - "vArmourAppControllerAppBlack-3.png", - "vArmourAppControllerAppBlack-4.png", - "vArmourAppControllerAppBlack-5.png", - "vArmourAppControllerAppBlack-6.png", - "vArmourAppControllerAppBlack-7.png", - "vArmourAppControllerAppWhite.png", - "vArmourAppControllerAppWhite-1.png", - "vArmourAppControllerAppWhite-2.png", - "vArmourAppControllerAppWhite-3.png", - "vArmourAppControllerAppWhite-4.png", - "vArmourAppControllerAppWhite-5.png", - "vArmourAppControllerAppWhite-6.png", - "vArmourAppControllerAppWhite-7.png" - ], - "version": "1.0.0", - "title": "vArmour Application Controller", - "templateRelativePath": "vArmour_AppContoller_Workbook.json", - "subtitle": "", - "provider": "vArmour" - }, - { - "workbookKey": "CorelightWorkbook", - "logoFileName": "corelight.svg", - "description": "Sets the time name for analysis", - "dataTypesDependencies": [ - "Corelight_CL" - ], - "dataConnectorsDependencies": [ - "Corelight" - ], - "previewImagesFileNames": [ - "CorelightConnectionsBlack1.png", - "CorelightConnectionsBlack2.png", - "CorelightConnectionsWhite1.png", - "CorelightConnectionsWhite2.png", - "CorelightDNSBlack1.png", - "CorelightDNSWhite1.png", - "CorelightFileBlack1.png", - "CorelightFileBlack2.png", - "CorelightFileWhite1.png", - "CorelightFileWhite2.png", - "CorelightMainBlack1.png", - "CorelightMainWhite1.png", - "CorelightSoftwareBlack1.png", - "CorelightSoftwareWhite1.png" - ], - "version": "1.0.0", - "title": "Corelight", - "templateRelativePath": "Corelight.json", - "subtitle": "", - "provider": "Corelight" - }, - { - "workbookKey": "LookoutEvents", - "logoFileName": "lookout.svg", - "description": "Sets the time name for analysis", - "dataTypesDependencies": [ - "Lookout_CL" - ], - "dataConnectorsDependencies": [ - "LookoutAPI" - ], - "previewImagesFileNames": [ - "SampleLookoutWorkBookBlack.png", - "SampleLookoutWorkBookWhite.png" - ], - "version": "1.0.0", - "title": "Lookout", - "templateRelativePath": "LookoutEvents.json", - "subtitle": "", - "provider": "Lookout" - }, - { - "workbookKey": "sentinel-MicrosoftPurview", - "logoFileName": "MicrosoftPurview.svg", - "description": "Sets the time name for analysis", - "dataTypesDependencies": [ - "AzureDiagnostics" - ], - "dataConnectorsDependencies": [ - "MicrosoftAzurePurview" - ], - "previewImagesFileNames": [ - "" - ], - "version": "1.0.0", - "title": "Microsoft Purview", - "templateRelativePath": "MicrosoftPurview.json", - "subtitle": "", - "provider": "Microsoft" - }, - { - "workbookKey": "InfobloxCDCB1TDWorkbook", - "logoFileName": "infoblox_logo.svg", - "description": "Sets the time name for analysis", - "dataTypesDependencies": [ - "CommonSecurityLog" - ], - "dataConnectorsDependencies": [ - "InfobloxCloudDataConnector" - ], - "previewImagesFileNames": [ - "InfobloxCDCB1TDBlack.png", - "InfobloxCDCB1TDWhite.png" - ], - "version": "1.0.0", - "title": "Infoblox Cloud Data Connector", - "templateRelativePath": "InfobloxCDCB1TDWorkbook.json", - "subtitle": "", - "provider": "InfoBlox" - }, - { - "workbookKey": "UbiquitiUniFiWorkbook", - "logoFileName": "ubiquiti.svg", - "description": "Sets the time name for analysis", - "dataTypesDependencies": [ - "Ubiquiti_CL" - ], - "dataConnectorsDependencies": [ - "UbiquitiUnifi" - ], - "previewImagesFileNames": [ - "UbiquitiOverviewBlack01.png", - "UbiquitiOverviewBlack02.png", - "UbiquitiOverviewWhite01.png", - "UbiquitiOverviewWhite02.png" - ], - "version": "1.0.0", - "title": "Ubiquiti UniFi", - "templateRelativePath": "Ubiquiti.json", - "subtitle": "", - "provider": "Microsoft" - }, - { - "workbookKey": "VMwareESXiWorkbook", - "logoFileName": "Azure_Sentinel.svg", - "description": "Sets the time name for analysis", - "dataTypesDependencies": [ - "Syslog" - ], - "dataConnectorsDependencies": [ - "VMwareESXi" - ], - "previewImagesFileNames": [ - "VMWareESXiBlack.png", - "VMWareESXiWhite.png" - ], - "version": "1.0.0", - "title": "VMware ESXi", - "templateRelativePath": "VMWareESXi.json", - "subtitle": "", - "provider": "Microsoft" - }, - { - "workbookKey": "SnowflakeWorkbook", - "logoFileName": "Azure_Sentinel.svg", - "description": "Sets the time name for analysis", - "dataTypesDependencies": [ - "Snowflake_CL" - ], - "dataConnectorsDependencies": [ - "SnowflakeDataConnector" - ], - "previewImagesFileNames": [ - "SnowflakeBlack.png", - "SnowflakeWhite.png" - ], - "version": "1.0.0", - "title": "Snowflake", - "templateRelativePath": "Snowflake.json", - "subtitle": "", - "provider": "Snowflake" - }, - { - "workbookKey": "LastPassWorkbook", - "logoFileName": "LastPass.svg", - "description": "Sets the time name for analysis", - "dataTypesDependencies": [ - "LastPassNativePoller_CL" - ], - "dataConnectorsDependencies": [ - "LastPassAPIConnector" - ], - "previewImagesFileNames": [ - "LastPassBlack.png", - "LastPassWhite.png" - ], - "version": "1.0.0", - "title": "Lastpass Enterprise Activity Monitoring", - "templateRelativePath": "LastPassWorkbook.json", - "subtitle": "", - "provider": "LastPass" - }, - { - "workbookKey": "SecurityBridgeWorkbook", - "logoFileName": "SecurityBridgeLogo-Vector-TM_75x75.svg", - "description": "Sets the time name for analysis", - "dataTypesDependencies": [ - "SecurityBridgeLogs" - ], - "dataConnectorsDependencies": [ - "SecurityBridgeSAP" - ], - "previewImagesFileNames": [ - "SecurityBridgeThreatDetectionWhite.png", - "SecurityBridgeThreatDetectionWhite1.png" - ], - "version": "1.0.0", - "title": "SecurityBridge App", - "templateRelativePath": "SecurityBridgeThreatDetectionforSAP.json", - "subtitle": "", - "provider": "SecurityBridge" - }, - { - "workbookKey": "PaloAltoPrismaCloudWorkbook", - "logoFileName": "paloalto_logo.svg", - "description": "Sets the time name for analysis.", - "dataTypesDependencies": [ - "PaloAltoPrismaCloudAlert_CL", - "PaloAltoPrismaCloudAudit_CL" - ], - "dataConnectorsDependencies": [ - "PaloAltoPrismaCloud" - ], - "previewImagesFileNames": [ - "PaloAltoPrismaCloudBlack01.png", - "PaloAltoPrismaCloudBlack02.png", - "PaloAltoPrismaCloudWhite01.png", - "PaloAltoPrismaCloudWhite02.png" - ], - "version": "1.0.0", - "title": "Palo Alto Prisma", - "templateRelativePath": "PaloAltoPrismaCloudOverview.json", - "subtitle": "", - "provider": "Microsoft" - }, - { - "workbookKey": "PingFederateWorkbook", - "logoFileName": "PingIdentity.svg", - "description": "Sets the time name for analysis", - "dataTypesDependencies": [ - "PingFederateEvent" - ], - "dataConnectorsDependencies": [ - "PingFederate" - ], - "previewImagesFileNames": [ - "PingFederateBlack1.png", - "PingFederateWhite1.png" - ], - "version": "1.0.0", - "title": "PingFederate", - "templateRelativePath": "PingFederate.json", - "subtitle": "", - "provider": "Microsoft" - }, - { - "workbookKey": "McAfeeePOWorkbook", - "logoFileName": "mcafee_logo.svg", - "description": "Sets the time name for analysis", - "dataTypesDependencies": [ - "McAfeeEPOEvent" - ], - "dataConnectorsDependencies": [ - "McAfeeePO" - ], - "previewImagesFileNames": [ - "McAfeeePOBlack1.png", - "McAfeeePOBlack2.png", - "McAfeeePOWhite1.png", - "McAfeeePOWhite2.png" - ], - "version": "1.0.0", - "title": "McAfee ePolicy Orchestrator", - "templateRelativePath": "McAfeeePOOverview.json", - "subtitle": "", - "provider": "Microsoft" - }, - { - "workbookKey": "OracleDatabaseAudit", - "logoFileName": "oracle_logo.svg", - "description": "Sets the time name for analysis", - "dataTypesDependencies": [ - "Syslog" - ], - "dataConnectorsDependencies": [ - "OracleDatabaseAudit" - ], - "previewImagesFileNames": [ - "OracleDatabaseAuditBlack1.png", - "OracleDatabaseAuditBlack2.png", - "OracleDatabaseAuditWhite1.png", - "OracleDatabaseAuditWhite2.png" - ], - "version": "1.0.0", - "title": "Oracle Database Audit", - "templateRelativePath": "OracleDatabaseAudit.json", - "subtitle": "", - "provider": "Oracle" - }, - { - "workbookKey": "SenservaProAnalyticsWorkbook", - "logoFileName": "SenservaPro_logo.svg", - "description": "Sets the time name for analysis", - "dataTypesDependencies": [ - "SenservaPro_CL" - ], - "dataConnectorsDependencies": [ - "SenservaPro" - ], - "previewImagesFileNames": [ - "SenservaProAnalyticsBlack.png", - "SenservaProAnalyticsWhite.png" - ], - "version": "1.0.0", - "title": "SenservaProAnalytics", - "templateRelativePath": "SenservaProAnalyticsWorkbook.json", - "subtitle": "", - "provider": "Senserva Pro" - }, - { - "workbookKey": "SenservaProMultipleWorkspaceWorkbook", - "logoFileName": "SenservaPro_logo.svg", - "description": "Sets the time name for analysis", - "dataTypesDependencies": [ - "SenservaPro_CL" - ], - "dataConnectorsDependencies": [ - "SenservaPro" - ], - "previewImagesFileNames": [ - "SenservaProMultipleWorkspaceWorkbookBlack.png", - "SenservaProMultipleWorkspaceWorkbookWhite.png" - ], - "version": "1.0.0", - "title": "SenservaProMultipleWorkspace", - "templateRelativePath": "SenservaProMultipleWorkspaceWorkbook.json", - "subtitle": "", - "provider": "Senserva Pro" - }, - { - "workbookKey": "SenservaProSecureScoreMultiTenantWorkbook", - "logoFileName": "SenservaPro_logo.svg", - "description": "Sets the time name for analysis", - "dataTypesDependencies": [ - "SenservaPro_CL" - ], - "dataConnectorsDependencies": [ - "SenservaPro" - ], - "previewImagesFileNames": [ - "SenservaProSecureScoreMultiTenantBlack.png", - "SenservaProSecureScoreMultiTenantWhite.png" - ], - "version": "1.0.0", - "title": "SenservaProSecureScoreMultiTenant", - "templateRelativePath": "SenservaProSecureScoreMultiTenantWorkbook.json", - "subtitle": "", - "provider": "Senserva Pro" - }, - { - "workbookKey": "CiscoSecureEndpointOverviewWorkbook", - "logoFileName": "cisco-logo-72px.svg", - "description": "Sets the time name for analysis", - "dataTypesDependencies": [ - "CiscoSecureEndpoint" - ], - "dataConnectorsDependencies": [ - "CiscoSecureEndpoint" - ], - "previewImagesFileNames": [ - "CiscoSecureEndpointBlack.png", - "CiscoSecureEndpointWhite.png" - ], - "version": "1.0.0", - "title": "Cisco Secure Endpoint", - "templateRelativePath": "Cisco Secure Endpoint Overview.json", - "subtitle": "", - "provider": "Cisco" - }, - { - "workbookKey": "InfoSecGlobalWorkbook", - "logoFileName": "infosecglobal.svg", - "description": "Sets the time name for analysis.", - "dataTypesDependencies": [ - "InfoSecAnalytics_CL" - ], - "dataConnectorsDependencies": [ - "InfoSecDataConnector" - ], - "previewImagesFileNames": [ - "InfoSecGlobalWorkbookBlack.png", - "InfoSecGlobalWorkbookWhite.png" - ], - "version": "1.0.0", - "title": "AgileSec Analytics Connector", - "templateRelativePath": "InfoSecGlobal.json", - "subtitle": "", - "provider": "InfoSecGlobal" - }, - { - "workbookKey": "CrowdStrikeFalconEndpointProtectionWorkbook", - "logoFileName": "crowdstrike.svg", - "description": "Sets the time name for analysis", - "dataTypesDependencies": [ - "CrowdstrikeReplicatorLogs_CL" - ], - "dataConnectorsDependencies": [ - "CrowdstrikeReplicator" - ], - "previewImagesFileNames": [ - "CrowdStrikeFalconEndpointProtectionBlack.png", - "CrowdStrikeFalconEndpointProtectionWhite.png" - ], - "version": "1.0.0", - "title": "CrowdStrike Falcon Endpoint Protection", - "templateRelativePath": "CrowdStrikeFalconEndpointProtection.json", - "subtitle": "", - "provider": "Microsoft" - }, - { - "workbookKey": "IronDefenseAlertDashboard", - "logoFileName": "IronNet.svg", - "description": "Sets the time name for analysis", - "dataTypesDependencies": [ - "CommonSecurityLog" - ], - "dataConnectorsDependencies": [ - "IronNetIronDefense" - ], - "previewImagesFileNames": [ - "IronDefenseDashboardBlack.png", - "IronDefenseDashboardWhit.png" - ], - "version": "1.0.0", - "title": "IronDefenseAlertDashboard", - "templateRelativePath": "IronDefenseAlertDashboard.json", - "subtitle": "", - "provider": "Microsoft" - }, - { - "workbookKey": "IronDefenseAlertDetails", - "logoFileName": "IronNet.svg", - "description": "Sets the time name for analysis", - "dataTypesDependencies": [ - "CommonSecurityLog" - ], - "dataConnectorsDependencies": [ - "IronNetIronDefense" - ], - "previewImagesFileNames": [ - "IronDefenseAlertsBlack.png", - "IronDefenseAlertsWhite.png" - ], - "version": "1.0.0", - "title": "IronDefenseAlertDetails", - "templateRelativePath": "IronDefenseAlertDetails.json", - "subtitle": "", - "provider": "Microsoft" - }, - { - "workbookKey": "CiscoSEGWorkbook", - "logoFileName": "cisco-logo-72px.svg", - "description": "Sets the time name for analysis", - "dataTypesDependencies": [ - "CommonSecurityLog" - ], - "dataConnectorsDependencies": [ - "CiscoSEG" - ], - "previewImagesFileNames": [ - "CiscoSEGBlack.png", - "CiscoSEGWhite.png" - ], - "version": "1.0.0", - "title": "Cisco Secure Email Gateway", - "templateRelativePath": "CiscoSEG.json", - "subtitle": "", - "provider": "Cisco" - }, - { - "workbookKey": "EatonForeseerHealthAndAccess", - "logoFileName": "Azure_Sentinel.svg", - "description": "This workbook gives an insight into the health of all the Windows VMs in this subscription running Eaton Foreseer and the unauthorized access into the Eaton Foreseer application running on these VMs.", - "dataTypesDependencies": [ - "SecurityEvent" - ], - "dataConnectorsDependencies": [], - "previewImagesFileNames": [ - "EatonForeseerHealthAndAccessBlack.png", - "EatonForeseerHealthAndAccessWhite.png" - ], - "version": "1.0.0", - "title": "EatonForeseerHealthAndAccess", - "templateRelativePath": "EatonForeseerHealthAndAccess.json", - "subtitle": "", - "provider": "Eaton" - }, - { - "workbookKey": "PCIDSSComplianceWorkbook", - "logoFileName": "Azure_Sentinel.svg", - "description": "Choose your subscription and workspace in which PCI assets are deployed", - "dataTypesDependencies": [ - "AzureDaignostics", - "SecurityEvent", - "SecurityAlert", - "OracleDatabaseAuditEvent", - "Syslog", - "Anomalies" - ], - "dataConnectorsDependencies": [], - "previewImagesFileNames": [ - "PCIDSSComplianceBlack01.PNG", - "PCIDSSComplianceBlack02.PNG", - "PCIDSSComplianceWhite01.PNG", - "PCIDSSComplianceWhite02.PNG" - ], - "version": "1.0.0", - "title": "PCI DSS Compliance", - "templateRelativePath": "PCIDSSCompliance.json", - "subtitle": "", - "provider": "Microsoft" - }, - { - "workbookKey": "SonraiSecurityWorkbook", - "logoFileName": "Sonrai.svg", - "description": "Sets the time name for analysis", - "dataTypesDependencies": [ - "Sonrai_Tickets_CL" - ], - "dataConnectorsDependencies": [ - "SonraiDataConnector" - ], - "previewImagesFileNames": [ - "SonraiWorkbookBlack.png", - "SonraiWorkbookWhite.png" - ], - "version": "1.0.0", - "title": "Sonrai", - "templateRelativePath": "Sonrai.json", - "subtitle": "", - "provider": "Sonrai" - }, - { - "workbookKey": "CloudflareWorkbook", - "logoFileName": "cloudflare.svg", - "description": "Sets the time name for analysis", - "dataTypesDependencies": [ - "Cloudflare_CL" - ], - "dataConnectorsDependencies": [ - "CloudflareDataConnector" - ], - "previewImagesFileNames": [ - "CloudflareOverviewBlack01.png", - "CloudflareOverviewBlack02.png", - "CloudflareOverviewWhite01.png", - "CloudflareOverviewWhite02.png" - ], - "version": "1.0.0", - "title": "Cloudflare", - "templateRelativePath": "Cloudflare.json", - "subtitle": "", - "provider": "Cloudflare" - }, - { - "workbookKey": "SemperisDSPWorkbook", - "logoFileName": "Semperis.svg", - "description": "Specify the time range on which to query the data", - "dataTypesDependencies": [ - "dsp_parser" - ], - "dataConnectorsDependencies": [ - "SemperisDSP" - ], - "previewImagesFileNames": [ - "SemperisDSPOverview1Black.png", - "SemperisDSPOverview1White.png", - "SemperisDSPOverview2Black.png", - "SemperisDSPOverview2White.png", - "SemperisDSPOverview3Black.png", - "SemperisDSPOverview3White.png" - ], - "version": "1.0.0", - "title": "Semperis Directory Services Protector", - "templateRelativePath": "SemperisDSPWorkbook.json", - "subtitle": "", - "provider": "Semperis" - }, - { - "workbookKey": "BoxWorkbook", - "logoFileName": "box.svg", - "description": "Sets the time name for analysis", - "dataTypesDependencies": [ - "BoxEvents_CL" - ], - "dataConnectorsDependencies": [ - "BoxDataConnector" - ], - "previewImagesFileNames": [ - "BoxBlack1.png", - "BoxWhite1.png", - "BoxBlack2.png", - "BoxWhite2.png" - ], - "version": "1.0.0", - "title": "Box", - "templateRelativePath": "Box.json", - "subtitle": "", - "provider": "Box" - }, - { - "workbookKey": "SymantecEndpointProtection", - "logoFileName": "symantec_logo.svg", - "description": "Sets the time name for analysis", - "dataTypesDependencies": [ - "SymantecEndpointProtection" - ], - "dataConnectorsDependencies": [ - "SymantecEndpointProtection" - ], - "previewImagesFileNames": [ - "SymantecEndpointProtectionBlack.png", - "SymantecEndpointProtectionWhite.png" - ], - "version": "1.0.0", - "title": "Symantec Endpoint Protection", - "templateRelativePath": "SymantecEndpointProtection.json", - "subtitle": "", - "provider": "Symantec" - }, - { - "workbookKey": "DynamicThreatModeling&Response", - "logoFileName": "", - "description": "Sets the time name for analysis", - "dataTypesDependencies": [ - "SecurityAlert" - ], - "dataConnectorsDependencies": [], - "previewImagesFileNames": [ - "ThreatAnalysis&ResponseWhite1.png", - "ThreatAnalysis&ResponseWhite2.png" - ], - "version": "1.0.0", - "title": "Dynamic Threat Modeling Response", - "templateRelativePath": "DynamicThreatModeling&Response.json", - "subtitle": "", - "provider": "Microsoft" - }, - { - "workbookKey": "ThreatAnalysis&Response", - "logoFileName": "", - "description": "The Defenders for IoT workbook provide guided investigations for OT entities based on open incidents, alert notifications, and activities for OT assets. They also provide a hunting experience across the MITRE ATT&CK® framework for ICS, and are designed to enable analysts, security engineers, and MSSPs to gain situational awareness of OT security posture.", - "dataTypesDependencies": [ - "SecurityAlert" - ], - "dataConnectorsDependencies": [], - "previewImagesFileNames": [ - "ThreatAnalysis&ResponseWhite.png" - ], - "version": "1.0.1", - "title": "Threat Analysis Response", - "templateRelativePath": "ThreatAnalysis&Response.json", - "subtitle": "", - "provider": "Microsoft" - }, - { - "workbookKey": "TrendMicroCAS", - "logoFileName": "Trend_Micro_Logo.svg", - "description": "Sets the time name for analysis", - "dataTypesDependencies": [ - "TrendMicroCAS_CL" - ], - "dataConnectorsDependencies": [ - "TrendMicroCAS" - ], - "previewImagesFileNames": [ - "TrendMicroCASBlack.png", - "TrendMicroCASWhite.png" - ], - "version": "1.0.0", - "title": "TrendMicroCAS", - "templateRelativePath": "TrendMicroCAS.json", - "subtitle": "", - "provider": "TrendMicro" - }, - { - "workbookKey": "GitHubSecurityWorkbook", - "logoFileName": "GitHub.svg", - "description": "Gain insights to GitHub activities that may be interesting for security.", - "dataTypesDependencies": [ - "GitHubAuditLogPolling_CL" - ], - "dataConnectorsDependencies": [ - "GitHubEcAuditLogPolling" - ], - "previewImagesFileNames": [], - "version": "1.0.0", - "title": "GithubWorkbook", - "templateRelativePath": "GitHubWorkbook.json", - "subtitle": "", - "provider": "Microsoft" - }, - { - "workbookKey": "GCPDNSWorkbook", - "logoFileName": "google_logo.svg", - "description": "Sets the time name for analysis", - "dataTypesDependencies": [ - "GCPCloudDNS" - ], - "dataConnectorsDependencies": [ - "GCPDNSDataConnector" - ], - "previewImagesFileNames": [ - "GCPDNSBlack.png", - "GCPDNSWhite.png" - ], - "version": "1.0.0", - "title": "Google Cloud Platform DNS", - "templateRelativePath": "GCPDNS.json", - "subtitle": "", - "provider": "Microsoft" - }, - { - "workbookKey": "AtlassianJiraAuditWorkbook", - "logoFileName": "", - "description": "Sets the time name for analysis", - "dataTypesDependencies": [ - "AtlassianJiraNativePoller_CL" - ], - "dataConnectorsDependencies": [ - "AtlassianJira" - ], - "previewImagesFileNames": [ - "AtlassianJiraAuditWhite.png", - "AtlassianJiraAuditBlack.png" - ], - "version": "1.0.0", - "title": "AtlassianJiraAudit", - "templateRelativePath": "AtlassianJiraAudit.json", - "subtitle": "", - "provider": "Atlassian" - }, - { - "workbookKey": "DigitalGuardianWorkbook", - "logoFileName": "Azure_Sentinel.svg", - "description": "Sets the time name for analysis", - "dataTypesDependencies": [ - "DigitalGuardianDLPEvent" - ], - "dataConnectorsDependencies": [ - "DigitalGuardianDLP" - ], - "previewImagesFileNames": [ - "DigitalGuardianBlack.png", - "DigitalGuardianWhite.png" - ], - "version": "1.0.0", - "title": "DigitalGuardianDLP", - "templateRelativePath": "DigitalGuardian.json", - "subtitle": "", - "provider": "Digital Guardian" - }, - { - "workbookKey": "CiscoDuoWorkbook", - "logoFileName": "cisco-logo-72px.svg", - "description": "Sets the time name for analysis", - "dataTypesDependencies": [ - "CiscoDuo_CL" - ], - "dataConnectorsDependencies": [ - "CiscoDuoSecurity" - ], - "previewImagesFileNames": [ - "CiscoDuoWhite.png", - "CiscoDuoBlack.png" - ], - "version": "1.0.0", - "title": "CiscoDuoSecurity", - "templateRelativePath": "CiscoDuo.json", - "subtitle": "", - "provider": "Cisco" - }, - { - "workbookKey": "SlackAudit", - "logoFileName": "slacklogo.svg", - "description": "Sets the time name for analysis", - "dataTypesDependencies": [ - "SlackAudit_CL" - ], - "dataConnectorsDependencies": [ - "SlackAuditAPI" - ], - "previewImagesFileNames": [ - "SlackAuditApplicationActivityBlack1.png", - "SlackAuditApplicationActivityWhite1.png" - ], - "version": "1.0.0", - "title": "SlackAudit", - "templateRelativePath": "SlackAudit.json", - "subtitle": "", - "provider": "Slack" - }, - { - "workbookKey": "CiscoWSAWorkbook", - "logoFileName": "cisco-logo-72px.svg", - "description": "Sets the time name for analysis", - "dataTypesDependencies": [ - "Syslog" - ], - "dataConnectorsDependencies": [ - "CiscoWSA" - ], - "previewImagesFileNames": [ - "CiscoWSAWhite.png", - "CiscoWSABlack.png" - ], - "version": "1.0.0", - "title": "CiscoWSA", - "templateRelativePath": "CiscoWSA.json", - "subtitle": "", - "provider": "Cisco" - }, - { - "workbookKey": "GCP-IAM-Workbook", - "logoFileName": "google_logo.svg", - "description": "Sets the time name for analysis", - "dataTypesDependencies": [ - "GCP_IAM_CL" - ], - "dataConnectorsDependencies": [ - "GCPIAMDataConnector" - ], - "previewImagesFileNames": [ - "GCPIAMBlack01.png", - "GCPIAMBlack02.png", - "GCPIAMWhite01.png", - "GCPIAMWhite02.png" - ], - "version": "1.0.0", - "title": "Google Cloud Platform IAM", - "templateRelativePath": "GCP_IAM.json", - "subtitle": "", - "provider": "Google" - }, - { - "workbookKey": "ImpervaWAFCloudWorkbook", - "logoFileName": "Imperva_DarkGrey_final_75x75.svg", - "description": "Sets the time name for analysis.", - "dataTypesDependencies": [ - "ImpervaWAFCloud_CL" - ], - "dataConnectorsDependencies": [ - "ImpervaWAFCloudAPI" - ], - "previewImagesFileNames": [ - "ImpervaWAFCloudBlack01.png", - "ImpervaWAFCloudBlack02.png", - "ImpervaWAFCloudWhite01.png", - "ImpervaWAFCloudWhite02.png" - ], - "version": "1.0.0", - "title": "Imperva WAF Cloud Overview", - "templateRelativePath": "Imperva WAF Cloud Overview.json", - "subtitle": "", - "provider": "Microsoft" - }, - { - "workbookKey": "ZscalerZPAWorkbook", - "logoFileName": "ZscalerLogo.svg", - "description": "Select the time range for this Overview.", - "dataTypesDependencies": [ - "ZPA_CL" - ], - "dataConnectorsDependencies": [ - "ZscalerPrivateAccess" - ], - "previewImagesFileNames": [ - "ZscalerZPABlack.png", - "ZscalerZPAWhite.png" - ], - "version": "1.0.0", - "title": "Zscaler Private Access (ZPA)", - "templateRelativePath": "ZscalerZPA.json", - "subtitle": "", - "provider": "Zscaler" - }, - { - "workbookKey": "GoogleWorkspaceWorkbook", - "logoFileName": "google_logo.svg", - "description": "Sets the time name for analysis", - "dataTypesDependencies": [ - "GWorkspace_ReportsAPI_admin_CL", - "GWorkspace_ReportsAPI_calendar_CL", - "GWorkspace_ReportsAPI_drive_CL", - "GWorkspace_ReportsAPI_login_CL", - "GWorkspace_ReportsAPI_login_CL", - "GWorkspace_ReportsAPI_mobile_CL" - ], - "dataConnectorsDependencies": [ - "GoogleWorkspaceReportsAPI" - ], - "previewImagesFileNames": [ - "GoogleWorkspaceBlack.png", - "GoogleWorkspaceWhite.png" - ], - "version": "1.0.0", - "title": "GoogleWorkspaceReports", - "templateRelativePath": "GoogleWorkspace.json", - "subtitle": "", - "provider": "Microsoft" - }, - { - "workbookKey": "NCProtectWorkbook", - "logoFileName": "NCProtectIcon.svg", - "description": "Sets the time name for analysis", - "dataTypesDependencies": [ - "NCProtectUAL_CL" - ], - "dataConnectorsDependencies": [ - "NucleusCyberNCProtect" - ], - "previewImagesFileNames": [ - "", - "" - ], - "version": "1.0.0", - "title": "NucleusCyberProtect", - "templateRelativePath": "NucleusCyber_NCProtect_Workbook.json", - "subtitle": "", - "provider": "archTIS" - }, - { - "workbookKey": "CiscoISEWorkbook", - "logoFileName": "cisco-logo-72px.svg", - "description": "Sets the time name for analysis", - "dataTypesDependencies": [ - "Syslog" - ], - "dataConnectorsDependencies": [ - "CiscoISE" - ], - "previewImagesFileNames": [], - "version": "1.0.0", - "title": "Cisco ISE", - "templateRelativePath": "CiscoISE.json", - "subtitle": "", - "provider": "Cisco" - }, - { - "workbookKey": "IoTOTThreatMonitoringwithDefenderforIoTWorkbook", - "logoFileName": "", - "description": "The OT Threat Monitoring with Defender for IoT Workbook features OT filtering for Security Alerts, Incidents, Vulnerabilities and Asset Inventory. The workbook features a dynamic assessment of the MITRE ATT&CK for ICS matrix across your environment to analyze and respond to OT-based threats. This workbook is designed to enable SecOps Analysts, Security Engineers, and MSSPs to gain situational awareness for IT/OT security posture.", - "dataTypesDependencies": [ - "SecurityAlert", - "SecurityIncident" - ], - "dataConnectorsDependencies": [], - "previewImagesFileNames": [], - "version": "1.0.0", - "title": "Microsoft Defender for IoT", - "templateRelativePath": "IoTOTThreatMonitoringwithDefenderforIoT.json", - "subtitle": "", - "provider": "Microsoft" - }, - { - "workbookKey": "ZeroTrust(TIC3.0)Workbook", - "logoFileName": "Azure_Sentinel.svg", - "description": "Sets the time name for analysis", - "dataTypesDependencies": [ - "SecurityRecommendation" - ], - "dataConnectorsDependencies": [], - "previewImagesFileNames": [ - "ZeroTrust(TIC3.0)Black1.PNG", - "ZeroTrust(TIC3.0)White1.PNG" - ], - "version": "1.0.0", - "title": "ZeroTrust(TIC3.0)", - "templateRelativePath": "ZeroTrustTIC3.json", - "subtitle": "", - "provider": "Microsoft" - }, - { - "workbookKey": "InsiderRiskManagementWorkbook", - "logoFileName": "Azure_Sentinel.svg", - "description": "The Microsoft Insider Risk Management Workbook integrates telemetry from 25+ Microsoft security products to provide actionable insights into insider risk management. Reporting tools provide \u201cGo to Alert\u201d links to provide deeper integration between products and a simplified user experience for exploring alerts. ", - "dataTypesDependencies": [ - "SigninLogsSigninLogs", - "AuditLogs", - "AzureActivity", - "OfficeActivity", - "InformationProtectionLogs_CL", - "SecurityIncident" - ], - "dataConnectorsDependencies": [], - "previewImagesFileNames": [ - "InsiderRiskManagementBlack1.png" - ], - "version": "1.0.0", - "title": "Insider Risk Management", - "templateRelativePath": "InsiderRiskManagement.json", - "subtitle": "", - "provider": "Microsoft" - }, - { - "workbookKey": "CybersecurityMaturityModelCertification(CMMC)2.0Workbook", - "logoFileName": "", - "description": "Sets the time name for analysis.", - "dataTypesDependencies": [ - "InformationProtectionLogs_CL", - "AuditLogs", - "SecurityIncident", - "SigninLogs", - "AzureActivity" - ], - "dataConnectorsDependencies": [], - "previewImagesFileNames": [], - "version": "1.0.0", - "title": "CybersecurityMaturityModelCertification(CMMC)2.0", - "templateRelativePath": "CybersecurityMaturityModelCertification_CMMCV2.json", - "subtitle": "", - "provider": "Microsoft" - }, - { - "workbookKey": "NISTSP80053Workbook", - "logoFileName": "", - "description": "Sets the time name for analysis.", - "dataTypesDependencies": [ - "SigninLogs", - "AuditLogs", - "AzureActivity", - "OfficeActivity", - "SecurityEvents", - "CommonSecurityLog", - "SecurityIncident", - "SecurityRecommendation" - ], - "dataConnectorsDependencies": [ - "SecurityEvents" - ], - "previewImagesFileNames": [], - "version": "1.0.0", - "title": "NISTSP80053workbook", - "templateRelativePath": "NISTSP80053.json", - "subtitle": "", - "provider": "Microsoft" - }, - { - "workbookKey": "DarktraceWorkbook", - "logoFileName": "Darktrace.svg", - "description": "The Darktrace Workbook visualises Model Breach and AI Analyst data received by the Darktrace Data Connector and visualises events across the network, SaaS, IaaS and Email.", - "dataTypesDependencies": [ - "darktrace_model_alerts_CL" - ], - "dataConnectorsDependencies": [ - "DarktraceRESTConnector" - ], - "previewImagesFileNames": [ - "DarktraceWorkbookBlack01.png", - "DarktraceWorkbookBlack02.png", - "DarktraceWorkbookWhite01.png", - "DarktraceWorkbookWhite02.png" - ], - "version": "1.0.1", - "title": "Darktrace", - "templateRelativePath": "DarktraceWorkbook.json", - "subtitle": "", - "provider": "Darktrace" - }, - { - "workbookKey": "RecordedFutureDomainC2DNSWorkbook", - "logoFileName": "RecordedFuture.svg", - "description": "Sets the time name for DNS Events and Threat Intelligence Time Range", - "dataTypesDependencies": [ - "ThreatIntelligenceIndicator" - ], - "dataConnectorsDependencies": [], - "previewImagesFileNames": [], - "version": "1.0.0", - "title": "Recorded Future - C&C DNS Name to DNS Events - Correlation&Threat Hunting", - "templateRelativePath": "Recorded Future - C&C DNS Name to DNS Events - Correlation&Threat Hunting.json", - "subtitle": "", - "provider": "Recorded Future" - }, - { - "workbookKey": "RecordedFutureIPActiveC2Workbook", - "logoFileName": "RecordedFuture.svg", - "description": "Sets the time name for DNS Events and Threat Intelligence Time Range", - "dataTypesDependencies": [ - "ThreatIntelligenceIndicator" - ], - "dataConnectorsDependencies": [], - "previewImagesFileNames": [], - "version": "1.0.0", - "title": "Recorded Future - Actively Communicating C&C IPs to DNS Events - Correlation&Threat Hunting", - "templateRelativePath": "Recorded Future - Actively Communicating C&C IPs to DNS Events - Correlation&Threat Hunting.json", - "subtitle": "", - "provider": "Recorded Future" - }, - { - "workbookKey": "MaturityModelForEventLogManagement_M2131", - "logoFileName": "contrastsecurity_logo.svg", - "description": "Select the time range for this Overview.", - "dataTypesDependencies": [], - "dataConnectorsDependencies": [], - "previewImagesFileNames": [ - "MaturityModelForEventLogManagement_M2131Black.png" - ], - "version": "1.0.0", - "title": "MaturityModelForEventLogManagementM2131", - "templateRelativePath": "MaturityModelForEventLogManagement_M2131.json", - "subtitle": "", - "provider": "Microsoft" - }, - { - "workbookKey": "AzureSQLSecurityWorkbook", - "logoFileName": "AzureSQL.svg", - "description": "Sets the time window in days to search around the alert", - "dataTypesDependencies": [ - "AzureDiagnostics", - "SecurityAlert", - "SecurityIncident" - ], - "dataConnectorsDependencies": [ - "AzureSql" - ], - "previewImagesFileNames": [], - "version": "1.0.0", - "title": "Azure SQL Database Workbook", - "templateRelativePath": "Workbook-AzureSQLSecurity.json", - "subtitle": "", - "provider": "Microsoft" - }, - { - "workbookKey": "ContinuousDiagnostics&Mitigation", - "logoFileName": "", - "description": "Select the time range for this Overview.", - "dataTypesDependencies": [], - "dataConnectorsDependencies": [], - "previewImagesFileNames": [ - "ContinuousDiagnostics&MitigationBlack.png" - ], - "version": "1.0.0", - "title": "ContinuousDiagnostics&Mitigation", - "templateRelativePath": "ContinuousDiagnostics&Mitigation.json", - "subtitle": "", - "provider": "Microsoft" - }, - { - "workbookKey": "UserWorkbook-alexdemichieli-github-update-1", - "logoFileName": "GitHub.svg", - "description": "Repository selector.", - "dataTypesDependencies": [ - "githubscanaudit_CL" - ], - "dataConnectorsDependencies": [ - "GitHubWebhook" - ], - "previewImagesFileNames": [], - "version": "1.0.0", - "title": "GithubWorkbook-update-to-workbook-1", - "templateRelativePath": "update-to-workbook-1.json", - "subtitle": "", - "provider": "Microsoft" - }, - { - "workbookKey": "AtlasianJiraAuditWorkbook", - "logoFileName": "", - "description": "Select the time range for this Overview.", - "dataTypesDependencies": [ - "AtlassianJiraNativePoller_CL" - ], - "dataConnectorsDependencies": [ - "AtlassianJira" - ], - "previewImagesFileNames": [ - "AtlassianJiraAuditBlack.png", - "AtlassianJiraAuditWhite.png" - ], - "version": "1.0.0", - "title": "AtlasianJiraAuditWorkbook", - "templateRelativePath": "AtlasianJiraAuditWorkbook.json", - "subtitle": "", - "provider": "Microsoft" - }, - { - "workbookKey": "AzureSecurityBenchmark", - "logoFileName": "", - "description": "Azure Security Benchmark v3 Workbook provides a mechanism for viewing log queries, azure resource graph, and policies aligned to ASB controls across Microsoft security offerings, Azure, Microsoft 365, 3rd Party, On-Premises, and Multi-cloud workloads. This workbook enables Security Architects, Engineers, SecOps Analysts, Managers, and IT Pros to gain situational awareness visibility for the security posture of cloud workloads. There are also recommendations for selecting, designing, deploying, and configuring Microsoft offerings for alignment with respective ASB requirements and practices.", - "dataTypesDependencies": [ - "SecurityRegulatoryCompliance", - "AzureDiagnostics", - "SecurityIncident", - "SigninLogs", - "SecurityAlert" - ], - "dataConnectorsDependencies": [], - "previewImagesFileNames": [ - "AzureSecurityBenchmark1.png", - "AzureSecurityBenchmark2.png", - "AzureSecurityBenchmark3.png" - ], - "version": "1.0.0", - "title": "Azure Security Benchmark", - "templateRelativePath": "AzureSecurityBenchmark.json", - "subtitle": "", - "provider": "Microsoft" - }, - { - "workbookKey": "ZNAccessOchestratorAudit", - "logoFileName": "", - "description": "This workbook provides a summary of ZeroNetworks data.", - "dataTypesDependencies": [ - "ZNAccessOrchestratorAudit_CL", - "ZNAccessOrchestratorAuditNativePoller_CL" - ], - "dataConnectorsDependencies": [ - "ZeroNetworksAccessOrchestratorAuditFunction", - "ZeroNetworksAccessOrchestratorAuditNativePoller" - ], - "previewImagesFileNames": [], - "version": "1.0.0", - "title": "Zero NetWork", - "templateRelativePath": "ZNSegmentAudit.json", - "subtitle": "", - "provider": "Zero Networks" - }, - { - "workbookKey": "FireworkWorkbook", - "logoFileName": "FlareSystems.svg", - "description": "Select the time range for this Overview.", - "dataTypesDependencies": [ - "Firework_CL" - ], - "dataConnectorsDependencies": [ - "FlareSystemsFirework" - ], - "previewImagesFileNames": [ - "FireworkOverviewBlack01.png", - "FireworkOverviewBlack02.png", - "FireworkOverviewWhite01.png", - "FireworkOverviewWhite02.png" - ], - "version": "1.0.0", - "title": "FlareSystemsFirework", - "templateRelativePath": "FlareSystemsFireworkOverview.json", - "subtitle": "", - "provider": "Flare Systems" - }, - { - "workbookKey": "UserWorkbook-alexdemichieli-github-update-1", - "logoFileName": "GitHub.svg", - "description": "Gain insights to GitHub activities that may be interesting for security.", - "dataTypesDependencies": [ - "GitHubAuditLogPolling_CL" - ], - "dataConnectorsDependencies": [ - "GitHubEcAuditLogPolling" - ], - "previewImagesFileNames": [], - "version": "1.0.0", - "title": "GitHub Security", - "templateRelativePath": "GitHubAdvancedSecurity.json", - "subtitle": "", - "provider": "Microsoft" - }, - { - "workbookKey": "TaniumWorkbook", - "logoFileName": "Tanium.svg", - "description": "Visualize Tanium endpoint and module data", - "dataTypesDependencies": [ - "TaniumComplyCompliance_CL", - "TaniumComplyVulnerabilities_CL", - "TaniumDefenderHealth_CL", - "TaniumDiscoverUnmanagedAssets_CL", - "TaniumHighUptime_CL", - "TaniumMainAsset_CL", - "TaniumPatchListApplicability_CL", - "TaniumPatchListCompliance_CL", - "TaniumSCCMClientHealth_CL", - "TaniumThreatResponse_CL" - ], - "dataConnectorsDependencies": [], - "previewImagesFileNames": [ - "TaniumComplyDark.png", - "TaniumComplyLight.png", - "TaniumDiscoverDark.png", - "TaniumDiscoverLight.png", - "TaniumMSToolingHealthDark.png", - "TaniumMSToolingHealthLight.png", - "TaniumPatchDark.png", - "TaniumPatchLight.png", - "TaniumThreatResponseAlertsDark.png", - "TaniumThreatResponseAlertsLight.png", - "TaniumThreatResponseDark.png", - "TaniumThreatResponseLight.png" - ], - "version": "1.0", - "title": "Tanium Workbook", - "templateRelativePath": "TaniumWorkbook.json", - "subtitle": "", - "provider": "Tanium" - }, - { - "workbookKey": "ActionableAlertsDashboard", - "logoFileName": "", - "description": "None.", - "dataTypesDependencies": [ - "CyberSixgill_Alerts_CL" - ], - "dataConnectorsDependencies": [ - "CybersixgillActionableAlerts" - ], - "previewImagesFileNames": [], - "version": "1.0.0", - "title": "Cybersixgill Actionable Alerts Dashboard", - "templateRelativePath": "ActionableAlertsDashboard.json", - "subtitle": "", - "provider": "Cybersixgill" - }, - { - "workbookKey": "ActionableAlertsList", - "logoFileName": "", - "description": "None.", - "dataTypesDependencies": [ - "CyberSixgill_Alerts_CL" - ], - "dataConnectorsDependencies": [ - "CybersixgillActionableAlerts" - ], - "previewImagesFileNames": [], - "version": "1.0.0", - "title": "Cybersixgill Actionable Alerts List", - "templateRelativePath": "ActionableAlertsList.json", - "subtitle": "", - "provider": "Cybersixgill" - }, - { - "workbookKey": "ArgosCloudSecurityWorkbook", - "logoFileName": "argos-logo.svg", - "description": "The ARGOS Cloud Security integration for Microsoft Sentinel allows you to have all your important cloud security events in one place.", - "dataTypesDependencies": [ - "ARGOS_CL" - ], - "dataConnectorsDependencies": [ - "ARGOSCloudSecurity" - ], - "previewImagesFileNames": [ - "ARGOSCloudSecurityWorkbookBlack.png", - "ARGOSCloudSecurityWorkbookWhite.png" - ], - "version": "1.0.0", - "title": "ARGOS Cloud Security", - "templateRelativePath": "ARGOSCloudSecurityWorkbook.json", - "subtitle": "", - "provider": "ARGOS Cloud Security" - }, - { - "workbookKey": "JamfProtectWorkbook", - "logoFileName": "jamf_logo.svg", - "description": "This Jamf Protect Workbook for Microsoft Sentinel enables you to ingest Jamf Protect events forwarded into Microsoft Sentinel.\n Providing reports into all alerts, device controls and Unfied Logs.", - "dataTypesDependencies": [ - "jamfprotect_CL" - ], - "dataConnectorsDependencies": [], - "previewImagesFileNames": [ - "JamfProtectDashboardBlack.png", - "JamfProtectDashboardWhite.png" - ], - "version": "2.0.0", - "title": "Jamf Protect Workbook", - "templateRelativePath": "JamfProtectDashboard.json", - "subtitle": "", - "provider": "Jamf Software, LLC" - }, - { - "workbookKey": "AIVectraStream", - "logoFileName": "", - "description": "", - "dataTypesDependencies": [ - "VectraStream_CL" - ], - "dataConnectorsDependencies": [ - "AIVectraStream" - ], - "previewImagesFileNames": [], - "version": "1.0.0", - "title": "AIVectraStreamWorkbook", - "templateRelativePath": "AIVectraStreamWorkbook.json", - "subtitle": "", - "provider": "Vectra AI" - }, - { - "workbookKey": "SecurityScorecardWorkbook", - "logoFileName": "", - "description": "This Workbook provides immediate insight into the data coming from SecurityScorecard’s three Sentinel data connectors: SecurityScorecard Cybersecurity Ratings, SecurityScorecard Cybersecurity Ratings - Factors, and SecurityScorecard Cybersecurity Ratings - Issues.", - "dataTypesDependencies": [ - "SecurityScorecardFactor_CL", - "SecurityScorecardIssues_CL", - "SecurityScorecardRatings_CL" - ], - "dataConnectorsDependencies": [ - "SecurityScorecardFactorAzureFunctions", - "SecurityScorecardIssueAzureFunctions", - "SecurityScorecardRatingsAzureFunctions" - ], - "previewImagesFileNames": [ - "SecurityScorecardBlack1.png", - "SecurityScorecardBlack2.png", - "SecurityScorecardBlack3.png", - "SecurityScorecardBlack4.png", - "SecurityScorecardBlack5.png", - "SecurityScorecardBlack6.png", - "SecurityScorecardWhite1.png", - "SecurityScorecardWhite2.png", - "SecurityScorecardWhite3.png", - "SecurityScorecardWhite4.png", - "SecurityScorecardWhite5.png", - "SecurityScorecardWhite6.png" - ], - "version": "1.0.0", - "title": "SecurityScorecard", - "templateRelativePath": "SecurityScorecardWorkbook.json", - "subtitle": "", - "provider": "SecurityScorecard" - }, - { - "workbookKey": "DigitalShadowsWorkbook", - "logoFileName": "DigitalShadowsLogo.svg", - "description": "For gaining insights into Digital Shadows logs.", - "dataTypesDependencies": [ - "DigitalShadows_CL" - ], - "dataConnectorsDependencies": [ - "DigitalShadowsSearchlightAzureFunctions" - ], - "previewImagesFileNames": [ - "DigitalShadowsBlack1.png", - "DigitalShadowsBlack2.png", - "DigitalShadowsBlack3.png", - "DigitalShadowsWhite1.png", - "DigitalShadowsWhite2.png", - "DigitalShadowsWhite3.png" - ], - "version": "1.0.0", - "title": "Digital Shadows", - "templateRelativePath": "DigitalShadows.json", - "subtitle": "", - "provider": "Digital Shadows" - }, - { - "workbookKey": "SalesforceServiceCloudWorkbook", - "logoFileName": "salesforce_logo.svg", - "description": "Sets the time name for analysis.", - "dataTypesDependencies": [ - "SalesforceServiceCloud" - ], - "dataConnectorsDependencies": [ - "SalesforceServiceCloud_CL" - ], - "previewImagesFileNames": [], - "version": "1.0.0", - "title": "Salesforce Service Cloud", - "templateRelativePath": "SalesforceServiceCloud.json", - "subtitle": "", - "provider": "Salesforce" - }, - { - "workbookKey": "NetworkSessionSolution", - "logoFileName": "Azure_Sentinel.svg", - "description": "This workbook is included as part of Network Session Essentials solution and gives a summary of analyzed traffic, helps with threat analysis and investigating suspicious IP’s and traffic analysis. Network Session Essentials Solution also includes playbooks to periodically summarize the logs thus enhancing user experience and improving data search. For the effective usage of workbook, we highly recommend to enable the summarization playbooks that are provided with this solution.", - "dataTypesDependencies": [ - "AWSVPCFlow", - "DeviceNetworkEvents", - "SecurityEvent", - "WindowsEvent", - "CommonSecurityLog", - "Syslog", - "CommonSecurityLog", - "VMConnection", - "AzureDiagnostics", - "AzureDiagnostics", - "CommonSecurityLog", - "Corelight_CL", - "VectraStream", - "CommonSecurityLog", - "CommonSecurityLog", - "Syslog", - "CiscoMerakiNativePoller" - ], - "dataConnectorsDependencies": [ - "AWSS3", - "MicrosoftThreatProtection", - "SecurityEvents", - "WindowsForwardedEvents", - "Zscaler", - "MicrosoftSysmonForLinux", - "PaloAltoNetworks", - "AzureMonitor(VMInsights)", - "AzureFirewall", - "AzureNSG", - "CiscoASA", - "Corelight", - "AIVectraStream", - "CheckPoint", - "Fortinet", - "CiscoMeraki" - ], - "previewImagesFileNames": [], - "version": "1.0.0", - "title": "Network Session Essentials", - "templateRelativePath": "NetworkSessionEssentials.json", - "subtitle": "", - "provider": "Microsoft" - }, - { - "workbookKey": "SAPSODAnalysis", - "logoFileName": "AliterConsulting.svg", - "description": "SAP SOD Analysis", - "dataTypesDependencies": [ - "SAPAuditLog" - ], - "dataConnectorsDependencies": [ - "SAP" - ], - "previewImagesFileNames": [], - "version": "2.0.0", - "title": "SAP SOD Analysis", - "templateRelativePath": "SAP - Segregation of Duties v2.0 (by Aliter Consulting).json", - "subtitle": "", - "provider": "Aliter Consulting" - }, - { - "workbookKey": "TheomWorkbook", - "logoFileName": "theom-logo.svg", - "description": "Theom Alert Statistics", - "dataTypesDependencies": [ - "TheomAlerts_CL" - ], - "dataConnectorsDependencies": [ - "Theom" - ], - "previewImagesFileNames": [ - "TheomWorkbook-black.png", - "TheomWorkbook-white.png" - ], - "version": "1.0.0", - "title": "Theom", - "templateRelativePath": "Theom.json", - "subtitle": "", - "provider": "Theom" - }, - { - "workbookKey": "DynatraceWorkbooks", - "logoFileName": "dynatrace.svg", - "description": "This workbook brings together queries and visualizations to assist you in identifying potential threats surfaced by Dynatrace.", - "dataTypesDependencies": [ - "DynatraceAttacks_CL", - "DynatraceAuditLogs_CL", - "DynatraceProblems_CL", - "DynatraceSecurityProblems_CL" - ], - "dataConnectorsDependencies": [ - "DynatraceAttacks", - "DynatraceAuditLogs", - "DynatraceProblems", - "DynatraceRuntimeVulnerabilities" - ], - "previewImagesFileNames": [ - "DynatraceWorkbookBlack.png", - "DynatraceWorkbookWhite.png" - ], - "version": "2.0.0", - "title": "Dynatrace", - "templateRelativePath": "Dynatrace.json", - "subtitle": "", - "provider": "Dynatrace" - }, - { - "workbookKey": "MDOWorkbook", - "logoFileName": "", - "description": "Gain extensive insight into your organization's Microsoft Defender for Office Activity by analyzing, and correlating events.\nYou can track malware and phishing detection over time.", - "dataTypesDependencies": [ - "SecurityAlert" - ], - "dataConnectorsDependencies": [ - "MicrosoftThreatProtection" - ], - "previewImagesFileNames": [], - "version": "1.0.0", - "title": "Microsoft 365 Defender MDOWorkbook", - "templateRelativePath": "MDO Insights.json", - "subtitle": "", - "provider": "Microsoft" - }, - { - "workbookKey": "AnomaliesVisualizationWorkbook", - "logoFileName": "", - "description": "A workbook that provides contextual information to a user for better insight on Anomalies and their impact. The workbook will help with investigation of anomalies as well as identify patterns that can lead to a threat.", - "dataTypesDependencies": [ - "Anomalies" - ], - "dataConnectorsDependencies": [], - "previewImagesFileNames": [ - "AnomaliesVisualizationWorkbookWhite.png", - "AnomaliesVisualizationWorkbookBlack.png" - ], - "version": "1.0.0", - "title": "AnomaliesVisulization", - "templateRelativePath": "AnomaliesVisualization.json", - "subtitle": "", - "provider": "Microsoft Sentinel Community" - }, - { - "workbookKey": "AnomalyDataWorkbook", - "logoFileName": "", - "description": "A workbook providing details, related Incident, and related Hunting Workbook for a specific Anomaly.", - "dataTypesDependencies": [ - "Anomalies" - ], - "dataConnectorsDependencies": [], - "previewImagesFileNames": [ - "AnomalyDataWorkbookWhite.png", - "AnomalyDataWorkbookBlack.png" - ], - "version": "1.0.0", - "title": "AnomalyData", - "templateRelativePath": "AnomalyData.json", - "subtitle": "", - "provider": "Microsoft Sentinel Community" - }, - { - "workbookKey": "MicrosoftExchangeLeastPrivilegewithRBAC-Online", - "logoFileName": "Azure_Sentinel.svg", - "description": "This Workbook, dedicated to Exchange Online environments is built to have a simple view of non-standard RBAC delegations on an Exchange Online tenant. This Workbook allow you to go deep dive on custom delegation and roles and also members of each delegation, including the nested level and the group imbrication on your environment.", - "dataTypesDependencies": [ - "ESIExchangeOnlineConfig_CL" - ], - "dataConnectorsDependencies": [ - "ESI-ExchangeOnPremisesCollector", - "ESI-ExchangeAdminAuditLogEvents", - "ESI-ExchangeOnlineCollector" - ], - "previewImagesFileNames": [], - "version": "1.0.0", - "title": "Microsoft Exchange Least Privilege with RBAC - Online", - "templateRelativePath": "Microsoft Exchange Least Privilege with RBAC - Online.json", - "subtitle": "", - "provider": "Microsoft" - }, - { - "workbookKey": "MicrosoftExchangeLeastPrivilegewithRBAC", - "logoFileName": "Azure_Sentinel.svg", - "description": "This Workbook, dedicated to On-Premises environments is built to have a simple view of non-standard RBAC delegations on an On-Premises Exchange environment. This Workbook allow you to go deep dive on custom delegation and roles and also members of each delegation, including the nested level and the group imbrication on your environment.", - "dataTypesDependencies": [ - "ESIExchangeOnlineConfig_CL" - ], - "dataConnectorsDependencies": [ - "ESI-ExchangeOnPremisesCollector", - "ESI-ExchangeAdminAuditLogEvents", - "ESI-ExchangeOnlineCollector" - ], - "previewImagesFileNames": [], - "version": "1.0.0", - "title": "Microsoft Exchange Least Privilege with RBAC", - "templateRelativePath": "Microsoft Exchange Least Privilege with RBAC.json", - "subtitle": "", - "provider": "Microsoft" - }, - { - "workbookKey": "MicrosoftExchangeSearchAdminAuditLog", - "logoFileName": "Azure_Sentinel.svg", - "description": "This workbook is dedicated to On-Premises Exchange organizations. It uses the MSExchange Management event logs to give you a simple way to view administrators’ activities in your Exchange environment with Cmdlets usage statistics and multiple pivots to understand who and/or what is affected to modifications on your environment.", - "dataTypesDependencies": [ - "ESIExchangeOnlineConfig_CL" - ], - "dataConnectorsDependencies": [ - "ESI-ExchangeOnPremisesCollector", - "ESI-ExchangeAdminAuditLogEvents", - "ESI-ExchangeOnlineCollector" - ], - "previewImagesFileNames": [], - "version": "1.0.0", - "title": "Microsoft Exchange Search AdminAuditLog", - "templateRelativePath": "Microsoft Exchange Search AdminAuditLog.json", - "subtitle": "", - "provider": "Microsoft" - }, - { - "workbookKey": "MicrosoftExchangeSecurityMonitoring", - "logoFileName": "Azure_Sentinel.svg", - "description": "This Workbook is dedicated to On-Premises Exchange organizations. It uses the MSExchange Management event logs and Microsoft Exchange Security configuration collected by data connectors. It helps to track admin actions, especially on VIP Users and/or on Sensitive Cmdlets. This workbook allows also to list Exchange Services changes, local account activities and local logon on Exchange Servers.", - "dataTypesDependencies": [ - "ESIExchangeOnlineConfig_CL" - ], - "dataConnectorsDependencies": [ - "ESI-ExchangeOnPremisesCollector", - "ESI-ExchangeAdminAuditLogEvents", - "ESI-ExchangeOnlineCollector" - ], - "previewImagesFileNames": [], - "version": "1.0.0", - "title": "Microsoft Exchange Admin Activity", - "templateRelativePath": "Microsoft Exchange Admin Activity.json", - "subtitle": "", - "provider": "Microsoft" - }, - { - "workbookKey": "MicrosoftExchangeSecurityReview-Online", - "logoFileName": "Azure_Sentinel.svg", - "description": "This Workbook is dedicated to Exchange Online tenants. It displays and highlights current Security configuration on various Exchange components specific to Online including delegations, the transport configuration and the linked security risks, and risky protocols.", - "dataTypesDependencies": [ - "ESIExchangeOnlineConfig_CL" - ], - "dataConnectorsDependencies": [ - "ESI-ExchangeOnPremisesCollector", - "ESI-ExchangeAdminAuditLogEvents", - "ESI-ExchangeOnlineCollector" - ], - "previewImagesFileNames": [], - "version": "1.0.0", - "title": "Microsoft Exchange Security Review - Online", - "templateRelativePath": "Microsoft Exchange Security Review - Online.json", - "subtitle": "", - "provider": "Microsoft" - }, - { - "workbookKey": "MicrosoftExchangeSecurityReview", - "logoFileName": "Azure_Sentinel.svg", - "description": "This Workbook is dedicated to On-Premises Exchange organizations. It displays and highlights current Security configuration on various Exchange components including delegations, rights on databases, Exchange and most important AD Groups with members including nested groups, local administrators of servers. This workbook helps also to understand the transport configuration and the linked security risks.", - "dataTypesDependencies": [ - "ESIExchangeOnlineConfig_CL" - ], - "dataConnectorsDependencies": [ - "ESI-ExchangeOnPremisesCollector", - "ESI-ExchangeAdminAuditLogEvents", - "ESI-ExchangeOnlineCollector" - ], - "previewImagesFileNames": [], - "version": "1.0.0", - "title": "Microsoft Exchange Security Review", - "templateRelativePath": "Microsoft Exchange Security Review.json", - "subtitle": "", - "provider": "Microsoft" - }, - { - "workbookKey": "ibossMalwareAndC2Workbook", - "logoFileName": "", - "description": "A workbook providing insights into malware and C2 activity detected by iboss.", - "dataTypesDependencies": [], - "dataConnectorsDependencies": [], - "previewImagesFileNames": [], - "version": "1.0.0", - "title": "iboss Malware and C2", - "templateRelativePath": "ibossMalwareAndC2.json", - "subtitle": "", - "provider": "iboss" - }, - { - "workbookKey": "ibossWebUsageWorkbook", - "logoFileName": "", - "description": "A workbook providing insights into web usage activity detected by iboss.", - "dataTypesDependencies": [], - "dataConnectorsDependencies": [], - "previewImagesFileNames": [], - "version": "1.0.0", - "title": "iboss Web Usage", - "templateRelativePath": "ibossWebUsage.json", - "subtitle": "", - "provider": "iboss" - }, - { - "workbookKey": "Fortiweb-workbook", - "logoFileName": "Azure_Sentinel.svg", - "description": "This workbook depends on a parser based on a Kusto Function to work as expected [**Fortiweb**](https://aka.ms/sentinel-FortiwebDataConnector-parser) which is deployed with the Microsoft Sentinel Solution.", - "dataTypesDependencies": [ - "CommonSecurityLog" - ], - "dataConnectorsDependencies": [ - "FortinetFortiWeb" - ], - "previewImagesFileNames": [], - "version": "1.0.0", - "title": "Fortiweb-workbook", - "templateRelativePath": "Fortiweb-workbook.json", - "subtitle": "", - "provider": "Microsoft" - }, - { - "workbookKey": "ReversingLabs-CapabilitiesOverview", - "logoFileName": "reversinglabs.svg", - "description": "The ReversingLabs-CapabilitiesOverview workbook provides a high level look at your threat intelligence capabilities and how they relate to your operations.", - "dataTypesDependencies": [], - "dataConnectorsDependencies": [], - "previewImagesFileNames": [ - "ReversingLabsTiSummary-White.png", - "ReversingLabsTiSummary-Black.png", - "ReversingLabsOpsSummary-White.png", - "ReversingLabsOpsSummary-Black.png" - ], - "version": "1.1.1", - "title": "ReversingLabs-CapabilitiesOverview", - "templateRelativePath": "ReversingLabs-CapabilitiesOverview.json", - "subtitle": "", - "provider": "ReversingLabs" - }, - { - "workbookKey": "TalonInsights", - "logoFileName": "Talon.svg", - "description": "This workbook provides Talon Security Insights on Log Analytics Query Logs", - "dataTypesDependencies": [], - "dataConnectorsDependencies": [], - "previewImagesFileNames": [ - "TalonInsightsBlack.png", - "TalonInsightsWhite.png" - ], - "version": "2.0.0", - "title": "Talon Insights", - "templateRelativePath": "TalonInsights.json", - "subtitle": "", - "provider": "Talon Security" - }, - { - "workbookKey": "vCenter", - "logoFileName": [], - "description": "This data connector depends on a parser based on Kusto Function **vCenter** to work as expected. [Follow steps to get this Kusto Function](https://aka.ms/sentinel-vCenter-parser)", - "dataTypesDependencies": [ - "vCenter_CL" - ], - "dataConnectorsDependencies": [ - "VMwarevCenter" - ], - "previewImagesFileNames": [], - "version": "1.0.0", - "title": "vCenter", - "templateRelativePath": "vCenter.json", - "subtitle": "", - "provider": "VMware" - }, - { - "workbookKey": "SAP-Monitors-AlertsandPerformance", - "logoFileName": "SAPVMIcon.svg", - "description": "SAP -Monitors- Alerts and Performance", - "dataTypesDependencies": [ - "SAPAuditLog" - ], - "dataConnectorsDependencies": [ - "SAP" - ], - "previewImagesFileNames": [ - "SAPVMIcon.svg" - ], - "version": "2.0.1", - "title": "SAP -Monitors- Alerts and Performance", - "templateRelativePath": "SAP -Monitors- Alerts and Performance.json", - "subtitle": "", - "provider": "Microsoft" - }, - { - "workbookKey": "SAP-SecurityAuditlogandInitialAccess", - "logoFileName": "SAPVMIcon.svg", - "description": "SAP -Security Audit log and Initial Access", - "dataTypesDependencies": [ - "SAPAuditLog" - ], - "dataConnectorsDependencies": [ - "SAP" - ], - "previewImagesFileNames": [ - "SAPVMIcon.svg" - ], - "version": "2.0.1", - "title": "SAP -Security Audit log and Initial Access", - "templateRelativePath": "SAP -Security Audit log and Initial Access.json", - "subtitle": "", - "provider": "Microsoft" - }, - { - "workbookKey": "DNSSolutionWorkbook", - "logoFileName": "", - "description": "This workbook is included as part of the DNS Essentials solution and gives a summary of analyzed DNS traffic. It also helps with threat analysis and investigating suspicious Domains, IPs and DNS traffic. DNS Essentials Solution also includes a playbook to periodically summarize the logs, thus enhancing the user experience and improving data search. For effective usage of workbook, we highly recommend enabling the summarization playbook that is provided with this solution.", - "dataTypesDependencies": [], - "dataConnectorsDependencies": [], - "previewImagesFileNames": [ - "DNSDomainWorkbookWhite.png", - "DNSDomainWorkbookBlack.png" - ], - "version": "1.0.0", - "title": "DNS Solution Workbook", - "templateRelativePath": "DNSSolutionWorkbook.json", - "subtitle": "", - "provider": "Microsoft" - }, - { - "workbookKey": "MicrosoftPowerBIActivityWorkbook", - "logoFileName": "", - "description": "This workbook provides details on Microsoft PowerBI Activity", - "dataTypesDependencies": [ - "PowerBIActivity" - ], - "dataConnectorsDependencies": [ - "Microsoft PowerBI (Preview)" - ], - "previewImagesFileNames": [ - "MicrosoftPowerBIActivityWorkbookBlack.png", - "MicrosoftPowerBIActivityWhite.png" - ], - "version": "1.0.0", - "title": "Microsoft PowerBI Activity Workbook", - "templateRelativePath": "MicrosoftPowerBIActivityWorkbook.json", - "subtitle": "", - "provider": "Microsoft" - }, - { - "workbookKey": "MicrosoftThreatIntelligenceWorkbook", - "logoFileName": "", - "description": "Gain insights into threat indicators ingestion and search for indicators at scale across Microsoft 1st Party, 3rd Party, On-Premises, Hybrid, and Multi-Cloud Workloads. Indicators Search facilitates a simple interface for finding IP, File, Hash, Sender and more across your data. Seamless pivots to correlate indicators with Microsoft Sentinel: Incidents to make your threat intelligence actionable.", - "dataTypesDependencies": [ - "ThreatIntelligenceIndicator", - "SecurityIncident" - ], - "dataConnectorsDependencies": [ - "ThreatIntelligence", - "ThreatIntelligenceTaxii" - ], - "previewImagesFileNames": [ - "ThreatIntelligenceWhite.png", - "ThreatIntelligenceBlack.png" - ], - "version": "1.0.0", - "title": "Threat Intelligence", - "templateRelativePath": "MicrosoftThreatIntelligence.json", - "subtitle": "", - "provider": "Microsoft" - }, - { - "workbookKey": "MicrosoftDefenderForEndPoint", - "logoFileName": "", - "description": "A wokbook to provide details about Microsoft Defender for Endpoint Advance Hunting to Overview & Analyse data brought through M365 Defender Connector.", - "dataTypesDependencies": [], - "dataConnectorsDependencies": [], - "previewImagesFileNames": [ - "microsoftdefenderforendpointwhite.png", - "microsoftdefenderforendpointblack.png" - ], - "version": "1.0.0", - "title": "Microsoft Defender For EndPoint", - "templateRelativePath": "MicrosoftDefenderForEndPoint.json", - "subtitle": "", - "provider": "Microsoft Sentinel Community" - }, - { - "workbookKey": "MicrosoftDefenderForIdentity", - "logoFileName": "", - "description": "Use this workbook to analyse the advance hunting data ingested for Defender For Identity.", - "dataTypesDependencies": [ - "IdentityLogonEvents", - "IdentityQueryEvents", - "IdentityDirectoryEvents", - "SecurityAlert" - ], - "dataConnectorsDependencies": [], - "previewImagesFileNames": [ - "microsoftdefenderforidentityblack.png", - "microsoftdefenderforidentitywhite.png" - ], - "version": "1.0.0", - "title": "Microsoft Defender For Identity", - "templateRelativePath": "MicrosoftDefenderForIdentity.json", - "subtitle": "", - "provider": "Microsoft Sentinel Community" - }, - { - "workbookKey": "EsetProtect", - "logoFileName": "", - "description": "Visualize events and threats from Eset protect.", - "dataTypesDependencies": [ - "ESETPROTECT" - ], - "dataConnectorsDependencies": [ - "ESETPROTECT" - ], - "previewImagesFileNames": [ - "ESETPROTECTBlack.png", - "ESETPROTECTWhite.png" - ], - "version": "1.0.0", - "title": "EsetProtect", - "templateRelativePath": "ESETPROTECT.json", - "subtitle": "", - "provider": "Community" - }, - { - "workbookKey": "CyberArkEPMWorkbook", - "logoFileName": "CyberArk_Logo.svg", - "description": "Sets the time name for analysis", - "dataTypesDependencies": [ - "CyberArkEPM_CL" - ], - "dataConnectorsDependencies": [ - "CyberArkEPM" - ], - "previewImagesFileNames": [ - "CyberArkEPMBlack.png", - "CyberArkEPMWhite.png" - ], - "version": "1.0.0", - "title": "CyberArk EPM", - "templateRelativePath": "CyberArkEPM.json", - "subtitle": "", - "provider": "CyberArk" - }, - { - "workbookKey": "NetskopeWorkbook", - "logoFileName": "Netskope_logo.svg", - "description": "Gain insights and comprehensive monitoring into Netskope events data by analyzing traffic and user activities.\nThis workbook provides insights into various Netskope events types such as Cloud Firewall, Network Private Access, Applications, Security Alerts as well as Web Transactions.\nYou can use this workbook to get visibility in to your Netskope Security Cloud and quickly identify threats, anamolies, traffic patterns, cloud application useage, blocked URL addresses and more.", - "dataTypesDependencies": [ - "Netskope_Events_CL", - "Netskope_Alerts_CL", - "Netskope_WebTX_CL" - ], - "dataConnectorsDependencies": [], - "previewImagesFileNames": [ - "Netskope-ApplicationEvents-Black.png", - "Netskope-ApplicationEvents-White.png", - "Netskope-SecurityAlerts-DLP-Black.png", - "Netskope-SecurityAlerts-DLP-White.png", - "Netskope-NetworkEvents-CFW-Black.png", - "Netskope-NetworkEvents-CFW-White.png", - "Netskope-SecurityAlerts-Malsite-Black.png", - "Netskope-SecurityAlerts-Malsite-White.png", - "Netskope-NetworkEvents-NPA-Black.png", - "Netskope-NetworkEvents-NPA-White.png", - "Netskope-SecurityAlerts-Malware-White.png", - "Netskope-SecurityAlerts-Malware-Black.png", - "Netskope-SecurityAlerts-BehaviorAnalytics-Black.png", - "Netskope-SecurityAlerts-BehaviorAnalytics-White.png", - "Netskope-SecurityAlerts-Overview-Black.png", - "Netskope-SecurityAlerts-Overview-White.png", - "Netskope-SecurityAlerts-CompormisedCredentials-Black.png", - "Netskope-SecurityAlerts-CompromisedCredentials-White.png", - "Netskope-WebTransactions-Black.png", - "Netskope-WebTransactions-White.png" - ], - "version": "1.0", - "title": "Netskope", - "templateRelativePath": "NetskopeEvents.json", - "subtitle": "", - "provider": "Netskope" - }, - { - "workbookKey": "AIShield", - "logoFileName": "", - "description": "Visualize events generated by AIShield. This workbook is dependent on a parser AIShield which is a part of the solution deployment.", - "dataTypesDependencies": [ - "AIShield" - ], - "dataConnectorsDependencies": [ - "AIShield" - ], - "previewImagesFileNames": [ - "AIShieldBlack.png", - "AIShieldWhite.png" - ], - "version": "1.0.0", - "title": "AIShield Workbook", - "templateRelativePath": "AIShield.json", - "subtitle": "", - "provider": "Community" - }, - { - "workbookKey": "AttackSurfaceReduction", - "logoFileName": "M365securityposturelogo.svg", - "description": "This workbook helps you implement the ASR rules of Windows/Defender, and to monitor them over time. The workbook can filter on ASR rules in Audit mode and Block mode.", - "dataTypesDependencies": [ - "DeviceEvents" - ], - "dataConnectorsDependencies": [ - "MicrosoftThreatProtection" - ], - "previewImagesFileNames": [ - "AttackSurfaceReductionWhite.png", - "AttackSurfaceReductionBlack.png" - ], - "version": "1.0.0", - "title": "Attack Surface Reduction Dashboard", - "templateRelativePath": "AttackSurfaceReduction.json", - "subtitle": "", - "provider": "Microsoft Sentinel community" - }, - { - "workbookKey": "IncidentTasksWorkbook", - "logoFileName": "", - "description": "Use this workbook to review and modify existing incidents with tasks. This workbook provides views that higlight incident tasks that are open, closed, or deleted, as well as incidents with tasks that are either owned or unassigned. The workbook also provides SOC metrics around incident task performance, such as percentage of incidents without tasks, average time to close tasks, and more.", - "dataTypesDependencies": [], - "dataConnectorsDependencies": [], - "previewImagesFileNames": [ - "Tasks-Black.png", - "Tasks-White.png" - ], - "version": "1.1.0", - "title": "Incident Tasks Workbook", - "templateRelativePath": "IncidentTasksWorkbook.json", - "subtitle": "", - "provider": "Microsoft", - "support": { - "tier": "Microsoft" - }, - "author": { - "name": "Microsoft Corporation" - }, - "source": { - "kind": "Community" - }, - "categories": { - "domains": [ - "Incident Management", - "SOC Reporting" - ] - } - }, - { - "workbookKey": "NetCleanProActiveWorkbook", - "logoFileName": "NetCleanImpactLogo.svg", - "description": "This workbook provides insights on NetClean ProActive Incidents.", - "dataTypesDependencies": [ - "Netclean_Incidents_CL" - ], - "dataConnectorsDependencies": [ - "Netclean_ProActive_Incidents" - ], - "previewImagesFileNames": [ - "NetCleanProActiveBlack1.png", - "NetCleanProActiveBlack2.png", - "NetCleanProActiveWhite1.png", - "NetCleanProActiveWhite2.png" - ], - "version": "1.0.0", - "title": "NetClean ProActive", - "templateRelativePath": "NetCleanProActiveWorkbook.json", - "subtitle": "", - "provider": "NetClean" - }, - { - "workbookKey": "AutomationHealth", - "logoFileName": "Azure_Sentinel.svg", - "description": "Have a holistic overview of your automation health, gain insights about failures, correlate Microsoft Sentinel health with Logic Apps diagnostics logs and deep dive automation details per incident", - "dataTypesDependencies": [ - "SentinelHealth" - ], - "dataConnectorsDependencies": [], - "previewImagesFileNames": [ - "AutomationHealthBlack.png", - "AutomationHealthWhite.png" - ], - "version": "2.0.0", - "title": "Automation health", - "templateRelativePath": "AutomationHealth.json", - "subtitle": "", - "provider": "Microsoft Sentinel Community" - }, - { - "workbookKey": "SAP-AuditControls", - "logoFileName": "SAPVMIcon.svg", - "description": "SAP -Audit Controls (Preview)", - "dataTypesDependencies": [ - "SAPAuditLog" - ], - "dataConnectorsDependencies": [ - "SAP" - ], - "previewImagesFileNames": [ - "SAPVMIcon.svg" - ], - "version": "1.0.0", - "title": "SAP -Audit Controls (Preview)", - "templateRelativePath": "SAP -Audit Controls (Preview).json", - "subtitle": "", - "provider": "Microsoft" - }, - { - "workbookKey": "ZoomReports", - "logoFileName": "", - "description": "Visualize various details & visuals on Zoom Report data ingested though the solution. This also have a dependency on the parser which is available as a part of Zoom solution named Zoom", - "dataTypesDependencies": [ "Zoom" ], - "dataConnectorsDependencies": ["Zoom Reports"], - "previewImagesFileNames": [ "ZoomReportsBlack.png", "ZoomReportsWhite.png" ], - "version": "1.0.0", - "title": "Zoom Reports", - "templateRelativePath": "ZoomReports.json", - "subtitle": "", - "provider": "42Crunch" - }, - { - "workbookKey": "ForcepointNGFWAdvanced", - "logoFileName": "FPAdvLogo.svg", - "description": "Gain threat intelligence correlated security and application insights on Forcepoint NGFW (Next Generation Firewall). Monitor Forcepoint logging servers health.", - "dataTypesDependencies": [ - "CommonSecurityLog", - "ThreatIntelligenceIndicator" - ], - "dataConnectorsDependencies": [ - "ForcepointNgfw", - "ThreatIntelligence" - ], - "previewImagesFileNames": [ - "ForcepointNGFWAdvancedWhite.png", - "ForcepointNGFWAdvancedBlack.png" - ], - "version": "1.0.0", - "title": "Forcepoint Next Generation Firewall (NGFW) Advanced Workbook", - "templateRelativePath": "ForcepointNGFWAdvanced.json", - "subtitle": "", - "provider": "Forcepoint" -}, -{ - "workbookKey": "AzureActivityWorkbook", - "logoFileName": "azureactivity_logo.svg", - "description": "Gain extensive insight into your organization's Azure Activity by analyzing, and correlating all user operations and events.\nYou can learn about all user operations, trends, and anomalous changes over time.\nThis workbook gives you the ability to drill down into caller activities and summarize detected failure and warning events.", - "dataTypesDependencies": [ - "AzureActivity" - ], - "dataConnectorsDependencies": [ - "AzureActivity" - ], - "previewImagesFileNames": [ - "AzureActivityWhite1.png", - "AzureActivityBlack1.png" - ], - "version": "2.0.0", - "title": "Azure Activity", - "templateRelativePath": "AzureActivity.json", - "subtitle": "", - "provider": "Microsoft" -}, -{ - "workbookKey": "IdentityAndAccessWorkbook", - "logoFileName": "Microsoft_logo.svg", - "description": "Gain insights into Identity and access operations by collecting and analyzing security logs, using the audit and sign-in logs to gather insights into use of Microsoft products.\nYou can view anomalies and trends across login events from all users and machines. This workbook also identifies suspicious entities from login and access events.", - "dataTypesDependencies": [ - "SecurityEvent" - ], - "dataConnectorsDependencies": [ - "SecurityEvents", - "WindowsSecurityEvents" - ], - "previewImagesFileNames": [ - "IdentityAndAccessWhite.png", - "IdentityAndAccessBlack.png" - ], - "version": "1.1.0", - "title": "Identity & Access", - "templateRelativePath": "IdentityAndAccess.json", - "subtitle": "", - "provider": "Microsoft" -}, -{ - "workbookKey": "CheckPointWorkbook", - "logoFileName": "checkpoint_logo.svg", - "description": "Gain insights into Check Point network activities, including number of gateways and servers, security incidents, and identify infected hosts.", - "dataTypesDependencies": [ - "CommonSecurityLog" - ], - "dataConnectorsDependencies": [ - "CheckPoint" - ], - "previewImagesFileNames": [ - "CheckPointWhite.png", - "CheckPointBlack.png" - ], - "version": "1.0.0", - "title": "Check Point Software Technologies", - "templateRelativePath": "CheckPoint.json", - "subtitle": "", - "provider": "Check Point" -}, -{ - "workbookKey": "CiscoWorkbook", - "logoFileName": "cisco_logo.svg", - "description": "Gain insights into your Cisco ASA firewalls by analyzing traffic, events, and firewall operations.\nThis workbook analyzes Cisco ASA threat events and identifies suspicious ports, users, protocols and IP addresses.\nYou can learn about trends across user and data traffic directions, and drill down into the Cisco filter results.\nEasily detect attacks on your organization by monitoring management operations, such as configuration and logins.", - "dataTypesDependencies": [ - "CommonSecurityLog" - ], - "dataConnectorsDependencies": [ - "CiscoASA" - ], - "previewImagesFileNames": [ - "CiscoWhite.png", - "CiscoBlack.png" - ], - "version": "1.1.0", - "title": "Cisco - ASA", - "templateRelativePath": "Cisco.json", - "subtitle": "", - "provider": "Microsoft" -}, -{ - "workbookKey": "ExchangeOnlineWorkbook", - "logoFileName": "office365_logo.svg", - "description": "Gain insights into Microsoft Exchange online by tracing and analyzing all Exchange operations and user activities.\nThis workbook let you monitor user activities, including logins, account operations, permission changes, and mailbox creations to discover suspicious trends among them.", - "dataTypesDependencies": [ - "OfficeActivity" - ], - "dataConnectorsDependencies": [ - "Office365" - ], - "previewImagesFileNames": [ - "ExchangeOnlineWhite.png", - "ExchangeOnlineBlack.png" - ], - "version": "2.0.0", - "title": "Exchange Online", - "templateRelativePath": "ExchangeOnline.json", - "subtitle": "", - "provider": "Microsoft" -}, -{ - "workbookKey": "PaloAltoOverviewWorkbook", - "logoFileName": "paloalto_logo.svg", - "description": "Gain insights and comprehensive monitoring into Palo Alto firewalls by analyzing traffic and activities.\nThis workbook correlates all Palo Alto data with threat events to identify suspicious entities and relationships.\nYou can learn about trends across user and data traffic, and drill down into Palo Alto Wildfire and filter results.", - "dataTypesDependencies": [ - "CommonSecurityLog" - ], - "dataConnectorsDependencies": [ - "PaloAltoNetworks" - ], - "previewImagesFileNames": [ - "PaloAltoOverviewWhite1.png", - "PaloAltoOverviewBlack1.png", - "PaloAltoOverviewWhite2.png", - "PaloAltoOverviewBlack2.png", - "PaloAltoOverviewWhite3.png", - "PaloAltoOverviewBlack3.png" - ], - "version": "1.2.0", - "title": "Palo Alto overview", - "templateRelativePath": "PaloAltoOverview.json", - "subtitle": "", - "provider": "Microsoft" -}, -{ - "workbookKey": "PaloAltoNetworkThreatWorkbook", - "logoFileName": "paloalto_logo.svg", - "description": "Gain insights into Palo Alto network activities by analyzing threat events.\nYou can extract meaningful security information by correlating data between threats, applications, and time.\nThis workbook makes it easy to track malware, vulnerability, and virus log events.", - "dataTypesDependencies": [ - "CommonSecurityLog" - ], - "dataConnectorsDependencies": [ - "PaloAltoNetworks" - ], - "previewImagesFileNames": [ - "PaloAltoNetworkThreatWhite1.png", - "PaloAltoNetworkThreatBlack1.png", - "PaloAltoNetworkThreatWhite2.png", - "PaloAltoNetworkThreatBlack2.png" - ], - "version": "1.1.0", - "title": "Palo Alto Network Threat", - "templateRelativePath": "PaloAltoNetworkThreat.json", - "subtitle": "", - "provider": "Palo Alto Networks" -}, -{ - "workbookKey": "EsetSMCWorkbook", - "logoFileName": "eset-logo.svg", - "description": "Visualize events and threats from Eset Security Management Center.", - "dataTypesDependencies": [ - "eset_CL" - ], - "dataConnectorsDependencies": [ - "EsetSMC" - ], - "previewImagesFileNames": [ - "esetSMCWorkbook-black.png", - "esetSMCWorkbook-white.png" - ], - "version": "1.0.0", - "title": "Eset Security Management Center Overview", - "templateRelativePath": "esetSMCWorkbook.json", - "subtitle": "", - "provider": "Community" -}, -{ - "workbookKey": "FortigateWorkbook", - "logoFileName": "fortinet_logo.svg", - "description": "Gain insights into Fortigate firewalls by analyzing traffic and activities.\nThis workbook finds correlations in Fortigate threat events and identifies suspicious ports, users, protocols and IP addresses.\nYou can learn about trends across user and data traffic, and drill down into the Fortigate filter results.\nEasily detect attacks on your organization by monitoring management operations such as configuration and logins.", - "dataTypesDependencies": [ - "CommonSecurityLog" - ], - "dataConnectorsDependencies": [ - "Fortinet" - ], - "previewImagesFileNames": [ - "FortigateWhite.png", - "FortigateBlack.png" - ], - "version": "1.1.0", - "title": "FortiGate", - "templateRelativePath": "Fortigate.json", - "subtitle": "", - "provider": "Microsoft" -}, -{ - "workbookKey": "DnsWorkbook", - "logoFileName": "dns_logo.svg", - "description": "Gain extensive insight into your organization's DNS by analyzing, collecting and correlating all DNS events.\nThis workbook exposes a variety of information about suspicious queries, malicious IP addresses and domain operations.", - "dataTypesDependencies": [ - "DnsInventory", - "DnsEvents" - ], - "dataConnectorsDependencies": [ - "DNS" - ], - "previewImagesFileNames": [ - "DnsWhite.png", - "DnsBlack.png" - ], - "version": "1.3.0", - "title": "DNS", - "templateRelativePath": "Dns.json", - "subtitle": "", - "provider": "Microsoft" -}, -{ - "workbookKey": "Office365Workbook", - "logoFileName": "office365_logo.svg", - "description": "Gain insights into Office 365 by tracing and analyzing all operations and activities. You can drill down into your SharePoint, OneDrive, and Exchange.\nThis workbook lets you find usage trends across users, files, folders, and mailboxes, making it easier to identify anomalies in your network.", - "dataTypesDependencies": [ - "OfficeActivity" - ], - "dataConnectorsDependencies": [ - "Office365" - ], - "previewImagesFileNames": [ - "Office365White1.png", - "Office365Black1.png", - "Office365White2.png", - "Office365Black2.png", - "Office365White3.png", - "Office365Black3.png" - ], - "version": "2.0.1", - "title": "Office 365", - "templateRelativePath": "Office365.json", - "subtitle": "", - "provider": "Microsoft" -}, -{ - "workbookKey": "SharePointAndOneDriveWorkbook", - "logoFileName": "office365_logo.svg", - "description": "Gain insights into SharePoint and OneDrive by tracing and analyzing all operations and activities.\nYou can view trends across user operation, find correlations between users and files, and identify interesting information such as user IP addresses.", - "dataTypesDependencies": [ - "OfficeActivity" - ], - "dataConnectorsDependencies": [ - "Office365" - ], - "previewImagesFileNames": [ - "SharePointAndOneDriveBlack1.png", - "SharePointAndOneDriveBlack2.png", - "SharePointAndOneDriveWhite1.png", - "SharePointAndOneDriveWhite2.png" - ], - "version": "2.0.0", - "title": "SharePoint & OneDrive", - "templateRelativePath": "SharePointAndOneDrive.json", - "subtitle": "", - "provider": "Microsoft" -}, -{ - "workbookKey": "AzureActiveDirectorySigninLogsWorkbook", - "logoFileName": "azureactivedirectory_logo.svg", - "description": "Gain insights into Azure Active Directory by connecting Microsoft Sentinel and using the sign-in logs to gather insights around Azure AD scenarios. \nYou can learn about sign-in operations, such as user sign-ins and locations, email addresses, and IP addresses of your users, as well as failed activities and the errors that triggered the failures.", - "dataTypesDependencies": [ - "SigninLogs" - ], - "dataConnectorsDependencies": [ - "AzureActiveDirectory" - ], - "previewImagesFileNames": [ - "AADsigninBlack1.png", - "AADsigninBlack2.png", - "AADsigninWhite1.png", - "AADsigninWhite2.png" - ], - "version": "2.4.0", - "title": "Azure AD Sign-in logs", - "templateRelativePath": "AzureActiveDirectorySignins.json", - "subtitle": "", - "provider": "Microsoft" -}, -{ - "workbookKey": "VirtualMachinesInsightsWorkbook", - "logoFileName": "azurevirtualmachine_logo.svg", - "description": "Gain rich insight into your organization's virtual machines from Azure Monitor, which analyzes and correlates data in your VM network. \nYou will get visibility on your VM parameters and behavior, and will be able to trace sent and received data. \nIdentify malicious attackers and their targets, and drill down into the protocols, source and destination IP addresses, countries, and ports the attacks occur across.", - "dataTypesDependencies": [ - "VMConnection", - "ServiceMapComputer_CL", - "ServiceMapProcess_CL" - ], - "dataConnectorsDependencies": [], - "previewImagesFileNames": [ - "VMInsightBlack1.png", - "VMInsightWhite1.png" - ], - "version": "1.3.0", - "title": "VM insights", - "templateRelativePath": "VirtualMachinesInsights.json", - "subtitle": "", - "provider": "Microsoft" -}, -{ - "workbookKey": "AzureActiveDirectoryAuditLogsWorkbook", - "logoFileName": "azureactivedirectory_logo.svg", - "description": "Gain insights into Azure Active Directory by connecting Microsoft Sentinel and using the audit logs to gather insights around Azure AD scenarios. \nYou can learn about user operations, including password and group management, device activities, and top active users and apps.", - "dataTypesDependencies": [ - "AuditLogs" - ], - "dataConnectorsDependencies": [ - "AzureActiveDirectory" - ], - "previewImagesFileNames": [ - "AzureADAuditLogsBlack1.png", - "AzureADAuditLogsWhite1.png" - ], - "version": "1.2.0", - "title": "Azure AD Audit logs", - "templateRelativePath": "AzureActiveDirectoryAuditLogs.json", - "subtitle": "", - "provider": "Microsoft" -}, -{ - "workbookKey": "ThreatIntelligenceWorkbook", - "logoFileName": "", - "description": "Gain insights into threat indicators ingestion and search for indicators at scale across Microsoft 1st Party, 3rd Party, On-Premises, Hybrid, and Multi-Cloud Workloads. Indicators Search facilitates a simple interface for finding IP, File, Hash, Sender and more across your data. Seamless pivots to correlate indicators with Microsoft Sentinel: Incidents to make your threat intelligence actionable.", - "dataTypesDependencies": [ - "ThreatIntelligenceIndicator", - "SecurityIncident" - ], - "dataConnectorsDependencies": [ - "ThreatIntelligence", - "ThreatIntelligenceTaxii" - ], - "previewImagesFileNames": [ - "ThreatIntelligenceWhite.png", - "ThreatIntelligenceBlack.png" - ], - "version": "5.0.0", - "title": "Threat Intelligence", - "templateRelativePath": "ThreatIntelligence.json", - "subtitle": "", - "provider": "Microsoft" -}, -{ - "workbookKey": "WebApplicationFirewallOverviewWorkbook", - "logoFileName": "waf_logo.svg", - "description": "Gain insights into your organization's Azure web application firewall (WAF). You will get a general overview of your application gateway firewall and application gateway access events.", - "dataTypesDependencies": [ - "AzureDiagnostics" - ], - "dataConnectorsDependencies": [ - "WAF" - ], - "previewImagesFileNames": [ - "WAFOverviewBlack.png", - "WAFOverviewWhite.png" - ], - "version": "1.1.0", - "title": "Microsoft Web Application Firewall (WAF) - overview", - "templateRelativePath": "WebApplicationFirewallOverview.json", - "subtitle": "", - "provider": "Microsoft" -}, -{ - "workbookKey": "WebApplicationFirewallFirewallEventsWorkbook", - "logoFileName": "waf_logo.svg", - "description": "Gain insights into your organization's Azure web application firewall (WAF). You will get visibility in to your application gateway firewall. You can view anomalies and trends across all firewall event triggers, attack events, blocked URL addresses and more.", - "dataTypesDependencies": [ - "AzureDiagnostics" - ], - "dataConnectorsDependencies": [ - "WAF" - ], - "previewImagesFileNames": [ - "WAFFirewallEventsBlack1.png", - "WAFFirewallEventsBlack2.png", - "WAFFirewallEventsWhite1.png", - "WAFFirewallEventsWhite2.png" - ], - "version": "1.1.0", - "title": "Microsoft Web Application Firewall (WAF) - firewall events", - "templateRelativePath": "WebApplicationFirewallFirewallEvents.json", - "subtitle": "", - "provider": "Microsoft" -}, -{ - "workbookKey": "WebApplicationFirewallGatewayAccessEventsWorkbook", - "logoFileName": "waf_logo.svg", - "description": "Gain insights into your organization's Azure web application firewall (WAF). You will get visibility in to your application gateway access events. You can view anomalies and trends across received and sent data, client IP addresses, URL addresses and more, and drill down into details.", - "dataTypesDependencies": [ - "AzureDiagnostics" - ], - "dataConnectorsDependencies": [ - "WAF" - ], - "previewImagesFileNames": [ - "WAFGatewayAccessEventsBlack1.png", - "WAFGatewayAccessEventsBlack2.png", - "WAFGatewayAccessEventsWhite1.png", - "WAFGatewayAccessEventsWhite2.png" - ], - "version": "1.2.0", - "title": "Microsoft Web Application Firewall (WAF) - gateway access events", - "templateRelativePath": "WebApplicationFirewallGatewayAccessEvents.json", - "subtitle": "", - "provider": "Microsoft" -}, -{ - "workbookKey": "LinuxMachinesWorkbook", - "logoFileName": "azurevirtualmachine_logo.svg", - "description": "Gain insights into your workspaces' Linux machines by connecting Microsoft Sentinel and using the logs to gather insights around Linux events and errors.", - "dataTypesDependencies": [ - "Syslog" - ], - "dataConnectorsDependencies": [ - "Syslog" - ], - "previewImagesFileNames": [ - "LinuxMachinesWhite.png", - "LinuxMachinesBlack.png" - ], - "version": "1.1.0", - "title": "Linux machines", - "templateRelativePath": "LinuxMachines.json", - "subtitle": "", - "provider": "Microsoft" -}, -{ - "workbookKey": "AzureFirewallWorkbook", - "logoFileName": "AzFirewalls.svg", - "description": "Gain insights into Azure Firewall events. You can learn about your application and network rules, see metrics for firewall activities across URLs, ports, and addresses across multiple workspaces.", - "dataTypesDependencies": [ - "AzureDiagnostics" - ], - "dataConnectorsDependencies": [ - "AzureFirewall" - ], - "previewImagesFileNames": [ - "AzureFirewallWorkbookWhite1.PNG", - "AzureFirewallWorkbookBlack1.PNG", - "AzureFirewallWorkbookWhite2.PNG", - "AzureFirewallWorkbookBlack2.PNG", - "AzureFirewallWorkbookWhite3.PNG", - "AzureFirewallWorkbookBlack3.PNG", - "AzureFirewallWorkbookWhite4.PNG", - "AzureFirewallWorkbookBlack4.PNG", - "AzureFirewallWorkbookWhite5.PNG", - "AzureFirewallWorkbookBlack5.PNG" - ], - "version": "1.3.0", - "title": "Azure Firewall", - "templateRelativePath": "AzureFirewallWorkbook.json", - "subtitle": "", - "provider": "Microsoft" -}, -{ - "workbookKey": "AzureDDoSStandardProtection", - "logoFileName": "AzDDoS.svg", - "description": "This workbook visualizes security-relevant Azure DDoS events across several filterable panels. Offering a summary tab, metrics and a investigate tabs across multiple workspaces.", - "dataTypesDependencies": [ - "AzureDiagnostics" - ], - "dataConnectorsDependencies": [ - "DDOS" - ], - "previewImagesFileNames": [ - "AzureDDoSWhite1.PNG", - "AzureDDoSBlack1.PNG", - "AzureDDoSWhite2.PNG", - "AzureDDoSBlack2.PNG", - "AzureDDoSWhite2.PNG", - "AzureDDoSBlack2.PNG" - ], - "version": "1.0.2", - "title": "Azure DDoS Protection Workbook", - "templateRelativePath": "AzDDoSStandardWorkbook.json", - "subtitle": "", - "provider": "Microsoft" -}, -{ - "workbookKey": "MicrosoftCloudAppSecurityWorkbook", - "logoFileName": "Microsoft_logo.svg", - "description": "Using this workbook, you can identify which cloud apps are being used in your organization, gain insights from usage trends and drill down to a specific user and application.", - "dataTypesDependencies": [ - "McasShadowItReporting" - ], - "dataConnectorsDependencies": [ - "MicrosoftCloudAppSecurity" - ], - "previewImagesFileNames": [ - "McasDiscoveryBlack.png", - "McasDiscoveryWhite.png" - ], - "version": "1.2.0", - "title": "Microsoft Cloud App Security - discovery logs", - "templateRelativePath": "MicrosoftCloudAppSecurity.json", - "subtitle": "", - "provider": "Microsoft" -}, -{ - "workbookKey": "F5BIGIPSytemMetricsWorkbook", - "logoFileName": "f5_logo.svg", - "description": "Gain insight into F5 BIG-IP health and performance. This workbook provides visibility of various metrics including CPU, memory, connectivity, throughput and disk utilization.", - "dataTypesDependencies": [ - "F5Telemetry_system_CL", - "F5Telemetry_AVR_CL" - ], - "dataConnectorsDependencies": [ - "F5BigIp" - ], - "previewImagesFileNames": [ - "F5SMBlack.png", - "F5SMWhite.png" - ], - "version": "1.1.0", - "title": "F5 BIG-IP System Metrics", - "templateRelativePath": "F5BIGIPSystemMetrics.json", - "subtitle": "", - "provider": "F5 Networks" -}, -{ - "workbookKey": "F5NetworksWorkbook", - "logoFileName": "f5_logo.svg", - "description": "Gain insights into F5 BIG-IP Application Security Manager (ASM), by analyzing traffic and activities.\nThis workbook provides insight into F5's web application firewall events and identifies attack traffic patterns across multiple ASM instances as well as overall BIG-IP health.", - "dataTypesDependencies": [ - "F5Telemetry_LTM_CL", - "F5Telemetry_system_CL", - "F5Telemetry_ASM_CL" - ], - "dataConnectorsDependencies": [ - "F5BigIp" - ], - "previewImagesFileNames": [ - "F5White.png", - "F5Black.png" - ], - "version": "1.1.0", - "title": "F5 BIG-IP ASM", - "templateRelativePath": "F5Networks.json", - "subtitle": "", - "provider": "F5 Networks" -}, -{ - "workbookKey": "AzureNetworkWatcherWorkbook", - "logoFileName": "networkwatcher_logo.svg", - "description": "Gain deeper understanding of your organization's Azure network traffic by analyzing, and correlating Network Security Group flow logs. \nYou can trace malicious traffic flows, and drill down into their protocols, source and destination IP addresses, machines, countries, and subnets. \nThis workbook also helps you protect your network by identifying weak NSG rules.", - "dataTypesDependencies": [ - "AzureNetworkAnalytics_CL" - ], - "dataConnectorsDependencies": [], - "previewImagesFileNames": [ - "AzureNetworkWatcherWhite.png", - "AzureNetworkWatcherBlack.png" - ], - "version": "1.1.0", - "title": "Azure Network Watcher", - "templateRelativePath": "AzureNetworkWatcher.json", - "subtitle": "", - "provider": "Microsoft" -}, -{ - "workbookKey": "ZscalerFirewallWorkbook", - "logoFileName": "zscaler_logo.svg", - "description": "Gain insights into your ZIA cloud firewall logs by connecting to Microsoft Sentinel.\nThe Zscaler firewall overview workbook provides an overview and ability to drill down into all cloud firewall activity in your Zscaler instance including non-web related networking events, security events, firewall rules, and bandwidth consumption", - "dataTypesDependencies": [ - "CommonSecurityLog" - ], - "dataConnectorsDependencies": [ - "Zscaler" - ], - "previewImagesFileNames": [ - "ZscalerFirewallWhite1.png", - "ZscalerFirewallBlack1.png", - "ZscalerFirewallWhite2.png", - "ZscalerFirewallBlack2.png" - ], - "version": "1.1.0", - "title": "Zscaler Firewall", - "templateRelativePath": "ZscalerFirewall.json", - "subtitle": "", - "provider": "Zscaler" -}, -{ - "workbookKey": "ZscalerWebOverviewWorkbook", - "logoFileName": "zscaler_logo.svg", - "description": "Gain insights into your ZIA web logs by connecting to Microsoft Sentinel.\nThe Zscaler web overview workbook provides a bird's eye view and ability to drill down into all the security and networking events related to web transactions, types of devices, and bandwidth consumption.", - "dataTypesDependencies": [ - "CommonSecurityLog" - ], - "dataConnectorsDependencies": [ - "Zscaler" - ], - "previewImagesFileNames": [ - "ZscalerWebOverviewWhite.png", - "ZscalerWebOverviewBlack.png" - ], - "version": "1.1.0", - "title": "Zscaler Web Overview", - "templateRelativePath": "ZscalerWebOverview.json", - "subtitle": "", - "provider": "Zscaler" -}, -{ - "workbookKey": "ZscalerThreatsOverviewWorkbook", - "logoFileName": "zscaler_logo.svg", - "description": "Gain insights into threats blocked by Zscaler Internet access on your network.\nThe Zscaler threat overview workbook shows your entire threat landscape including blocked malware, IPS/AV rules, and blocked cloud apps. Threats are displayed by threat categories, filetypes, inbound vs outbound threats, usernames, user location, and more.", - "dataTypesDependencies": [ - "CommonSecurityLog" - ], - "dataConnectorsDependencies": [ - "Zscaler" - ], - "previewImagesFileNames": [ - "ZscalerThreatsWhite.png", - "ZscalerThreatsBlack.png" - ], - "version": "1.2.0", - "title": "Zscaler Threats", - "templateRelativePath": "ZscalerThreats.json", - "subtitle": "", - "provider": "Zscaler" -}, -{ - "workbookKey": "ZscalerOffice365AppsWorkbook", - "logoFileName": "zscaler_logo.svg", - "description": "Gain insights into Office 365 use on your network.\nThe Zscaler Office 365 overview workbook shows you the Microsoft apps running on your network and their individual bandwidth consumption. It also helps identify phishing attempts in which attackers disguised themselves as Microsoft services.", - "dataTypesDependencies": [ - "CommonSecurityLog" - ], - "dataConnectorsDependencies": [ - "Zscaler" - ], - "previewImagesFileNames": [ - "ZscalerOffice365White.png", - "ZscalerOffice365Black.png" - ], - "version": "1.1.0", - "title": "Zscaler Office365 Apps", - "templateRelativePath": "ZscalerOffice365Apps.json", - "subtitle": "", - "provider": "Zscaler" -}, -{ - "workbookKey": "InsecureProtocolsWorkbook", - "logoFileName": "Microsoft_logo.svg", - "description": "Gain insights into insecure protocol traffic by collecting and analyzing security events from Microsoft products.\nYou can view analytics and quickly identify use of weak authentication as well as sources of legacy protocol traffic, like NTLM and SMBv1.\nYou will also have the ability to monitor use of weak ciphers, allowing you to find weak spots in your organization's security.", - "dataTypesDependencies": [ - "SecurityEvent", - "Event", - "SigninLogs" - ], - "dataConnectorsDependencies": [ - "SecurityEvents", - "AzureActiveDirectory", - "WindowsSecurityEvents" - ], - "previewImagesFileNames": [ - "InsecureProtocolsWhite1.png", - "InsecureProtocolsBlack1.png", - "InsecureProtocolsWhite2.png", - "InsecureProtocolsBlack2.png" - ], - "version": "2.1.0", - "title": "Insecure Protocols", - "templateRelativePath": "InsecureProtocols.json", - "subtitle": "", - "provider": "Microsoft" -}, -{ - "workbookKey": "AmazonWebServicesNetworkActivitiesWorkbook", - "logoFileName": "amazon_web_services_Logo.svg", - "description": "Gain insights into AWS network related resource activities, including the creation, update, and deletions of security groups, network ACLs and routes, gateways, elastic load balancers, VPCs, subnets, and network interfaces.", - "dataTypesDependencies": [ - "AWSCloudTrail" - ], - "dataConnectorsDependencies": [ - "AWS" - ], - "previewImagesFileNames": [ - "AwsNetworkActivitiesWhite.png", - "AwsNetworkActivitiesBlack.png" - ], - "version": "1.0.0", - "title": "AWS Network Activities", - "templateRelativePath": "AmazonWebServicesNetworkActivities.json", - "subtitle": "", - "provider": "Microsoft" -}, -{ - "workbookKey": "AmazonWebServicesUserActivitiesWorkbook", - "logoFileName": "amazon_web_services_Logo.svg", - "description": "Gain insights into AWS user activities, including failed sign-in attempts, IP addresses, regions, user agents, and identity types, as well as potential malicious user activities with assumed roles.", - "dataTypesDependencies": [ - "AWSCloudTrail" - ], - "dataConnectorsDependencies": [ - "AWS" - ], - "previewImagesFileNames": [ - "AwsUserActivitiesWhite.png", - "AwsUserActivitiesBlack.png" - ], - "version": "1.0.0", - "title": "AWS User Activities", - "templateRelativePath": "AmazonWebServicesUserActivities.json", - "subtitle": "", - "provider": "Microsoft" -}, -{ - "workbookKey": "TrendMicroDeepSecurityAttackActivityWorkbook", - "logoFileName": "trendmicro_logo.svg", - "description": "Visualize and gain insights into the MITRE ATT&CK related activity detected by Trend Micro Deep Security.", - "dataTypesDependencies": [ - "CommonSecurityLog" - ], - "dataConnectorsDependencies": [ - "TrendMicro" - ], - "previewImagesFileNames": [ - "TrendMicroDeepSecurityAttackActivityWhite.png", - "TrendMicroDeepSecurityAttackActivityBlack.png" - ], - "version": "1.0.0", - "title": "Trend Micro Deep Security ATT&CK Related Activity", - "templateRelativePath": "TrendMicroDeepSecurityAttackActivity.json", - "subtitle": "", - "provider": "Trend Micro" -}, -{ - "workbookKey": "TrendMicroDeepSecurityOverviewWorkbook", - "logoFileName": "trendmicro_logo.svg", - "description": "Gain insights into your Trend Micro Deep Security security event data by visualizing your Deep Security Anti-Malware, Firewall, Integrity Monitoring, Intrusion Prevention, Log Inspection, and Web Reputation event data.", - "dataTypesDependencies": [ - "CommonSecurityLog" - ], - "dataConnectorsDependencies": [ - "TrendMicro" - ], - "previewImagesFileNames": [ - "TrendMicroDeepSecurityOverviewWhite1.png", - "TrendMicroDeepSecurityOverviewBlack1.png", - "TrendMicroDeepSecurityOverviewWhite2.png", - "TrendMicroDeepSecurityOverviewBlack2.png" - ], - "version": "1.0.0", - "title": "Trend Micro Deep Security Events", - "templateRelativePath": "TrendMicroDeepSecurityOverview.json", - "subtitle": "", - "provider": "Trend Micro" -}, -{ - "workbookKey": "ExtraHopDetectionSummaryWorkbook", - "logoFileName": "extrahop_logo.svg", - "description": "Gain insights into ExtraHop Reveal(x) detections by analyzing traffic and activities.\nThis workbook provides an overview of security detections in your organization's network, including high-risk detections and top participants.", - "dataTypesDependencies": [ - "CommonSecurityLog" - ], - "dataConnectorsDependencies": [ - "ExtraHopNetworks" - ], - "previewImagesFileNames": [ - "ExtrahopWhite.png", - "ExtrahopBlack.png" - ], - "version": "1.0.0", - "title": "ExtraHop", - "templateRelativePath": "ExtraHopDetectionSummary.json", - "subtitle": "", - "provider": "ExtraHop Networks" -}, -{ - "workbookKey": "BarracudaCloudFirewallWorkbook", - "logoFileName": "barracuda_logo.svg", - "description": "Gain insights into your Barracuda CloudGen Firewall by analyzing firewall operations and events.\nThis workbook provides insights into rule enforcement, network activities, including number of connections, top users, and helps you identify applications that are popular on your network.", - "dataTypesDependencies": [ - "CommonSecurityLog", - "Syslog" - ], - "dataConnectorsDependencies": [ - "BarracudaCloudFirewall" - ], - "previewImagesFileNames": [ - "BarracudaWhite1.png", - "BarracudaBlack1.png", - "BarracudaWhite2.png", - "BarracudaBlack2.png" - ], - "version": "1.0.0", - "title": "Barracuda CloudGen FW", - "templateRelativePath": "Barracuda.json", - "subtitle": "", - "provider": "Barracuda" -}, -{ - "workbookKey": "CitrixWorkbook", - "logoFileName": "citrix_logo.svg", - "description": "Citrix Analytics for Security aggregates and correlates information across network traffic, users, files and endpoints in Citrix environments. This generates actionable insights that enable Citrix administrators and security teams to remediate user security threats through automation while optimizing IT operations. Machine learning and artificial intelligence empowers Citrix Analytics for Security to identify and take automated action to prevent data exfiltration. While delivered as a cloud service, Citrix Analytics for Security can generate insights from resources located on-premises, in the cloud, or in hybrid architectures. The Citrix Analytics Workbook further enhances the value of both your Citrix Analytics for Security and Microsoft Sentinel. The Workbook enables you to integrate data sources together, helping you gain even richer insights. It also gives Security Operations (SOC) teams the ability to correlate data from disparate logs, helping you identify and proactively remediate security risk quickly. Additionally, valuable dashboards that were unique to the Citrix Analytics for Security can now be implemented in Sentinel. You can also create new custom Workbooks that were not previously available, helping extend the value of both investments.", - "dataTypesDependencies": [ - "CitrixAnalytics_userProfile_CL", - "CitrixAnalytics_riskScoreChange_CL", - "CitrixAnalytics_indicatorSummary_CL", - "CitrixAnalytics_indicatorEventDetails_CL" - ], - "dataConnectorsDependencies": [ - "Citrix" - ], - "previewImagesFileNames": [ - "CitrixWhite.png", - "CitrixBlack.png" - ], - "version": "2.1.0", - "title": "Citrix Analytics", - "templateRelativePath": "Citrix.json", - "subtitle": "", - "provider": "Citrix Systems Inc." -}, -{ - "workbookKey": "OneIdentityWorkbook", - "logoFileName": "oneIdentity_logo.svg", - "description": "This simple workbook gives an overview of sessions going through your SafeGuard for Privileged Sessions device.", - "dataTypesDependencies": [ - "CommonSecurityLog" - ], - "dataConnectorsDependencies": [ - "OneIdentity" - ], - "previewImagesFileNames": [ - "OneIdentityWhite.png", - "OneIdentityBlack.png" - ], - "version": "1.0.0", - "title": "One Identity", - "templateRelativePath": "OneIdentity.json", - "subtitle": "", - "provider": "One Identity LLC." -}, -{ - "workbookKey": "SecurityStatusWorkbook", - "logoFileName": "", - "description": "This workbook gives an overview of Security Settings for VMs and Azure Arc.", - "dataTypesDependencies": [ - "CommonSecurityLog", - "SecurityEvent", - "Syslog" - ], - "dataConnectorsDependencies": [], - "previewImagesFileNames": [ - "AzureSentinelSecurityStatusBlack.png", - "AzureSentinelSecurityStatusWhite.png" - ], - "version": "1.3.0", - "title": "Security Status", - "templateRelativePath": "SecurityStatus.json", - "subtitle": "", - "provider": "Microsoft" -}, -{ - "workbookKey": "AzureSentinelSecurityAlertsWorkbook", - "logoFileName": "Azure_Sentinel.svg", - "description": "Security Alerts dashboard for alerts in your Microsoft Sentinel environment.", - "dataTypesDependencies": [ - "SecurityAlert" - ], - "dataConnectorsDependencies": [], - "previewImagesFileNames": [ - "AzureSentinelSecurityAlertsWhite.png", - "AzureSentinelSecurityAlertsBlack.png" - ], - "version": "1.1.0", - "title": "Security Alerts", - "templateRelativePath": "AzureSentinelSecurityAlerts.json", - "subtitle": "", - "provider": "Microsoft" -}, -{ - "workbookKey": "SquadraTechnologiesSecRMMWorkbook", - "logoFileName": "SquadraTechnologiesLogo.svg", - "description": "This workbook gives an overview of security data for removable storage activity such as USB thumb drives and USB connected mobile devices.", - "dataTypesDependencies": [ - "secRMM_CL" - ], - "dataConnectorsDependencies": [ - "SquadraTechnologiesSecRmm" - ], - "previewImagesFileNames": [ - "SquadraTechnologiesSecRMMWhite.PNG", - "SquadraTechnologiesSecRMMBlack.PNG" - ], - "version": "1.0.0", - "title": "Squadra Technologies SecRMM - USB removable storage security", - "templateRelativePath": "SquadraTechnologiesSecRMM.json", - "subtitle": "", - "provider": "Squadra Technologies" -}, -{ - "workbookKey": "IoT-Alerts", - "logoFileName": "IoTIcon.svg", - "description": "Gain insights into your IoT data workloads from Azure IoT Hub managed deployments, monitor alerts across all your IoT Hub deployments, detect devices at risk and act upon potential threats.", - "dataTypesDependencies": [ - "SecurityAlert" - ], - "dataConnectorsDependencies": [ - "IoT" - ], - "previewImagesFileNames": [ - "IOTBlack1.png", - "IOTWhite1.png" - ], - "version": "1.2.0", - "title": "Azure Defender for IoT Alerts", - "templateRelativePath": "IOT_Alerts.json", - "subtitle": "", - "provider": "Microsoft" -}, -{ - "workbookKey": "IoTAssetDiscovery", - "logoFileName": "IoTIcon.svg", - "description": "IoT Devices asset discovery from Firewall logs By Azure Defender for IoT", - "dataTypesDependencies": [ - "CommonSecurityLog" - ], - "dataConnectorsDependencies": [ - "Fortinet" - ], - "previewImagesFileNames": [ - "workbook-iotassetdiscovery-screenshot-Black.PNG", - "workbook-iotassetdiscovery-screenshot-White.PNG" - ], - "version": "1.0.0", - "title": "IoT Asset Discovery", - "templateRelativePath": "IoTAssetDiscovery.json", - "subtitle": "", - "provider": "Microsoft" -}, -{ - "workbookKey": "ForcepointCASBWorkbook", - "logoFileName": "FP_Green_Emblem_RGB-01.svg", - "description": "Get insights on user risk with the Forcepoint CASB (Cloud Access Security Broker) workbook.", - "dataTypesDependencies": [ - "CommonSecurityLog" - ], - "dataConnectorsDependencies": [ - "ForcepointCasb" - ], - "previewImagesFileNames": [ - "ForcepointCASBWhite.png", - "ForcepointCASBBlack.png" - ], - "version": "1.0.0", - "title": "Forcepoint Cloud Access Security Broker (CASB)", - "templateRelativePath": "ForcepointCASB.json", - "subtitle": "", - "provider": "Forcepoint" -}, -{ - "workbookKey": "ForcepointNGFWWorkbook", - "logoFileName": "FP_Green_Emblem_RGB-01.svg", - "description": "Get insights on firewall activities with the Forcepoint NGFW (Next Generation Firewall) workbook.", - "dataTypesDependencies": [ - "CommonSecurityLog" - ], - "dataConnectorsDependencies": [ - "ForcepointNgfw" - ], - "previewImagesFileNames": [ - "ForcepointNGFWWhite.png", - "ForcepointNGFWBlack.png" - ], - "version": "1.0.0", - "title": "Forcepoint Next Generation Firewall (NGFW)", - "templateRelativePath": "ForcepointNGFW.json", - "subtitle": "", - "provider": "Forcepoint" -}, -{ - "workbookKey": "ForcepointDLPWorkbook", - "logoFileName": "FP_Green_Emblem_RGB-01.svg", - "description": "Get insights on DLP incidents with the Forcepoint DLP (Data Loss Prevention) workbook.", - "dataTypesDependencies": [ - "ForcepointDLPEvents_CL" - ], - "dataConnectorsDependencies": [ - "ForcepointDlp" - ], - "previewImagesFileNames": [ - "ForcepointDLPWhite.png", - "ForcepointDLPBlack.png" - ], - "version": "1.0.0", - "title": "Forcepoint Data Loss Prevention (DLP)", - "templateRelativePath": "ForcepointDLP.json", - "subtitle": "", - "provider": "Forcepoint" -}, -{ - "workbookKey": "ZimperiumMTDWorkbook", - "logoFileName": "ZIMPERIUM-logo_square2.svg", - "description": "This workbook provides insights on Zimperium Mobile Threat Defense (MTD) threats and mitigations.", - "dataTypesDependencies": [ - "ZimperiumThreatLog_CL", - "ZimperiumMitigationLog_CL" - ], - "dataConnectorsDependencies": [ - "ZimperiumMtdAlerts" - ], - "previewImagesFileNames": [ - "ZimperiumWhite.png", - "ZimperiumBlack.png" - ], - "version": "1.0.0", - "title": "Zimperium Mobile Threat Defense (MTD)", - "templateRelativePath": "ZimperiumWorkbooks.json", - "subtitle": "", - "provider": "Zimperium" -}, -{ - "workbookKey": "AzureAuditActivityAndSigninWorkbook", - "logoFileName": "azureactivedirectory_logo.svg", - "description": "Gain insights into Azure Active Directory Audit, Activity and Signins with one workbook. This workbook can be used by Security and Azure administrators.", - "dataTypesDependencies": [ - "AzureActivity", - "AuditLogs", - "SigninLogs" - ], - "dataConnectorsDependencies": [ - "AzureActiveDirectory" - ], - "previewImagesFileNames": [ - "AzureAuditActivityAndSigninWhite1.png", - "AzureAuditActivityAndSigninWhite2.png", - "AzureAuditActivityAndSigninBlack1.png", - "AzureAuditActivityAndSigninBlack2.png" - ], - "version": "1.2.0", - "title": "Azure AD Audit, Activity and Sign-in logs", - "templateRelativePath": "AzureAuditActivityAndSignin.json", - "subtitle": "", - "provider": "Microsoft Sentinel community" -}, -{ - "workbookKey": "WindowsFirewall", - "logoFileName": "Microsoft_logo.svg", - "description": "Gain insights into Windows Firewall logs in combination with security and Azure signin logs", - "dataTypesDependencies": [ - "WindowsFirewall", - "SecurityEvent", - "SigninLogs" - ], - "dataConnectorsDependencies": [ - "SecurityEvents", - "WindowsFirewall", - "WindowsSecurityEvents" - ], - "previewImagesFileNames": [ - "WindowsFirewallWhite1.png", - "WindowsFirewallWhite2.png", - "WindowsFirewallBlack1.png", - "WindowsFirewallBlack2.png" - ], - "version": "1.0.0", - "title": "Windows Firewall", - "templateRelativePath": "WindowsFirewall.json", - "subtitle": "", - "provider": "Microsoft Sentinel community" -}, -{ - "workbookKey": "EventAnalyzerwWorkbook", - "logoFileName": "", - "description": "The Event Analyzer workbook allows to explore, audit and speed up analysis of Windows Event Logs, including all event details and attributes, such as security, application, system, setup, directory service, DNS and others.", - "dataTypesDependencies": [ - "SecurityEvent" - ], - "dataConnectorsDependencies": [ - "SecurityEvents", - "WindowsSecurityEvents" - ], - "previewImagesFileNames": [ - "EventAnalyzer-Workbook-White.png", - "EventAnalyzer-Workbook-Black.png" - ], - "version": "1.0.0", - "title": "Event Analyzer", - "templateRelativePath": "EventAnalyzer.json", - "subtitle": "", - "provider": "Microsoft Sentinel community" -}, -{ - "workbookKey": "ASC-ComplianceandProtection", - "logoFileName": "", - "description": "Gain insight into regulatory compliance, alert trends, security posture, and more with this workbook based on Azure Security Center data.", - "dataTypesDependencies": [ - "SecurityAlert", - "ProtectionStatus", - "SecurityRecommendation", - "SecurityBaseline", - "SecurityBaselineSummary", - "Update", - "ConfigurationChange" - ], - "dataConnectorsDependencies": [ - "AzureSecurityCenter" - ], - "previewImagesFileNames": [ - "ASCCaPBlack.png", - "ASCCaPWhite.png" - ], - "version": "1.2.0", - "title": "ASC Compliance and Protection", - "templateRelativePath": "ASC-ComplianceandProtection.json", - "subtitle": "", - "provider": "Microsoft Sentinel community" -}, -{ - "workbookKey": "AIVectraDetectWorkbook", - "logoFileName": "AIVectraDetect.svg", - "description": "Start investigating network attacks surfaced by Vectra Detect directly from Sentinel. View critical hosts, accounts, campaigns and detections. Also monitor Vectra system health and audit logs.", - "dataTypesDependencies": [ - "CommonSecurityLog" - ], - "dataConnectorsDependencies": [ - "AIVectraDetect" - ], - "previewImagesFileNames": [ - "AIVectraDetectWhite1.png", - "AIVectraDetectBlack1.png" - ], - "version": "1.1.1", - "title": "Vectra AI Detect", - "templateRelativePath": "AIVectraDetectWorkbook.json", - "subtitle": "", - "provider": "Vectra AI" -}, -{ - "workbookKey": "Perimeter81OverviewWorkbook", - "logoFileName": "Perimeter81_Logo.svg", - "description": "Gain insights and comprehensive monitoring into your Perimeter 81 account by analyzing activities.", - "dataTypesDependencies": [ - "Perimeter81_CL" - ], - "dataConnectorsDependencies": [ - "Perimeter81ActivityLogs" - ], - "previewImagesFileNames": [ - "Perimeter81OverviewWhite1.png", - "Perimeter81OverviewBlack1.png", - "Perimeter81OverviewWhite2.png", - "Perimeter81OverviewBlack2.png" - ], - "version": "1.0.0", - "title": "Perimeter 81 Overview", - "templateRelativePath": "Perimeter81OverviewWorkbook.json", - "subtitle": "", - "provider": "Perimeter 81" -}, -{ - "workbookKey": "SymantecProxySGWorkbook", - "logoFileName": "symantec_logo.svg", - "description": "Gain insight into Symantec ProxySG by analyzing, collecting and correlating proxy data.\nThis workbook provides visibility into ProxySG Access logs", - "dataTypesDependencies": [ - "Syslog" - ], - "dataConnectorsDependencies": [ - "SymantecProxySG" - ], - "previewImagesFileNames": [ - "SymantecProxySGWhite.png", - "SymantecProxySGBlack.png" - ], - "version": "1.0.0", - "title": "Symantec ProxySG", - "templateRelativePath": "SymantecProxySG.json", - "subtitle": "", - "provider": "Symantec" -}, -{ - "workbookKey": "IllusiveASMWorkbook", - "logoFileName": "illusive_logo_workbook.svg", - "description": "Gain insights into your organization's Cyber Hygiene and Attack Surface risk.\nIllusive ASM automates discovery and clean-up of credential violations, allows drill-down inspection of pathways to critical assets, and provides risk insights that inform intelligent decision-making to reduce attacker mobility.", - "dataTypesDependencies": [ - "CommonSecurityLog" - ], - "dataConnectorsDependencies": [ - "illusiveAttackManagementSystem" - ], - "previewImagesFileNames": [ - "IllusiveASMWhite.png", - "IllusiveASMBlack.png" - ], - "version": "1.0.0", - "title": "Illusive ASM Dashboard", - "templateRelativePath": "IllusiveASM.json", - "subtitle": "", - "provider": "Illusive" -}, -{ - "workbookKey": "IllusiveADSWorkbook", - "logoFileName": "illusive_logo_workbook.svg", - "description": "Gain insights into unauthorized lateral movement in your organization's network.\nIllusive ADS is designed to paralyzes attackers and eradicates in-network threats by creating a hostile environment for the attackers across all the layers of the attack surface.", - "dataTypesDependencies": [ - "CommonSecurityLog" - ], - "dataConnectorsDependencies": [ - "illusiveAttackManagementSystem" - ], - "previewImagesFileNames": [ - "IllusiveADSWhite.png", - "IllusiveADSBlack.png" - ], - "version": "1.0.0", - "title": "Illusive ADS Dashboard", - "templateRelativePath": "IllusiveADS.json", - "subtitle": "", - "provider": "Illusive" -}, -{ - "workbookKey": "PulseConnectSecureWorkbook", - "logoFileName": "", - "description": "Gain insight into Pulse Secure VPN by analyzing, collecting and correlating vulnerability data.\nThis workbook provides visibility into user VPN activities", - "dataTypesDependencies": [ - "Syslog" - ], - "dataConnectorsDependencies": [ - "PulseConnectSecure" - ], - "previewImagesFileNames": [ - "PulseConnectSecureWhite.png", - "PulseConnectSecureBlack.png" - ], - "version": "1.0.0", - "title": "Pulse Connect Secure", - "templateRelativePath": "PulseConnectSecure.json", - "subtitle": "", - "provider": "Pulse Secure" -}, -{ - "workbookKey": "InfobloxNIOSWorkbook", - "logoFileName": "infoblox_logo.svg", - "description": "Gain insight into Infoblox NIOS by analyzing, collecting and correlating DHCP and DNS data.\nThis workbook provides visibility into DHCP and DNS traffic", - "dataTypesDependencies": [ - "Syslog" - ], - "dataConnectorsDependencies": [ - "InfobloxNIOS" - ], - "previewImagesFileNames": [], - "version": "1.1.0", - "title": "Infoblox NIOS", - "templateRelativePath": "Infoblox-Workbook-V2.json", - "subtitle": "", - "provider": "Infoblox" -}, -{ - "workbookKey": "SymantecVIPWorkbook", - "logoFileName": "symantec_logo.svg", - "description": "Gain insight into Symantec VIP by analyzing, collecting and correlating strong authentication data.\nThis workbook provides visibility into user authentications", - "dataTypesDependencies": [ - "Syslog" - ], - "dataConnectorsDependencies": [ - "SymantecVIP" - ], - "previewImagesFileNames": [ - "SymantecVIPWhite.png", - "SymantecVIPBlack.png" - ], - "version": "1.0.0", - "title": "Symantec VIP", - "templateRelativePath": "SymantecVIP.json", - "subtitle": "", - "provider": "Symantec" -}, -{ - "workbookKey": "ProofPointTAPWorkbook", - "logoFileName": "proofpointlogo.svg", - "description": "Gain extensive insight into Proofpoint Targeted Attack Protection (TAP) by analyzing, collecting and correlating TAP log events.\nThis workbook provides visibility into message and click events that were permitted, delivered, or blocked", - "dataTypesDependencies": [ - "ProofPointTAPMessagesBlocked_CL", - "ProofPointTAPMessagesDelivered_CL", - "ProofPointTAPClicksPermitted_CL", - "ProofPointTAPClicksBlocked_CL" - ], - "dataConnectorsDependencies": [ - "ProofpointTAP" - ], - "previewImagesFileNames": [ - "ProofpointTAPWhite.png", - "ProofpointTAPBlack.png" - ], - "version": "1.0.0", - "title": "Proofpoint TAP", - "templateRelativePath": "ProofpointTAP.json", - "subtitle": "", - "provider": "Proofpoint" -}, -{ - "workbookKey": "QualysVMWorkbook", - "logoFileName": "qualys_logo.svg", - "description": "Gain insight into Qualys Vulnerability Management by analyzing, collecting and correlating vulnerability data.\nThis workbook provides visibility into vulnerabilities detected from vulnerability scans", - "dataTypesDependencies": [ - "QualysHostDetection_CL" - ], - "dataConnectorsDependencies": [ - "QualysVulnerabilityManagement" - ], - "previewImagesFileNames": [ - "QualysVMWhite.png", - "QualysVMBlack.png" - ], - "version": "1.0.0", - "title": "Qualys Vulnerability Management", - "templateRelativePath": "QualysVM.json", - "subtitle": "", - "provider": "Qualys" -}, -{ - "workbookKey": "QualysVMV2Workbook", - "logoFileName": "qualys_logo.svg", - "description": "Gain insight into Qualys Vulnerability Management by analyzing, collecting and correlating vulnerability data.\nThis workbook provides visibility into vulnerabilities detected from vulnerability scans", - "dataTypesDependencies": [ - "QualysHostDetectionV2_CL" - ], - "dataConnectorsDependencies": [ - "QualysVulnerabilityManagement" - ], - "previewImagesFileNames": [ - "QualysVMWhite.png", - "QualysVMBlack.png" - ], - "version": "1.0.0", - "title": "Qualys Vulnerability Management", - "templateRelativePath": "QualysVMv2.json", - "subtitle": "", - "provider": "Qualys" -}, -{ - "workbookKey": "GitHubSecurityWorkbook", - "logoFileName": "GitHub.svg", - "description": "Gain insights to GitHub activities that may be interesting for security.", - "dataTypesDependencies": [ - "Github_CL", - "GitHubRepoLogs_CL" - ], - "dataConnectorsDependencies": [], - "previewImagesFileNames": [ - "GitHubSecurityWhite.png", - "GitHubSecurityBlack.png" - ], - "version": "1.0.0", - "title": "GitHub Security", - "templateRelativePath": "GitHubSecurityWorkbook.json", - "subtitle": "", - "provider": "Microsoft Sentinel community" -}, -{ - "workbookKey": "VisualizationDemo", - "logoFileName": "", - "description": "Learn and explore the many ways of displaying information within Microsoft Sentinel workbooks", - "dataTypesDependencies": [ - "SecurityAlert" - ], - "dataConnectorsDependencies": [], - "previewImagesFileNames": [ - "VisualizationDemoBlack.png", - "VisualizationDemoWhite.png" - ], - "version": "1.0.0", - "title": "Visualizations Demo", - "templateRelativePath": "VisualizationDemo.json", - "subtitle": "", - "provider": "Microsoft Sentinel Community" -}, -{ - "workbookKey": "SophosXGFirewallWorkbook", - "logoFileName": "sophos_logo.svg", - "description": "Gain insight into Sophos XG Firewall by analyzing, collecting and correlating firewall data.\nThis workbook provides visibility into network traffic", - "dataTypesDependencies": [ - "Syslog" - ], - "dataConnectorsDependencies": [ - "SophosXGFirewall" - ], - "previewImagesFileNames": [ - "SophosXGFirewallWhite.png", - "SophosXGFirewallBlack.png" - ], - "version": "1.0.0", - "title": "Sophos XG Firewall", - "templateRelativePath": "SophosXGFirewall.json", - "subtitle": "", - "provider": "Sophos" -}, -{ - "workbookKey": "SysmonThreatHuntingWorkbook", - "logoFileName": "", - "description": "Simplify your threat hunts using Sysmon data mapped to MITRE ATT&CK data. This workbook gives you the ability to drilldown into system activity based on known ATT&CK techniques as well as other threat hunting entry points such as user activity, network connections or virtual machine Sysmon events.\nPlease note that for this workbook to work you must have deployed Sysmon on your virtual machines in line with the instructions at https://github.com/BlueTeamLabs/sentinel-attack/wiki/Onboarding-sysmon-data-to-Azure-Sentinel", - "dataTypesDependencies": [ - "Event" - ], - "dataConnectorsDependencies": [], - "previewImagesFileNames": [ - "SysmonThreatHuntingWhite1.png", - "SysmonThreatHuntingBlack1.png" - ], - "version": "1.4.0", - "title": "Sysmon Threat Hunting", - "templateRelativePath": "SysmonThreatHunting.json", - "subtitle": "", - "provider": "Microsoft Sentinel community" -}, -{ - "workbookKey": "WebApplicationFirewallWAFTypeEventsWorkbook", - "logoFileName": "webapplicationfirewall(WAF)_logo.svg", - "description": "Gain insights into your organization's Azure web application firewall (WAF) across various services such as Azure Front Door Service and Application Gateway. You can view event triggers, full messages, attacks over time, among other data. Several aspects of the workbook are interactable to allow users to further understand their data", - "dataTypesDependencies": [ - "AzureDiagnostics" - ], - "dataConnectorsDependencies": [ - "WAF" - ], - "previewImagesFileNames": [ - "WAFFirewallWAFTypeEventsBlack1.PNG", - "WAFFirewallWAFTypeEventsBlack2.PNG", - "WAFFirewallWAFTypeEventsBlack3.PNG", - "WAFFirewallWAFTypeEventsBlack4.PNG", - "WAFFirewallWAFTypeEventsWhite1.png", - "WAFFirewallWAFTypeEventsWhite2.PNG", - "WAFFirewallWAFTypeEventsWhite3.PNG", - "WAFFirewallWAFTypeEventsWhite4.PNG" - ], - "version": "1.1.0", - "title": "Microsoft Web Application Firewall (WAF) - Azure WAF", - "templateRelativePath": "WebApplicationFirewallWAFTypeEvents.json", - "subtitle": "", - "provider": "Microsoft" -}, -{ - "workbookKey": "OrcaAlertsOverviewWorkbook", - "logoFileName": "Orca_logo.svg", - "description": "A visualized overview of Orca security alerts.\nExplore, analize and learn about your security posture using Orca alerts Overview", - "dataTypesDependencies": [ - "OrcaAlerts_CL" - ], - "dataConnectorsDependencies": [ - "OrcaSecurityAlerts" - ], - "previewImagesFileNames": [ - "OrcaAlertsWhite.png", - "OrcaAlertsBlack.png" - ], - "version": "1.1.0", - "title": "Orca alerts overview", - "templateRelativePath": "OrcaAlerts.json", - "subtitle": "", - "provider": "Orca Security" -}, -{ - "workbookKey": "CyberArkWorkbook", - "logoFileName": "CyberArk_Logo.svg", - "description": "The CyberArk Syslog connector allows you to easily connect all your CyberArk security solution logs with your Microsoft Sentinel, to view dashboards, create custom alerts, and improve investigation. Integration between CyberArk and Microsoft Sentinel makes use of the CEF Data Connector to properly parse and display CyberArk Syslog messages.", - "dataTypesDependencies": [ - "CommonSecurityLog" - ], - "dataConnectorsDependencies": [ - "CyberArk" - ], - "previewImagesFileNames": [ - "CyberArkActivitiesWhite.PNG", - "CyberArkActivitiesBlack.PNG" - ], - "version": "1.1.0", - "title": "CyberArk EPV Events", - "templateRelativePath": "CyberArkEPV.json", - "subtitle": "", - "provider": "CyberArk" -}, -{ - "workbookKey": "UserEntityBehaviorAnalyticsWorkbook", - "logoFileName": "Azure_Sentinel.svg", - "description": "Identify compromised users and insider threats using User and Entity Behavior Analytics. Gain insights into anomalous user behavior from baselines learned from behavior patterns", - "dataTypesDependencies": [ - "BehaviorAnalytics" - ], - "dataConnectorsDependencies": [], - "previewImagesFileNames": [ - "UserEntityBehaviorAnalyticsBlack1.png", - "UserEntityBehaviorAnalyticsWhite1.png" - ], - "version": "1.2.0", - "title": "User And Entity Behavior Analytics", - "templateRelativePath": "UserEntityBehaviorAnalytics.json", - "subtitle": "", - "provider": "Microsoft" -}, -{ - "workbookKey": "CitrixWAF", - "logoFileName": "citrix_logo.svg", - "description": "Gain insight into the Citrix WAF logs", - "dataTypesDependencies": [ - "CommonSecurityLog" - ], - "dataConnectorsDependencies": [ - "CitrixWAF" - ], - "previewImagesFileNames": [ - "CitrixWAFBlack.png", - "CitrixWAFWhite.png" - ], - "version": "1.0.0", - "title": "Citrix WAF (Web App Firewall)", - "templateRelativePath": "CitrixWAF.json", - "subtitle": "", - "provider": "Citrix Systems Inc." -}, -{ - "workbookKey": "UnifiSGWorkbook", - "logoFileName": "", - "description": "Gain insights into Unifi Security Gateways analyzing traffic and activities.", - "dataTypesDependencies": [ - "CommonSecurityLog" - ], - "dataConnectorsDependencies": [], - "previewImagesFileNames": [ - "UnifiSGBlack.png", - "UnifiSGWhite.png" - ], - "version": "1.0.0", - "title": "Unifi Security Gateway", - "templateRelativePath": "UnfiSG.json", - "subtitle": "", - "provider": "Microsoft Sentinel community" -}, -{ - "workbookKey": "UnifiSGNetflowWorkbook", - "logoFileName": "", - "description": "Gain insights into Unifi Security Gateways analyzing traffic and activities using Netflow.", - "dataTypesDependencies": [ - "netflow_CL" - ], - "dataConnectorsDependencies": [], - "previewImagesFileNames": [ - "UnifiSGNetflowBlack.png", - "UnifiSGNetflowWhite.png" - ], - "version": "1.0.0", - "title": "Unifi Security Gateway - NetFlow", - "templateRelativePath": "UnfiSGNetflow.json", - "subtitle": "", - "provider": "Microsoft Sentinel community" -}, -{ - "workbookKey": "NormalizedNetworkEventsWorkbook", - "logoFileName": "Azure_Sentinel.svg", - "description": "See insights on multiple networking appliances and other network sessions, that have been parsed or mapped to the normalized networking sessions table. Note this requires enabling parsers for the different products - to learn more, visit https://aka.ms/sentinelnormalizationdocs", - "dataTypesDependencies": [], - "dataConnectorsDependencies": [], - "previewImagesFileNames": [ - "NormalizedNetworkEventsWhite.png", - "NormalizedNetworkEventsBlack.png" - ], - "version": "1.0.0", - "title": "Normalized network events", - "templateRelativePath": "NormalizedNetworkEvents.json", - "subtitle": "", - "provider": "Microsoft" -}, -{ - "workbookKey": "WorkspaceAuditingWorkbook", - "logoFileName": "Azure_Sentinel.svg", - "description": "Workspace auditing report\r\nUse this report to understand query runs across your workspace.", - "dataTypesDependencies": [ - "LAQueryLogs" - ], - "dataConnectorsDependencies": [], - "previewImagesFileNames": [ - "WorkspaceAuditingWhite.png", - "WorkspaceAuditingBlack.png" - ], - "version": "1.0.0", - "title": "Workspace audit", - "templateRelativePath": "WorkspaceAuditing.json", - "subtitle": "", - "provider": "Microsoft Sentinel community" -}, -{ - "workbookKey": "MITREATTACKWorkbook", - "logoFileName": "Azure_Sentinel.svg", - "description": "Workbook to showcase MITRE ATT&CK Coverage for Microsoft Sentinel", - "dataTypesDependencies": [], - "dataConnectorsDependencies": [], - "previewImagesFileNames": [ - "MITREATTACKWhite1.PNG", - "MITREATTACKWhite2.PNG", - "MITREATTACKBlack1.PNG", - "MITREATTACKBlack2.PNG" - ], - "version": "1.0.0", - "title": "MITRE ATT&CK Workbook", - "templateRelativePath": "MITREAttack.json", - "subtitle": "", - "provider": "Microsoft Sentinel community" -}, -{ - "workbookKey": "BETTERMTDWorkbook", - "logoFileName": "BETTER_MTD_logo.svg", - "description": "Workbook using the BETTER Mobile Threat Defense (MTD) connector, to give insights into your mobile devices, installed application and overall device security posture.", - "dataTypesDependencies": [ - "BetterMTDDeviceLog_CL", - "BetterMTDAppLog_CL", - "BetterMTDIncidentLog_CL", - "BetterMTDNetflowLog_CL" - ], - "dataConnectorsDependencies": [ - "BetterMTD" - ], - "previewImagesFileNames": [ - "BetterMTDWorkbookPreviewWhite1.png", - "BetterMTDWorkbookPreviewWhite2.png", - "BetterMTDWorkbookPreviewWhite3.png", - "BetterMTDWorkbookPreviewBlack1.png", - "BetterMTDWorkbookPreviewBlack2.png", - "BetterMTDWorkbookPreviewBlack3.png" - ], - "version": "1.1.0", - "title": "BETTER Mobile Threat Defense (MTD)", - "templateRelativePath": "BETTER_MTD_Workbook.json", - "subtitle": "", - "provider": "BETTER Mobile" -}, -{ - "workbookKey": "AlsidIoEWorkbook", - "logoFileName": "Alsid.svg", - "description": "Workbook showcasing the state and evolution of your Alsid for AD Indicators of Exposures alerts.", - "dataTypesDependencies": [ - "AlsidForADLog_CL" - ], - "dataConnectorsDependencies": [ - "AlsidForAD" - ], - "previewImagesFileNames": [ - "AlsidIoEBlack1.png", - "AlsidIoEBlack2.png", - "AlsidIoEBlack3.png", - "AlsidIoEWhite1.png", - "AlsidIoEWhite2.png", - "AlsidIoEWhite3.png" - ], - "version": "1.0.0", - "title": "Alsid for AD | Indicators of Exposure", - "templateRelativePath": "AlsidIoE.json", - "subtitle": "", - "provider": "Alsid" -}, -{ - "workbookKey": "AlsidIoAWorkbook", - "logoFileName": "Alsid.svg", - "description": "Workbook showcasing the state and evolution of your Alsid for AD Indicators of Attack alerts.", - "dataTypesDependencies": [ - "AlsidForADLog_CL" - ], - "dataConnectorsDependencies": [ - "AlsidForAD" - ], - "previewImagesFileNames": [ - "AlsidIoABlack1.png", - "AlsidIoABlack2.png", - "AlsidIoABlack3.png", - "AlsidIoAWhite1.png", - "AlsidIoAWhite2.png", - "AlsidIoAWhite3.png" - ], - "version": "1.0.0", - "title": "Alsid for AD | Indicators of Attack", - "templateRelativePath": "AlsidIoA.json", - "subtitle": "", - "provider": "Alsid" -}, -{ - "workbookKey": "InvestigationInsightsWorkbook", - "logoFileName": "Microsoft_logo.svg", - "description": "Help analysts gain insight into incident, bookmark and entity data through the Investigation Insights Workbook. This workbook provides common queries and detailed visualizations to help an analyst investigate suspicious activities quickly with an easy to use interface. Analysts can start their investigation from a Sentinel incident, bookmark, or by simply entering the entity data into the workbook manually.", - "dataTypesDependencies": [ - "AuditLogs", - "AzureActivity", - "CommonSecurityLog", - "OfficeActivity", - "SecurityEvent", - "SigninLogs", - "ThreatIntelligenceIndicator" - ], - "dataConnectorsDependencies": [ - "AzureActivity", - "SecurityEvents", - "Office365", - "AzureActiveDirectory", - "ThreatIntelligence", - "ThreatIntelligenceTaxii", - "WindowsSecurityEvents" - ], - "previewImagesFileNames": [ - "InvestigationInsightsWhite1.png", - "InvestigationInsightsBlack1.png", - "InvestigationInsightsWhite2.png", - "InvestigationInsightsBlack2.png" - ], - "version": "1.4.0", - "title": "Investigation Insights", - "templateRelativePath": "InvestigationInsights.json", - "subtitle": "", - "provider": "Microsoft Sentinel community" -}, -{ - "workbookKey": "AksSecurityWorkbook", - "logoFileName": "Kubernetes_services.svg", - "description": "See insights about the security of your AKS clusters. The workbook helps to identify sensitive operations in the clusters and get insights based on Azure Defender alerts.", - "dataTypesDependencies": [ - "SecurityAlert", - "AzureDiagnostics" - ], - "dataConnectorsDependencies": [ - "AzureSecurityCenter", - "AzureKubernetes" - ], - "previewImagesFileNames": [ - "AksSecurityWhite.png", - "AksSecurityBlack.png" - ], - "version": "1.5.0", - "title": "Azure Kubernetes Service (AKS) Security", - "templateRelativePath": "AksSecurity.json", - "subtitle": "", - "provider": "Microsoft" -}, -{ - "workbookKey": "AzureKeyVaultWorkbook", - "logoFileName": "KeyVault.svg", - "description": "See insights about the security of your Azure key vaults. The workbook helps to identify sensitive operations in the key vaults and get insights based on Azure Defender alerts.", - "dataTypesDependencies": [ - "SecurityAlert", - "AzureDiagnostics" - ], - "dataConnectorsDependencies": [ - "AzureSecurityCenter", - "AzureKeyVault" - ], - "previewImagesFileNames": [ - "AkvSecurityWhite.png", - "AkvSecurityBlack.png" - ], - "version": "1.1.0", - "title": "Azure Key Vault Security", - "templateRelativePath": "AzureKeyVaultWorkbook.json", - "subtitle": "", - "provider": "Microsoft" -}, -{ - "workbookKey": "IncidentOverview", - "logoFileName": "Azure_Sentinel.svg", - "description": "The Incident Overview workbook is designed to assist in triaging and investigation by providing in-depth information about the incident, including:\r\n* General information\r\n* Entity data\r\n* Triage time (time between incident creation and first response)\r\n* Mitigation time (time between incident creation and closing)\r\n* Comments\r\n\r\nCustomize this workbook by saving and editing it. \r\nYou can reach this workbook template from the incidents panel as well. Once you have customized it, the link from the incident panel will open the customized workbook instead of the template.\r\n", - "dataTypesDependencies": [ - "SecurityAlert", - "SecurityIncident" - ], - "dataConnectorsDependencies": [], - "previewImagesFileNames": [ - "IncidentOverviewBlack1.png", - "IncidentOverviewWhite1.png", - "IncidentOverviewBlack2.png", - "IncidentOverviewWhite2.png" - ], - "version": "2.1.0", - "title": "Incident overview", - "templateRelativePath": "IncidentOverview.json", - "subtitle": "", - "provider": "Microsoft" -}, -{ - "workbookKey": "SecurityOperationsEfficiency", - "logoFileName": "Azure_Sentinel.svg", - "description": "Security operations center managers can view overall efficiency metrics and measures regarding the performance of their team. They can find operations by multiple indicators over time including severity, MITRE tactics, mean time to triage, mean time to resolve and more. The SOC manager can develop a picture of the performance in both general and specific areas over time and use it to improve efficiency.", - "dataTypesDependencies": [ - "SecurityAlert", - "SecurityIncident" - ], - "dataConnectorsDependencies": [], - "previewImagesFileNames": [ - "SecurityEfficiencyWhite1.png", - "SecurityEfficiencyWhite2.png", - "SecurityEfficiencyBlack1.png", - "SecurityEfficiencyBlack2.png" - ], - "version": "1.5.0", - "title": "Security Operations Efficiency", - "templateRelativePath": "SecurityOperationsEfficiency.json", - "subtitle": "", - "provider": "Microsoft" -}, -{ - "workbookKey": "DataCollectionHealthMonitoring", - "logoFileName": "Azure_Sentinel.svg", - "description": "Gain insights into your workspace's data ingestion status. In this workbook, you can view additional monitors and detect anomalies that will help you determine your workspace\u2019s data collection health.", - "dataTypesDependencies": [], - "dataConnectorsDependencies": [], - "previewImagesFileNames": [ - "HealthMonitoringWhite1.png", - "HealthMonitoringWhite2.png", - "HealthMonitoringWhite3.png", - "HealthMonitoringBlack1.png", - "HealthMonitoringBlack2.png", - "HealthMonitoringBlack3.png" - ], - "version": "1.0.0", - "title": "Data collection health monitoring", - "templateRelativePath": "DataCollectionHealthMonitoring.json", - "subtitle": "", - "provider": "Microsoft" -}, -{ - "workbookKey": "OnapsisAlarmsWorkbook", - "logoFileName": "onapsis_logo.svg", - "description": "Gain insights into what is going on in your SAP Systems with this overview of the alarms triggered in the Onapsis Platform. Incidents are enriched with context and next steps to help your Security team respond effectively.", - "dataTypesDependencies": [ - "CommonSecurityLog" - ], - "dataConnectorsDependencies": [ - "OnapsisPlatform" - ], - "previewImagesFileNames": [ - "OnapsisWhite1.PNG", - "OnapsisBlack1.PNG", - "OnapsisWhite2.PNG", - "OnapsisBlack2.PNG" - ], - "version": "1.0.0", - "title": "Onapsis Alarms Overview", - "templateRelativePath": "OnapsisAlarmsOverview.json", - "subtitle": "", - "provider": "Onapsis" -}, -{ - "workbookKey": "DelineaWorkbook", - "logoFileName": "DelineaLogo.svg", - "description": "The Delinea Secret Server Syslog connector", - "dataTypesDependencies": [ - "CommonSecurityLog" - ], - "dataConnectorsDependencies": [ - "DelineaSecretServer_CEF" - ], - "previewImagesFileNames": [ - "DelineaWorkbookWhite.PNG", - "DelineaWorkbookBlack.PNG" - ], - "version": "1.0.0", - "title": "Delinea Secret Server Workbook", - "templateRelativePath": "DelineaWorkbook.json", - "subtitle": "", - "provider": "Delinea" -}, -{ - "workbookKey": "ForcepointCloudSecurityGatewayWorkbook", - "logoFileName": "Forcepoint_new_logo.svg", - "description": "Use this report to understand query runs across your workspace.", - "dataTypesDependencies": [ - "CommonSecurityLog" - ], - "dataConnectorsDependencies": [ - "ForcepointCSG" - ], - "previewImagesFileNames": [ - "ForcepointCloudSecurityGatewayWhite.png", - "ForcepointCloudSecurityGatewayBlack.png" - ], - "version": "1.0.0", - "title": "Forcepoint Cloud Security Gateway Workbook", - "templateRelativePath": "ForcepointCloudSecuirtyGatewayworkbook.json", - "subtitle": "", - "provider": "Forcepoint" -}, -{ - "workbookKey": "IntsightsIOCWorkbook", - "logoFileName": "IntSights_logo.svg", - "description": "", - "dataTypesDependencies": [ - "ThreatIntelligenceIndicator", - "SecurityAlert" - ], - "dataConnectorsDependencies": [ - "ThreatIntelligenceTaxii" - ], - "previewImagesFileNames": [ - "IntsightsIOCWhite.png", - "IntsightsMatchedWhite.png", - "IntsightsMatchedBlack.png", - "IntsightsIOCBlack.png" - ], - "version": "2.0.0", - "title": "IntSights IOC Workbook", - "templateRelativePath": "IntsightsIOCWorkbook.json", - "subtitle": "", - "provider": "IntSights Cyber Intelligence" -}, -{ - "workbookKey": "DarktraceSummaryWorkbook", - "logoFileName": "Darktrace.svg", - "description": "A workbook containing relevant KQL queries to help you visualise the data in model breaches from the Darktrace Connector", - "dataTypesDependencies": [ - "CommonSecurityLog" - ], - "dataConnectorsDependencies": [ - "Darktrace" - ], - "previewImagesFileNames": [ - "AIA-DarktraceSummaryWhite.png", - "AIA-DarktraceSummaryBlack.png" - ], - "version": "1.1.0", - "title": "AI Analyst Darktrace Model Breach Summary", - "templateRelativePath": "AIA-Darktrace.json", - "subtitle": "", - "provider": "Darktrace" -}, -{ - "workbookKey": "TrendMicroXDR", - "logoFileName": "trendmicro_logo.svg", - "description": "Gain insights from Trend Vision One with this overview of the Alerts triggered.", - "dataTypesDependencies": [ - "TrendMicro_XDR_WORKBENCH_CL" - ], - "dataConnectorsDependencies": [ - "TrendMicroXDR" - ], - "previewImagesFileNames": [ - "TrendMicroXDROverviewWhite.png", - "TrendMicroXDROverviewBlack.png" - ], - "version": "1.3.0", - "title": "Trend Vision One Alert Overview", - "templateRelativePath": "TrendMicroXDROverview.json", - "subtitle": "", - "provider": "Trend Micro" -}, -{ - "workbookKey": "CyberpionOverviewWorkbook", - "logoFileName": "cyberpion_logo.svg", - "description": "Use Cyberpion's Security Logs and this workbook, to get an overview of your online assets, gain insights into their current state, and find ways to better secure your ecosystem.", - "dataTypesDependencies": [ - "CyberpionActionItems_CL" - ], - "dataConnectorsDependencies": [ - "CyberpionSecurityLogs" - ], - "previewImagesFileNames": [ - "CyberpionActionItemsBlack.png", - "CyberpionActionItemsWhite.png" - ], - "version": "1.0.0", - "title": "Cyberpion Overview", - "templateRelativePath": "CyberpionOverviewWorkbook.json", - "subtitle": "", - "provider": "Cyberpion" -}, -{ - "workbookKey": "SolarWindsPostCompromiseHuntingWorkbook", - "logoFileName": "MSTIC-Logo.svg", - "description": "This hunting workbook is intended to help identify activity related to the Solorigate compromise and subsequent attacks discovered in December 2020", - "dataTypesDependencies": [ - "CommonSecurityLog", - "SigninLogs", - "AuditLogs", - "AADServicePrincipalSignInLogs", - "OfficeActivity", - "BehaviorAnalytics", - "SecurityEvent", - "DeviceProcessEvents", - "SecurityAlert", - "DnsEvents" - ], - "dataConnectorsDependencies": [ - "AzureActiveDirectory", - "SecurityEvents", - "Office365", - "MicrosoftThreatProtection", - "DNS", - "WindowsSecurityEvents" - ], - "previewImagesFileNames": [ - "SolarWindsPostCompromiseHuntingWhite.png", - "SolarWindsPostCompromiseHuntingBlack.png" - ], - "version": "1.5.0", - "title": "SolarWinds Post Compromise Hunting", - "templateRelativePath": "SolarWindsPostCompromiseHunting.json", - "subtitle": "", - "provider": "Microsoft" -}, -{ - "workbookKey": "ProofpointPODWorkbook", - "logoFileName": "proofpointlogo.svg", - "description": "Gain insights into your Proofpoint on Demand Email Security activities, including maillog and messages data. The Workbook provides users with an executive dashboard showing the reporting capabilities, message traceability and monitoring.", - "dataTypesDependencies": [ - "ProofpointPOD_maillog_CL", - "ProofpointPOD_message_CL" - ], - "dataConnectorsDependencies": [ - "ProofpointPOD" - ], - "previewImagesFileNames": [ - "ProofpointPODMainBlack1.png", - "ProofpointPODMainBlack2.png", - "ProofpointPODMainWhite1.png", - "ProofpointPODMainWhite2.png", - "ProofpointPODMessageSummaryBlack.png", - "ProofpointPODMessageSummaryWhite.png", - "ProofpointPODTLSBlack.png", - "ProofpointPODTLSWhite.png" - ], - "version": "1.0.0", - "title": "Proofpoint On-Demand Email Security", - "templateRelativePath": "ProofpointPOD.json", - "subtitle": "", - "provider": "Proofpoint" -}, -{ - "workbookKey": "CiscoUmbrellaWorkbook", - "logoFileName": "cisco_logo.svg", - "description": "Gain insights into Cisco Umbrella activities, including the DNS, Proxy and Cloud Firewall data. Workbook shows general information along with threat landscape including categories, blocked destinations and URLs.", - "dataTypesDependencies": [ - "Cisco_Umbrella_dns_CL", - "Cisco_Umbrella_proxy_CL", - "Cisco_Umbrella_ip_CL", - "Cisco_Umbrella_cloudfirewall_CL" - ], - "dataConnectorsDependencies": [ - "CiscoUmbrellaDataConnector" - ], - "previewImagesFileNames": [ - "CiscoUmbrellaDNSBlack1.png", - "CiscoUmbrellaDNSBlack2.png", - "CiscoUmbrellaDNSWhite1.png", - "CiscoUmbrellaDNSWhite2.png", - "CiscoUmbrellaFirewallBlack.png", - "CiscoUmbrellaFirewallWhite.png", - "CiscoUmbrellaMainBlack1.png", - "CiscoUmbrellaMainBlack2.png", - "CiscoUmbrellaMainWhite1.png", - "CiscoUmbrellaMainWhite2.png", - "CiscoUmbrellaProxyBlack1.png", - "CiscoUmbrellaProxyBlack2.png", - "CiscoUmbrellaProxyWhite1.png", - "CiscoUmbrellaProxyWhite2.png" - ], - "version": "1.0.0", - "title": "Cisco Umbrella", - "templateRelativePath": "CiscoUmbrella.json", - "subtitle": "", - "provider": "Cisco" -}, -{ - "workbookKey": "AnalyticsEfficiencyWorkbook", - "logoFileName": "Azure_Sentinel.svg", - "description": "Gain insights into the efficacy of your analytics rules. In this workbook you can analyze and monitor the analytics rules found in your workspace to achieve better performance by your SOC.", - "dataTypesDependencies": [ - "SecurityAlert", - "SecurityIncident" - ], - "dataConnectorsDependencies": [], - "previewImagesFileNames": [ - "AnalyticsEfficiencyBlack.png", - "AnalyticsEfficiencyWhite.png" - ], - "version": "1.2.0", - "title": "Analytics Efficiency", - "templateRelativePath": "AnalyticsEfficiency.json", - "subtitle": "", - "provider": "Microsoft" -}, -{ - "workbookKey": "WorkspaceUsage", - "logoFileName": "Azure_Sentinel.svg", - "description": "Gain insights into your workspace's usage. In this workbook, you can view your workspace\u2019s data consumption, latency, recommended tasks and Cost and Usage statistics.", - "dataTypesDependencies": [], - "dataConnectorsDependencies": [], - "previewImagesFileNames": [ - "WorkspaceUsageBlack.png", - "WorkspaceUsageWhite.png" - ], - "version": "1.6.0", - "title": "Workspace Usage Report", - "templateRelativePath": "WorkspaceUsage.json", - "subtitle": "", - "provider": "Microsoft Sentinel community" -}, -{ - "workbookKey": "SentinelCentral", - "logoFileName": "Azure_Sentinel.svg", - "description": "Use this report to view Incident (and Alert data) across many workspaces, this works with Azure Lighthouse and across any subscription you have access to.", - "dataTypesDependencies": [], - "dataConnectorsDependencies": [], - "previewImagesFileNames": [ - "SentinelCentralBlack.png", - "SentinelCentralWhite.png" - ], - "version": "2.1.0", - "title": "Sentinel Central", - "templateRelativePath": "SentinelCentral.json", - "subtitle": "", - "provider": "Microsoft Sentinel community" -}, -{ - "workbookKey": "CognniIncidentsWorkbook", - "logoFileName": "cognni-logo.svg", - "description": "Gain intelligent insights into the risks to your important financial, legal, HR, and governance information. This workbook lets you monitor your at-risk information to determine when and why incidents occurred, as well as who was involved. These incidents are broken into high, medium, and low risk incidents for each information category.", - "dataTypesDependencies": [ - "CognniIncidents_CL" - ], - "dataConnectorsDependencies": [ - "CognniSentinelDataConnector" - ], - "previewImagesFileNames": [ - "CognniBlack.PNG", - "CognniWhite.PNG" - ], - "version": "1.0.0", - "title": "Cognni Important Information Incidents", - "templateRelativePath": "CognniIncidentsWorkbook.json", - "subtitle": "", - "provider": "Cognni" -}, -{ - "workbookKey": "pfsense", - "logoFileName": "pfsense_logo.svg", - "description": "Gain insights into pfsense logs from both filterlog and nginx.", - "dataTypesDependencies": [ - "CommonSecurityLog" - ], - "dataConnectorsDependencies": [], - "previewImagesFileNames": [ - "pfsenseBlack.png", - "pfsenseWhite.png" - ], - "version": "1.0.0", - "title": "pfsense", - "templateRelativePath": "pfsense.json", - "subtitle": "", - "provider": "Microsoft Sentinel community" -}, -{ - "workbookKey": "ExchangeCompromiseHunting", - "logoFileName": "MSTIC-Logo.svg", - "description": "This workbook is intended to help defenders in responding to the Exchange Server vulnerabilities disclosed in March 2021, as well as hunting for potential compromise activity. More details on these vulnearbilities can be found at: https://aka.ms/exchangevulns", - "dataTypesDependencies": [ - "SecurityEvent", - "W3CIISLog" - ], - "dataConnectorsDependencies": [ - "SecurityEvents", - "AzureMonitor(IIS)", - "WindowsSecurityEvents" - ], - "previewImagesFileNames": [ - "ExchangeBlack.png", - "ExchangeWhite.png" - ], - "version": "1.0.0", - "title": "Exchange Compromise Hunting", - "templateRelativePath": "ExchangeCompromiseHunting.json", - "subtitle": "", - "provider": "Microsoft" -}, -{ - "workbookKey": "SOCProcessFrameworkWorkbook", - "logoFileName": "Azure_Sentinel.svg", - "description": "Built by Microsoft's Sentinel GBB's - This workbook contains years of SOC Best Practices and is intended to help SOCs mature and leverage industry standards in Operationalizing their SOC in using Microsoft Sentinel. It contains Processes and Procedures every SOC should consider and builds a high level of operational excellence.", - "dataTypesDependencies": [], - "dataConnectorsDependencies": [], - "previewImagesFileNames": [ - "SOCProcessFrameworkCoverImage1White.png", - "SOCProcessFrameworkCoverImage1Black.png", - "SOCProcessFrameworkCoverImage2White.png", - "SOCProcessFrameworkCoverImage2Black.png" - ], - "version": "1.1.0", - "title": "SOC Process Framework", - "templateRelativePath": "SOCProcessFramework.json", - "subtitle": "", - "provider": "Microsoft Sentinel Community" -}, -{ - "workbookKey": "Building_a_SOCLargeStaffWorkbook", - "logoFileName": "Azure_Sentinel.svg", - "description": "Built by Microsoft's Sentinel GBB's - This workbook contains years of SOC Best Practices and is intended to help SOCs mature and leverage industry standards in Operationalizing their SOC in using Microsoft Sentinel. It contains Processes and Procedures every SOC should consider and builds a high level of operational excellence.", - "dataTypesDependencies": [], - "dataConnectorsDependencies": [], - "previewImagesFileNames": [ - "SOCProcessFrameworkCoverImage1White.png", - "SOCProcessFrameworkCoverImage1Black.png", - "SOCProcessFrameworkCoverImage2White.png", - "SOCProcessFrameworkCoverImage2Black.png" - ], - "version": "1.1.0", - "title": "SOC Large Staff", - "templateRelativePath": "Building_a_SOCLargeStaff.json", - "subtitle": "", - "provider": "Microsoft Sentinel Community" -}, -{ - "workbookKey": "Building_a_SOCMediumStaffWorkbook", - "logoFileName": "Azure_Sentinel.svg", - "description": "Built by Microsoft's Sentinel GBB's - This workbook contains years of SOC Best Practices and is intended to help SOCs mature and leverage industry standards in Operationalizing their SOC in using Microsoft Sentinel. It contains Processes and Procedures every SOC should consider and builds a high level of operational excellence.", - "dataTypesDependencies": [], - "dataConnectorsDependencies": [], - "previewImagesFileNames": [ - "SOCProcessFrameworkCoverImage1White.png", - "SOCProcessFrameworkCoverImage1Black.png", - "SOCProcessFrameworkCoverImage2White.png", - "SOCProcessFrameworkCoverImage2Black.png" - ], - "version": "1.1.0", - "title": "SOC Medium Staff", - "templateRelativePath": "Building_a_SOCMediumStaff.json", - "subtitle": "", - "provider": "Microsoft Sentinel Community" -}, -{ - "workbookKey": "Building_a_SOCPartTimeStaffWorkbook", - "logoFileName": "Azure_Sentinel.svg", - "description": "Built by Microsoft's Sentinel GBB's - This workbook contains years of SOC Best Practices and is intended to help SOCs mature and leverage industry standards in Operationalizing their SOC in using Microsoft Sentinel. It contains Processes and Procedures every SOC should consider and builds a high level of operational excellence.", - "dataTypesDependencies": [], - "dataConnectorsDependencies": [], - "previewImagesFileNames": [ - "SOCProcessFrameworkCoverImage1White.png", - "SOCProcessFrameworkCoverImage1Black.png", - "SOCProcessFrameworkCoverImage2White.png", - "SOCProcessFrameworkCoverImage2Black.png" - ], - "version": "1.1.0", - "title": "SOC Part Time Staff", - "templateRelativePath": "Building_a_SOCPartTimeStaff.json", - "subtitle": "", - "provider": "Microsoft Sentinel Community" -}, -{ - "workbookKey": "Building_a_SOCSmallStaffWorkbook", - "logoFileName": "Azure_Sentinel.svg", - "description": "Built by Microsoft's Sentinel GBB's - This workbook contains years of SOC Best Practices and is intended to help SOCs mature and leverage industry standards in Operationalizing their SOC in using Microsoft Sentinel. It contains Processes and Procedures every SOC should consider and builds a high level of operational excellence.", - "dataTypesDependencies": [], - "dataConnectorsDependencies": [], - "previewImagesFileNames": [ - "SOCProcessFrameworkCoverImage1White.png", - "SOCProcessFrameworkCoverImage1Black.png", - "SOCProcessFrameworkCoverImage2White.png", - "SOCProcessFrameworkCoverImage2Black.png" - ], - "version": "1.1.0", - "title": "SOC Small Staff", - "templateRelativePath": "Building_a_SOCSmallStaff.json", - "subtitle": "", - "provider": "Microsoft Sentinel Community" -}, -{ - "workbookKey": "SOCIRPlanningWorkbook", - "logoFileName": "Azure_Sentinel.svg", - "description": "Built by Microsoft's Sentinel GBB's - This workbook contains years of SOC Best Practices and is intended to help SOCs mature and leverage industry standards in Operationalizing their SOC in using Microsoft Sentinel. It contains Processes and Procedures every SOC should consider and builds a high level of operational excellence.", - "dataTypesDependencies": [], - "dataConnectorsDependencies": [], - "previewImagesFileNames": [ - "SOCProcessFrameworkCoverImage1White.png", - "SOCProcessFrameworkCoverImage1Black.png", - "SOCProcessFrameworkCoverImage2White.png", - "SOCProcessFrameworkCoverImage2Black.png" - ], - "version": "1.1.0", - "title": "SOC IR Planning", - "templateRelativePath": "SOCIRPlanning.json", - "subtitle": "", - "provider": "Microsoft Sentinel Community" -}, -{ - "workbookKey": "UpdateSOCMaturityScoreWorkbook", - "logoFileName": "Azure_Sentinel.svg", - "description": "Built by Microsoft's Sentinel GBB's - This workbook contains years of SOC Best Practices and is intended to help SOCs mature and leverage industry standards in Operationalizing their SOC in using Microsoft Sentinel. It contains Processes and Procedures every SOC should consider and builds a high level of operational excellence.", - "dataTypesDependencies": [], - "dataConnectorsDependencies": [], - "previewImagesFileNames": [ - "SOCProcessFrameworkCoverImage1White.png", - "SOCProcessFrameworkCoverImage1Black.png", - "SOCProcessFrameworkCoverImage2White.png", - "SOCProcessFrameworkCoverImage2Black.png" - ], - "version": "1.1.0", - "title": "Update SOC Maturity Score", - "templateRelativePath": "UpdateSOCMaturityScore.json", - "subtitle": "", - "provider": "Microsoft Sentinel Community" -}, -{ - "workbookKey": "Microsoft365SecurityPosture", - "logoFileName": "M365securityposturelogo.svg", - "description": "This workbook presents security posture data collected from Azure Security Center, M365 Defender, Defender for Endpoint, and Microsoft Cloud App Security. This workbook relies on the M365 Security Posture Playbook in order to bring the data in.", - "dataTypesDependencies": [ - "M365SecureScore_CL", - "MDfESecureScore_CL", - "MDfEExposureScore_CL", - "MDfERecommendations_CL", - "MDfEVulnerabilitiesList_CL", - "McasShadowItReporting" - ], - "dataConnectorsDependencies": [], - "previewImagesFileNames": [ - "M365securitypostureblack.png", - "M365securityposturewhite.png" - ], - "version": "1.0.0", - "title": "Microsoft 365 Security Posture", - "templateRelativePath": "M365SecurityPosture.json", - "subtitle": "", - "provider": "Microsoft Sentinel Community" -}, -{ - "workbookKey": "AzureSentinelCost", - "logoFileName": "Azure_Sentinel.svg", - "description": "This workbook provides an estimated cost across the main billed items in Microsoft Sentinel: ingestion, retention and automation. It also provides insight about the possible impact of the Microsoft 365 E5 offer.", - "dataTypesDependencies": [], - "dataConnectorsDependencies": [], - "previewImagesFileNames": [ - "AzureSentinelCostWhite.png", - "AzureSentinelCostBlack.png" - ], - "version": "1.5.0", - "title": "Microsoft Sentinel Cost", - "templateRelativePath": "AzureSentinelCost.json", - "subtitle": "", - "provider": "Microsoft Sentinel Community" -}, -{ - "workbookKey": "ADXvsLA", - "logoFileName": "Azure_Sentinel.svg", - "description": "This workbook shows the tables from Microsoft Sentinel which are backed up in ADX. It also provides a comparison between the entries in the Microsoft Sentinel tables and the ADX tables. Lastly some general information about the queries and ingestion on ADX is shown.", - "dataTypesDependencies": [], - "dataConnectorsDependencies": [], - "previewImagesFileNames": [ - "ADXvsLABlack.PNG", - "ADXvsLAWhite.PNG" - ], - "version": "1.0.0", - "title": "ADXvsLA", - "templateRelativePath": "ADXvsLA.json", - "subtitle": "", - "provider": "Microsoft Sentinel Community" -}, -{ - "workbookKey": "MicrosoftDefenderForOffice365", - "logoFileName": "office365_logo.svg", - "description": "Gain insights into your Microsoft Defender for Office 365 raw data logs. This workbook lets you look at trends in email senders, attachments and embedded URL data to find anomalies. You can also search by, sender, recipient, subject, attachment or embedded URL to find where the related messages have been sent.", - "dataTypesDependencies": [ - "EmailEvents", - "EmailUrlInfo", - "EmailAttachmentInfo" - ], - "dataConnectorsDependencies": [], - "previewImagesFileNames": [ - "MDOWhite1.png", - "MDOBlack1.png", - "MDOWhite2.png", - "MDOBlack2.png" - ], - "version": "1.0.0", - "title": "Microsoft Defender For Office 365", - "templateRelativePath": "MicrosoftDefenderForOffice365.json", - "subtitle": "", - "provider": "Microsoft Sentinel Community" -}, -{ - "workbookKey": "ProofPointThreatDashboard", - "logoFileName": "", - "description": "Provides an overview of email threat activity based on log data provided by ProofPoint", - "dataTypesDependencies": [ - "ProofpointPOD_message_CL", - "ProofpointPOD_maillog_CL", - "ProofPointTAPClicksBlocked_CL", - "ProofPointTAPClicksPermitted_CL", - "ProofPointTAPMessagesBlocked_CL", - "ProofPointTAPMessagesDelivered_CL" - ], - "dataConnectorsDependencies": [ - "ProofpointTAP", - "ProofpointPOD" - ], - "previewImagesFileNames": [ - "ProofPointThreatDashboardBlack1.png", - "ProofPointThreatDashboardWhite1.png" - ], - "version": "1.0.0", - "title": "ProofPoint Threat Dashboard", - "templateRelativePath": "ProofPointThreatDashboard.json", - "subtitle": "", - "provider": "Microsoft Sentinel Community" -}, -{ - "workbookKey": "AMAmigrationTracker", - "logoFileName": "Azure_Sentinel.svg", - "description": "See what Azure and Azure Arc servers have Log Analytics agent or Azure Monitor agent installed. Review what DCR (data collection rules) apply to your machines and whether you are collecting logs from those machines into your selected workspaces.", - "dataTypesDependencies": [], - "dataConnectorsDependencies": [], - "previewImagesFileNames": [ - "AMAtrackingWhite1.png", - "AMAtrackingWhite2.png", - "AMAtrackingWhite3.png", - "AMAtrackingBlack1.png", - "AMAtrackingBlack2.png", - "AMAtrackingBlack3.png" - ], - "version": "1.1.0", - "title": "AMA migration tracker", - "templateRelativePath": "AMAmigrationTracker.json", - "subtitle": "", - "provider": "Microsoft Sentinel Community" -}, -{ - "workbookKey": "AdvancedKQL", - "logoFileName": "Azure_Sentinel.svg", - "description": "This interactive Workbook is designed to improve your KQL proficiency by using a use-case driven approach.", - "dataTypesDependencies": [], - "dataConnectorsDependencies": [], - "previewImagesFileNames": [ - "AdvancedKQLWhite.png", - "AdvancedKQLBlack.png" - ], - "version": "1.3.0", - "title": "Advanced KQL for Microsoft Sentinel", - "templateRelativePath": "AdvancedKQL.json", - "subtitle": "", - "provider": "Microsoft Sentinel Community" -}, -{ - "workbookKey": "DSTIMWorkbook", - "logoFileName": "DSTIM.svg", - "description": "Identify sensitive data blast radius (i.e., who accessed sensitive data, what kinds of sensitive data, from where and when) in a given data security incident investigation or as part of Threat Hunting. Prioritize your investigation based on insights provided with integrations with Watchlists(VIPUsers, TerminatedEmployees and HighValueAssets), Threat Intelligence feed, UEBA baselines and much more.", - "dataTypesDependencies": [ - "DSMAzureBlobStorageLogs", - "DSMDataClassificationLogs", - "DSMDataLabelingLogs", - "Anomalies", - "ThreatIntelligenceIndicator", - "AADManagedIdentitySignInLogs", - "SecurityAlert", - "SigninLogs" - ], - "dataConnectorsDependencies": [], - "previewImagesFileNames": [ - "DSTIMWorkbookBlack.png", - "DSTIMWorkbookWhite.png" - ], - "version": "1.9.0", - "title": "Data Security - Sensitive Data Impact Assessment", - "templateRelativePath": "DSTIMWorkbook.json", - "subtitle": "", - "provider": "Microsoft", - "featureFlag": "DSTIMWorkbook" -}, -{ - "workbookKey": "IntrotoKQLWorkbook", - "logoFileName": "", - "description": "Learn and practice the Kusto Query Language. This workbook introduces and provides 100 to 200 level content for new and existing users looking to learn KQL. This workbook will be updated with content over time.", - "dataTypesDependencies": [], - "dataConnectorsDependencies": [], - "previewImagesFileNames": [ - "IntrotoKQL-black.png", - "IntrotoKQL-white.png" - ], - "version": "1.0.0", - "title": "Intro to KQL", - "templateRelativePath": "IntrotoKQL.json", - "subtitle": "", - "provider": "Microsoft Sentinel Community" -}, -{ - "workbookKey": "Log4jPostCompromiseHuntingWorkbook", - "logoFileName": "", - "description": "This hunting workbook is intended to help identify activity related to the Log4j compromise discovered in December 2021.", - "dataTypesDependencies": [ - "SecurityNestedRecommendation", - "AzureDiagnostics", - "OfficeActivity", - "W3CIISLog", - "AWSCloudTrail", - "SigninLogs", - "AADNonInteractiveUserSignInLogs", - "imWebSessions", - "imNetworkSession" - ], - "dataConnectorsDependencies": [], - "previewImagesFileNames": [ - "Log4jPostCompromiseHuntingBlack.png", - "Log4jPostCompromiseHuntingWhite.png" - ], - "version": "1.0.0", - "title": "Log4j Post Compromise Hunting", - "templateRelativePath": "Log4jPostCompromiseHunting.json", - "subtitle": "", - "provider": "Microsoft Sentinel Community" -}, -{ - "workbookKey": "Log4jImpactAssessmentWorkbook", - "logoFileName": "", - "description": "This hunting workbook is intended to help identify activity related to the Log4j compromise discovered in December 2021.", - "dataTypesDependencies": [ - "SecurityIncident", - "SecurityAlert", - "AzureSecurityCenter", - "MDfESecureScore_CL", - "MDfEExposureScore_CL", - "MDfERecommendations_CL", - "MDfEVulnerabilitiesList_CL" - ], - "dataConnectorsDependencies": [], - "previewImagesFileNames": [], - "version": "1.0.0", - "title": "Log4j Impact Assessment", - "templateRelativePath": "Log4jImpactAssessment.json", - "subtitle": "", - "provider": "Microsoft Sentinel Community" -}, -{ - "workbookKey": "UserMap", - "logoFileName": "", - "description": "This Workbook shows MaliciousIP, User SigninLog Data (this shows user Signin Locations and distance between as well as order visited) and WAF information.", - "dataTypesDependencies": [ - "SigninLogs", - "AzureDiagnostics", - "WireData", - "VMconnection", - "CommonSecurityLog", - "WindowsFirewall", - "W3CIISLog", - "DnsEvents" - ], - "dataConnectorsDependencies": [ - "AzureActiveDirectory" - ], - "previewImagesFileNames": [ - "UserMapBlack.png", - "UserMapWhite.png" - ], - "version": "1.0.0", - "title": "User Map information", - "templateRelativePath": "UserMap.json", - "subtitle": "", - "provider": "Microsoft Sentinel Community" -}, -{ - "workbookKey": "AWSS3", - "logoFileName": "", - "description": ".", - "dataTypesDependencies": [ - "AWSCloudTrail", - "AWSGuardDuty", - "AWSVPCFlow" - ], - "dataConnectorsDependencies": [ - "AWSS3" - ], - "previewImagesFileNames": [ - "AWSS3Black.png", - "AWSS3White.png", - "AWSS3White1.png" - ], - "version": "1.0.0", - "title": "AWS S3 Workbook", - "templateRelativePath": "AWSS3.json", - "subtitle": "", - "provider": "Microsoft Sentinel Community" -}, -{ - "workbookKey": "LogSourcesAndAnalyticRulesCoverageWorkbook", - "logoFileName": "", - "description": "This workbook is intended to show how the different tables in a Log Analytics workspace are being used by the different Microsoft Sentinel features, like analytics, hunting queries, playbooks and queries in general.", - "dataTypesDependencies": [], - "dataConnectorsDependencies": [], - "previewImagesFileNames": [ - "LogSourcesAndAnalyticRulesCoverageBlack.png", - "LogSourcesAndAnalyticRulesCoverageWhite.png" - ], - "version": "1.1.0", - "title": "Log Sources & Analytic Rules Coverage", - "templateRelativePath": "LogSourcesAndAnalyticRulesCoverage.json", - "subtitle": "", - "provider": "Microsoft Sentinel Community" -}, -{ - "workbookKey": "CiscoFirepower", - "logoFileName": "", - "description": "Gain insights into your Cisco Firepower firewalls. This workbook analyzes Cisco Firepower device logs.", - "dataTypesDependencies": [ - "CommonSecurityLog" - ], - "dataConnectorsDependencies": [], - "previewImagesFileNames": [ - "CiscoFirepowerBlack.png", - "CiscoFirepowerWhite.png" - ], - "version": "1.0.0", - "title": "Cisco Firepower", - "templateRelativePath": "CiscoFirepower.json", - "subtitle": "", - "provider": "Microsoft Sentinel Community" -}, -{ - "workbookKey": "MicrorosftTeams", - "logoFileName": "microsoftteams.svg", - "description": "This workbook is intended to identify the activities on Microrsoft Teams.", - "dataTypesDependencies": [ - "OfficeActivity" - ], - "dataConnectorsDependencies": [], - "previewImagesFileNames": [ - "MicrosoftTeamsBlack.png", - "MicrosoftTeamsWhite.png" - ], - "version": "1.0.0", - "title": "Microsoft Teams", - "templateRelativePath": "MicrosoftTeams.json", - "subtitle": "", - "provider": "Microsoft Sentinel Community" -}, -{ - "workbookKey": "ArchivingBasicLogsRetention", - "logoFileName": "ArchivingBasicLogsRetention.svg", - "description": "This workbooks shows workspace and table retention periods, basic logs, and search & restore tables. It also allows you to update table retention periods, plans, and delete search or restore tables.", - "dataTypesDependencies": [], - "dataConnectorsDependencies": [], - "previewImagesFileNames": [ - "ArchivingBasicLogsRetentionBlack1.png", - "ArchivingBasicLogsRetentionWhite1.png" - ], - "version": "1.1.0", - "title": "Archiving, Basic Logs, and Retention", - "templateRelativePath": "ArchivingBasicLogsRetention.json", - "subtitle": "", - "provider": "Microsoft Sentinel Community" -}, -{ - "workbookKey": "OktaSingleSignOnWorkbook", - "logoFileName": "okta_logo.svg", - "description": "Gain extensive insight into Okta Single Sign-On (SSO) by analyzing, collecting and correlating Audit and Event events.\nThis workbook provides visibility into message and click events that were permitted, delivered, or blocked", - "dataTypesDependencies": [ - "Okta_CL" - ], - "dataConnectorsDependencies": [ - "OktaSSO" - ], - "previewImagesFileNames": [ - "OktaSingleSignOnWhite.png", - "OktaSingleSignOnBlack.png" - ], - "version": "1.2", - "title": "Okta Single Sign-On", - "templateRelativePath": "OktaSingleSignOn.json", - "subtitle": "", - "provider": "Okta" -}, -{ - "workbookKey": "MicrosoftDefenderForEndPoint", - "logoFileName": "", - "description": "A wokbook to provide details about Microsoft Defender for Endpoint Advance Hunting to Overview & Analyse data brought through M365 Defender Connector.", - "dataTypesDependencies": [], - "dataConnectorsDependencies": [], - "previewImagesFileNames": [ - "microsoftdefenderforendpointwhite.png", - "microsoftdefenderforendpointblack.png" - ], - "version": "1.0.0", - "title": "MicrosoftDefenderForEndPoint", - "templateRelativePath": "MicrosoftDefenderForEndPoint.json", - "subtitle": "", - "provider": "Microsoft Sentinel Community" -}, -{ - "workbookKey": "Dynamics365Workbooks", - "logoFileName": "DynamicsLogo.svg", - "description": "This workbook brings together queries and visualizations to assist you in identifying potential threats in your Dynamics 365 audit data.", - "dataTypesDependencies": [ - "Dynamics365Activity" - ], - "dataConnectorsDependencies": [ - "Dynamics365" - ], - "previewImagesFileNames": [ - "Dynamics365WorkbookBlack.png", - "Dynamics365WorkbookWhite.png" - ], - "version": "1.0.3", - "title": "Dynamics365Workbooks", - "templateRelativePath": "Dynamics365Workbooks.json", - "subtitle": "", - "provider": "Microsoft Sentinel Community" -}, -{ - "workbookKey": "CiscoMerakiWorkbook", - "logoFileName": "", - "description": "Gain insights into the Events from Cisco Meraki Solution and analyzing all the different types of Security Events. This workbook also helps in identifying the Events from affected devices, IPs and the nodes where malware was successfully detected.\nIP data received in Events is correlated with Threat Intelligence to identify if the reported IP address is known bad based on threat intelligence data.", - "dataTypesDependencies": [ - "meraki_CL", - "CiscoMerakiNativePoller", - "ThreatIntelligenceIndicator" - ], - "dataConnectorsDependencies": [ - "CiscoMeraki", - "CiscoMerakiNativePolling", - "ThreatIntelligence" - ], - "previewImagesFileNames": [ - "CiscoMerakiWorkbookWhite.png", - "CiscoMerakiWorkbookBlack.png" - ], - "version": "1.0.0", - "title": "CiscoMerakiWorkbook", - "templateRelativePath": "CiscoMerakiWorkbook.json", - "subtitle": "", - "provider": "Microsoft" -}, -{ - "workbookKey": "SentinelOneWorkbook", - "logoFileName": "", - "description": "Sets the time name for analysis.", - "dataTypesDependencies": [ - "SentinelOne_CL" - ], - "dataConnectorsDependencies": [ - "SentinelOne" - ], - "previewImagesFileNames": [ - "SentinelOneBlack.png", - "SentinelOneWhite.png" - ], - "version": "1.0.0", - "title": "SentinelOneWorkbook", - "templateRelativePath": "SentinelOne.json", - "subtitle": "", - "provider": "Microsoft" -}, -{ - "workbookKey": "TrendMicroApexOneWorkbook", - "logoFileName": "trendmicro_logo.svg", - "description": "Sets the time name for analysis.", - "dataTypesDependencies": [ - "CommonSecurityLog" - ], - "dataConnectorsDependencies": [ - "TrendMicroApexOne" - ], - "previewImagesFileNames": [ - "TrendMicroApexOneBlack.png", - "TrendMicroApexOneWhite.png" - ], - "version": "1.0.0", - "title": "Trend Micro Apex One", - "templateRelativePath": "TrendMicroApexOne.json", - "subtitle": "", - "provider": "TrendMicro" -}, -{ - "workbookKey": "ContrastProtect", - "logoFileName": "contrastsecurity_logo.svg", - "description": "Select the time range for this Overview.", - "dataTypesDependencies": [ - "CommonSecurityLog" - ], - "dataConnectorsDependencies": [ - "ContrastProtect" - ], - "previewImagesFileNames": [ - "ContrastProtectAllBlack.png", - "ContrastProtectAllWhite.png", - "ContrastProtectEffectiveBlack.png", - "ContrastProtectEffectiveWhite.png", - "ContrastProtectSummaryBlack.png", - "ContrastProtectSummaryWhite.png" - ], - "version": "1.0.0", - "title": "Contrast Protect", - "templateRelativePath": "ContrastProtect.json", - "subtitle": "", - "provider": "contrast security" -}, -{ - "workbookKey": "ArmorbloxOverview", - "logoFileName": "armorblox.svg", - "description": "INCIDENTS FROM SELECTED TIME RANGE", - "dataTypesDependencies": [ - "Armorblox_CL" - ], - "dataConnectorsDependencies": [ - "Armorblox" - ], - "previewImagesFileNames": [ - "ArmorbloxOverviewBlack01.png", - "ArmorbloxOverviewBlack02.png", - "ArmorbloxOverviewWhite01.png", - "ArmorbloxOverviewWhite02.png" - ], - "version": "1.0.0", - "title": "Armorblox", - "templateRelativePath": "ArmorbloxOverview.json", - "subtitle": "", - "provider": "Armorblox" -}, -{ - "workbookKey": "PaloAltoCDL", - "logoFileName": "paloalto_logo.svg", - "description": "Sets the time name for analysis", - "dataTypesDependencies": [ - "CommonSecurityLog" - ], - "dataConnectorsDependencies": [ - "PaloAltoCDL" - ], - "previewImagesFileNames": [ - "PaloAltoBlack.png", - "PaloAltoWhite.png" - ], - "version": "1.0.0", - "title": "Palo Alto Networks Cortex Data Lake", - "templateRelativePath": "PaloAltoCDL.json", - "subtitle": "", - "provider": "Palo Alto Networks" -}, -{ - "workbookKey": "VMwareCarbonBlack", - "logoFileName": "Azure_Sentinel.svg", - "description": "Sets the time name for analysis", - "dataTypesDependencies": [ - "CarbonBlackEvents_CL", - "CarbonBlackAuditLogs_CL", - "CarbonBlackNotifications_CL" - ], - "dataConnectorsDependencies": [ - "VMwareCarbonBlack" - ], - "previewImagesFileNames": [ - "VMwareCarbonBlack.png", - "VMwareCarbonWhite.png" - ], - "version": "1.0.0", - "title": "VMware Carbon Black Cloud", - "templateRelativePath": "VMwareCarbonBlack.json", - "subtitle": "", - "provider": "Microsoft" -}, -{ - "workbookKey": "arista-networks", - "logoFileName": "AristaAwakeSecurity.svg", - "description": "Sets the time name for analysis", - "dataTypesDependencies": [ - "CommonSecurityLog" - ], - "dataConnectorsDependencies": [ - "AristaAwakeSecurity" - ], - "previewImagesFileNames": [ - "AristaAwakeSecurityDevicesBlack.png", - "AristaAwakeSecurityDevicesWhite.png", - "AristaAwakeSecurityModelsBlack.png", - "AristaAwakeSecurityModelsWhite.png", - "AristaAwakeSecurityOverviewBlack.png", - "AristaAwakeSecurityOverviewWhite.png" - ], - "version": "1.0.0", - "title": "Arista Awake", - "templateRelativePath": "AristaAwakeSecurityWorkbook.json", - "subtitle": "", - "provider": "Arista Networks" -}, -{ - "workbookKey": "TomcatWorkbook", - "logoFileName": "Azure_Sentinel.svg", - "description": "Sets the time name for analysis", - "dataTypesDependencies": [ - "Tomcat_CL" - ], - "dataConnectorsDependencies": [ - "ApacheTomcat" - ], - "previewImagesFileNames": [ - "TomcatBlack.png", - "TomcatWhite.png" - ], - "version": "1.0.0", - "title": "ApacheTomcat", - "templateRelativePath": "Tomcat.json", - "subtitle": "", - "provider": "Apache" -}, -{ - "workbookKey": "ClarotyWorkbook", - "logoFileName": "Azure_Sentinel.svg", - "description": "Sets the time name for analysis", - "dataTypesDependencies": [ - "CommonSecurityLog" - ], - "dataConnectorsDependencies": [ - "Claroty" - ], - "previewImagesFileNames": [ - "ClarotyBlack.png", - "ClarotyWhite.png" - ], - "version": "1.0.0", - "title": "Claroty", - "templateRelativePath": "ClarotyOverview.json", - "subtitle": "", - "provider": "Claroty" -}, -{ - "workbookKey": "ApacheHTTPServerWorkbook", - "logoFileName": "apache.svg", - "description": "Sets the time name for analysis", - "dataTypesDependencies": [ - "ApacheHTTPServer_CL" - ], - "dataConnectorsDependencies": [ - "ApacheHTTPServer" - ], - "previewImagesFileNames": [ - "ApacheHTTPServerOverviewBlack01.png", - "ApacheHTTPServerOverviewBlack02.png", - "ApacheHTTPServerOverviewWhite01.png", - "ApacheHTTPServerOverviewWhite02.png" - ], - "version": "1.0.0", - "title": "Apache HTTP Server", - "templateRelativePath": "ApacheHTTPServer.json", - "subtitle": "", - "provider": "Apache Software Foundation" -}, -{ - "workbookKey": "OCIWorkbook", - "logoFileName": "Azure_Sentinel.svg", - "description": "Sets the time name for analysis", - "dataTypesDependencies": [ - "OCI_Logs_CL" - ], - "dataConnectorsDependencies": [ - "OracleCloudInfrastructureLogsConnector" - ], - "previewImagesFileNames": [ - "OCIBlack.png", - "OCIWhite.png" - ], - "version": "1.0.0", - "title": "Oracle Cloud Infrastructure", - "templateRelativePath": "OracleCloudInfrastructureOCI.json", - "subtitle": "", - "provider": "Microsoft" -}, -{ - "workbookKey": "OracleWeblogicServerWorkbook", - "logoFileName": "Azure_Sentinel.svg", - "description": "Sets the time name for analysis", - "dataTypesDependencies": [ - "OracleWebLogicServer_CL" - ], - "dataConnectorsDependencies": [ - "OracleWebLogicServer" - ], - "previewImagesFileNames": [ - "OracleWeblogicServerBlack.png", - "OracleWeblogicServerWhite.png" - ], - "version": "1.0.0", - "title": "Oracle WebLogic Server", - "templateRelativePath": "OracleWorkbook.json", - "subtitle": "", - "provider": "Oracle" -}, -{ - "workbookKey": "BitglassWorkbook", - "logoFileName": "Azure_Sentinel.svg", - "description": "Sets the time name for analysis", - "dataTypesDependencies": [ - "BitglassLogs_CL" - ], - "dataConnectorsDependencies": [ - "Bitglass" - ], - "previewImagesFileNames": [ - "BitglassBlack.png", - "BitglassWhite.png" - ], - "version": "1.0.0", - "title": "Bitglass", - "templateRelativePath": "Bitglass.json", - "subtitle": "", - "provider": "Bitglass" -}, -{ - "workbookKey": "NGINXWorkbook", - "logoFileName": "Azure_Sentinel.svg", - "description": "Sets the time name for analysis", - "dataTypesDependencies": [ - "NGINX_CL" - ], - "dataConnectorsDependencies": [ - "NGINXHTTPServer" - ], - "previewImagesFileNames": [ - "NGINXOverviewBlack01.png", - "NGINXOverviewBlack02.png", - "NGINXOverviewWhite01.png", - "NGINXOverviewWhite02.png" - ], - "version": "1.0.0", - "title": "NGINX HTTP Server", - "templateRelativePath": "NGINX.json", - "subtitle": "", - "provider": "Microsoft" -}, -{ - "workbookKey": "vArmourAppContollerWorkbook", - "logoFileName": "varmour-logo.svg", - "description": "Sets the time name for analysis", - "dataTypesDependencies": [ - "CommonSecurityLog" - ], - "dataConnectorsDependencies": [ - "vArmourAC" - ], - "previewImagesFileNames": [ - "vArmourAppControllerAppBlack.png", - "vArmourAppControllerAppBlack-1.png", - "vArmourAppControllerAppBlack-2.png", - "vArmourAppControllerAppBlack-3.png", - "vArmourAppControllerAppBlack-4.png", - "vArmourAppControllerAppBlack-5.png", - "vArmourAppControllerAppBlack-6.png", - "vArmourAppControllerAppBlack-7.png", - "vArmourAppControllerAppWhite.png", - "vArmourAppControllerAppWhite-1.png", - "vArmourAppControllerAppWhite-2.png", - "vArmourAppControllerAppWhite-3.png", - "vArmourAppControllerAppWhite-4.png", - "vArmourAppControllerAppWhite-5.png", - "vArmourAppControllerAppWhite-6.png", - "vArmourAppControllerAppWhite-7.png" - ], - "version": "1.0.0", - "title": "vArmour Application Controller", - "templateRelativePath": "vArmour_AppContoller_Workbook.json", - "subtitle": "", - "provider": "vArmour" -}, -{ - "workbookKey": "CorelightWorkbook", - "logoFileName": "corelight.svg", - "description": "Sets the time name for analysis", - "dataTypesDependencies": [ - "Corelight_CL" - ], - "dataConnectorsDependencies": [ - "Corelight" - ], - "previewImagesFileNames": [ - "CorelightConnectionsBlack1.png", - "CorelightConnectionsBlack2.png", - "CorelightConnectionsWhite1.png", - "CorelightConnectionsWhite2.png", - "CorelightDNSBlack1.png", - "CorelightDNSWhite1.png", - "CorelightFileBlack1.png", - "CorelightFileBlack2.png", - "CorelightFileWhite1.png", - "CorelightFileWhite2.png", - "CorelightMainBlack1.png", - "CorelightMainWhite1.png", - "CorelightSoftwareBlack1.png", - "CorelightSoftwareWhite1.png" - ], - "version": "1.0.0", - "title": "Corelight", - "templateRelativePath": "Corelight.json", - "subtitle": "", - "provider": "Corelight" -}, -{ - "workbookKey": "LookoutEvents", - "logoFileName": "lookout.svg", - "description": "Sets the time name for analysis", - "dataTypesDependencies": [ - "Lookout_CL" - ], - "dataConnectorsDependencies": [ - "LookoutAPI" - ], - "previewImagesFileNames": [ - "SampleLookoutWorkBookBlack.png", - "SampleLookoutWorkBookWhite.png" - ], - "version": "1.0.0", - "title": "Lookout", - "templateRelativePath": "LookoutEvents.json", - "subtitle": "", - "provider": "Lookout" -}, -{ - "workbookKey": "sentinel-MicrosoftPurview", - "logoFileName": "MicrosoftPurview.svg", - "description": "Sets the time name for analysis", - "dataTypesDependencies": [ - "AzureDiagnostics" - ], - "dataConnectorsDependencies": [ - "MicrosoftAzurePurview" - ], - "previewImagesFileNames": [ - "" - ], - "version": "1.0.0", - "title": "Microsoft Purview", - "templateRelativePath": "MicrosoftPurview.json", - "subtitle": "", - "provider": "Microsoft" -}, -{ - "workbookKey": "InfobloxCDCB1TDWorkbook", - "logoFileName": "infoblox_logo.svg", - "description": "Sets the time name for analysis", - "dataTypesDependencies": [ - "CommonSecurityLog" - ], - "dataConnectorsDependencies": [ - "InfobloxCloudDataConnector" - ], - "previewImagesFileNames": [ - "InfobloxCDCB1TDBlack.png", - "InfobloxCDCB1TDWhite.png" - ], - "version": "1.0.0", - "title": "Infoblox Cloud Data Connector", - "templateRelativePath": "InfobloxCDCB1TDWorkbook.json", - "subtitle": "", - "provider": "InfoBlox" -}, -{ - "workbookKey": "UbiquitiUniFiWorkbook", - "logoFileName": "ubiquiti.svg", - "description": "Sets the time name for analysis", - "dataTypesDependencies": [ - "Ubiquiti_CL" - ], - "dataConnectorsDependencies": [ - "UbiquitiUnifi" - ], - "previewImagesFileNames": [ - "UbiquitiOverviewBlack01.png", - "UbiquitiOverviewBlack02.png", - "UbiquitiOverviewWhite01.png", - "UbiquitiOverviewWhite02.png" - ], - "version": "1.0.0", - "title": "Ubiquiti UniFi", - "templateRelativePath": "Ubiquiti.json", - "subtitle": "", - "provider": "Microsoft" -}, -{ - "workbookKey": "VMwareESXiWorkbook", - "logoFileName": "Azure_Sentinel.svg", - "description": "Sets the time name for analysis", - "dataTypesDependencies": [ - "Syslog" - ], - "dataConnectorsDependencies": [ - "VMwareESXi" - ], - "previewImagesFileNames": [ - "VMWareESXiBlack.png", - "VMWareESXiWhite.png" - ], - "version": "1.0.0", - "title": "VMware ESXi", - "templateRelativePath": "VMWareESXi.json", - "subtitle": "", - "provider": "Microsoft" -}, -{ - "workbookKey": "SnowflakeWorkbook", - "logoFileName": "Azure_Sentinel.svg", - "description": "Sets the time name for analysis", - "dataTypesDependencies": [ - "Snowflake_CL" - ], - "dataConnectorsDependencies": [ - "SnowflakeDataConnector" - ], - "previewImagesFileNames": [ - "SnowflakeBlack.png", - "SnowflakeWhite.png" - ], - "version": "1.0.0", - "title": "Snowflake", - "templateRelativePath": "Snowflake.json", - "subtitle": "", - "provider": "Snowflake" -}, -{ - "workbookKey": "LastPassWorkbook", - "logoFileName": "LastPass.svg", - "description": "Sets the time name for analysis", - "dataTypesDependencies": [ - "LastPassNativePoller_CL" - ], - "dataConnectorsDependencies": [ - "LastPassAPIConnector" - ], - "previewImagesFileNames": [ - "LastPassBlack.png", - "LastPassWhite.png" - ], - "version": "1.0.0", - "title": "Lastpass Enterprise Activity Monitoring", - "templateRelativePath": "LastPassWorkbook.json", - "subtitle": "", - "provider": "LastPass" -}, -{ - "workbookKey": "SecurityBridgeWorkbook", - "logoFileName": "SecurityBridgeLogo-Vector-TM_75x75.svg", - "description": "Sets the time name for analysis", - "dataTypesDependencies": [ - "SecurityBridgeLogs" - ], - "dataConnectorsDependencies": [ - "SecurityBridgeSAP" - ], - "previewImagesFileNames": [ - "SecurityBridgeThreatDetectionWhite.png", - "SecurityBridgeThreatDetectionWhite1.png" - ], - "version": "1.0.0", - "title": "SecurityBridge App", - "templateRelativePath": "SecurityBridgeThreatDetectionforSAP.json", - "subtitle": "", - "provider": "SecurityBridge" -}, -{ - "workbookKey": "PaloAltoPrismaCloudWorkbook", - "logoFileName": "paloalto_logo.svg", - "description": "Sets the time name for analysis.", - "dataTypesDependencies": [ - "PaloAltoPrismaCloudAlert_CL", - "PaloAltoPrismaCloudAudit_CL" - ], - "dataConnectorsDependencies": [ - "PaloAltoPrismaCloud" - ], - "previewImagesFileNames": [ - "PaloAltoPrismaCloudBlack01.png", - "PaloAltoPrismaCloudBlack02.png", - "PaloAltoPrismaCloudWhite01.png", - "PaloAltoPrismaCloudWhite02.png" - ], - "version": "1.0.0", - "title": "Palo Alto Prisma", - "templateRelativePath": "PaloAltoPrismaCloudOverview.json", - "subtitle": "", - "provider": "Microsoft" -}, -{ - "workbookKey": "PingFederateWorkbook", - "logoFileName": "PingIdentity.svg", - "description": "Sets the time name for analysis", - "dataTypesDependencies": [ - "PingFederateEvent" - ], - "dataConnectorsDependencies": [ - "PingFederate" - ], - "previewImagesFileNames": [ - "PingFederateBlack1.png", - "PingFederateWhite1.png" - ], - "version": "1.0.0", - "title": "PingFederate", - "templateRelativePath": "PingFederate.json", - "subtitle": "", - "provider": "Microsoft" -}, -{ - "workbookKey": "McAfeeePOWorkbook", - "logoFileName": "mcafee_logo.svg", - "description": "Sets the time name for analysis", - "dataTypesDependencies": [ - "McAfeeEPOEvent" - ], - "dataConnectorsDependencies": [ - "McAfeeePO" - ], - "previewImagesFileNames": [ - "McAfeeePOBlack1.png", - "McAfeeePOBlack2.png", - "McAfeeePOWhite1.png", - "McAfeeePOWhite2.png" - ], - "version": "1.0.0", - "title": "McAfee ePolicy Orchestrator", - "templateRelativePath": "McAfeeePOOverview.json", - "subtitle": "", - "provider": "Microsoft" -}, -{ - "workbookKey": "OracleDatabaseAudit", - "logoFileName": "oracle_logo.svg", - "description": "Sets the time name for analysis", - "dataTypesDependencies": [ - "Syslog" - ], - "dataConnectorsDependencies": [ - "OracleDatabaseAudit" - ], - "previewImagesFileNames": [ - "OracleDatabaseAuditBlack1.png", - "OracleDatabaseAuditBlack2.png", - "OracleDatabaseAuditWhite1.png", - "OracleDatabaseAuditWhite2.png" - ], - "version": "1.0.0", - "title": "Oracle Database Audit", - "templateRelativePath": "OracleDatabaseAudit.json", - "subtitle": "", - "provider": "Oracle" -}, -{ - "workbookKey": "SenservaProAnalyticsWorkbook", - "logoFileName": "SenservaPro_logo.svg", - "description": "Sets the time name for analysis", - "dataTypesDependencies": [ - "SenservaPro_CL" - ], - "dataConnectorsDependencies": [ - "SenservaPro" - ], - "previewImagesFileNames": [ - "SenservaProAnalyticsBlack.png", - "SenservaProAnalyticsWhite.png" - ], - "version": "1.0.0", - "title": "SenservaProAnalytics", - "templateRelativePath": "SenservaProAnalyticsWorkbook.json", - "subtitle": "", - "provider": "Senserva Pro" -}, -{ - "workbookKey": "SenservaProMultipleWorkspaceWorkbook", - "logoFileName": "SenservaPro_logo.svg", - "description": "Sets the time name for analysis", - "dataTypesDependencies": [ - "SenservaPro_CL" - ], - "dataConnectorsDependencies": [ - "SenservaPro" - ], - "previewImagesFileNames": [ - "SenservaProMultipleWorkspaceWorkbookBlack.png", - "SenservaProMultipleWorkspaceWorkbookWhite.png" - ], - "version": "1.0.0", - "title": "SenservaProMultipleWorkspace", - "templateRelativePath": "SenservaProMultipleWorkspaceWorkbook.json", - "subtitle": "", - "provider": "Senserva Pro" -}, -{ - "workbookKey": "SenservaProSecureScoreMultiTenantWorkbook", - "logoFileName": "SenservaPro_logo.svg", - "description": "Sets the time name for analysis", - "dataTypesDependencies": [ - "SenservaPro_CL" - ], - "dataConnectorsDependencies": [ - "SenservaPro" - ], - "previewImagesFileNames": [ - "SenservaProSecureScoreMultiTenantBlack.png", - "SenservaProSecureScoreMultiTenantWhite.png" - ], - "version": "1.0.0", - "title": "SenservaProSecureScoreMultiTenant", - "templateRelativePath": "SenservaProSecureScoreMultiTenantWorkbook.json", - "subtitle": "", - "provider": "Senserva Pro" -}, -{ - "workbookKey": "CiscoSecureEndpointOverviewWorkbook", - "logoFileName": "cisco-logo-72px.svg", - "description": "Sets the time name for analysis", - "dataTypesDependencies": [ - "CiscoSecureEndpoint" - ], - "dataConnectorsDependencies": [ - "CiscoSecureEndpoint" - ], - "previewImagesFileNames": [ - "CiscoSecureEndpointBlack.png", - "CiscoSecureEndpointWhite.png" - ], - "version": "1.0.0", - "title": "Cisco Secure Endpoint", - "templateRelativePath": "Cisco Secure Endpoint Overview.json", - "subtitle": "", - "provider": "Cisco" -}, -{ - "workbookKey": "InfoSecGlobalWorkbook", - "logoFileName": "infosecglobal.svg", - "description": "Sets the time name for analysis.", - "dataTypesDependencies": [ - "InfoSecAnalytics_CL" - ], - "dataConnectorsDependencies": [ - "InfoSecDataConnector" - ], - "previewImagesFileNames": [ - "InfoSecGlobalWorkbookBlack.png", - "InfoSecGlobalWorkbookWhite.png" - ], - "version": "1.0.0", - "title": "AgileSec Analytics Connector", - "templateRelativePath": "InfoSecGlobal.json", - "subtitle": "", - "provider": "InfoSecGlobal" -}, -{ - "workbookKey": "CrowdStrikeFalconEndpointProtectionWorkbook", - "logoFileName": "crowdstrike.svg", - "description": "Sets the time name for analysis", - "dataTypesDependencies": [ - "CrowdstrikeReplicatorLogs_CL" - ], - "dataConnectorsDependencies": [ - "CrowdstrikeReplicator" - ], - "previewImagesFileNames": [ - "CrowdStrikeFalconEndpointProtectionBlack.png", - "CrowdStrikeFalconEndpointProtectionWhite.png" - ], - "version": "1.0.0", - "title": "CrowdStrike Falcon Endpoint Protection", - "templateRelativePath": "CrowdStrikeFalconEndpointProtection.json", - "subtitle": "", - "provider": "Microsoft" -}, -{ - "workbookKey": "IronDefenseAlertDashboard", - "logoFileName": "IronNet.svg", - "description": "Sets the time name for analysis", - "dataTypesDependencies": [ - "CommonSecurityLog" - ], - "dataConnectorsDependencies": [ - "IronNetIronDefense" - ], - "previewImagesFileNames": [ - "IronDefenseDashboardBlack.png", - "IronDefenseDashboardWhit.png" - ], - "version": "1.0.0", - "title": "IronDefenseAlertDashboard", - "templateRelativePath": "IronDefenseAlertDashboard.json", - "subtitle": "", - "provider": "Microsoft" -}, -{ - "workbookKey": "IronDefenseAlertDetails", - "logoFileName": "IronNet.svg", - "description": "Sets the time name for analysis", - "dataTypesDependencies": [ - "CommonSecurityLog" - ], - "dataConnectorsDependencies": [ - "IronNetIronDefense" - ], - "previewImagesFileNames": [ - "IronDefenseAlertsBlack.png", - "IronDefenseAlertsWhite.png" - ], - "version": "1.0.0", - "title": "IronDefenseAlertDetails", - "templateRelativePath": "IronDefenseAlertDetails.json", - "subtitle": "", - "provider": "Microsoft" -}, -{ - "workbookKey": "CiscoSEGWorkbook", - "logoFileName": "cisco-logo-72px.svg", - "description": "Sets the time name for analysis", - "dataTypesDependencies": [ - "CommonSecurityLog" - ], - "dataConnectorsDependencies": [ - "CiscoSEG" - ], - "previewImagesFileNames": [ - "CiscoSEGBlack.png", - "CiscoSEGWhite.png" - ], - "version": "1.0.0", - "title": "Cisco Secure Email Gateway", - "templateRelativePath": "CiscoSEG.json", - "subtitle": "", - "provider": "Cisco" -}, -{ - "workbookKey": "EatonForeseerHealthAndAccess", - "logoFileName": "Azure_Sentinel.svg", - "description": "This workbook gives an insight into the health of all the Windows VMs in this subscription running Eaton Foreseer and the unauthorized access into the Eaton Foreseer application running on these VMs.", - "dataTypesDependencies": [ - "SecurityEvent" - ], - "dataConnectorsDependencies": [], - "previewImagesFileNames": [ - "EatonForeseerHealthAndAccessBlack.png", - "EatonForeseerHealthAndAccessWhite.png" - ], - "version": "1.0.0", - "title": "EatonForeseerHealthAndAccess", - "templateRelativePath": "EatonForeseerHealthAndAccess.json", - "subtitle": "", - "provider": "Eaton" -}, -{ - "workbookKey": "PCIDSSComplianceWorkbook", - "logoFileName": "Azure_Sentinel.svg", - "description": "Choose your subscription and workspace in which PCI assets are deployed", - "dataTypesDependencies": [ - "AzureDaignostics", - "SecurityEvent", - "SecurityAlert", - "OracleDatabaseAuditEvent", - "Syslog", - "Anomalies" - ], - "dataConnectorsDependencies": [], - "previewImagesFileNames": [ - "PCIDSSComplianceBlack01.PNG", - "PCIDSSComplianceBlack02.PNG", - "PCIDSSComplianceWhite01.PNG", - "PCIDSSComplianceWhite02.PNG" - ], - "version": "1.0.0", - "title": "PCI DSS Compliance", - "templateRelativePath": "PCIDSSCompliance.json", - "subtitle": "", - "provider": "Microsoft" -}, -{ - "workbookKey": "SonraiSecurityWorkbook", - "logoFileName": "Sonrai.svg", - "description": "Sets the time name for analysis", - "dataTypesDependencies": [ - "Sonrai_Tickets_CL" - ], - "dataConnectorsDependencies": [ - "SonraiDataConnector" - ], - "previewImagesFileNames": [ - "SonraiWorkbookBlack.png", - "SonraiWorkbookWhite.png" - ], - "version": "1.0.0", - "title": "Sonrai", - "templateRelativePath": "Sonrai.json", - "subtitle": "", - "provider": "Sonrai" -}, -{ - "workbookKey": "CloudflareWorkbook", - "logoFileName": "cloudflare.svg", - "description": "Sets the time name for analysis", - "dataTypesDependencies": [ - "Cloudflare_CL" - ], - "dataConnectorsDependencies": [ - "CloudflareDataConnector" - ], - "previewImagesFileNames": [ - "CloudflareOverviewBlack01.png", - "CloudflareOverviewBlack02.png", - "CloudflareOverviewWhite01.png", - "CloudflareOverviewWhite02.png" - ], - "version": "1.0.0", - "title": "Cloudflare", - "templateRelativePath": "Cloudflare.json", - "subtitle": "", - "provider": "Cloudflare" -}, -{ - "workbookKey": "SemperisDSPWorkbook", - "logoFileName": "Semperis.svg", - "description": "Specify the time range on which to query the data", - "dataTypesDependencies": [ - "dsp_parser" - ], - "dataConnectorsDependencies": [ - "SemperisDSP" - ], - "previewImagesFileNames": [ - "SemperisDSPOverview1Black.png", - "SemperisDSPOverview1White.png", - "SemperisDSPOverview2Black.png", - "SemperisDSPOverview2White.png", - "SemperisDSPOverview3Black.png", - "SemperisDSPOverview3White.png" - ], - "version": "1.0.0", - "title": "Semperis Directory Services Protector", - "templateRelativePath": "SemperisDSPWorkbook.json", - "subtitle": "", - "provider": "Semperis" -}, -{ - "workbookKey": "BoxWorkbook", - "logoFileName": "box.svg", - "description": "Sets the time name for analysis", - "dataTypesDependencies": [ - "BoxEvents_CL" - ], - "dataConnectorsDependencies": [ - "BoxDataConnector" - ], - "previewImagesFileNames": [ - "BoxBlack1.png", - "BoxWhite1.png", - "BoxBlack2.png", - "BoxWhite2.png" - ], - "version": "1.0.0", - "title": "Box", - "templateRelativePath": "Box.json", - "subtitle": "", - "provider": "Box" -}, -{ - "workbookKey": "SymantecEndpointProtection", - "logoFileName": "symantec_logo.svg", - "description": "Sets the time name for analysis", - "dataTypesDependencies": [ - "SymantecEndpointProtection" - ], - "dataConnectorsDependencies": [ - "SymantecEndpointProtection" - ], - "previewImagesFileNames": [ - "SymantecEndpointProtectionBlack.png", - "SymantecEndpointProtectionWhite.png" - ], - "version": "1.0.0", - "title": "Symantec Endpoint Protection", - "templateRelativePath": "SymantecEndpointProtection.json", - "subtitle": "", - "provider": "Symantec" -}, -{ - "workbookKey": "DynamicThreatModeling&Response", - "logoFileName": "", - "description": "Sets the time name for analysis", - "dataTypesDependencies": [ - "SecurityAlert" - ], - "dataConnectorsDependencies": [], - "previewImagesFileNames": [ - "ThreatAnalysis&ResponseWhite1.png", - "ThreatAnalysis&ResponseWhite2.png" - ], - "version": "1.0.0", - "title": "Dynamic Threat Modeling Response", - "templateRelativePath": "DynamicThreatModeling&Response.json", - "subtitle": "", - "provider": "Microsoft" -}, -{ - "workbookKey": "ThreatAnalysis&Response", - "logoFileName": "", - "description": "The Defenders for IoT workbook provide guided investigations for OT entities based on open incidents, alert notifications, and activities for OT assets. They also provide a hunting experience across the MITRE ATT&CK® framework for ICS, and are designed to enable analysts, security engineers, and MSSPs to gain situational awareness of OT security posture.", - "dataTypesDependencies": [ - "SecurityAlert" - ], - "dataConnectorsDependencies": [], - "previewImagesFileNames": [ - "ThreatAnalysis&ResponseWhite.png" - ], - "version": "1.0.1", - "title": "Threat Analysis Response", - "templateRelativePath": "ThreatAnalysis&Response.json", - "subtitle": "", - "provider": "Microsoft" -}, -{ - "workbookKey": "TrendMicroCAS", - "logoFileName": "Trend_Micro_Logo.svg", - "description": "Sets the time name for analysis", - "dataTypesDependencies": [ - "TrendMicroCAS_CL" - ], - "dataConnectorsDependencies": [ - "TrendMicroCAS" - ], - "previewImagesFileNames": [ - "TrendMicroCASBlack.png", - "TrendMicroCASWhite.png" - ], - "version": "1.0.0", - "title": "TrendMicroCAS", - "templateRelativePath": "TrendMicroCAS.json", - "subtitle": "", - "provider": "TrendMicro" -}, -{ - "workbookKey": "GitHubSecurityWorkbook", - "logoFileName": "GitHub.svg", - "description": "Gain insights to GitHub activities that may be interesting for security.", - "dataTypesDependencies": [ - "GitHubAuditLogPolling_CL" - ], - "dataConnectorsDependencies": [ - "GitHubEcAuditLogPolling" - ], - "previewImagesFileNames": [], - "version": "1.0.0", - "title": "GithubWorkbook", - "templateRelativePath": "GitHubWorkbook.json", - "subtitle": "", - "provider": "Microsoft" -}, -{ - "workbookKey": "GCPDNSWorkbook", - "logoFileName": "google_logo.svg", - "description": "Sets the time name for analysis", - "dataTypesDependencies": [ - "GCPCloudDNS" - ], - "dataConnectorsDependencies": [ - "GCPDNSDataConnector" - ], - "previewImagesFileNames": [ - "GCPDNSBlack.png", - "GCPDNSWhite.png" - ], - "version": "1.0.0", - "title": "Google Cloud Platform DNS", - "templateRelativePath": "GCPDNS.json", - "subtitle": "", - "provider": "Microsoft" -}, -{ - "workbookKey": "AtlassianJiraAuditWorkbook", - "logoFileName": "", - "description": "Sets the time name for analysis", - "dataTypesDependencies": [ - "AtlassianJiraNativePoller_CL" - ], - "dataConnectorsDependencies": [ - "AtlassianJira" - ], - "previewImagesFileNames": [ - "AtlassianJiraAuditWhite.png", - "AtlassianJiraAuditBlack.png" - ], - "version": "1.0.0", - "title": "AtlassianJiraAudit", - "templateRelativePath": "AtlassianJiraAudit.json", - "subtitle": "", - "provider": "Atlassian" -}, -{ - "workbookKey": "DigitalGuardianWorkbook", - "logoFileName": "Azure_Sentinel.svg", - "description": "Sets the time name for analysis", - "dataTypesDependencies": [ - "DigitalGuardianDLPEvent" - ], - "dataConnectorsDependencies": [ - "DigitalGuardianDLP" - ], - "previewImagesFileNames": [ - "DigitalGuardianBlack.png", - "DigitalGuardianWhite.png" - ], - "version": "1.0.0", - "title": "DigitalGuardianDLP", - "templateRelativePath": "DigitalGuardian.json", - "subtitle": "", - "provider": "Digital Guardian" -}, -{ - "workbookKey": "CiscoDuoWorkbook", - "logoFileName": "cisco-logo-72px.svg", - "description": "Sets the time name for analysis", - "dataTypesDependencies": [ - "CiscoDuo_CL" - ], - "dataConnectorsDependencies": [ - "CiscoDuoSecurity" - ], - "previewImagesFileNames": [ - "CiscoDuoWhite.png", - "CiscoDuoBlack.png" - ], - "version": "1.0.0", - "title": "CiscoDuoSecurity", - "templateRelativePath": "CiscoDuo.json", - "subtitle": "", - "provider": "Cisco" -}, -{ - "workbookKey": "SlackAudit", - "logoFileName": "slacklogo.svg", - "description": "Sets the time name for analysis", - "dataTypesDependencies": [ - "SlackAudit_CL" - ], - "dataConnectorsDependencies": [ - "SlackAuditAPI" - ], - "previewImagesFileNames": [ - "SlackAuditApplicationActivityBlack1.png", - "SlackAuditApplicationActivityWhite1.png" - ], - "version": "1.0.0", - "title": "SlackAudit", - "templateRelativePath": "SlackAudit.json", - "subtitle": "", - "provider": "Slack" -}, -{ - "workbookKey": "CiscoWSAWorkbook", - "logoFileName": "cisco-logo-72px.svg", - "description": "Sets the time name for analysis", - "dataTypesDependencies": [ - "Syslog" - ], - "dataConnectorsDependencies": [ - "CiscoWSA" - ], - "previewImagesFileNames": [ - "CiscoWSAWhite.png", - "CiscoWSABlack.png" - ], - "version": "1.0.0", - "title": "CiscoWSA", - "templateRelativePath": "CiscoWSA.json", - "subtitle": "", - "provider": "Cisco" -}, -{ - "workbookKey": "GCP-IAM-Workbook", - "logoFileName": "google_logo.svg", - "description": "Sets the time name for analysis", - "dataTypesDependencies": [ - "GCP_IAM_CL" - ], - "dataConnectorsDependencies": [ - "GCPIAMDataConnector" - ], - "previewImagesFileNames": [ - "GCPIAMBlack01.png", - "GCPIAMBlack02.png", - "GCPIAMWhite01.png", - "GCPIAMWhite02.png" - ], - "version": "1.0.0", - "title": "Google Cloud Platform IAM", - "templateRelativePath": "GCP_IAM.json", - "subtitle": "", - "provider": "Google" -}, -{ - "workbookKey": "ImpervaWAFCloudWorkbook", - "logoFileName": "Imperva_DarkGrey_final_75x75.svg", - "description": "Sets the time name for analysis.", - "dataTypesDependencies": [ - "ImpervaWAFCloud_CL" - ], - "dataConnectorsDependencies": [ - "ImpervaWAFCloudAPI" - ], - "previewImagesFileNames": [ - "ImpervaWAFCloudBlack01.png", - "ImpervaWAFCloudBlack02.png", - "ImpervaWAFCloudWhite01.png", - "ImpervaWAFCloudWhite02.png" - ], - "version": "1.0.0", - "title": "Imperva WAF Cloud Overview", - "templateRelativePath": "Imperva WAF Cloud Overview.json", - "subtitle": "", - "provider": "Microsoft" -}, -{ - "workbookKey": "ZscalerZPAWorkbook", - "logoFileName": "ZscalerLogo.svg", - "description": "Select the time range for this Overview.", - "dataTypesDependencies": [ - "ZPA_CL" - ], - "dataConnectorsDependencies": [ - "ZscalerPrivateAccess" - ], - "previewImagesFileNames": [ - "ZscalerZPABlack.png", - "ZscalerZPAWhite.png" - ], - "version": "1.0.0", - "title": "Zscaler Private Access (ZPA)", - "templateRelativePath": "ZscalerZPA.json", - "subtitle": "", - "provider": "Zscaler" -}, -{ - "workbookKey": "GoogleWorkspaceWorkbook", - "logoFileName": "google_logo.svg", - "description": "Sets the time name for analysis", - "dataTypesDependencies": [ - "GWorkspace_ReportsAPI_admin_CL", - "GWorkspace_ReportsAPI_calendar_CL", - "GWorkspace_ReportsAPI_drive_CL", - "GWorkspace_ReportsAPI_login_CL", - "GWorkspace_ReportsAPI_login_CL", - "GWorkspace_ReportsAPI_mobile_CL" - ], - "dataConnectorsDependencies": [ - "GoogleWorkspaceReportsAPI" - ], - "previewImagesFileNames": [ - "GoogleWorkspaceBlack.png", - "GoogleWorkspaceWhite.png" - ], - "version": "1.0.0", - "title": "GoogleWorkspaceReports", - "templateRelativePath": "GoogleWorkspace.json", - "subtitle": "", - "provider": "Microsoft" -}, -{ - "workbookKey": "NCProtectWorkbook", - "logoFileName": "NCProtectIcon.svg", - "description": "Sets the time name for analysis", - "dataTypesDependencies": [ - "NCProtectUAL_CL" - ], - "dataConnectorsDependencies": [ - "NucleusCyberNCProtect" - ], - "previewImagesFileNames": [ - "", - "" - ], - "version": "1.0.0", - "title": "NucleusCyberProtect", - "templateRelativePath": "NucleusCyber_NCProtect_Workbook.json", - "subtitle": "", - "provider": "archTIS" -}, -{ - "workbookKey": "CiscoISEWorkbook", - "logoFileName": "cisco-logo-72px.svg", - "description": "Sets the time name for analysis", - "dataTypesDependencies": [ - "Syslog" - ], - "dataConnectorsDependencies": [ - "CiscoISE" - ], - "previewImagesFileNames": [], - "version": "1.0.0", - "title": "Cisco ISE", - "templateRelativePath": "CiscoISE.json", - "subtitle": "", - "provider": "Cisco" -}, -{ - "workbookKey": "IoTOTThreatMonitoringwithDefenderforIoTWorkbook", - "logoFileName": "", - "description": "The OT Threat Monitoring with Defender for IoT Workbook features OT filtering for Security Alerts, Incidents, Vulnerabilities and Asset Inventory. The workbook features a dynamic assessment of the MITRE ATT&CK for ICS matrix across your environment to analyze and respond to OT-based threats. This workbook is designed to enable SecOps Analysts, Security Engineers, and MSSPs to gain situational awareness for IT/OT security posture.", - "dataTypesDependencies": [ - "SecurityAlert", - "SecurityIncident" - ], - "dataConnectorsDependencies": [], - "previewImagesFileNames": [], - "version": "1.0.0", - "title": "Microsoft Defender for IoT", - "templateRelativePath": "IoTOTThreatMonitoringwithDefenderforIoT.json", - "subtitle": "", - "provider": "Microsoft" -}, -{ - "workbookKey": "ZeroTrust(TIC3.0)Workbook", - "logoFileName": "Azure_Sentinel.svg", - "description": "Sets the time name for analysis", - "dataTypesDependencies": [ - "SecurityRecommendation" - ], - "dataConnectorsDependencies": [], - "previewImagesFileNames": [ - "ZeroTrust(TIC3.0)Black1.PNG", - "ZeroTrust(TIC3.0)White1.PNG" - ], - "version": "1.0.0", - "title": "ZeroTrust(TIC3.0)", - "templateRelativePath": "ZeroTrustTIC3.json", - "subtitle": "", - "provider": "Microsoft" -}, -{ - "workbookKey": "InsiderRiskManagementWorkbook", - "logoFileName": "Azure_Sentinel.svg", - "description": "The Microsoft Insider Risk Management Workbook integrates telemetry from 25+ Microsoft security products to provide actionable insights into insider risk management. Reporting tools provide \u201cGo to Alert\u201d links to provide deeper integration between products and a simplified user experience for exploring alerts. ", - "dataTypesDependencies": [ - "SigninLogsSigninLogs", - "AuditLogs", - "AzureActivity", - "OfficeActivity", - "InformationProtectionLogs_CL", - "SecurityIncident" - ], - "dataConnectorsDependencies": [], - "previewImagesFileNames": [ - "InsiderRiskManagementBlack1.png" - ], - "version": "1.0.0", - "title": "Insider Risk Management", - "templateRelativePath": "InsiderRiskManagement.json", - "subtitle": "", - "provider": "Microsoft" -}, -{ - "workbookKey": "CybersecurityMaturityModelCertification(CMMC)2.0Workbook", - "logoFileName": "", - "description": "Sets the time name for analysis.", - "dataTypesDependencies": [ - "InformationProtectionLogs_CL", - "AuditLogs", - "SecurityIncident", - "SigninLogs", - "AzureActivity" - ], - "dataConnectorsDependencies": [], - "previewImagesFileNames": [], - "version": "1.0.0", - "title": "CybersecurityMaturityModelCertification(CMMC)2.0", - "templateRelativePath": "CybersecurityMaturityModelCertification_CMMCV2.json", - "subtitle": "", - "provider": "Microsoft" -}, -{ - "workbookKey": "NISTSP80053Workbook", - "logoFileName": "", - "description": "Sets the time name for analysis.", - "dataTypesDependencies": [ - "SigninLogs", - "AuditLogs", - "AzureActivity", - "OfficeActivity", - "SecurityEvents", - "CommonSecurityLog", - "SecurityIncident", - "SecurityRecommendation" - ], - "dataConnectorsDependencies": [ - "SecurityEvents" - ], - "previewImagesFileNames": [], - "version": "1.0.0", - "title": "NISTSP80053workbook", - "templateRelativePath": "NISTSP80053.json", - "subtitle": "", - "provider": "Microsoft" -}, -{ - "workbookKey": "DarktraceWorkbook", - "logoFileName": "Darktrace.svg", - "description": "The Darktrace Workbook visualises Model Breach and AI Analyst data received by the Darktrace Data Connector and visualises events across the network, SaaS, IaaS and Email.", - "dataTypesDependencies": [ - "darktrace_model_alerts_CL" - ], - "dataConnectorsDependencies": [ - "DarktraceRESTConnector" - ], - "previewImagesFileNames": [ - "DarktraceWorkbookBlack01.png", - "DarktraceWorkbookBlack02.png", - "DarktraceWorkbookWhite01.png", - "DarktraceWorkbookWhite02.png" - ], - "version": "1.0.1", - "title": "Darktrace", - "templateRelativePath": "DarktraceWorkbook.json", - "subtitle": "", - "provider": "Darktrace" -}, -{ - "workbookKey": "RecordedFutureDomainC2DNSWorkbook", - "logoFileName": "RecordedFuture.svg", - "description": "Sets the time name for DNS Events and Threat Intelligence Time Range", - "dataTypesDependencies": [ - "ThreatIntelligenceIndicator" - ], - "dataConnectorsDependencies": [], - "previewImagesFileNames": [], - "version": "1.0.0", - "title": "Recorded Future - C&C DNS Name to DNS Events - Correlation&Threat Hunting", - "templateRelativePath": "Recorded Future - C&C DNS Name to DNS Events - Correlation&Threat Hunting.json", - "subtitle": "", - "provider": "Recorded Future" -}, -{ - "workbookKey": "RecordedFutureIPActiveC2Workbook", - "logoFileName": "RecordedFuture.svg", - "description": "Sets the time name for DNS Events and Threat Intelligence Time Range", - "dataTypesDependencies": [ - "ThreatIntelligenceIndicator" - ], - "dataConnectorsDependencies": [], - "previewImagesFileNames": [], - "version": "1.0.0", - "title": "Recorded Future - Actively Communicating C&C IPs to DNS Events - Correlation&Threat Hunting", - "templateRelativePath": "Recorded Future - Actively Communicating C&C IPs to DNS Events - Correlation&Threat Hunting.json", - "subtitle": "", - "provider": "Recorded Future" -}, -{ - "workbookKey": "MaturityModelForEventLogManagement_M2131", - "logoFileName": "contrastsecurity_logo.svg", - "description": "Select the time range for this Overview.", - "dataTypesDependencies": [], - "dataConnectorsDependencies": [], - "previewImagesFileNames": [ - "MaturityModelForEventLogManagement_M2131Black.png" - ], - "version": "1.0.0", - "title": "MaturityModelForEventLogManagementM2131", - "templateRelativePath": "MaturityModelForEventLogManagement_M2131.json", - "subtitle": "", - "provider": "Microsoft" -}, -{ - "workbookKey": "AzureSQLSecurityWorkbook", - "logoFileName": "AzureSQL.svg", - "description": "Sets the time window in days to search around the alert", - "dataTypesDependencies": [ - "AzureDiagnostics", - "SecurityAlert", - "SecurityIncident" - ], - "dataConnectorsDependencies": [ - "AzureSql" - ], - "previewImagesFileNames": [], - "version": "1.0.0", - "title": "Azure SQL Database Workbook", - "templateRelativePath": "Workbook-AzureSQLSecurity.json", - "subtitle": "", - "provider": "Microsoft" -}, -{ - "workbookKey": "ContinuousDiagnostics&Mitigation", - "logoFileName": "", - "description": "Select the time range for this Overview.", - "dataTypesDependencies": [], - "dataConnectorsDependencies": [], - "previewImagesFileNames": [ - "ContinuousDiagnostics&MitigationBlack.png" - ], - "version": "1.0.0", - "title": "ContinuousDiagnostics&Mitigation", - "templateRelativePath": "ContinuousDiagnostics&Mitigation.json", - "subtitle": "", - "provider": "Microsoft" -}, -{ - "workbookKey": "UserWorkbook-alexdemichieli-github-update-1", - "logoFileName": "GitHub.svg", - "description": "Repository selector.", - "dataTypesDependencies": [ - "githubscanaudit_CL" - ], - "dataConnectorsDependencies": [ - "GitHubWebhook" - ], - "previewImagesFileNames": [], - "version": "1.0.0", - "title": "GithubWorkbook-update-to-workbook-1", - "templateRelativePath": "update-to-workbook-1.json", - "subtitle": "", - "provider": "Microsoft" -}, -{ - "workbookKey": "AtlasianJiraAuditWorkbook", + { + "workbookKey": "42CrunchAPIProtectionWorkbook", + "logoFileName": "42CrunchLogo.svg", + "description": "Monitor and protect APIs using the 42Crunch API microfirewall", + "dataTypesDependencies": [ + "apifirewall_log_1_CL" + ], + "dataConnectorsDependencies": [ + "42CrunchAPIProtection" + ], + "previewImagesFileNames": [ + "42CrunchInstancesBlack.png", + "42CrunchInstancesWhite.png", + "42CrunchRequestsBlack.png", + "42CrunchRequestsWhite.png", + "42CrunchStatusBlack.png", + "42CrunchStatusWhite.png" + ], + "version": "1.0.0", + "title": "42Crunch API Protection Workbook", + "templateRelativePath": "42CrunchAPIProtectionWorkbook.json", + "subtitle": "", + "provider": "42Crunch" + }, + { + "workbookKey": "ForcepointNGFWAdvanced", + "logoFileName": "FPAdvLogo.svg", + "description": "Gain threat intelligence correlated security and application insights on Forcepoint NGFW (Next Generation Firewall). Monitor Forcepoint logging servers health.", + "dataTypesDependencies": [ + "CommonSecurityLog", + "ThreatIntelligenceIndicator" + ], + "dataConnectorsDependencies": [ + "ForcepointNgfw", + "ThreatIntelligence" + ], + "previewImagesFileNames": [ + "ForcepointNGFWAdvancedWhite.png", + "ForcepointNGFWAdvancedBlack.png" + ], + "version": "1.0.0", + "title": "Forcepoint Next Generation Firewall (NGFW) Advanced Workbook", + "templateRelativePath": "ForcepointNGFWAdvanced.json", + "subtitle": "", + "provider": "Forcepoint" + }, + { + "workbookKey": "AzureActivityWorkbook", + "logoFileName": "azureactivity_logo.svg", + "description": "Gain extensive insight into your organization's Azure Activity by analyzing, and correlating all user operations and events.\nYou can learn about all user operations, trends, and anomalous changes over time.\nThis workbook gives you the ability to drill down into caller activities and summarize detected failure and warning events.", + "dataTypesDependencies": [ + "AzureActivity" + ], + "dataConnectorsDependencies": [ + "AzureActivity" + ], + "previewImagesFileNames": [ + "AzureActivityWhite1.png", + "AzureActivityBlack1.png" + ], + "version": "2.0.0", + "title": "Azure Activity", + "templateRelativePath": "AzureActivity.json", + "subtitle": "", + "provider": "Microsoft" + }, + { + "workbookKey": "IdentityAndAccessWorkbook", + "logoFileName": "Microsoft_logo.svg", + "description": "Gain insights into Identity and access operations by collecting and analyzing security logs, using the audit and sign-in logs to gather insights into use of Microsoft products.\nYou can view anomalies and trends across login events from all users and machines. This workbook also identifies suspicious entities from login and access events.", + "dataTypesDependencies": [ + "SecurityEvent" + ], + "dataConnectorsDependencies": [ + "SecurityEvents", + "WindowsSecurityEvents" + ], + "previewImagesFileNames": [ + "IdentityAndAccessWhite.png", + "IdentityAndAccessBlack.png" + ], + "version": "1.1.0", + "title": "Identity & Access", + "templateRelativePath": "IdentityAndAccess.json", + "subtitle": "", + "provider": "Microsoft" + }, + { + "workbookKey": "CheckPointWorkbook", + "logoFileName": "checkpoint_logo.svg", + "description": "Gain insights into Check Point network activities, including number of gateways and servers, security incidents, and identify infected hosts.", + "dataTypesDependencies": [ + "CommonSecurityLog" + ], + "dataConnectorsDependencies": [ + "CheckPoint" + ], + "previewImagesFileNames": [ + "CheckPointWhite.png", + "CheckPointBlack.png" + ], + "version": "1.0.0", + "title": "Check Point Software Technologies", + "templateRelativePath": "CheckPoint.json", + "subtitle": "", + "provider": "Check Point" + }, + { + "workbookKey": "CiscoWorkbook", + "logoFileName": "cisco_logo.svg", + "description": "Gain insights into your Cisco ASA firewalls by analyzing traffic, events, and firewall operations.\nThis workbook analyzes Cisco ASA threat events and identifies suspicious ports, users, protocols and IP addresses.\nYou can learn about trends across user and data traffic directions, and drill down into the Cisco filter results.\nEasily detect attacks on your organization by monitoring management operations, such as configuration and logins.", + "dataTypesDependencies": [ + "CommonSecurityLog" + ], + "dataConnectorsDependencies": [ + "CiscoASA" + ], + "previewImagesFileNames": [ + "CiscoWhite.png", + "CiscoBlack.png" + ], + "version": "1.1.0", + "title": "Cisco - ASA", + "templateRelativePath": "Cisco.json", + "subtitle": "", + "provider": "Microsoft" + }, + { + "workbookKey": "ExchangeOnlineWorkbook", + "logoFileName": "office365_logo.svg", + "description": "Gain insights into Microsoft Exchange online by tracing and analyzing all Exchange operations and user activities.\nThis workbook let you monitor user activities, including logins, account operations, permission changes, and mailbox creations to discover suspicious trends among them.", + "dataTypesDependencies": [ + "OfficeActivity" + ], + "dataConnectorsDependencies": [ + "Office365" + ], + "previewImagesFileNames": [ + "ExchangeOnlineWhite.png", + "ExchangeOnlineBlack.png" + ], + "version": "2.0.0", + "title": "Exchange Online", + "templateRelativePath": "ExchangeOnline.json", + "subtitle": "", + "provider": "Microsoft" + }, + { + "workbookKey": "PaloAltoOverviewWorkbook", + "logoFileName": "paloalto_logo.svg", + "description": "Gain insights and comprehensive monitoring into Palo Alto firewalls by analyzing traffic and activities.\nThis workbook correlates all Palo Alto data with threat events to identify suspicious entities and relationships.\nYou can learn about trends across user and data traffic, and drill down into Palo Alto Wildfire and filter results.", + "dataTypesDependencies": [ + "CommonSecurityLog" + ], + "dataConnectorsDependencies": [ + "PaloAltoNetworks" + ], + "previewImagesFileNames": [ + "PaloAltoOverviewWhite1.png", + "PaloAltoOverviewBlack1.png", + "PaloAltoOverviewWhite2.png", + "PaloAltoOverviewBlack2.png", + "PaloAltoOverviewWhite3.png", + "PaloAltoOverviewBlack3.png" + ], + "version": "1.2.0", + "title": "Palo Alto overview", + "templateRelativePath": "PaloAltoOverview.json", + "subtitle": "", + "provider": "Microsoft" + }, + { + "workbookKey": "PaloAltoNetworkThreatWorkbook", + "logoFileName": "paloalto_logo.svg", + "description": "Gain insights into Palo Alto network activities by analyzing threat events.\nYou can extract meaningful security information by correlating data between threats, applications, and time.\nThis workbook makes it easy to track malware, vulnerability, and virus log events.", + "dataTypesDependencies": [ + "CommonSecurityLog" + ], + "dataConnectorsDependencies": [ + "PaloAltoNetworks" + ], + "previewImagesFileNames": [ + "PaloAltoNetworkThreatWhite1.png", + "PaloAltoNetworkThreatBlack1.png", + "PaloAltoNetworkThreatWhite2.png", + "PaloAltoNetworkThreatBlack2.png" + ], + "version": "1.1.0", + "title": "Palo Alto Network Threat", + "templateRelativePath": "PaloAltoNetworkThreat.json", + "subtitle": "", + "provider": "Palo Alto Networks" + }, + { + "workbookKey": "EsetSMCWorkbook", + "logoFileName": "eset-logo.svg", + "description": "Visualize events and threats from Eset Security Management Center.", + "dataTypesDependencies": [ + "eset_CL" + ], + "dataConnectorsDependencies": [ + "EsetSMC" + ], + "previewImagesFileNames": [ + "esetSMCWorkbook-black.png", + "esetSMCWorkbook-white.png" + ], + "version": "1.0.0", + "title": "Eset Security Management Center Overview", + "templateRelativePath": "esetSMCWorkbook.json", + "subtitle": "", + "provider": "Community" + }, + { + "workbookKey": "FortigateWorkbook", + "logoFileName": "fortinet_logo.svg", + "description": "Gain insights into Fortigate firewalls by analyzing traffic and activities.\nThis workbook finds correlations in Fortigate threat events and identifies suspicious ports, users, protocols and IP addresses.\nYou can learn about trends across user and data traffic, and drill down into the Fortigate filter results.\nEasily detect attacks on your organization by monitoring management operations such as configuration and logins.", + "dataTypesDependencies": [ + "CommonSecurityLog" + ], + "dataConnectorsDependencies": [ + "Fortinet" + ], + "previewImagesFileNames": [ + "FortigateWhite.png", + "FortigateBlack.png" + ], + "version": "1.1.0", + "title": "FortiGate", + "templateRelativePath": "Fortigate.json", + "subtitle": "", + "provider": "Microsoft" + }, + { + "workbookKey": "DnsWorkbook", + "logoFileName": "dns_logo.svg", + "description": "Gain extensive insight into your organization's DNS by analyzing, collecting and correlating all DNS events.\nThis workbook exposes a variety of information about suspicious queries, malicious IP addresses and domain operations.", + "dataTypesDependencies": [ + "DnsInventory", + "DnsEvents" + ], + "dataConnectorsDependencies": [ + "DNS" + ], + "previewImagesFileNames": [ + "DnsWhite.png", + "DnsBlack.png" + ], + "version": "1.3.0", + "title": "DNS", + "templateRelativePath": "Dns.json", + "subtitle": "", + "provider": "Microsoft" + }, + { + "workbookKey": "Office365Workbook", + "logoFileName": "office365_logo.svg", + "description": "Gain insights into Office 365 by tracing and analyzing all operations and activities. You can drill down into your SharePoint, OneDrive, and Exchange.\nThis workbook lets you find usage trends across users, files, folders, and mailboxes, making it easier to identify anomalies in your network.", + "dataTypesDependencies": [ + "OfficeActivity" + ], + "dataConnectorsDependencies": [ + "Office365" + ], + "previewImagesFileNames": [ + "Office365White1.png", + "Office365Black1.png", + "Office365White2.png", + "Office365Black2.png", + "Office365White3.png", + "Office365Black3.png" + ], + "version": "2.0.1", + "title": "Office 365", + "templateRelativePath": "Office365.json", + "subtitle": "", + "provider": "Microsoft" + }, + { + "workbookKey": "SharePointAndOneDriveWorkbook", + "logoFileName": "office365_logo.svg", + "description": "Gain insights into SharePoint and OneDrive by tracing and analyzing all operations and activities.\nYou can view trends across user operation, find correlations between users and files, and identify interesting information such as user IP addresses.", + "dataTypesDependencies": [ + "OfficeActivity" + ], + "dataConnectorsDependencies": [ + "Office365" + ], + "previewImagesFileNames": [ + "SharePointAndOneDriveBlack1.png", + "SharePointAndOneDriveBlack2.png", + "SharePointAndOneDriveWhite1.png", + "SharePointAndOneDriveWhite2.png" + ], + "version": "2.0.0", + "title": "SharePoint & OneDrive", + "templateRelativePath": "SharePointAndOneDrive.json", + "subtitle": "", + "provider": "Microsoft" + }, + { + "workbookKey": "AzureActiveDirectorySigninLogsWorkbook", + "logoFileName": "azureactivedirectory_logo.svg", + "description": "Gain insights into Azure Active Directory by connecting Microsoft Sentinel and using the sign-in logs to gather insights around Azure AD scenarios. \nYou can learn about sign-in operations, such as user sign-ins and locations, email addresses, and IP addresses of your users, as well as failed activities and the errors that triggered the failures.", + "dataTypesDependencies": [ + "SigninLogs" + ], + "dataConnectorsDependencies": [ + "AzureActiveDirectory" + ], + "previewImagesFileNames": [ + "AADsigninBlack1.png", + "AADsigninBlack2.png", + "AADsigninWhite1.png", + "AADsigninWhite2.png" + ], + "version": "2.4.0", + "title": "Azure AD Sign-in logs", + "templateRelativePath": "AzureActiveDirectorySignins.json", + "subtitle": "", + "provider": "Microsoft" + }, + { + "workbookKey": "VirtualMachinesInsightsWorkbook", + "logoFileName": "azurevirtualmachine_logo.svg", + "description": "Gain rich insight into your organization's virtual machines from Azure Monitor, which analyzes and correlates data in your VM network. \nYou will get visibility on your VM parameters and behavior, and will be able to trace sent and received data. \nIdentify malicious attackers and their targets, and drill down into the protocols, source and destination IP addresses, countries, and ports the attacks occur across.", + "dataTypesDependencies": [ + "VMConnection", + "ServiceMapComputer_CL", + "ServiceMapProcess_CL" + ], + "dataConnectorsDependencies": [], + "previewImagesFileNames": [ + "VMInsightBlack1.png", + "VMInsightWhite1.png" + ], + "version": "1.3.0", + "title": "VM insights", + "templateRelativePath": "VirtualMachinesInsights.json", + "subtitle": "", + "provider": "Microsoft" + }, + { + "workbookKey": "AzureActiveDirectoryAuditLogsWorkbook", + "logoFileName": "azureactivedirectory_logo.svg", + "description": "Gain insights into Azure Active Directory by connecting Microsoft Sentinel and using the audit logs to gather insights around Azure AD scenarios. \nYou can learn about user operations, including password and group management, device activities, and top active users and apps.", + "dataTypesDependencies": [ + "AuditLogs" + ], + "dataConnectorsDependencies": [ + "AzureActiveDirectory" + ], + "previewImagesFileNames": [ + "AzureADAuditLogsBlack1.png", + "AzureADAuditLogsWhite1.png" + ], + "version": "1.2.0", + "title": "Azure AD Audit logs", + "templateRelativePath": "AzureActiveDirectoryAuditLogs.json", + "subtitle": "", + "provider": "Microsoft" + }, + { + "workbookKey": "ThreatIntelligenceWorkbook", + "logoFileName": "", + "description": "Gain insights into threat indicators ingestion and search for indicators at scale across Microsoft 1st Party, 3rd Party, On-Premises, Hybrid, and Multi-Cloud Workloads. Indicators Search facilitates a simple interface for finding IP, File, Hash, Sender and more across your data. Seamless pivots to correlate indicators with Microsoft Sentinel: Incidents to make your threat intelligence actionable.", + "dataTypesDependencies": [ + "ThreatIntelligenceIndicator", + "SecurityIncident" + ], + "dataConnectorsDependencies": [ + "ThreatIntelligence", + "ThreatIntelligenceTaxii" + ], + "previewImagesFileNames": [ + "ThreatIntelligenceWhite.png", + "ThreatIntelligenceBlack.png" + ], + "version": "5.0.0", + "title": "Threat Intelligence", + "templateRelativePath": "ThreatIntelligence.json", + "subtitle": "", + "provider": "Microsoft" + }, + { + "workbookKey": "WebApplicationFirewallOverviewWorkbook", + "logoFileName": "waf_logo.svg", + "description": "Gain insights into your organization's Azure web application firewall (WAF). You will get a general overview of your application gateway firewall and application gateway access events.", + "dataTypesDependencies": [ + "AzureDiagnostics" + ], + "dataConnectorsDependencies": [ + "WAF" + ], + "previewImagesFileNames": [ + "WAFOverviewBlack.png", + "WAFOverviewWhite.png" + ], + "version": "1.1.0", + "title": "Microsoft Web Application Firewall (WAF) - overview", + "templateRelativePath": "WebApplicationFirewallOverview.json", + "subtitle": "", + "provider": "Microsoft" + }, + { + "workbookKey": "WebApplicationFirewallFirewallEventsWorkbook", + "logoFileName": "waf_logo.svg", + "description": "Gain insights into your organization's Azure web application firewall (WAF). You will get visibility in to your application gateway firewall. You can view anomalies and trends across all firewall event triggers, attack events, blocked URL addresses and more.", + "dataTypesDependencies": [ + "AzureDiagnostics" + ], + "dataConnectorsDependencies": [ + "WAF" + ], + "previewImagesFileNames": [ + "WAFFirewallEventsBlack1.png", + "WAFFirewallEventsBlack2.png", + "WAFFirewallEventsWhite1.png", + "WAFFirewallEventsWhite2.png" + ], + "version": "1.1.0", + "title": "Microsoft Web Application Firewall (WAF) - firewall events", + "templateRelativePath": "WebApplicationFirewallFirewallEvents.json", + "subtitle": "", + "provider": "Microsoft" + }, + { + "workbookKey": "WebApplicationFirewallGatewayAccessEventsWorkbook", + "logoFileName": "waf_logo.svg", + "description": "Gain insights into your organization's Azure web application firewall (WAF). You will get visibility in to your application gateway access events. You can view anomalies and trends across received and sent data, client IP addresses, URL addresses and more, and drill down into details.", + "dataTypesDependencies": [ + "AzureDiagnostics" + ], + "dataConnectorsDependencies": [ + "WAF" + ], + "previewImagesFileNames": [ + "WAFGatewayAccessEventsBlack1.png", + "WAFGatewayAccessEventsBlack2.png", + "WAFGatewayAccessEventsWhite1.png", + "WAFGatewayAccessEventsWhite2.png" + ], + "version": "1.2.0", + "title": "Microsoft Web Application Firewall (WAF) - gateway access events", + "templateRelativePath": "WebApplicationFirewallGatewayAccessEvents.json", + "subtitle": "", + "provider": "Microsoft" + }, + { + "workbookKey": "LinuxMachinesWorkbook", + "logoFileName": "azurevirtualmachine_logo.svg", + "description": "Gain insights into your workspaces' Linux machines by connecting Microsoft Sentinel and using the logs to gather insights around Linux events and errors.", + "dataTypesDependencies": [ + "Syslog" + ], + "dataConnectorsDependencies": [ + "Syslog" + ], + "previewImagesFileNames": [ + "LinuxMachinesWhite.png", + "LinuxMachinesBlack.png" + ], + "version": "1.1.0", + "title": "Linux machines", + "templateRelativePath": "LinuxMachines.json", + "subtitle": "", + "provider": "Microsoft" + }, + { + "workbookKey": "AzureFirewallWorkbook", + "logoFileName": "AzFirewalls.svg", + "description": "Gain insights into Azure Firewall events. You can learn about your application and network rules, see metrics for firewall activities across URLs, ports, and addresses across multiple workspaces.", + "dataTypesDependencies": [ + "AzureDiagnostics" + ], + "dataConnectorsDependencies": [ + "AzureFirewall" + ], + "previewImagesFileNames": [ + "AzureFirewallWorkbookWhite1.PNG", + "AzureFirewallWorkbookBlack1.PNG", + "AzureFirewallWorkbookWhite2.PNG", + "AzureFirewallWorkbookBlack2.PNG", + "AzureFirewallWorkbookWhite3.PNG", + "AzureFirewallWorkbookBlack3.PNG", + "AzureFirewallWorkbookWhite4.PNG", + "AzureFirewallWorkbookBlack4.PNG", + "AzureFirewallWorkbookWhite5.PNG", + "AzureFirewallWorkbookBlack5.PNG" + ], + "version": "1.3.0", + "title": "Azure Firewall", + "templateRelativePath": "AzureFirewallWorkbook.json", + "subtitle": "", + "provider": "Microsoft" + }, + { + "workbookKey": "AzureFirewallWorkbook-StructuredLogs", + "logoFileName": "AzFirewalls.svg", + "description": "Gain insights into Azure Firewall events using the new Structured Logs for Azure Firewall. You can learn about your application and network rules, see metrics for firewall activities across URLs, ports, and addresses across multiple workspaces.", + "dataTypesDependencies": [ + "AZFWNetworkRule", + "AZFWApplicationRule", + "AZFWDnsQuery", + "AZFWThreatIntel" + ], + "dataConnectorsDependencies": [ + "AzureFirewall" + ], + "previewImagesFileNames": [ + "AzureFirewallWorkbookWhite1.PNG", + "AzureFirewallWorkbookBlack1.PNG", + "AzureFirewallWorkbookWhite2.PNG", + "AzureFirewallWorkbookBlack2.PNG", + "AzureFirewallWorkbookWhite3.PNG", + "AzureFirewallWorkbookBlack3.PNG", + "AzureFirewallWorkbookWhite4.PNG", + "AzureFirewallWorkbookBlack4.PNG", + "AzureFirewallWorkbookWhite5.PNG", + "AzureFirewallWorkbookBlack5.PNG" + ], + "version": "1.0.0", + "title": "Azure Firewall Structured Logs", + "templateRelativePath": "AzureFirewallWorkbook-StructuredLogs.json", + "subtitle": "", + "provider": "Microsoft" + }, + { + "workbookKey": "AzureDDoSStandardProtection", + "logoFileName": "AzDDoS.svg", + "description": "This workbook visualizes security-relevant Azure DDoS events across several filterable panels. Offering a summary tab, metrics and a investigate tabs across multiple workspaces.", + "dataTypesDependencies": [ + "AzureDiagnostics" + ], + "dataConnectorsDependencies": [ + "DDOS" + ], + "previewImagesFileNames": [ + "AzureDDoSWhite1.PNG", + "AzureDDoSBlack1.PNG", + "AzureDDoSWhite2.PNG", + "AzureDDoSBlack2.PNG", + "AzureDDoSWhite2.PNG", + "AzureDDoSBlack2.PNG" + ], + "version": "1.0.2", + "title": "Azure DDoS Protection Workbook", + "templateRelativePath": "AzDDoSStandardWorkbook.json", + "subtitle": "", + "provider": "Microsoft" + }, + { + "workbookKey": "MicrosoftCloudAppSecurityWorkbook", + "logoFileName": "Microsoft_logo.svg", + "description": "Using this workbook, you can identify which cloud apps are being used in your organization, gain insights from usage trends and drill down to a specific user and application.", + "dataTypesDependencies": [ + "McasShadowItReporting" + ], + "dataConnectorsDependencies": [ + "MicrosoftCloudAppSecurity" + ], + "previewImagesFileNames": [ + "McasDiscoveryBlack.png", + "McasDiscoveryWhite.png" + ], + "version": "1.2.0", + "title": "Microsoft Cloud App Security - discovery logs", + "templateRelativePath": "MicrosoftCloudAppSecurity.json", + "subtitle": "", + "provider": "Microsoft" + }, + { + "workbookKey": "F5BIGIPSytemMetricsWorkbook", + "logoFileName": "f5_logo.svg", + "description": "Gain insight into F5 BIG-IP health and performance. This workbook provides visibility of various metrics including CPU, memory, connectivity, throughput and disk utilization.", + "dataTypesDependencies": [ + "F5Telemetry_system_CL", + "F5Telemetry_AVR_CL" + ], + "dataConnectorsDependencies": [ + "F5BigIp" + ], + "previewImagesFileNames": [ + "F5SMBlack.png", + "F5SMWhite.png" + ], + "version": "1.1.0", + "title": "F5 BIG-IP System Metrics", + "templateRelativePath": "F5BIGIPSystemMetrics.json", + "subtitle": "", + "provider": "F5 Networks" + }, + { + "workbookKey": "F5NetworksWorkbook", + "logoFileName": "f5_logo.svg", + "description": "Gain insights into F5 BIG-IP Application Security Manager (ASM), by analyzing traffic and activities.\nThis workbook provides insight into F5's web application firewall events and identifies attack traffic patterns across multiple ASM instances as well as overall BIG-IP health.", + "dataTypesDependencies": [ + "F5Telemetry_LTM_CL", + "F5Telemetry_system_CL", + "F5Telemetry_ASM_CL" + ], + "dataConnectorsDependencies": [ + "F5BigIp" + ], + "previewImagesFileNames": [ + "F5White.png", + "F5Black.png" + ], + "version": "1.1.0", + "title": "F5 BIG-IP ASM", + "templateRelativePath": "F5Networks.json", + "subtitle": "", + "provider": "F5 Networks" + }, + { + "workbookKey": "AzureNetworkWatcherWorkbook", + "logoFileName": "networkwatcher_logo.svg", + "description": "Gain deeper understanding of your organization's Azure network traffic by analyzing, and correlating Network Security Group flow logs. \nYou can trace malicious traffic flows, and drill down into their protocols, source and destination IP addresses, machines, countries, and subnets. \nThis workbook also helps you protect your network by identifying weak NSG rules.", + "dataTypesDependencies": [ + "AzureNetworkAnalytics_CL" + ], + "dataConnectorsDependencies": [], + "previewImagesFileNames": [ + "AzureNetworkWatcherWhite.png", + "AzureNetworkWatcherBlack.png" + ], + "version": "1.1.0", + "title": "Azure Network Watcher", + "templateRelativePath": "AzureNetworkWatcher.json", + "subtitle": "", + "provider": "Microsoft" + }, + { + "workbookKey": "ZscalerFirewallWorkbook", + "logoFileName": "zscaler_logo.svg", + "description": "Gain insights into your ZIA cloud firewall logs by connecting to Microsoft Sentinel.\nThe Zscaler firewall overview workbook provides an overview and ability to drill down into all cloud firewall activity in your Zscaler instance including non-web related networking events, security events, firewall rules, and bandwidth consumption", + "dataTypesDependencies": [ + "CommonSecurityLog" + ], + "dataConnectorsDependencies": [ + "Zscaler" + ], + "previewImagesFileNames": [ + "ZscalerFirewallWhite1.png", + "ZscalerFirewallBlack1.png", + "ZscalerFirewallWhite2.png", + "ZscalerFirewallBlack2.png" + ], + "version": "1.1.0", + "title": "Zscaler Firewall", + "templateRelativePath": "ZscalerFirewall.json", + "subtitle": "", + "provider": "Zscaler" + }, + { + "workbookKey": "ZscalerWebOverviewWorkbook", + "logoFileName": "zscaler_logo.svg", + "description": "Gain insights into your ZIA web logs by connecting to Microsoft Sentinel.\nThe Zscaler web overview workbook provides a bird's eye view and ability to drill down into all the security and networking events related to web transactions, types of devices, and bandwidth consumption.", + "dataTypesDependencies": [ + "CommonSecurityLog" + ], + "dataConnectorsDependencies": [ + "Zscaler" + ], + "previewImagesFileNames": [ + "ZscalerWebOverviewWhite.png", + "ZscalerWebOverviewBlack.png" + ], + "version": "1.1.0", + "title": "Zscaler Web Overview", + "templateRelativePath": "ZscalerWebOverview.json", + "subtitle": "", + "provider": "Zscaler" + }, + { + "workbookKey": "ZscalerThreatsOverviewWorkbook", + "logoFileName": "zscaler_logo.svg", + "description": "Gain insights into threats blocked by Zscaler Internet access on your network.\nThe Zscaler threat overview workbook shows your entire threat landscape including blocked malware, IPS/AV rules, and blocked cloud apps. Threats are displayed by threat categories, filetypes, inbound vs outbound threats, usernames, user location, and more.", + "dataTypesDependencies": [ + "CommonSecurityLog" + ], + "dataConnectorsDependencies": [ + "Zscaler" + ], + "previewImagesFileNames": [ + "ZscalerThreatsWhite.png", + "ZscalerThreatsBlack.png" + ], + "version": "1.2.0", + "title": "Zscaler Threats", + "templateRelativePath": "ZscalerThreats.json", + "subtitle": "", + "provider": "Zscaler" + }, + { + "workbookKey": "ZscalerOffice365AppsWorkbook", + "logoFileName": "zscaler_logo.svg", + "description": "Gain insights into Office 365 use on your network.\nThe Zscaler Office 365 overview workbook shows you the Microsoft apps running on your network and their individual bandwidth consumption. It also helps identify phishing attempts in which attackers disguised themselves as Microsoft services.", + "dataTypesDependencies": [ + "CommonSecurityLog" + ], + "dataConnectorsDependencies": [ + "Zscaler" + ], + "previewImagesFileNames": [ + "ZscalerOffice365White.png", + "ZscalerOffice365Black.png" + ], + "version": "1.1.0", + "title": "Zscaler Office365 Apps", + "templateRelativePath": "ZscalerOffice365Apps.json", + "subtitle": "", + "provider": "Zscaler" + }, + { + "workbookKey": "InsecureProtocolsWorkbook", + "logoFileName": "Microsoft_logo.svg", + "description": "Gain insights into insecure protocol traffic by collecting and analyzing security events from Microsoft products.\nYou can view analytics and quickly identify use of weak authentication as well as sources of legacy protocol traffic, like NTLM and SMBv1.\nYou will also have the ability to monitor use of weak ciphers, allowing you to find weak spots in your organization's security.", + "dataTypesDependencies": [ + "SecurityEvent", + "Event", + "SigninLogs" + ], + "dataConnectorsDependencies": [ + "SecurityEvents", + "AzureActiveDirectory", + "WindowsSecurityEvents" + ], + "previewImagesFileNames": [ + "InsecureProtocolsWhite1.png", + "InsecureProtocolsBlack1.png", + "InsecureProtocolsWhite2.png", + "InsecureProtocolsBlack2.png" + ], + "version": "2.1.0", + "title": "Insecure Protocols", + "templateRelativePath": "InsecureProtocols.json", + "subtitle": "", + "provider": "Microsoft" + }, + { + "workbookKey": "AmazonWebServicesNetworkActivitiesWorkbook", + "logoFileName": "amazon_web_services_Logo.svg", + "description": "Gain insights into AWS network related resource activities, including the creation, update, and deletions of security groups, network ACLs and routes, gateways, elastic load balancers, VPCs, subnets, and network interfaces.", + "dataTypesDependencies": [ + "AWSCloudTrail" + ], + "dataConnectorsDependencies": [ + "AWS" + ], + "previewImagesFileNames": [ + "AwsNetworkActivitiesWhite.png", + "AwsNetworkActivitiesBlack.png" + ], + "version": "1.0.0", + "title": "AWS Network Activities", + "templateRelativePath": "AmazonWebServicesNetworkActivities.json", + "subtitle": "", + "provider": "Microsoft" + }, + { + "workbookKey": "AmazonWebServicesUserActivitiesWorkbook", + "logoFileName": "amazon_web_services_Logo.svg", + "description": "Gain insights into AWS user activities, including failed sign-in attempts, IP addresses, regions, user agents, and identity types, as well as potential malicious user activities with assumed roles.", + "dataTypesDependencies": [ + "AWSCloudTrail" + ], + "dataConnectorsDependencies": [ + "AWS" + ], + "previewImagesFileNames": [ + "AwsUserActivitiesWhite.png", + "AwsUserActivitiesBlack.png" + ], + "version": "1.0.0", + "title": "AWS User Activities", + "templateRelativePath": "AmazonWebServicesUserActivities.json", + "subtitle": "", + "provider": "Microsoft" + }, + { + "workbookKey": "TrendMicroDeepSecurityAttackActivityWorkbook", + "logoFileName": "trendmicro_logo.svg", + "description": "Visualize and gain insights into the MITRE ATT&CK related activity detected by Trend Micro Deep Security.", + "dataTypesDependencies": [ + "CommonSecurityLog" + ], + "dataConnectorsDependencies": [ + "TrendMicro" + ], + "previewImagesFileNames": [ + "TrendMicroDeepSecurityAttackActivityWhite.png", + "TrendMicroDeepSecurityAttackActivityBlack.png" + ], + "version": "1.0.0", + "title": "Trend Micro Deep Security ATT&CK Related Activity", + "templateRelativePath": "TrendMicroDeepSecurityAttackActivity.json", + "subtitle": "", + "provider": "Trend Micro" + }, + { + "workbookKey": "TrendMicroDeepSecurityOverviewWorkbook", + "logoFileName": "trendmicro_logo.svg", + "description": "Gain insights into your Trend Micro Deep Security security event data by visualizing your Deep Security Anti-Malware, Firewall, Integrity Monitoring, Intrusion Prevention, Log Inspection, and Web Reputation event data.", + "dataTypesDependencies": [ + "CommonSecurityLog" + ], + "dataConnectorsDependencies": [ + "TrendMicro" + ], + "previewImagesFileNames": [ + "TrendMicroDeepSecurityOverviewWhite1.png", + "TrendMicroDeepSecurityOverviewBlack1.png", + "TrendMicroDeepSecurityOverviewWhite2.png", + "TrendMicroDeepSecurityOverviewBlack2.png" + ], + "version": "1.0.0", + "title": "Trend Micro Deep Security Events", + "templateRelativePath": "TrendMicroDeepSecurityOverview.json", + "subtitle": "", + "provider": "Trend Micro" + }, + { + "workbookKey": "ExtraHopDetectionSummaryWorkbook", + "logoFileName": "extrahop_logo.svg", + "description": "Gain insights into ExtraHop Reveal(x) detections by analyzing traffic and activities.\nThis workbook provides an overview of security detections in your organization's network, including high-risk detections and top participants.", + "dataTypesDependencies": [ + "CommonSecurityLog" + ], + "dataConnectorsDependencies": [ + "ExtraHopNetworks" + ], + "previewImagesFileNames": [ + "ExtrahopWhite.png", + "ExtrahopBlack.png" + ], + "version": "1.0.0", + "title": "ExtraHop", + "templateRelativePath": "ExtraHopDetectionSummary.json", + "subtitle": "", + "provider": "ExtraHop Networks" + }, + { + "workbookKey": "BarracudaCloudFirewallWorkbook", + "logoFileName": "barracuda_logo.svg", + "description": "Gain insights into your Barracuda CloudGen Firewall by analyzing firewall operations and events.\nThis workbook provides insights into rule enforcement, network activities, including number of connections, top users, and helps you identify applications that are popular on your network.", + "dataTypesDependencies": [ + "CommonSecurityLog", + "Syslog" + ], + "dataConnectorsDependencies": [ + "BarracudaCloudFirewall" + ], + "previewImagesFileNames": [ + "BarracudaWhite1.png", + "BarracudaBlack1.png", + "BarracudaWhite2.png", + "BarracudaBlack2.png" + ], + "version": "1.0.0", + "title": "Barracuda CloudGen FW", + "templateRelativePath": "Barracuda.json", + "subtitle": "", + "provider": "Barracuda" + }, + { + "workbookKey": "CitrixWorkbook", + "logoFileName": "citrix_logo.svg", + "description": "Citrix Analytics for Security aggregates and correlates information across network traffic, users, files and endpoints in Citrix environments. This generates actionable insights that enable Citrix administrators and security teams to remediate user security threats through automation while optimizing IT operations. Machine learning and artificial intelligence empowers Citrix Analytics for Security to identify and take automated action to prevent data exfiltration. While delivered as a cloud service, Citrix Analytics for Security can generate insights from resources located on-premises, in the cloud, or in hybrid architectures. The Citrix Analytics Workbook further enhances the value of both your Citrix Analytics for Security and Microsoft Sentinel. The Workbook enables you to integrate data sources together, helping you gain even richer insights. It also gives Security Operations (SOC) teams the ability to correlate data from disparate logs, helping you identify and proactively remediate security risk quickly. Additionally, valuable dashboards that were unique to the Citrix Analytics for Security can now be implemented in Sentinel. You can also create new custom Workbooks that were not previously available, helping extend the value of both investments.", + "dataTypesDependencies": [ + "CitrixAnalytics_userProfile_CL", + "CitrixAnalytics_riskScoreChange_CL", + "CitrixAnalytics_indicatorSummary_CL", + "CitrixAnalytics_indicatorEventDetails_CL" + ], + "dataConnectorsDependencies": [ + "Citrix" + ], + "previewImagesFileNames": [ + "CitrixWhite.png", + "CitrixBlack.png" + ], + "version": "2.1.0", + "title": "Citrix Analytics", + "templateRelativePath": "Citrix.json", + "subtitle": "", + "provider": "Citrix Systems Inc." + }, + { + "workbookKey": "OneIdentityWorkbook", + "logoFileName": "oneIdentity_logo.svg", + "description": "This simple workbook gives an overview of sessions going through your SafeGuard for Privileged Sessions device.", + "dataTypesDependencies": [ + "CommonSecurityLog" + ], + "dataConnectorsDependencies": [ + "OneIdentity" + ], + "previewImagesFileNames": [ + "OneIdentityWhite.png", + "OneIdentityBlack.png" + ], + "version": "1.0.0", + "title": "One Identity", + "templateRelativePath": "OneIdentity.json", + "subtitle": "", + "provider": "One Identity LLC." + }, + { + "workbookKey": "SecurityStatusWorkbook", + "logoFileName": "", + "description": "This workbook gives an overview of Security Settings for VMs and Azure Arc.", + "dataTypesDependencies": [ + "CommonSecurityLog", + "SecurityEvent", + "Syslog" + ], + "dataConnectorsDependencies": [], + "previewImagesFileNames": [ + "AzureSentinelSecurityStatusBlack.png", + "AzureSentinelSecurityStatusWhite.png" + ], + "version": "1.3.0", + "title": "Security Status", + "templateRelativePath": "SecurityStatus.json", + "subtitle": "", + "provider": "Microsoft" + }, + { + "workbookKey": "AzureSentinelSecurityAlertsWorkbook", + "logoFileName": "Azure_Sentinel.svg", + "description": "Security Alerts dashboard for alerts in your Microsoft Sentinel environment.", + "dataTypesDependencies": [ + "SecurityAlert" + ], + "dataConnectorsDependencies": [], + "previewImagesFileNames": [ + "AzureSentinelSecurityAlertsWhite.png", + "AzureSentinelSecurityAlertsBlack.png" + ], + "version": "1.1.0", + "title": "Security Alerts", + "templateRelativePath": "AzureSentinelSecurityAlerts.json", + "subtitle": "", + "provider": "Microsoft" + }, + { + "workbookKey": "SquadraTechnologiesSecRMMWorkbook", + "logoFileName": "SquadraTechnologiesLogo.svg", + "description": "This workbook gives an overview of security data for removable storage activity such as USB thumb drives and USB connected mobile devices.", + "dataTypesDependencies": [ + "secRMM_CL" + ], + "dataConnectorsDependencies": [ + "SquadraTechnologiesSecRmm" + ], + "previewImagesFileNames": [ + "SquadraTechnologiesSecRMMWhite.PNG", + "SquadraTechnologiesSecRMMBlack.PNG" + ], + "version": "1.0.0", + "title": "Squadra Technologies SecRMM - USB removable storage security", + "templateRelativePath": "SquadraTechnologiesSecRMM.json", + "subtitle": "", + "provider": "Squadra Technologies" + }, + { + "workbookKey": "IoT-Alerts", + "logoFileName": "IoTIcon.svg", + "description": "Gain insights into your IoT data workloads from Azure IoT Hub managed deployments, monitor alerts across all your IoT Hub deployments, detect devices at risk and act upon potential threats.", + "dataTypesDependencies": [ + "SecurityAlert" + ], + "dataConnectorsDependencies": [ + "IoT" + ], + "previewImagesFileNames": [ + "IOTBlack1.png", + "IOTWhite1.png" + ], + "version": "1.2.0", + "title": "Azure Defender for IoT Alerts", + "templateRelativePath": "IOT_Alerts.json", + "subtitle": "", + "provider": "Microsoft" + }, + { + "workbookKey": "IoTAssetDiscovery", + "logoFileName": "IoTIcon.svg", + "description": "IoT Devices asset discovery from Firewall logs By Azure Defender for IoT", + "dataTypesDependencies": [ + "CommonSecurityLog" + ], + "dataConnectorsDependencies": [ + "Fortinet" + ], + "previewImagesFileNames": [ + "workbook-iotassetdiscovery-screenshot-Black.PNG", + "workbook-iotassetdiscovery-screenshot-White.PNG" + ], + "version": "1.0.0", + "title": "IoT Asset Discovery", + "templateRelativePath": "IoTAssetDiscovery.json", + "subtitle": "", + "provider": "Microsoft" + }, + { + "workbookKey": "ForcepointCASBWorkbook", + "logoFileName": "FP_Green_Emblem_RGB-01.svg", + "description": "Get insights on user risk with the Forcepoint CASB (Cloud Access Security Broker) workbook.", + "dataTypesDependencies": [ + "CommonSecurityLog" + ], + "dataConnectorsDependencies": [ + "ForcepointCasb" + ], + "previewImagesFileNames": [ + "ForcepointCASBWhite.png", + "ForcepointCASBBlack.png" + ], + "version": "1.0.0", + "title": "Forcepoint Cloud Access Security Broker (CASB)", + "templateRelativePath": "ForcepointCASB.json", + "subtitle": "", + "provider": "Forcepoint" + }, + { + "workbookKey": "ForcepointNGFWWorkbook", + "logoFileName": "FP_Green_Emblem_RGB-01.svg", + "description": "Get insights on firewall activities with the Forcepoint NGFW (Next Generation Firewall) workbook.", + "dataTypesDependencies": [ + "CommonSecurityLog" + ], + "dataConnectorsDependencies": [ + "ForcepointNgfw" + ], + "previewImagesFileNames": [ + "ForcepointNGFWWhite.png", + "ForcepointNGFWBlack.png" + ], + "version": "1.0.0", + "title": "Forcepoint Next Generation Firewall (NGFW)", + "templateRelativePath": "ForcepointNGFW.json", + "subtitle": "", + "provider": "Forcepoint" + }, + { + "workbookKey": "ForcepointDLPWorkbook", + "logoFileName": "FP_Green_Emblem_RGB-01.svg", + "description": "Get insights on DLP incidents with the Forcepoint DLP (Data Loss Prevention) workbook.", + "dataTypesDependencies": [ + "ForcepointDLPEvents_CL" + ], + "dataConnectorsDependencies": [ + "ForcepointDlp" + ], + "previewImagesFileNames": [ + "ForcepointDLPWhite.png", + "ForcepointDLPBlack.png" + ], + "version": "1.0.0", + "title": "Forcepoint Data Loss Prevention (DLP)", + "templateRelativePath": "ForcepointDLP.json", + "subtitle": "", + "provider": "Forcepoint" + }, + { + "workbookKey": "ZimperiumMTDWorkbook", + "logoFileName": "ZIMPERIUM-logo_square2.svg", + "description": "This workbook provides insights on Zimperium Mobile Threat Defense (MTD) threats and mitigations.", + "dataTypesDependencies": [ + "ZimperiumThreatLog_CL", + "ZimperiumMitigationLog_CL" + ], + "dataConnectorsDependencies": [ + "ZimperiumMtdAlerts" + ], + "previewImagesFileNames": [ + "ZimperiumWhite.png", + "ZimperiumBlack.png" + ], + "version": "1.0.0", + "title": "Zimperium Mobile Threat Defense (MTD)", + "templateRelativePath": "ZimperiumWorkbooks.json", + "subtitle": "", + "provider": "Zimperium" + }, + { + "workbookKey": "AzureAuditActivityAndSigninWorkbook", + "logoFileName": "azureactivedirectory_logo.svg", + "description": "Gain insights into Azure Active Directory Audit, Activity and Signins with one workbook. This workbook can be used by Security and Azure administrators.", + "dataTypesDependencies": [ + "AzureActivity", + "AuditLogs", + "SigninLogs" + ], + "dataConnectorsDependencies": [ + "AzureActiveDirectory" + ], + "previewImagesFileNames": [ + "AzureAuditActivityAndSigninWhite1.png", + "AzureAuditActivityAndSigninWhite2.png", + "AzureAuditActivityAndSigninBlack1.png", + "AzureAuditActivityAndSigninBlack2.png" + ], + "version": "1.2.0", + "title": "Azure AD Audit, Activity and Sign-in logs", + "templateRelativePath": "AzureAuditActivityAndSignin.json", + "subtitle": "", + "provider": "Microsoft Sentinel community" + }, + { + "workbookKey": "WindowsFirewall", + "logoFileName": "Microsoft_logo.svg", + "description": "Gain insights into Windows Firewall logs in combination with security and Azure signin logs", + "dataTypesDependencies": [ + "WindowsFirewall", + "SecurityEvent", + "SigninLogs" + ], + "dataConnectorsDependencies": [ + "SecurityEvents", + "WindowsFirewall", + "WindowsSecurityEvents" + ], + "previewImagesFileNames": [ + "WindowsFirewallWhite1.png", + "WindowsFirewallWhite2.png", + "WindowsFirewallBlack1.png", + "WindowsFirewallBlack2.png" + ], + "version": "1.0.0", + "title": "Windows Firewall", + "templateRelativePath": "WindowsFirewall.json", + "subtitle": "", + "provider": "Microsoft Sentinel community" + }, + { + "workbookKey": "EventAnalyzerwWorkbook", + "logoFileName": "", + "description": "The Event Analyzer workbook allows to explore, audit and speed up analysis of Windows Event Logs, including all event details and attributes, such as security, application, system, setup, directory service, DNS and others.", + "dataTypesDependencies": [ + "SecurityEvent" + ], + "dataConnectorsDependencies": [ + "SecurityEvents", + "WindowsSecurityEvents" + ], + "previewImagesFileNames": [ + "EventAnalyzer-Workbook-White.png", + "EventAnalyzer-Workbook-Black.png" + ], + "version": "1.0.0", + "title": "Event Analyzer", + "templateRelativePath": "EventAnalyzer.json", + "subtitle": "", + "provider": "Microsoft Sentinel community" + }, + { + "workbookKey": "ASC-ComplianceandProtection", + "logoFileName": "", + "description": "Gain insight into regulatory compliance, alert trends, security posture, and more with this workbook based on Azure Security Center data.", + "dataTypesDependencies": [ + "SecurityAlert", + "ProtectionStatus", + "SecurityRecommendation", + "SecurityBaseline", + "SecurityBaselineSummary", + "Update", + "ConfigurationChange" + ], + "dataConnectorsDependencies": [ + "AzureSecurityCenter" + ], + "previewImagesFileNames": [ + "ASCCaPBlack.png", + "ASCCaPWhite.png" + ], + "version": "1.2.0", + "title": "ASC Compliance and Protection", + "templateRelativePath": "ASC-ComplianceandProtection.json", + "subtitle": "", + "provider": "Microsoft Sentinel community" + }, + { + "workbookKey": "AIVectraDetectWorkbook", + "logoFileName": "AIVectraDetect.svg", + "description": "Start investigating network attacks surfaced by Vectra Detect directly from Sentinel. View critical hosts, accounts, campaigns and detections. Also monitor Vectra system health and audit logs.", + "dataTypesDependencies": [ + "CommonSecurityLog" + ], + "dataConnectorsDependencies": [ + "AIVectraDetect" + ], + "previewImagesFileNames": [ + "AIVectraDetectWhite1.png", + "AIVectraDetectBlack1.png" + ], + "version": "1.1.1", + "title": "Vectra AI Detect", + "templateRelativePath": "AIVectraDetectWorkbook.json", + "subtitle": "", + "provider": "Vectra AI" + }, + { + "workbookKey": "Perimeter81OverviewWorkbook", + "logoFileName": "Perimeter81_Logo.svg", + "description": "Gain insights and comprehensive monitoring into your Perimeter 81 account by analyzing activities.", + "dataTypesDependencies": [ + "Perimeter81_CL" + ], + "dataConnectorsDependencies": [ + "Perimeter81ActivityLogs" + ], + "previewImagesFileNames": [ + "Perimeter81OverviewWhite1.png", + "Perimeter81OverviewBlack1.png", + "Perimeter81OverviewWhite2.png", + "Perimeter81OverviewBlack2.png" + ], + "version": "1.0.0", + "title": "Perimeter 81 Overview", + "templateRelativePath": "Perimeter81OverviewWorkbook.json", + "subtitle": "", + "provider": "Perimeter 81" + }, + { + "workbookKey": "SymantecProxySGWorkbook", + "logoFileName": "symantec_logo.svg", + "description": "Gain insight into Symantec ProxySG by analyzing, collecting and correlating proxy data.\nThis workbook provides visibility into ProxySG Access logs", + "dataTypesDependencies": [ + "Syslog" + ], + "dataConnectorsDependencies": [ + "SymantecProxySG" + ], + "previewImagesFileNames": [ + "SymantecProxySGWhite.png", + "SymantecProxySGBlack.png" + ], + "version": "1.0.0", + "title": "Symantec ProxySG", + "templateRelativePath": "SymantecProxySG.json", + "subtitle": "", + "provider": "Symantec" + }, + { + "workbookKey": "IllusiveASMWorkbook", + "logoFileName": "illusive_logo_workbook.svg", + "description": "Gain insights into your organization's Cyber Hygiene and Attack Surface risk.\nIllusive ASM automates discovery and clean-up of credential violations, allows drill-down inspection of pathways to critical assets, and provides risk insights that inform intelligent decision-making to reduce attacker mobility.", + "dataTypesDependencies": [ + "CommonSecurityLog" + ], + "dataConnectorsDependencies": [ + "illusiveAttackManagementSystem" + ], + "previewImagesFileNames": [ + "IllusiveASMWhite.png", + "IllusiveASMBlack.png" + ], + "version": "1.0.0", + "title": "Illusive ASM Dashboard", + "templateRelativePath": "IllusiveASM.json", + "subtitle": "", + "provider": "Illusive" + }, + { + "workbookKey": "IllusiveADSWorkbook", + "logoFileName": "illusive_logo_workbook.svg", + "description": "Gain insights into unauthorized lateral movement in your organization's network.\nIllusive ADS is designed to paralyzes attackers and eradicates in-network threats by creating a hostile environment for the attackers across all the layers of the attack surface.", + "dataTypesDependencies": [ + "CommonSecurityLog" + ], + "dataConnectorsDependencies": [ + "illusiveAttackManagementSystem" + ], + "previewImagesFileNames": [ + "IllusiveADSWhite.png", + "IllusiveADSBlack.png" + ], + "version": "1.0.0", + "title": "Illusive ADS Dashboard", + "templateRelativePath": "IllusiveADS.json", + "subtitle": "", + "provider": "Illusive" + }, + { + "workbookKey": "PulseConnectSecureWorkbook", + "logoFileName": "", + "description": "Gain insight into Pulse Secure VPN by analyzing, collecting and correlating vulnerability data.\nThis workbook provides visibility into user VPN activities", + "dataTypesDependencies": [ + "Syslog" + ], + "dataConnectorsDependencies": [ + "PulseConnectSecure" + ], + "previewImagesFileNames": [ + "PulseConnectSecureWhite.png", + "PulseConnectSecureBlack.png" + ], + "version": "1.0.0", + "title": "Pulse Connect Secure", + "templateRelativePath": "PulseConnectSecure.json", + "subtitle": "", + "provider": "Pulse Secure" + }, + { + "workbookKey": "InfobloxNIOSWorkbook", + "logoFileName": "infoblox_logo.svg", + "description": "Gain insight into Infoblox NIOS by analyzing, collecting and correlating DHCP and DNS data.\nThis workbook provides visibility into DHCP and DNS traffic", + "dataTypesDependencies": [ + "Syslog" + ], + "dataConnectorsDependencies": [ + "InfobloxNIOS" + ], + "previewImagesFileNames": [], + "version": "1.1.0", + "title": "Infoblox NIOS", + "templateRelativePath": "Infoblox-Workbook-V2.json", + "subtitle": "", + "provider": "Infoblox" + }, + { + "workbookKey": "SymantecVIPWorkbook", + "logoFileName": "symantec_logo.svg", + "description": "Gain insight into Symantec VIP by analyzing, collecting and correlating strong authentication data.\nThis workbook provides visibility into user authentications", + "dataTypesDependencies": [ + "Syslog" + ], + "dataConnectorsDependencies": [ + "SymantecVIP" + ], + "previewImagesFileNames": [ + "SymantecVIPWhite.png", + "SymantecVIPBlack.png" + ], + "version": "1.0.0", + "title": "Symantec VIP", + "templateRelativePath": "SymantecVIP.json", + "subtitle": "", + "provider": "Symantec" + }, + { + "workbookKey": "ProofPointTAPWorkbook", + "logoFileName": "proofpointlogo.svg", + "description": "Gain extensive insight into Proofpoint Targeted Attack Protection (TAP) by analyzing, collecting and correlating TAP log events.\nThis workbook provides visibility into message and click events that were permitted, delivered, or blocked", + "dataTypesDependencies": [ + "ProofPointTAPMessagesBlocked_CL", + "ProofPointTAPMessagesDelivered_CL", + "ProofPointTAPClicksPermitted_CL", + "ProofPointTAPClicksBlocked_CL" + ], + "dataConnectorsDependencies": [ + "ProofpointTAP" + ], + "previewImagesFileNames": [ + "ProofpointTAPWhite.png", + "ProofpointTAPBlack.png" + ], + "version": "1.0.0", + "title": "Proofpoint TAP", + "templateRelativePath": "ProofpointTAP.json", + "subtitle": "", + "provider": "Proofpoint" + }, + { + "workbookKey": "QualysVMV2Workbook", + "logoFileName": "qualys_logo.svg", + "description": "Gain insight into Qualys Vulnerability Management by analyzing, collecting and correlating vulnerability data.\nThis workbook provides visibility into vulnerabilities detected from vulnerability scans", + "dataTypesDependencies": [ + "QualysHostDetectionV2_CL" + ], + "dataConnectorsDependencies": [ + "QualysVulnerabilityManagement" + ], + "previewImagesFileNames": [ + "QualysVMWhite.png", + "QualysVMBlack.png" + ], + "version": "1.0.0", + "title": "Qualys Vulnerability Management", + "templateRelativePath": "QualysVMv2.json", + "subtitle": "", + "provider": "Qualys" + }, + { + "workbookKey": "GitHubSecurityWorkbook", + "logoFileName": "GitHub.svg", + "description": "Gain insights to GitHub activities that may be interesting for security.", + "dataTypesDependencies": [ + "Github_CL", + "GitHubRepoLogs_CL" + ], + "dataConnectorsDependencies": [], + "previewImagesFileNames": [ + "GitHubSecurityWhite.png", + "GitHubSecurityBlack.png" + ], + "version": "1.0.0", + "title": "GitHub Security", + "templateRelativePath": "GitHubSecurityWorkbook.json", + "subtitle": "", + "provider": "Microsoft Sentinel community" + }, + { + "workbookKey": "VisualizationDemo", + "logoFileName": "", + "description": "Learn and explore the many ways of displaying information within Microsoft Sentinel workbooks", + "dataTypesDependencies": [ + "SecurityAlert" + ], + "dataConnectorsDependencies": [], + "previewImagesFileNames": [ + "VisualizationDemoBlack.png", + "VisualizationDemoWhite.png" + ], + "version": "1.0.0", + "title": "Visualizations Demo", + "templateRelativePath": "VisualizationDemo.json", + "subtitle": "", + "provider": "Microsoft Sentinel Community" + }, + { + "workbookKey": "SophosXGFirewallWorkbook", + "logoFileName": "sophos_logo.svg", + "description": "Gain insight into Sophos XG Firewall by analyzing, collecting and correlating firewall data.\nThis workbook provides visibility into network traffic", + "dataTypesDependencies": [ + "Syslog" + ], + "dataConnectorsDependencies": [ + "SophosXGFirewall" + ], + "previewImagesFileNames": [ + "SophosXGFirewallWhite.png", + "SophosXGFirewallBlack.png" + ], + "version": "1.0.0", + "title": "Sophos XG Firewall", + "templateRelativePath": "SophosXGFirewall.json", + "subtitle": "", + "provider": "Sophos" + }, + { + "workbookKey": "SysmonThreatHuntingWorkbook", + "logoFileName": "", + "description": "Simplify your threat hunts using Sysmon data mapped to MITRE ATT&CK data. This workbook gives you the ability to drilldown into system activity based on known ATT&CK techniques as well as other threat hunting entry points such as user activity, network connections or virtual machine Sysmon events.\nPlease note that for this workbook to work you must have deployed Sysmon on your virtual machines in line with the instructions at https://github.com/BlueTeamLabs/sentinel-attack/wiki/Onboarding-sysmon-data-to-Azure-Sentinel", + "dataTypesDependencies": [ + "Event" + ], + "dataConnectorsDependencies": [], + "previewImagesFileNames": [ + "SysmonThreatHuntingWhite1.png", + "SysmonThreatHuntingBlack1.png" + ], + "version": "1.4.0", + "title": "Sysmon Threat Hunting", + "templateRelativePath": "SysmonThreatHunting.json", + "subtitle": "", + "provider": "Microsoft Sentinel community" + }, + { + "workbookKey": "WebApplicationFirewallWAFTypeEventsWorkbook", + "logoFileName": "webapplicationfirewall(WAF)_logo.svg", + "description": "Gain insights into your organization's Azure web application firewall (WAF) across various services such as Azure Front Door Service and Application Gateway. You can view event triggers, full messages, attacks over time, among other data. Several aspects of the workbook are interactable to allow users to further understand their data", + "dataTypesDependencies": [ + "AzureDiagnostics" + ], + "dataConnectorsDependencies": [ + "WAF" + ], + "previewImagesFileNames": [ + "WAFFirewallWAFTypeEventsBlack1.PNG", + "WAFFirewallWAFTypeEventsBlack2.PNG", + "WAFFirewallWAFTypeEventsBlack3.PNG", + "WAFFirewallWAFTypeEventsBlack4.PNG", + "WAFFirewallWAFTypeEventsWhite1.png", + "WAFFirewallWAFTypeEventsWhite2.PNG", + "WAFFirewallWAFTypeEventsWhite3.PNG", + "WAFFirewallWAFTypeEventsWhite4.PNG" + ], + "version": "1.1.0", + "title": "Microsoft Web Application Firewall (WAF) - Azure WAF", + "templateRelativePath": "WebApplicationFirewallWAFTypeEvents.json", + "subtitle": "", + "provider": "Microsoft" + }, + { + "workbookKey": "OrcaAlertsOverviewWorkbook", + "logoFileName": "Orca_logo.svg", + "description": "A visualized overview of Orca security alerts.\nExplore, analize and learn about your security posture using Orca alerts Overview", + "dataTypesDependencies": [ + "OrcaAlerts_CL" + ], + "dataConnectorsDependencies": [ + "OrcaSecurityAlerts" + ], + "previewImagesFileNames": [ + "OrcaAlertsWhite.png", + "OrcaAlertsBlack.png" + ], + "version": "1.1.0", + "title": "Orca alerts overview", + "templateRelativePath": "OrcaAlerts.json", + "subtitle": "", + "provider": "Orca Security" + }, + { + "workbookKey": "CyberArkWorkbook", + "logoFileName": "CyberArk_Logo.svg", + "description": "The CyberArk Syslog connector allows you to easily connect all your CyberArk security solution logs with your Microsoft Sentinel, to view dashboards, create custom alerts, and improve investigation. Integration between CyberArk and Microsoft Sentinel makes use of the CEF Data Connector to properly parse and display CyberArk Syslog messages.", + "dataTypesDependencies": [ + "CommonSecurityLog" + ], + "dataConnectorsDependencies": [ + "CyberArk" + ], + "previewImagesFileNames": [ + "CyberArkActivitiesWhite.PNG", + "CyberArkActivitiesBlack.PNG" + ], + "version": "1.1.0", + "title": "CyberArk EPV Events", + "templateRelativePath": "CyberArkEPV.json", + "subtitle": "", + "provider": "CyberArk" + }, + { + "workbookKey": "UserEntityBehaviorAnalyticsWorkbook", + "logoFileName": "Azure_Sentinel.svg", + "description": "Identify compromised users and insider threats using User and Entity Behavior Analytics. Gain insights into anomalous user behavior from baselines learned from behavior patterns", + "dataTypesDependencies": [ + "BehaviorAnalytics" + ], + "dataConnectorsDependencies": [], + "previewImagesFileNames": [ + "UserEntityBehaviorAnalyticsBlack1.png", + "UserEntityBehaviorAnalyticsWhite1.png" + ], + "version": "1.2.0", + "title": "User And Entity Behavior Analytics", + "templateRelativePath": "UserEntityBehaviorAnalytics.json", + "subtitle": "", + "provider": "Microsoft" + }, + { + "workbookKey": "CitrixWAF", + "logoFileName": "citrix_logo.svg", + "description": "Gain insight into the Citrix WAF logs", + "dataTypesDependencies": [ + "CommonSecurityLog" + ], + "dataConnectorsDependencies": [ + "CitrixWAF" + ], + "previewImagesFileNames": [ + "CitrixWAFBlack.png", + "CitrixWAFWhite.png" + ], + "version": "1.0.0", + "title": "Citrix WAF (Web App Firewall)", + "templateRelativePath": "CitrixWAF.json", + "subtitle": "", + "provider": "Citrix Systems Inc." + }, + { + "workbookKey": "UnifiSGWorkbook", + "logoFileName": "", + "description": "Gain insights into Unifi Security Gateways analyzing traffic and activities.", + "dataTypesDependencies": [ + "CommonSecurityLog" + ], + "dataConnectorsDependencies": [], + "previewImagesFileNames": [ + "UnifiSGBlack.png", + "UnifiSGWhite.png" + ], + "version": "1.0.0", + "title": "Unifi Security Gateway", + "templateRelativePath": "UnfiSG.json", + "subtitle": "", + "provider": "Microsoft Sentinel community" + }, + { + "workbookKey": "UnifiSGNetflowWorkbook", + "logoFileName": "", + "description": "Gain insights into Unifi Security Gateways analyzing traffic and activities using Netflow.", + "dataTypesDependencies": [ + "netflow_CL" + ], + "dataConnectorsDependencies": [], + "previewImagesFileNames": [ + "UnifiSGNetflowBlack.png", + "UnifiSGNetflowWhite.png" + ], + "version": "1.0.0", + "title": "Unifi Security Gateway - NetFlow", + "templateRelativePath": "UnfiSGNetflow.json", + "subtitle": "", + "provider": "Microsoft Sentinel community" + }, + { + "workbookKey": "NormalizedNetworkEventsWorkbook", + "logoFileName": "Azure_Sentinel.svg", + "description": "See insights on multiple networking appliances and other network sessions, that have been parsed or mapped to the normalized networking sessions table. Note this requires enabling parsers for the different products - to learn more, visit https://aka.ms/sentinelnormalizationdocs", + "dataTypesDependencies": [], + "dataConnectorsDependencies": [], + "previewImagesFileNames": [ + "NormalizedNetworkEventsWhite.png", + "NormalizedNetworkEventsBlack.png" + ], + "version": "1.0.0", + "title": "Normalized network events", + "templateRelativePath": "NormalizedNetworkEvents.json", + "subtitle": "", + "provider": "Microsoft" + }, + { + "workbookKey": "WorkspaceAuditingWorkbook", + "logoFileName": "Azure_Sentinel.svg", + "description": "Workspace auditing report\r\nUse this report to understand query runs across your workspace.", + "dataTypesDependencies": [ + "LAQueryLogs" + ], + "dataConnectorsDependencies": [], + "previewImagesFileNames": [ + "WorkspaceAuditingWhite.png", + "WorkspaceAuditingBlack.png" + ], + "version": "1.0.0", + "title": "Workspace audit", + "templateRelativePath": "WorkspaceAuditing.json", + "subtitle": "", + "provider": "Microsoft Sentinel community" + }, + { + "workbookKey": "MITREATTACKWorkbook", + "logoFileName": "Azure_Sentinel.svg", + "description": "Workbook to showcase MITRE ATT&CK Coverage for Microsoft Sentinel", + "dataTypesDependencies": [ + "SecurityAlert" + ], + "dataConnectorsDependencies": [], + "previewImagesFileNames": [ + "MITREATTACKWhite1.PNG", + "MITREATTACKWhite2.PNG", + "MITREATTACKBlack1.PNG", + "MITREATTACKBlack2.PNG" + ], + "version": "1.0.1", + "title": "MITRE ATT&CK Workbook", + "templateRelativePath": "MITREAttack.json", + "subtitle": "", + "provider": "Microsoft Sentinel community" + }, + { + "workbookKey": "BETTERMTDWorkbook", + "logoFileName": "BETTER_MTD_logo.svg", + "description": "Workbook using the BETTER Mobile Threat Defense (MTD) connector, to give insights into your mobile devices, installed application and overall device security posture.", + "dataTypesDependencies": [ + "BetterMTDDeviceLog_CL", + "BetterMTDAppLog_CL", + "BetterMTDIncidentLog_CL", + "BetterMTDNetflowLog_CL" + ], + "dataConnectorsDependencies": [ + "BetterMTD" + ], + "previewImagesFileNames": [ + "BetterMTDWorkbookPreviewWhite1.png", + "BetterMTDWorkbookPreviewWhite2.png", + "BetterMTDWorkbookPreviewWhite3.png", + "BetterMTDWorkbookPreviewBlack1.png", + "BetterMTDWorkbookPreviewBlack2.png", + "BetterMTDWorkbookPreviewBlack3.png" + ], + "version": "1.1.0", + "title": "BETTER Mobile Threat Defense (MTD)", + "templateRelativePath": "BETTER_MTD_Workbook.json", + "subtitle": "", + "provider": "BETTER Mobile" + }, + { + "workbookKey": "AlsidIoEWorkbook", + "logoFileName": "Alsid.svg", + "description": "Workbook showcasing the state and evolution of your Alsid for AD Indicators of Exposures alerts.", + "dataTypesDependencies": [ + "AlsidForADLog_CL" + ], + "dataConnectorsDependencies": [ + "AlsidForAD" + ], + "previewImagesFileNames": [ + "AlsidIoEBlack1.png", + "AlsidIoEBlack2.png", + "AlsidIoEBlack3.png", + "AlsidIoEWhite1.png", + "AlsidIoEWhite2.png", + "AlsidIoEWhite3.png" + ], + "version": "1.0.0", + "title": "Alsid for AD | Indicators of Exposure", + "templateRelativePath": "AlsidIoE.json", + "subtitle": "", + "provider": "Alsid" + }, + { + "workbookKey": "AlsidIoAWorkbook", + "logoFileName": "Alsid.svg", + "description": "Workbook showcasing the state and evolution of your Alsid for AD Indicators of Attack alerts.", + "dataTypesDependencies": [ + "AlsidForADLog_CL" + ], + "dataConnectorsDependencies": [ + "AlsidForAD" + ], + "previewImagesFileNames": [ + "AlsidIoABlack1.png", + "AlsidIoABlack2.png", + "AlsidIoABlack3.png", + "AlsidIoAWhite1.png", + "AlsidIoAWhite2.png", + "AlsidIoAWhite3.png" + ], + "version": "1.0.0", + "title": "Alsid for AD | Indicators of Attack", + "templateRelativePath": "AlsidIoA.json", + "subtitle": "", + "provider": "Alsid" + }, + { + "workbookKey": "InvestigationInsightsWorkbook", + "logoFileName": "Microsoft_logo.svg", + "description": "Help analysts gain insight into incident, bookmark and entity data through the Investigation Insights Workbook. This workbook provides common queries and detailed visualizations to help an analyst investigate suspicious activities quickly with an easy to use interface. Analysts can start their investigation from a Microsoft Sentinel incident, bookmark, or by simply entering the entity data into the workbook manually.", + "dataTypesDependencies": [ + "AuditLogs", + "AzureActivity", + "CommonSecurityLog", + "OfficeActivity", + "SecurityEvent", + "SigninLogs", + "ThreatIntelligenceIndicator" + ], + "dataConnectorsDependencies": [ + "AzureActivity", + "SecurityEvents", + "Office365", + "AzureActiveDirectory", + "ThreatIntelligence", + "ThreatIntelligenceTaxii", + "WindowsSecurityEvents" + ], + "previewImagesFileNames": [ + "InvestigationInsightsWhite1.png", + "InvestigationInsightsBlack1.png", + "InvestigationInsightsWhite2.png", + "InvestigationInsightsBlack2.png" + ], + "version": "1.4.0", + "title": "Investigation Insights", + "templateRelativePath": "InvestigationInsights.json", + "subtitle": "", + "provider": "Microsoft Sentinel community" + }, + { + "workbookKey": "AksSecurityWorkbook", + "logoFileName": "Kubernetes_services.svg", + "description": "See insights about the security of your AKS clusters. The workbook helps to identify sensitive operations in the clusters and get insights based on Azure Defender alerts.", + "dataTypesDependencies": [ + "SecurityAlert", + "AzureDiagnostics" + ], + "dataConnectorsDependencies": [ + "AzureSecurityCenter", + "AzureKubernetes" + ], + "previewImagesFileNames": [ + "AksSecurityWhite.png", + "AksSecurityBlack.png" + ], + "version": "1.5.0", + "title": "Azure Kubernetes Service (AKS) Security", + "templateRelativePath": "AksSecurity.json", + "subtitle": "", + "provider": "Microsoft" + }, + { + "workbookKey": "AzureKeyVaultWorkbook", + "logoFileName": "KeyVault.svg", + "description": "See insights about the security of your Azure key vaults. The workbook helps to identify sensitive operations in the key vaults and get insights based on Azure Defender alerts.", + "dataTypesDependencies": [ + "SecurityAlert", + "AzureDiagnostics" + ], + "dataConnectorsDependencies": [ + "AzureSecurityCenter", + "AzureKeyVault" + ], + "previewImagesFileNames": [ + "AkvSecurityWhite.png", + "AkvSecurityBlack.png" + ], + "version": "1.1.0", + "title": "Azure Key Vault Security", + "templateRelativePath": "AzureKeyVaultWorkbook.json", + "subtitle": "", + "provider": "Microsoft" + }, + { + "workbookKey": "IncidentOverview", + "logoFileName": "Azure_Sentinel.svg", + "description": "The Incident Overview workbook is designed to assist in triaging and investigation by providing in-depth information about the incident, including:\r\n* General information\r\n* Entity data\r\n* Triage time (time between incident creation and first response)\r\n* Mitigation time (time between incident creation and closing)\r\n* Comments\r\n\r\nCustomize this workbook by saving and editing it. \r\nYou can reach this workbook template from the incidents panel as well. Once you have customized it, the link from the incident panel will open the customized workbook instead of the template.\r\n", + "dataTypesDependencies": [ + "SecurityAlert", + "SecurityIncident" + ], + "dataConnectorsDependencies": [], + "previewImagesFileNames": [ + "IncidentOverviewBlack1.png", + "IncidentOverviewWhite1.png", + "IncidentOverviewBlack2.png", + "IncidentOverviewWhite2.png" + ], + "version": "2.1.0", + "title": "Incident overview", + "templateRelativePath": "IncidentOverview.json", + "subtitle": "", + "provider": "Microsoft" + }, + { + "workbookKey": "SecurityOperationsEfficiency", + "logoFileName": "Azure_Sentinel.svg", + "description": "Security operations center managers can view overall efficiency metrics and measures regarding the performance of their team. They can find operations by multiple indicators over time including severity, MITRE tactics, mean time to triage, mean time to resolve and more. The SOC manager can develop a picture of the performance in both general and specific areas over time and use it to improve efficiency.", + "dataTypesDependencies": [ + "SecurityAlert", + "SecurityIncident" + ], + "dataConnectorsDependencies": [], + "previewImagesFileNames": [ + "SecurityEfficiencyWhite1.png", + "SecurityEfficiencyWhite2.png", + "SecurityEfficiencyBlack1.png", + "SecurityEfficiencyBlack2.png" + ], + "version": "1.5.0", + "title": "Security Operations Efficiency", + "templateRelativePath": "SecurityOperationsEfficiency.json", + "subtitle": "", + "provider": "Microsoft" + }, + { + "workbookKey": "DataCollectionHealthMonitoring", + "logoFileName": "Azure_Sentinel.svg", + "description": "Gain insights into your workspace's data ingestion status. In this workbook, you can view additional monitors and detect anomalies that will help you determine your workspace\u2019s data collection health.", + "dataTypesDependencies": [], + "dataConnectorsDependencies": [], + "previewImagesFileNames": [ + "HealthMonitoringWhite1.png", + "HealthMonitoringWhite2.png", + "HealthMonitoringWhite3.png", + "HealthMonitoringBlack1.png", + "HealthMonitoringBlack2.png", + "HealthMonitoringBlack3.png" + ], + "version": "1.0.0", + "title": "Data collection health monitoring", + "templateRelativePath": "DataCollectionHealthMonitoring.json", + "subtitle": "", + "provider": "Microsoft" + }, + { + "workbookKey": "OnapsisAlarmsWorkbook", + "logoFileName": "onapsis_logo.svg", + "description": "Gain insights into what is going on in your SAP Systems with this overview of the alarms triggered in the Onapsis Platform. Incidents are enriched with context and next steps to help your Security team respond effectively.", + "dataTypesDependencies": [ + "CommonSecurityLog" + ], + "dataConnectorsDependencies": [ + "OnapsisPlatform" + ], + "previewImagesFileNames": [ + "OnapsisWhite1.PNG", + "OnapsisBlack1.PNG", + "OnapsisWhite2.PNG", + "OnapsisBlack2.PNG" + ], + "version": "1.0.0", + "title": "Onapsis Alarms Overview", + "templateRelativePath": "OnapsisAlarmsOverview.json", + "subtitle": "", + "provider": "Onapsis" + }, + { + "workbookKey": "DelineaWorkbook", + "logoFileName": "DelineaLogo.svg", + "description": "The Delinea Secret Server Syslog connector", + "dataTypesDependencies": [ + "CommonSecurityLog" + ], + "dataConnectorsDependencies": [ + "DelineaSecretServer_CEF" + ], + "previewImagesFileNames": [ + "DelineaWorkbookWhite.PNG", + "DelineaWorkbookBlack.PNG" + ], + "version": "1.0.0", + "title": "Delinea Secret Server Workbook", + "templateRelativePath": "DelineaWorkbook.json", + "subtitle": "", + "provider": "Delinea" + }, + { + "workbookKey": "ForcepointCloudSecurityGatewayWorkbook", + "logoFileName": "Forcepoint_new_logo.svg", + "description": "Use this report to understand query runs across your workspace.", + "dataTypesDependencies": [ + "CommonSecurityLog" + ], + "dataConnectorsDependencies": [ + "ForcepointCSG" + ], + "previewImagesFileNames": [ + "ForcepointCloudSecurityGatewayWhite.png", + "ForcepointCloudSecurityGatewayBlack.png" + ], + "version": "1.0.0", + "title": "Forcepoint Cloud Security Gateway Workbook", + "templateRelativePath": "ForcepointCloudSecuirtyGatewayworkbook.json", + "subtitle": "", + "provider": "Forcepoint" + }, + { + "workbookKey": "IntsightsIOCWorkbook", + "logoFileName": "IntSights_logo.svg", + "description": "This Microsoft Sentinel workbook provides an overview of Indicators of Compromise (IOCs) and their correlations allowing users to analyze and visualize indicators based on severity, type, and other parameters.", + "dataTypesDependencies": [ + "ThreatIntelligenceIndicator", + "SecurityAlert" + ], + "dataConnectorsDependencies": [ + "ThreatIntelligenceTaxii" + ], + "previewImagesFileNames": [ + "IntsightsIOCWhite.png", + "IntsightsMatchedWhite.png", + "IntsightsMatchedBlack.png", + "IntsightsIOCBlack.png" + ], + "version": "2.0.0", + "title": "IntSights IOC Workbook", + "templateRelativePath": "IntsightsIOCWorkbook.json", + "subtitle": "", + "provider": "IntSights Cyber Intelligence" + }, + { + "workbookKey": "DarktraceSummaryWorkbook", + "logoFileName": "Darktrace.svg", + "description": "A workbook containing relevant KQL queries to help you visualise the data in model breaches from the Darktrace Connector", + "dataTypesDependencies": [ + "CommonSecurityLog" + ], + "dataConnectorsDependencies": [ + "Darktrace" + ], + "previewImagesFileNames": [ + "AIA-DarktraceSummaryWhite.png", + "AIA-DarktraceSummaryBlack.png" + ], + "version": "1.1.0", + "title": "AI Analyst Darktrace Model Breach Summary", + "templateRelativePath": "AIA-Darktrace.json", + "subtitle": "", + "provider": "Darktrace" + }, + { + "workbookKey": "TrendMicroXDR", + "logoFileName": "trendmicro_logo.svg", + "description": "Gain insights from Trend Vision One with this overview of the Alerts triggered.", + "dataTypesDependencies": [ + "TrendMicro_XDR_WORKBENCH_CL" + ], + "dataConnectorsDependencies": [ + "TrendMicroXDR" + ], + "previewImagesFileNames": [ + "TrendMicroXDROverviewWhite.png", + "TrendMicroXDROverviewBlack.png" + ], + "version": "1.3.0", + "title": "Trend Vision One Alert Overview", + "templateRelativePath": "TrendMicroXDROverview.json", + "subtitle": "", + "provider": "Trend Micro" + }, + { + "workbookKey": "CyberpionOverviewWorkbook", + "logoFileName": "cyberpion_logo.svg", + "description": "Use Cyberpion's Security Logs and this workbook, to get an overview of your online assets, gain insights into their current state, and find ways to better secure your ecosystem.", + "dataTypesDependencies": [ + "CyberpionActionItems_CL" + ], + "dataConnectorsDependencies": [ + "CyberpionSecurityLogs" + ], + "previewImagesFileNames": [ + "CyberpionActionItemsBlack.png", + "CyberpionActionItemsWhite.png" + ], + "version": "1.0.0", + "title": "Cyberpion Overview", + "templateRelativePath": "CyberpionOverviewWorkbook.json", + "subtitle": "", + "provider": "Cyberpion" + }, + { + "workbookKey": "SolarWindsPostCompromiseHuntingWorkbook", + "logoFileName": "MSTIC-Logo.svg", + "description": "This hunting workbook is intended to help identify activity related to the Solorigate compromise and subsequent attacks discovered in December 2020", + "dataTypesDependencies": [ + "CommonSecurityLog", + "SigninLogs", + "AuditLogs", + "AADServicePrincipalSignInLogs", + "OfficeActivity", + "BehaviorAnalytics", + "SecurityEvent", + "DeviceProcessEvents", + "SecurityAlert", + "DnsEvents" + ], + "dataConnectorsDependencies": [ + "AzureActiveDirectory", + "SecurityEvents", + "Office365", + "MicrosoftThreatProtection", + "DNS", + "WindowsSecurityEvents" + ], + "previewImagesFileNames": [ + "SolarWindsPostCompromiseHuntingWhite.png", + "SolarWindsPostCompromiseHuntingBlack.png" + ], + "version": "1.5.0", + "title": "SolarWinds Post Compromise Hunting", + "templateRelativePath": "SolarWindsPostCompromiseHunting.json", + "subtitle": "", + "provider": "Microsoft" + }, + { + "workbookKey": "ProofpointPODWorkbook", + "logoFileName": "proofpointlogo.svg", + "description": "Gain insights into your Proofpoint on Demand Email Security activities, including maillog and messages data. The Workbook provides users with an executive dashboard showing the reporting capabilities, message traceability and monitoring.", + "dataTypesDependencies": [ + "ProofpointPOD_maillog_CL", + "ProofpointPOD_message_CL" + ], + "dataConnectorsDependencies": [ + "ProofpointPOD" + ], + "previewImagesFileNames": [ + "ProofpointPODMainBlack1.png", + "ProofpointPODMainBlack2.png", + "ProofpointPODMainWhite1.png", + "ProofpointPODMainWhite2.png", + "ProofpointPODMessageSummaryBlack.png", + "ProofpointPODMessageSummaryWhite.png", + "ProofpointPODTLSBlack.png", + "ProofpointPODTLSWhite.png" + ], + "version": "1.0.0", + "title": "Proofpoint On-Demand Email Security", + "templateRelativePath": "ProofpointPOD.json", + "subtitle": "", + "provider": "Proofpoint" + }, + { + "workbookKey": "CiscoUmbrellaWorkbook", + "logoFileName": "cisco_logo.svg", + "description": "Gain insights into Cisco Umbrella activities, including the DNS, Proxy and Cloud Firewall data. Workbook shows general information along with threat landscape including categories, blocked destinations and URLs.", + "dataTypesDependencies": [ + "Cisco_Umbrella_dns_CL", + "Cisco_Umbrella_proxy_CL", + "Cisco_Umbrella_ip_CL", + "Cisco_Umbrella_cloudfirewall_CL" + ], + "dataConnectorsDependencies": [ + "CiscoUmbrellaDataConnector" + ], + "previewImagesFileNames": [ + "CiscoUmbrellaDNSBlack1.png", + "CiscoUmbrellaDNSBlack2.png", + "CiscoUmbrellaDNSWhite1.png", + "CiscoUmbrellaDNSWhite2.png", + "CiscoUmbrellaFirewallBlack.png", + "CiscoUmbrellaFirewallWhite.png", + "CiscoUmbrellaMainBlack1.png", + "CiscoUmbrellaMainBlack2.png", + "CiscoUmbrellaMainWhite1.png", + "CiscoUmbrellaMainWhite2.png", + "CiscoUmbrellaProxyBlack1.png", + "CiscoUmbrellaProxyBlack2.png", + "CiscoUmbrellaProxyWhite1.png", + "CiscoUmbrellaProxyWhite2.png" + ], + "version": "1.0.0", + "title": "Cisco Umbrella", + "templateRelativePath": "CiscoUmbrella.json", + "subtitle": "", + "provider": "Cisco" + }, + { + "workbookKey": "AnalyticsEfficiencyWorkbook", + "logoFileName": "Azure_Sentinel.svg", + "description": "Gain insights into the efficacy of your analytics rules. In this workbook you can analyze and monitor the analytics rules found in your workspace to achieve better performance by your SOC.", + "dataTypesDependencies": [ + "SecurityAlert", + "SecurityIncident" + ], + "dataConnectorsDependencies": [], + "previewImagesFileNames": [ + "AnalyticsEfficiencyBlack.png", + "AnalyticsEfficiencyWhite.png" + ], + "version": "1.2.0", + "title": "Analytics Efficiency", + "templateRelativePath": "AnalyticsEfficiency.json", + "subtitle": "", + "provider": "Microsoft" + }, + { + "workbookKey": "WorkspaceUsage", + "logoFileName": "Azure_Sentinel.svg", + "description": "Gain insights into your workspace's usage. In this workbook, you can view your workspace\u2019s data consumption, latency, recommended tasks and Cost and Usage statistics.", + "dataTypesDependencies": [], + "dataConnectorsDependencies": [], + "previewImagesFileNames": [ + "WorkspaceUsageBlack.png", + "WorkspaceUsageWhite.png" + ], + "version": "1.6.0", + "title": "Workspace Usage Report", + "templateRelativePath": "WorkspaceUsage.json", + "subtitle": "", + "provider": "Microsoft Sentinel community" + }, + { + "workbookKey": "SentinelCentral", + "logoFileName": "Azure_Sentinel.svg", + "description": "Use this report to view Incident (and Alert data) across many workspaces, this works with Azure Lighthouse and across any subscription you have access to.", + "dataTypesDependencies": [ + "SecurityIncident" + ], + "dataConnectorsDependencies": [], + "previewImagesFileNames": [ + "SentinelCentralBlack.png", + "SentinelCentralWhite.png" + ], + "version": "2.1.1", + "title": "Microsoft Sentinel Central", + "templateRelativePath": "SentinelCentral.json", + "subtitle": "", + "provider": "Microsoft Sentinel community" + }, + { + "workbookKey": "CognniIncidentsWorkbook", + "logoFileName": "cognni-logo.svg", + "description": "Gain intelligent insights into the risks to your important financial, legal, HR, and governance information. This workbook lets you monitor your at-risk information to determine when and why incidents occurred, as well as who was involved. These incidents are broken into high, medium, and low risk incidents for each information category.", + "dataTypesDependencies": [ + "CognniIncidents_CL" + ], + "dataConnectorsDependencies": [ + "CognniSentinelDataConnector" + ], + "previewImagesFileNames": [ + "CognniBlack.PNG", + "CognniWhite.PNG" + ], + "version": "1.0.0", + "title": "Cognni Important Information Incidents", + "templateRelativePath": "CognniIncidentsWorkbook.json", + "subtitle": "", + "provider": "Cognni" + }, + { + "workbookKey": "pfsense", + "logoFileName": "pfsense_logo.svg", + "description": "Gain insights into pfsense logs from both filterlog and nginx.", + "dataTypesDependencies": [ + "CommonSecurityLog" + ], + "dataConnectorsDependencies": [], + "previewImagesFileNames": [ + "pfsenseBlack.png", + "pfsenseWhite.png" + ], + "version": "1.0.0", + "title": "pfsense", + "templateRelativePath": "pfsense.json", + "subtitle": "", + "provider": "Microsoft Sentinel community" + }, + { + "workbookKey": "ExchangeCompromiseHunting", + "logoFileName": "MSTIC-Logo.svg", + "description": "This workbook is intended to help defenders in responding to the Exchange Server vulnerabilities disclosed in March 2021, as well as hunting for potential compromise activity. More details on these vulnearbilities can be found at: https://aka.ms/exchangevulns", + "dataTypesDependencies": [ + "SecurityEvent", + "W3CIISLog" + ], + "dataConnectorsDependencies": [ + "SecurityEvents", + "AzureMonitor(IIS)", + "WindowsSecurityEvents" + ], + "previewImagesFileNames": [ + "ExchangeBlack.png", + "ExchangeWhite.png" + ], + "version": "1.0.0", + "title": "Exchange Compromise Hunting", + "templateRelativePath": "ExchangeCompromiseHunting.json", + "subtitle": "", + "provider": "Microsoft" + }, + { + "workbookKey": "SOCProcessFrameworkWorkbook", + "logoFileName": "Azure_Sentinel.svg", + "description": "Built by Microsoft's Sentinel GBB's - This workbook contains years of SOC Best Practices and is intended to help SOCs mature and leverage industry standards in Operationalizing their SOC in using Microsoft Sentinel. It contains Processes and Procedures every SOC should consider and builds a high level of operational excellence.", + "dataTypesDependencies": [], + "dataConnectorsDependencies": [], + "previewImagesFileNames": [ + "SOCProcessFrameworkCoverImage1White.png", + "SOCProcessFrameworkCoverImage1Black.png", + "SOCProcessFrameworkCoverImage2White.png", + "SOCProcessFrameworkCoverImage2Black.png" + ], + "version": "1.1.0", + "title": "SOC Process Framework", + "templateRelativePath": "SOCProcessFramework.json", + "subtitle": "", + "provider": "Microsoft Sentinel Community" + }, + { + "workbookKey": "Building_a_SOCLargeStaffWorkbook", + "logoFileName": "Azure_Sentinel.svg", + "description": "Built by Microsoft's Sentinel GBB's - This workbook contains years of SOC Best Practices and is intended to help SOCs mature and leverage industry standards in Operationalizing their SOC in using Microsoft Sentinel. It contains Processes and Procedures every SOC should consider and builds a high level of operational excellence.", + "dataTypesDependencies": [], + "dataConnectorsDependencies": [], + "previewImagesFileNames": [ + "SOCProcessFrameworkCoverImage1White.png", + "SOCProcessFrameworkCoverImage1Black.png", + "SOCProcessFrameworkCoverImage2White.png", + "SOCProcessFrameworkCoverImage2Black.png" + ], + "version": "1.1.0", + "title": "SOC Large Staff", + "templateRelativePath": "Building_a_SOCLargeStaff.json", + "subtitle": "", + "provider": "Microsoft Sentinel Community" + }, + { + "workbookKey": "Building_a_SOCMediumStaffWorkbook", + "logoFileName": "Azure_Sentinel.svg", + "description": "Built by Microsoft's Sentinel GBB's - This workbook contains years of SOC Best Practices and is intended to help SOCs mature and leverage industry standards in Operationalizing their SOC in using Microsoft Sentinel. It contains Processes and Procedures every SOC should consider and builds a high level of operational excellence.", + "dataTypesDependencies": [], + "dataConnectorsDependencies": [], + "previewImagesFileNames": [ + "SOCProcessFrameworkCoverImage1White.png", + "SOCProcessFrameworkCoverImage1Black.png", + "SOCProcessFrameworkCoverImage2White.png", + "SOCProcessFrameworkCoverImage2Black.png" + ], + "version": "1.1.0", + "title": "SOC Medium Staff", + "templateRelativePath": "Building_a_SOCMediumStaff.json", + "subtitle": "", + "provider": "Microsoft Sentinel Community" + }, + { + "workbookKey": "Building_a_SOCPartTimeStaffWorkbook", + "logoFileName": "Azure_Sentinel.svg", + "description": "Built by Microsoft's Sentinel GBB's - This workbook contains years of SOC Best Practices and is intended to help SOCs mature and leverage industry standards in Operationalizing their SOC in using Microsoft Sentinel. It contains Processes and Procedures every SOC should consider and builds a high level of operational excellence.", + "dataTypesDependencies": [], + "dataConnectorsDependencies": [], + "previewImagesFileNames": [ + "SOCProcessFrameworkCoverImage1White.png", + "SOCProcessFrameworkCoverImage1Black.png", + "SOCProcessFrameworkCoverImage2White.png", + "SOCProcessFrameworkCoverImage2Black.png" + ], + "version": "1.1.0", + "title": "SOC Part Time Staff", + "templateRelativePath": "Building_a_SOCPartTimeStaff.json", + "subtitle": "", + "provider": "Microsoft Sentinel Community" + }, + { + "workbookKey": "Building_a_SOCSmallStaffWorkbook", + "logoFileName": "Azure_Sentinel.svg", + "description": "Built by Microsoft's Sentinel GBB's - This workbook contains years of SOC Best Practices and is intended to help SOCs mature and leverage industry standards in Operationalizing their SOC in using Microsoft Sentinel. It contains Processes and Procedures every SOC should consider and builds a high level of operational excellence.", + "dataTypesDependencies": [], + "dataConnectorsDependencies": [], + "previewImagesFileNames": [ + "SOCProcessFrameworkCoverImage1White.png", + "SOCProcessFrameworkCoverImage1Black.png", + "SOCProcessFrameworkCoverImage2White.png", + "SOCProcessFrameworkCoverImage2Black.png" + ], + "version": "1.1.0", + "title": "SOC Small Staff", + "templateRelativePath": "Building_a_SOCSmallStaff.json", + "subtitle": "", + "provider": "Microsoft Sentinel Community" + }, + { + "workbookKey": "SOCIRPlanningWorkbook", + "logoFileName": "Azure_Sentinel.svg", + "description": "Built by Microsoft's Sentinel GBB's - This workbook contains years of SOC Best Practices and is intended to help SOCs mature and leverage industry standards in Operationalizing their SOC in using Microsoft Sentinel. It contains Processes and Procedures every SOC should consider and builds a high level of operational excellence.", + "dataTypesDependencies": [], + "dataConnectorsDependencies": [], + "previewImagesFileNames": [ + "SOCProcessFrameworkCoverImage1White.png", + "SOCProcessFrameworkCoverImage1Black.png", + "SOCProcessFrameworkCoverImage2White.png", + "SOCProcessFrameworkCoverImage2Black.png" + ], + "version": "1.1.0", + "title": "SOC IR Planning", + "templateRelativePath": "SOCIRPlanning.json", + "subtitle": "", + "provider": "Microsoft Sentinel Community" + }, + { + "workbookKey": "UpdateSOCMaturityScoreWorkbook", + "logoFileName": "Azure_Sentinel.svg", + "description": "Built by Microsoft's Sentinel GBB's - This workbook contains years of SOC Best Practices and is intended to help SOCs mature and leverage industry standards in Operationalizing their SOC in using Microsoft Sentinel. It contains Processes and Procedures every SOC should consider and builds a high level of operational excellence.", + "dataTypesDependencies": [], + "dataConnectorsDependencies": [], + "previewImagesFileNames": [ + "SOCProcessFrameworkCoverImage1White.png", + "SOCProcessFrameworkCoverImage1Black.png", + "SOCProcessFrameworkCoverImage2White.png", + "SOCProcessFrameworkCoverImage2Black.png" + ], + "version": "1.1.0", + "title": "Update SOC Maturity Score", + "templateRelativePath": "UpdateSOCMaturityScore.json", + "subtitle": "", + "provider": "Microsoft Sentinel Community" + }, + { + "workbookKey": "Microsoft365SecurityPosture", + "logoFileName": "M365securityposturelogo.svg", + "description": "This workbook presents security posture data collected from Azure Security Center, M365 Defender, Defender for Endpoint, and Microsoft Cloud App Security. This workbook relies on the M365 Security Posture Playbook in order to bring the data in.", + "dataTypesDependencies": [ + "M365SecureScore_CL", + "MDfESecureScore_CL", + "MDfEExposureScore_CL", + "MDfERecommendations_CL", + "MDfEVulnerabilitiesList_CL", + "McasShadowItReporting" + ], + "dataConnectorsDependencies": [], + "previewImagesFileNames": [ + "M365securitypostureblack.png", + "M365securityposturewhite.png" + ], + "version": "1.0.0", + "title": "Microsoft 365 Security Posture", + "templateRelativePath": "M365SecurityPosture.json", + "subtitle": "", + "provider": "Microsoft Sentinel Community" + }, + { + "workbookKey": "AzureSentinelCost", + "logoFileName": "Azure_Sentinel.svg", + "description": "This workbook provides an estimated cost across the main billed items in Microsoft Sentinel: ingestion, retention and automation. It also provides insight about the possible impact of the Microsoft 365 E5 offer.", + "dataTypesDependencies": [ + "Usage" + ], + "dataConnectorsDependencies": [], + "previewImagesFileNames": [ + "AzureSentinelCostWhite.png", + "AzureSentinelCostBlack.png" + ], + "version": "1.5.1", + "title": "Microsoft Sentinel Cost", + "templateRelativePath": "AzureSentinelCost.json", + "subtitle": "", + "provider": "Microsoft Sentinel Community" + }, + { + "workbookKey": "ADXvsLA", + "logoFileName": "Azure_Sentinel.svg", + "description": "This workbook shows the tables from Microsoft Sentinel which are backed up in ADX. It also provides a comparison between the entries in the Microsoft Sentinel tables and the ADX tables. Lastly some general information about the queries and ingestion on ADX is shown.", + "dataTypesDependencies": [], + "dataConnectorsDependencies": [], + "previewImagesFileNames": [ + "ADXvsLABlack.PNG", + "ADXvsLAWhite.PNG" + ], + "version": "1.0.0", + "title": "ADXvsLA", + "templateRelativePath": "ADXvsLA.json", + "subtitle": "", + "provider": "Microsoft Sentinel Community" + }, + { + "workbookKey": "MicrosoftDefenderForOffice365", + "logoFileName": "office365_logo.svg", + "description": "Gain insights into your Microsoft Defender for Office 365 raw data logs. This workbook lets you look at trends in email senders, attachments and embedded URL data to find anomalies. You can also search by, sender, recipient, subject, attachment or embedded URL to find where the related messages have been sent.", + "dataTypesDependencies": [ + "EmailEvents", + "EmailUrlInfo", + "EmailAttachmentInfo" + ], + "dataConnectorsDependencies": [], + "previewImagesFileNames": [ + "MDOWhite1.png", + "MDOBlack1.png", + "MDOWhite2.png", + "MDOBlack2.png" + ], + "version": "1.0.0", + "title": "Microsoft Defender For Office 365", + "templateRelativePath": "MicrosoftDefenderForOffice365.json", + "subtitle": "", + "provider": "Microsoft Sentinel Community" + }, + { + "workbookKey": "ProofPointThreatDashboard", + "logoFileName": "", + "description": "Provides an overview of email threat activity based on log data provided by ProofPoint", + "dataTypesDependencies": [ + "ProofpointPOD_message_CL", + "ProofpointPOD_maillog_CL", + "ProofPointTAPClicksBlocked_CL", + "ProofPointTAPClicksPermitted_CL", + "ProofPointTAPMessagesBlocked_CL", + "ProofPointTAPMessagesDelivered_CL" + ], + "dataConnectorsDependencies": [ + "ProofpointTAP", + "ProofpointPOD" + ], + "previewImagesFileNames": [ + "ProofPointThreatDashboardBlack1.png", + "ProofPointThreatDashboardWhite1.png" + ], + "version": "1.0.0", + "title": "ProofPoint Threat Dashboard", + "templateRelativePath": "ProofPointThreatDashboard.json", + "subtitle": "", + "provider": "Microsoft Sentinel Community" + }, + { + "workbookKey": "AMAmigrationTracker", + "logoFileName": "Azure_Sentinel.svg", + "description": "See what Azure and Azure Arc servers have Log Analytics agent or Azure Monitor agent installed. Review what DCR (data collection rules) apply to your machines and whether you are collecting logs from those machines into your selected workspaces.", + "dataTypesDependencies": [], + "dataConnectorsDependencies": [], + "previewImagesFileNames": [ + "AMAtrackingWhite1.png", + "AMAtrackingWhite2.png", + "AMAtrackingWhite3.png", + "AMAtrackingBlack1.png", + "AMAtrackingBlack2.png", + "AMAtrackingBlack3.png" + ], + "version": "1.1.0", + "title": "AMA migration tracker", + "templateRelativePath": "AMAmigrationTracker.json", + "subtitle": "", + "provider": "Microsoft Sentinel Community" + }, + { + "workbookKey": "AdvancedKQL", + "logoFileName": "Azure_Sentinel.svg", + "description": "This interactive Workbook is designed to improve your KQL proficiency by using a use-case driven approach.", + "dataTypesDependencies": [], + "dataConnectorsDependencies": [], + "previewImagesFileNames": [ + "AdvancedKQLWhite.png", + "AdvancedKQLBlack.png" + ], + "version": "1.3.0", + "title": "Advanced KQL for Microsoft Sentinel", + "templateRelativePath": "AdvancedKQL.json", + "subtitle": "", + "provider": "Microsoft Sentinel Community" + }, + { + "workbookKey": "DSTIMWorkbook", + "logoFileName": "DSTIM.svg", + "description": "Identify sensitive data blast radius (i.e., who accessed sensitive data, what kinds of sensitive data, from where and when) in a given data security incident investigation or as part of Threat Hunting. Prioritize your investigation based on insights provided with integrations with Watchlists(VIPUsers, TerminatedEmployees and HighValueAssets), Threat Intelligence feed, UEBA baselines and much more.", + "dataTypesDependencies": [ + "DSMAzureBlobStorageLogs", + "DSMDataClassificationLogs", + "DSMDataLabelingLogs", + "Anomalies", + "ThreatIntelligenceIndicator", + "AADManagedIdentitySignInLogs", + "SecurityAlert", + "SigninLogs" + ], + "dataConnectorsDependencies": [], + "previewImagesFileNames": [ + "DSTIMWorkbookBlack.png", + "DSTIMWorkbookWhite.png" + ], + "version": "1.9.0", + "title": "Data Security - Sensitive Data Impact Assessment", + "templateRelativePath": "DSTIMWorkbook.json", + "subtitle": "", + "provider": "Microsoft", + "featureFlag": "DSTIMWorkbook" + }, + { + "workbookKey": "IntrotoKQLWorkbook", + "logoFileName": "", + "description": "Learn and practice the Kusto Query Language. This workbook introduces and provides 100 to 200 level content for new and existing users looking to learn KQL. This workbook will be updated with content over time.", + "dataTypesDependencies": [], + "dataConnectorsDependencies": [], + "previewImagesFileNames": [ + "IntrotoKQL-black.png", + "IntrotoKQL-white.png" + ], + "version": "1.0.0", + "title": "Intro to KQL", + "templateRelativePath": "IntrotoKQL.json", + "subtitle": "", + "provider": "Microsoft Sentinel Community" + }, + { + "workbookKey": "Log4jPostCompromiseHuntingWorkbook", + "logoFileName": "", + "description": "This hunting workbook is intended to help identify activity related to the Log4j compromise discovered in December 2021.", + "dataTypesDependencies": [ + "SecurityNestedRecommendation", + "AzureDiagnostics", + "OfficeActivity", + "W3CIISLog", + "AWSCloudTrail", + "SigninLogs", + "AADNonInteractiveUserSignInLogs", + "imWebSessions", + "imNetworkSession" + ], + "dataConnectorsDependencies": [], + "previewImagesFileNames": [ + "Log4jPostCompromiseHuntingBlack.png", + "Log4jPostCompromiseHuntingWhite.png" + ], + "version": "1.0.0", + "title": "Log4j Post Compromise Hunting", + "templateRelativePath": "Log4jPostCompromiseHunting.json", + "subtitle": "", + "provider": "Microsoft Sentinel Community" + }, + { + "workbookKey": "Log4jImpactAssessmentWorkbook", + "logoFileName": "", + "description": "This hunting workbook is intended to help identify activity related to the Log4j compromise discovered in December 2021.", + "dataTypesDependencies": [ + "SecurityIncident", + "SecurityAlert", + "AzureSecurityCenter", + "MDfESecureScore_CL", + "MDfEExposureScore_CL", + "MDfERecommendations_CL", + "MDfEVulnerabilitiesList_CL" + ], + "dataConnectorsDependencies": [], + "previewImagesFileNames": [], + "version": "1.0.0", + "title": "Log4j Impact Assessment", + "templateRelativePath": "Log4jImpactAssessment.json", + "subtitle": "", + "provider": "Microsoft Sentinel Community" + }, + { + "workbookKey": "UserMap", + "logoFileName": "", + "description": "This Workbook shows MaliciousIP, User SigninLog Data (this shows user Signin Locations and distance between as well as order visited) and WAF information.", + "dataTypesDependencies": [ + "SigninLogs", + "AzureDiagnostics", + "WireData", + "VMconnection", + "CommonSecurityLog", + "WindowsFirewall", + "W3CIISLog", + "DnsEvents" + ], + "dataConnectorsDependencies": [ + "AzureActiveDirectory" + ], + "previewImagesFileNames": [ + "UserMapBlack.png", + "UserMapWhite.png" + ], + "version": "1.0.0", + "title": "User Map information", + "templateRelativePath": "UserMap.json", + "subtitle": "", + "provider": "Microsoft Sentinel Community" + }, + { + "workbookKey": "AWSS3", + "logoFileName": "", + "description": ".", + "dataTypesDependencies": [ + "AWSCloudTrail", + "AWSGuardDuty", + "AWSVPCFlow" + ], + "dataConnectorsDependencies": [ + "AWSS3" + ], + "previewImagesFileNames": [ + "AWSS3Black.png", + "AWSS3White.png", + "AWSS3White1.png" + ], + "version": "1.0.0", + "title": "AWS S3 Workbook", + "templateRelativePath": "AWSS3.json", + "subtitle": "", + "provider": "Microsoft Sentinel Community" + }, + { + "workbookKey": "LogSourcesAndAnalyticRulesCoverageWorkbook", + "logoFileName": "", + "description": "This workbook is intended to show how the different tables in a Log Analytics workspace are being used by the different Microsoft Sentinel features, like analytics, hunting queries, playbooks and queries in general.", + "dataTypesDependencies": [], + "dataConnectorsDependencies": [], + "previewImagesFileNames": [ + "LogSourcesAndAnalyticRulesCoverageBlack.png", + "LogSourcesAndAnalyticRulesCoverageWhite.png" + ], + "version": "1.1.0", + "title": "Log Sources & Analytic Rules Coverage", + "templateRelativePath": "LogSourcesAndAnalyticRulesCoverage.json", + "subtitle": "", + "provider": "Microsoft Sentinel Community" + }, + { + "workbookKey": "CiscoFirepower", + "logoFileName": "", + "description": "Gain insights into your Cisco Firepower firewalls. This workbook analyzes Cisco Firepower device logs.", + "dataTypesDependencies": [ + "CommonSecurityLog" + ], + "dataConnectorsDependencies": [], + "previewImagesFileNames": [ + "CiscoFirepowerBlack.png", + "CiscoFirepowerWhite.png" + ], + "version": "1.0.0", + "title": "Cisco Firepower", + "templateRelativePath": "CiscoFirepower.json", + "subtitle": "", + "provider": "Microsoft Sentinel Community" + }, + { + "workbookKey": "MicrorosftTeams", + "logoFileName": "microsoftteams.svg", + "description": "This workbook is intended to identify the activities on Microrsoft Teams.", + "dataTypesDependencies": [ + "OfficeActivity" + ], + "dataConnectorsDependencies": [], + "previewImagesFileNames": [ + "MicrosoftTeamsBlack.png", + "MicrosoftTeamsWhite.png" + ], + "version": "1.0.0", + "title": "Microsoft Teams", + "templateRelativePath": "MicrosoftTeams.json", + "subtitle": "", + "provider": "Microsoft Sentinel Community" + }, + { + "workbookKey": "ArchivingBasicLogsRetention", + "logoFileName": "ArchivingBasicLogsRetention.svg", + "description": "This workbooks shows workspace and table retention periods, basic logs, and search & restore tables. It also allows you to update table retention periods, plans, and delete search or restore tables.", + "dataTypesDependencies": [], + "dataConnectorsDependencies": [], + "previewImagesFileNames": [ + "ArchivingBasicLogsRetentionBlack1.png", + "ArchivingBasicLogsRetentionWhite1.png" + ], + "version": "1.1.0", + "title": "Archiving, Basic Logs, and Retention", + "templateRelativePath": "ArchivingBasicLogsRetention.json", + "subtitle": "", + "provider": "Microsoft Sentinel Community" + }, + { + "workbookKey": "OktaSingleSignOnWorkbook", + "logoFileName": "okta_logo.svg", + "description": "Gain extensive insight into Okta Single Sign-On (SSO) by analyzing, collecting and correlating Audit and Event events.\nThis workbook provides visibility into message and click events that were permitted, delivered, or blocked", + "dataTypesDependencies": [ + "Okta_CL" + ], + "dataConnectorsDependencies": [ + "OktaSSO" + ], + "previewImagesFileNames": [ + "OktaSingleSignOnWhite.png", + "OktaSingleSignOnBlack.png" + ], + "version": "1.2", + "title": "Okta Single Sign-On", + "templateRelativePath": "OktaSingleSignOn.json", + "subtitle": "", + "provider": "Okta" + }, + { + "workbookKey": "Dynamics365Workbooks", + "logoFileName": "DynamicsLogo.svg", + "description": "This workbook brings together queries and visualizations to assist you in identifying potential threats in your Dynamics 365 audit data.", + "dataTypesDependencies": [ + "Dynamics365Activity" + ], + "dataConnectorsDependencies": [ + "Dynamics365" + ], + "previewImagesFileNames": [ + "Dynamics365WorkbookBlack.png", + "Dynamics365WorkbookWhite.png" + ], + "version": "1.0.3", + "title": "Dynamics365Workbooks", + "templateRelativePath": "Dynamics365Workbooks.json", + "subtitle": "", + "provider": "Microsoft Sentinel Community" + }, + { + "workbookKey": "CiscoMerakiWorkbook", + "logoFileName": "", + "description": "Gain insights into the Events from Cisco Meraki Solution and analyzing all the different types of Security Events. This workbook also helps in identifying the Events from affected devices, IPs and the nodes where malware was successfully detected.\nIP data received in Events is correlated with Threat Intelligence to identify if the reported IP address is known bad based on threat intelligence data.", + "dataTypesDependencies": [ + "meraki_CL", + "CiscoMerakiNativePoller", + "ThreatIntelligenceIndicator" + ], + "dataConnectorsDependencies": [ + "CiscoMeraki", + "CiscoMerakiNativePolling", + "ThreatIntelligence" + ], + "previewImagesFileNames": [ + "CiscoMerakiWorkbookWhite.png", + "CiscoMerakiWorkbookBlack.png" + ], + "version": "1.0.0", + "title": "CiscoMerakiWorkbook", + "templateRelativePath": "CiscoMerakiWorkbook.json", + "subtitle": "", + "provider": "Microsoft" + }, + { + "workbookKey": "SentinelOneWorkbook", + "logoFileName": "", + "description": "Sets the time name for analysis.", + "dataTypesDependencies": [ + "SentinelOne_CL" + ], + "dataConnectorsDependencies": [ + "SentinelOne" + ], + "previewImagesFileNames": [ + "SentinelOneBlack.png", + "SentinelOneWhite.png" + ], + "version": "1.0.0", + "title": "SentinelOneWorkbook", + "templateRelativePath": "SentinelOne.json", + "subtitle": "", + "provider": "Microsoft" + }, + { + "workbookKey": "TrendMicroApexOneWorkbook", + "logoFileName": "trendmicro_logo.svg", + "description": "Sets the time name for analysis.", + "dataTypesDependencies": [ + "CommonSecurityLog" + ], + "dataConnectorsDependencies": [ + "TrendMicroApexOne" + ], + "previewImagesFileNames": [ + "TrendMicroApexOneBlack.png", + "TrendMicroApexOneWhite.png" + ], + "version": "1.0.0", + "title": "Trend Micro Apex One", + "templateRelativePath": "TrendMicroApexOne.json", + "subtitle": "", + "provider": "TrendMicro" + }, + { + "workbookKey": "ContrastProtect", + "logoFileName": "contrastsecurity_logo.svg", + "description": "Select the time range for this Overview.", + "dataTypesDependencies": [ + "CommonSecurityLog" + ], + "dataConnectorsDependencies": [ + "ContrastProtect" + ], + "previewImagesFileNames": [ + "ContrastProtectAllBlack.png", + "ContrastProtectAllWhite.png", + "ContrastProtectEffectiveBlack.png", + "ContrastProtectEffectiveWhite.png", + "ContrastProtectSummaryBlack.png", + "ContrastProtectSummaryWhite.png" + ], + "version": "1.0.0", + "title": "Contrast Protect", + "templateRelativePath": "ContrastProtect.json", + "subtitle": "", + "provider": "contrast security" + }, + { + "workbookKey": "ArmorbloxOverview", + "logoFileName": "armorblox.svg", + "description": "INCIDENTS FROM SELECTED TIME RANGE", + "dataTypesDependencies": [ + "Armorblox_CL" + ], + "dataConnectorsDependencies": [ + "Armorblox" + ], + "previewImagesFileNames": [ + "ArmorbloxOverviewBlack01.png", + "ArmorbloxOverviewBlack02.png", + "ArmorbloxOverviewWhite01.png", + "ArmorbloxOverviewWhite02.png" + ], + "version": "1.0.0", + "title": "Armorblox", + "templateRelativePath": "ArmorbloxOverview.json", + "subtitle": "", + "provider": "Armorblox" + }, + { + "workbookKey": "PaloAltoCDL", + "logoFileName": "paloalto_logo.svg", + "description": "Sets the time name for analysis", + "dataTypesDependencies": [ + "CommonSecurityLog" + ], + "dataConnectorsDependencies": [ + "PaloAltoCDL" + ], + "previewImagesFileNames": [ + "PaloAltoBlack.png", + "PaloAltoWhite.png" + ], + "version": "1.0.0", + "title": "Palo Alto Networks Cortex Data Lake", + "templateRelativePath": "PaloAltoCDL.json", + "subtitle": "", + "provider": "Palo Alto Networks" + }, + { + "workbookKey": "VMwareCarbonBlack", + "logoFileName": "Azure_Sentinel.svg", + "description": "Sets the time name for analysis", + "dataTypesDependencies": [ + "CarbonBlackEvents_CL", + "CarbonBlackAuditLogs_CL", + "CarbonBlackNotifications_CL" + ], + "dataConnectorsDependencies": [ + "VMwareCarbonBlack" + ], + "previewImagesFileNames": [ + "VMwareCarbonBlack.png", + "VMwareCarbonWhite.png" + ], + "version": "1.0.0", + "title": "VMware Carbon Black Cloud", + "templateRelativePath": "VMwareCarbonBlack.json", + "subtitle": "", + "provider": "Microsoft" + }, + { + "workbookKey": "arista-networks", + "logoFileName": "AristaAwakeSecurity.svg", + "description": "Sets the time name for analysis", + "dataTypesDependencies": [ + "CommonSecurityLog" + ], + "dataConnectorsDependencies": [ + "AristaAwakeSecurity" + ], + "previewImagesFileNames": [ + "AristaAwakeSecurityDevicesBlack.png", + "AristaAwakeSecurityDevicesWhite.png", + "AristaAwakeSecurityModelsBlack.png", + "AristaAwakeSecurityModelsWhite.png", + "AristaAwakeSecurityOverviewBlack.png", + "AristaAwakeSecurityOverviewWhite.png" + ], + "version": "1.0.0", + "title": "Arista Awake", + "templateRelativePath": "AristaAwakeSecurityWorkbook.json", + "subtitle": "", + "provider": "Arista Networks" + }, + { + "workbookKey": "TomcatWorkbook", + "logoFileName": "Azure_Sentinel.svg", + "description": "Sets the time name for analysis", + "dataTypesDependencies": [ + "Tomcat_CL" + ], + "dataConnectorsDependencies": [ + "ApacheTomcat" + ], + "previewImagesFileNames": [ + "TomcatBlack.png", + "TomcatWhite.png" + ], + "version": "1.0.0", + "title": "ApacheTomcat", + "templateRelativePath": "Tomcat.json", + "subtitle": "", + "provider": "Apache" + }, + { + "workbookKey": "ClarotyWorkbook", + "logoFileName": "Azure_Sentinel.svg", + "description": "Sets the time name for analysis", + "dataTypesDependencies": [ + "CommonSecurityLog" + ], + "dataConnectorsDependencies": [ + "Claroty" + ], + "previewImagesFileNames": [ + "ClarotyBlack.png", + "ClarotyWhite.png" + ], + "version": "1.0.0", + "title": "Claroty", + "templateRelativePath": "ClarotyOverview.json", + "subtitle": "", + "provider": "Claroty" + }, + { + "workbookKey": "ApacheHTTPServerWorkbook", + "logoFileName": "apache.svg", + "description": "Sets the time name for analysis", + "dataTypesDependencies": [ + "ApacheHTTPServer_CL" + ], + "dataConnectorsDependencies": [ + "ApacheHTTPServer" + ], + "previewImagesFileNames": [ + "ApacheHTTPServerOverviewBlack01.png", + "ApacheHTTPServerOverviewBlack02.png", + "ApacheHTTPServerOverviewWhite01.png", + "ApacheHTTPServerOverviewWhite02.png" + ], + "version": "1.0.0", + "title": "Apache HTTP Server", + "templateRelativePath": "ApacheHTTPServer.json", + "subtitle": "", + "provider": "Apache Software Foundation" + }, + { + "workbookKey": "OCIWorkbook", + "logoFileName": "Azure_Sentinel.svg", + "description": "Sets the time name for analysis", + "dataTypesDependencies": [ + "OCI_Logs_CL" + ], + "dataConnectorsDependencies": [ + "OracleCloudInfrastructureLogsConnector" + ], + "previewImagesFileNames": [ + "OCIBlack.png", + "OCIWhite.png" + ], + "version": "1.0.0", + "title": "Oracle Cloud Infrastructure", + "templateRelativePath": "OracleCloudInfrastructureOCI.json", + "subtitle": "", + "provider": "Microsoft" + }, + { + "workbookKey": "OracleWeblogicServerWorkbook", + "logoFileName": "Azure_Sentinel.svg", + "description": "Sets the time name for analysis", + "dataTypesDependencies": [ + "OracleWebLogicServer_CL" + ], + "dataConnectorsDependencies": [ + "OracleWebLogicServer" + ], + "previewImagesFileNames": [ + "OracleWeblogicServerBlack.png", + "OracleWeblogicServerWhite.png" + ], + "version": "1.0.0", + "title": "Oracle WebLogic Server", + "templateRelativePath": "OracleWorkbook.json", + "subtitle": "", + "provider": "Oracle" + }, + { + "workbookKey": "BitglassWorkbook", + "logoFileName": "Azure_Sentinel.svg", + "description": "Sets the time name for analysis", + "dataTypesDependencies": [ + "BitglassLogs_CL" + ], + "dataConnectorsDependencies": [ + "Bitglass" + ], + "previewImagesFileNames": [ + "BitglassBlack.png", + "BitglassWhite.png" + ], + "version": "1.0.0", + "title": "Bitglass", + "templateRelativePath": "Bitglass.json", + "subtitle": "", + "provider": "Bitglass" + }, + { + "workbookKey": "NGINXWorkbook", + "logoFileName": "Azure_Sentinel.svg", + "description": "Sets the time name for analysis", + "dataTypesDependencies": [ + "NGINX_CL" + ], + "dataConnectorsDependencies": [ + "NGINXHTTPServer" + ], + "previewImagesFileNames": [ + "NGINXOverviewBlack01.png", + "NGINXOverviewBlack02.png", + "NGINXOverviewWhite01.png", + "NGINXOverviewWhite02.png" + ], + "version": "1.0.0", + "title": "NGINX HTTP Server", + "templateRelativePath": "NGINX.json", + "subtitle": "", + "provider": "Microsoft" + }, + { + "workbookKey": "vArmourAppContollerWorkbook", + "logoFileName": "varmour-logo.svg", + "description": "Sets the time name for analysis", + "dataTypesDependencies": [ + "CommonSecurityLog" + ], + "dataConnectorsDependencies": [ + "vArmourAC" + ], + "previewImagesFileNames": [ + "vArmourAppControllerAppBlack.png", + "vArmourAppControllerAppBlack-1.png", + "vArmourAppControllerAppBlack-2.png", + "vArmourAppControllerAppBlack-3.png", + "vArmourAppControllerAppBlack-4.png", + "vArmourAppControllerAppBlack-5.png", + "vArmourAppControllerAppBlack-6.png", + "vArmourAppControllerAppBlack-7.png", + "vArmourAppControllerAppWhite.png", + "vArmourAppControllerAppWhite-1.png", + "vArmourAppControllerAppWhite-2.png", + "vArmourAppControllerAppWhite-3.png", + "vArmourAppControllerAppWhite-4.png", + "vArmourAppControllerAppWhite-5.png", + "vArmourAppControllerAppWhite-6.png", + "vArmourAppControllerAppWhite-7.png" + ], + "version": "1.0.0", + "title": "vArmour Application Controller", + "templateRelativePath": "vArmour_AppContoller_Workbook.json", + "subtitle": "", + "provider": "vArmour" + }, + { + "workbookKey": "CorelightWorkbook", + "logoFileName": "corelight.svg", + "description": "Sets the time name for analysis", + "dataTypesDependencies": [ + "Corelight_CL" + ], + "dataConnectorsDependencies": [ + "Corelight" + ], + "previewImagesFileNames": [ + "CorelightConnectionsBlack1.png", + "CorelightConnectionsBlack2.png", + "CorelightConnectionsWhite1.png", + "CorelightConnectionsWhite2.png", + "CorelightDNSBlack1.png", + "CorelightDNSWhite1.png", + "CorelightFileBlack1.png", + "CorelightFileBlack2.png", + "CorelightFileWhite1.png", + "CorelightFileWhite2.png", + "CorelightMainBlack1.png", + "CorelightMainWhite1.png", + "CorelightSoftwareBlack1.png", + "CorelightSoftwareWhite1.png" + ], + "version": "1.0.0", + "title": "Corelight", + "templateRelativePath": "Corelight.json", + "subtitle": "", + "provider": "Corelight" + }, + { + "workbookKey": "LookoutEvents", + "logoFileName": "lookout.svg", + "description": "Sets the time name for analysis", + "dataTypesDependencies": [ + "Lookout_CL" + ], + "dataConnectorsDependencies": [ + "LookoutAPI" + ], + "previewImagesFileNames": [ + "SampleLookoutWorkBookBlack.png", + "SampleLookoutWorkBookWhite.png" + ], + "version": "1.0.0", + "title": "Lookout", + "templateRelativePath": "LookoutEvents.json", + "subtitle": "", + "provider": "Lookout" + }, + { + "workbookKey": "sentinel-MicrosoftPurview", + "logoFileName": "MicrosoftPurview.svg", + "description": "Sets the time name for analysis", + "dataTypesDependencies": [ + "AzureDiagnostics" + ], + "dataConnectorsDependencies": [ + "MicrosoftAzurePurview" + ], + "previewImagesFileNames": [ + "" + ], + "version": "1.0.0", + "title": "Microsoft Purview", + "templateRelativePath": "MicrosoftPurview.json", + "subtitle": "", + "provider": "Microsoft" + }, + { + "workbookKey": "InfobloxCDCB1TDWorkbook", + "logoFileName": "infoblox_logo.svg", + "description": "Sets the time name for analysis", + "dataTypesDependencies": [ + "CommonSecurityLog" + ], + "dataConnectorsDependencies": [ + "InfobloxCloudDataConnector" + ], + "previewImagesFileNames": [ + "InfobloxCDCB1TDBlack.png", + "InfobloxCDCB1TDWhite.png" + ], + "version": "1.0.0", + "title": "Infoblox Cloud Data Connector", + "templateRelativePath": "InfobloxCDCB1TDWorkbook.json", + "subtitle": "", + "provider": "InfoBlox" + }, + { + "workbookKey": "UbiquitiUniFiWorkbook", + "logoFileName": "ubiquiti.svg", + "description": "Sets the time name for analysis", + "dataTypesDependencies": [ + "Ubiquiti_CL" + ], + "dataConnectorsDependencies": [ + "UbiquitiUnifi" + ], + "previewImagesFileNames": [ + "UbiquitiOverviewBlack01.png", + "UbiquitiOverviewBlack02.png", + "UbiquitiOverviewWhite01.png", + "UbiquitiOverviewWhite02.png" + ], + "version": "1.0.0", + "title": "Ubiquiti UniFi", + "templateRelativePath": "Ubiquiti.json", + "subtitle": "", + "provider": "Microsoft" + }, + { + "workbookKey": "VMwareESXiWorkbook", + "logoFileName": "Azure_Sentinel.svg", + "description": "Sets the time name for analysis", + "dataTypesDependencies": [ + "Syslog" + ], + "dataConnectorsDependencies": [ + "VMwareESXi" + ], + "previewImagesFileNames": [ + "VMWareESXiBlack.png", + "VMWareESXiWhite.png" + ], + "version": "1.0.0", + "title": "VMware ESXi", + "templateRelativePath": "VMWareESXi.json", + "subtitle": "", + "provider": "Microsoft" + }, + { + "workbookKey": "SnowflakeWorkbook", + "logoFileName": "Azure_Sentinel.svg", + "description": "Sets the time name for analysis", + "dataTypesDependencies": [ + "Snowflake_CL" + ], + "dataConnectorsDependencies": [ + "SnowflakeDataConnector" + ], + "previewImagesFileNames": [ + "SnowflakeBlack.png", + "SnowflakeWhite.png" + ], + "version": "1.0.0", + "title": "Snowflake", + "templateRelativePath": "Snowflake.json", + "subtitle": "", + "provider": "Snowflake" + }, + { + "workbookKey": "LastPassWorkbook", + "logoFileName": "LastPass.svg", + "description": "Sets the time name for analysis", + "dataTypesDependencies": [ + "LastPassNativePoller_CL" + ], + "dataConnectorsDependencies": [ + "LastPassAPIConnector" + ], + "previewImagesFileNames": [ + "LastPassBlack.png", + "LastPassWhite.png" + ], + "version": "1.0.0", + "title": "Lastpass Enterprise Activity Monitoring", + "templateRelativePath": "LastPassWorkbook.json", + "subtitle": "", + "provider": "LastPass" + }, + { + "workbookKey": "SecurityBridgeWorkbook", + "logoFileName": "SecurityBridgeLogo-Vector-TM_75x75.svg", + "description": "Sets the time name for analysis", + "dataTypesDependencies": [ + "SecurityBridgeLogs" + ], + "dataConnectorsDependencies": [ + "SecurityBridgeSAP" + ], + "previewImagesFileNames": [ + "SecurityBridgeThreatDetectionWhite.png", + "SecurityBridgeThreatDetectionWhite1.png" + ], + "version": "1.0.0", + "title": "SecurityBridge App", + "templateRelativePath": "SecurityBridgeThreatDetectionforSAP.json", + "subtitle": "", + "provider": "SecurityBridge" + }, + { + "workbookKey": "PaloAltoPrismaCloudWorkbook", + "logoFileName": "paloalto_logo.svg", + "description": "Sets the time name for analysis.", + "dataTypesDependencies": [ + "PaloAltoPrismaCloudAlert_CL", + "PaloAltoPrismaCloudAudit_CL" + ], + "dataConnectorsDependencies": [ + "PaloAltoPrismaCloud" + ], + "previewImagesFileNames": [ + "PaloAltoPrismaCloudBlack01.png", + "PaloAltoPrismaCloudBlack02.png", + "PaloAltoPrismaCloudWhite01.png", + "PaloAltoPrismaCloudWhite02.png" + ], + "version": "1.0.0", + "title": "Palo Alto Prisma", + "templateRelativePath": "PaloAltoPrismaCloudOverview.json", + "subtitle": "", + "provider": "Microsoft" + }, + { + "workbookKey": "PingFederateWorkbook", + "logoFileName": "PingIdentity.svg", + "description": "Sets the time name for analysis", + "dataTypesDependencies": [ + "PingFederateEvent" + ], + "dataConnectorsDependencies": [ + "PingFederate" + ], + "previewImagesFileNames": [ + "PingFederateBlack1.png", + "PingFederateWhite1.png" + ], + "version": "1.0.0", + "title": "PingFederate", + "templateRelativePath": "PingFederate.json", + "subtitle": "", + "provider": "Microsoft" + }, + { + "workbookKey": "McAfeeePOWorkbook", + "logoFileName": "mcafee_logo.svg", + "description": "Sets the time name for analysis", + "dataTypesDependencies": [ + "McAfeeEPOEvent" + ], + "dataConnectorsDependencies": [ + "McAfeeePO" + ], + "previewImagesFileNames": [ + "McAfeeePOBlack1.png", + "McAfeeePOBlack2.png", + "McAfeeePOWhite1.png", + "McAfeeePOWhite2.png" + ], + "version": "1.0.0", + "title": "McAfee ePolicy Orchestrator", + "templateRelativePath": "McAfeeePOOverview.json", + "subtitle": "", + "provider": "Microsoft" + }, + { + "workbookKey": "OracleDatabaseAudit", + "logoFileName": "oracle_logo.svg", + "description": "Sets the time name for analysis", + "dataTypesDependencies": [ + "Syslog" + ], + "dataConnectorsDependencies": [ + "OracleDatabaseAudit" + ], + "previewImagesFileNames": [ + "OracleDatabaseAuditBlack1.png", + "OracleDatabaseAuditBlack2.png", + "OracleDatabaseAuditWhite1.png", + "OracleDatabaseAuditWhite2.png" + ], + "version": "1.0.0", + "title": "Oracle Database Audit", + "templateRelativePath": "OracleDatabaseAudit.json", + "subtitle": "", + "provider": "Oracle" + }, + { + "workbookKey": "SenservaProAnalyticsWorkbook", + "logoFileName": "SenservaPro_logo.svg", + "description": "Sets the time name for analysis", + "dataTypesDependencies": [ + "SenservaPro_CL" + ], + "dataConnectorsDependencies": [ + "SenservaPro" + ], + "previewImagesFileNames": [ + "SenservaProAnalyticsBlack.png", + "SenservaProAnalyticsWhite.png" + ], + "version": "1.0.0", + "title": "SenservaProAnalytics", + "templateRelativePath": "SenservaProAnalyticsWorkbook.json", + "subtitle": "", + "provider": "Senserva Pro" + }, + { + "workbookKey": "SenservaProMultipleWorkspaceWorkbook", + "logoFileName": "SenservaPro_logo.svg", + "description": "Sets the time name for analysis", + "dataTypesDependencies": [ + "SenservaPro_CL" + ], + "dataConnectorsDependencies": [ + "SenservaPro" + ], + "previewImagesFileNames": [ + "SenservaProMultipleWorkspaceWorkbookBlack.png", + "SenservaProMultipleWorkspaceWorkbookWhite.png" + ], + "version": "1.0.0", + "title": "SenservaProMultipleWorkspace", + "templateRelativePath": "SenservaProMultipleWorkspaceWorkbook.json", + "subtitle": "", + "provider": "Senserva Pro" + }, + { + "workbookKey": "SenservaProSecureScoreMultiTenantWorkbook", + "logoFileName": "SenservaPro_logo.svg", + "description": "Sets the time name for analysis", + "dataTypesDependencies": [ + "SenservaPro_CL" + ], + "dataConnectorsDependencies": [ + "SenservaPro" + ], + "previewImagesFileNames": [ + "SenservaProSecureScoreMultiTenantBlack.png", + "SenservaProSecureScoreMultiTenantWhite.png" + ], + "version": "1.0.0", + "title": "SenservaProSecureScoreMultiTenant", + "templateRelativePath": "SenservaProSecureScoreMultiTenantWorkbook.json", + "subtitle": "", + "provider": "Senserva Pro" + }, + { + "workbookKey": "CiscoSecureEndpointOverviewWorkbook", + "logoFileName": "cisco-logo-72px.svg", + "description": "Sets the time name for analysis", + "dataTypesDependencies": [ + "CiscoSecureEndpoint" + ], + "dataConnectorsDependencies": [ + "CiscoSecureEndpoint" + ], + "previewImagesFileNames": [ + "CiscoSecureEndpointBlack.png", + "CiscoSecureEndpointWhite.png" + ], + "version": "1.0.0", + "title": "Cisco Secure Endpoint", + "templateRelativePath": "Cisco Secure Endpoint Overview.json", + "subtitle": "", + "provider": "Cisco" + }, + { + "workbookKey": "InfoSecGlobalWorkbook", + "logoFileName": "infosecglobal.svg", + "description": "Sets the time name for analysis.", + "dataTypesDependencies": [ + "InfoSecAnalytics_CL" + ], + "dataConnectorsDependencies": [ + "InfoSecDataConnector" + ], + "previewImagesFileNames": [ + "InfoSecGlobalWorkbookBlack.png", + "InfoSecGlobalWorkbookWhite.png" + ], + "version": "1.0.0", + "title": "AgileSec Analytics Connector", + "templateRelativePath": "InfoSecGlobal.json", + "subtitle": "", + "provider": "InfoSecGlobal" + }, + { + "workbookKey": "CrowdStrikeFalconEndpointProtectionWorkbook", + "logoFileName": "crowdstrike.svg", + "description": "Sets the time name for analysis", + "dataTypesDependencies": [ + "CrowdstrikeReplicatorLogs_CL" + ], + "dataConnectorsDependencies": [ + "CrowdstrikeReplicator" + ], + "previewImagesFileNames": [ + "CrowdStrikeFalconEndpointProtectionBlack.png", + "CrowdStrikeFalconEndpointProtectionWhite.png" + ], + "version": "1.0.0", + "title": "CrowdStrike Falcon Endpoint Protection", + "templateRelativePath": "CrowdStrikeFalconEndpointProtection.json", + "subtitle": "", + "provider": "Microsoft" + }, + { + "workbookKey": "IronDefenseAlertDashboard", + "logoFileName": "IronNet.svg", + "description": "Sets the time name for analysis", + "dataTypesDependencies": [ + "CommonSecurityLog" + ], + "dataConnectorsDependencies": [ + "IronNetIronDefense" + ], + "previewImagesFileNames": [ + "IronDefenseDashboardBlack.png", + "IronDefenseDashboardWhit.png" + ], + "version": "1.0.0", + "title": "IronDefenseAlertDashboard", + "templateRelativePath": "IronDefenseAlertDashboard.json", + "subtitle": "", + "provider": "Microsoft" + }, + { + "workbookKey": "IronDefenseAlertDetails", + "logoFileName": "IronNet.svg", + "description": "Sets the time name for analysis", + "dataTypesDependencies": [ + "CommonSecurityLog" + ], + "dataConnectorsDependencies": [ + "IronNetIronDefense" + ], + "previewImagesFileNames": [ + "IronDefenseAlertsBlack.png", + "IronDefenseAlertsWhite.png" + ], + "version": "1.0.0", + "title": "IronDefenseAlertDetails", + "templateRelativePath": "IronDefenseAlertDetails.json", + "subtitle": "", + "provider": "Microsoft" + }, + { + "workbookKey": "CiscoSEGWorkbook", + "logoFileName": "cisco-logo-72px.svg", + "description": "Sets the time name for analysis", + "dataTypesDependencies": [ + "CommonSecurityLog" + ], + "dataConnectorsDependencies": [ + "CiscoSEG" + ], + "previewImagesFileNames": [ + "CiscoSEGBlack.png", + "CiscoSEGWhite.png" + ], + "version": "1.0.0", + "title": "Cisco Secure Email Gateway", + "templateRelativePath": "CiscoSEG.json", + "subtitle": "", + "provider": "Cisco" + }, + { + "workbookKey": "EatonForeseerHealthAndAccess", + "logoFileName": "Azure_Sentinel.svg", + "description": "This workbook gives an insight into the health of all the Windows VMs in this subscription running Eaton Foreseer and the unauthorized access into the Eaton Foreseer application running on these VMs.", + "dataTypesDependencies": [ + "SecurityEvent" + ], + "dataConnectorsDependencies": [], + "previewImagesFileNames": [ + "EatonForeseerHealthAndAccessBlack.png", + "EatonForeseerHealthAndAccessWhite.png" + ], + "version": "1.0.0", + "title": "EatonForeseerHealthAndAccess", + "templateRelativePath": "EatonForeseerHealthAndAccess.json", + "subtitle": "", + "provider": "Eaton" + }, + { + "workbookKey": "PCIDSSComplianceWorkbook", + "logoFileName": "Azure_Sentinel.svg", + "description": "Choose your subscription and workspace in which PCI assets are deployed", + "dataTypesDependencies": [ + "AzureDaignostics", + "SecurityEvent", + "SecurityAlert", + "OracleDatabaseAuditEvent", + "Syslog", + "Anomalies" + ], + "dataConnectorsDependencies": [], + "previewImagesFileNames": [ + "PCIDSSComplianceBlack01.PNG", + "PCIDSSComplianceBlack02.PNG", + "PCIDSSComplianceWhite01.PNG", + "PCIDSSComplianceWhite02.PNG" + ], + "version": "1.0.0", + "title": "PCI DSS Compliance", + "templateRelativePath": "PCIDSSCompliance.json", + "subtitle": "", + "provider": "Microsoft" + }, + { + "workbookKey": "SonraiSecurityWorkbook", + "logoFileName": "Sonrai.svg", + "description": "Sets the time name for analysis", + "dataTypesDependencies": [ + "Sonrai_Tickets_CL" + ], + "dataConnectorsDependencies": [ + "SonraiDataConnector" + ], + "previewImagesFileNames": [ + "SonraiWorkbookBlack.png", + "SonraiWorkbookWhite.png" + ], + "version": "1.0.0", + "title": "Sonrai", + "templateRelativePath": "Sonrai.json", + "subtitle": "", + "provider": "Sonrai" + }, + { + "workbookKey": "CloudflareWorkbook", + "logoFileName": "cloudflare.svg", + "description": "Sets the time name for analysis", + "dataTypesDependencies": [ + "Cloudflare_CL" + ], + "dataConnectorsDependencies": [ + "CloudflareDataConnector" + ], + "previewImagesFileNames": [ + "CloudflareOverviewBlack01.png", + "CloudflareOverviewBlack02.png", + "CloudflareOverviewWhite01.png", + "CloudflareOverviewWhite02.png" + ], + "version": "1.0.0", + "title": "Cloudflare", + "templateRelativePath": "Cloudflare.json", + "subtitle": "", + "provider": "Cloudflare" + }, + { + "workbookKey": "SemperisDSPWorkbook", + "logoFileName": "Semperis.svg", + "description": "Specify the time range on which to query the data", + "dataTypesDependencies": [ + "dsp_parser" + ], + "dataConnectorsDependencies": [ + "SemperisDSP" + ], + "previewImagesFileNames": [ + "SemperisDSPOverview1Black.png", + "SemperisDSPOverview1White.png", + "SemperisDSPOverview2Black.png", + "SemperisDSPOverview2White.png", + "SemperisDSPOverview3Black.png", + "SemperisDSPOverview3White.png" + ], + "version": "1.0.0", + "title": "Semperis Directory Services Protector", + "templateRelativePath": "SemperisDSPWorkbook.json", + "subtitle": "", + "provider": "Semperis" + }, + { + "workbookKey": "BoxWorkbook", + "logoFileName": "box.svg", + "description": "Sets the time name for analysis", + "dataTypesDependencies": [ + "BoxEvents_CL" + ], + "dataConnectorsDependencies": [ + "BoxDataConnector" + ], + "previewImagesFileNames": [ + "BoxBlack1.png", + "BoxWhite1.png", + "BoxBlack2.png", + "BoxWhite2.png" + ], + "version": "1.0.0", + "title": "Box", + "templateRelativePath": "Box.json", + "subtitle": "", + "provider": "Box" + }, + { + "workbookKey": "SymantecEndpointProtection", + "logoFileName": "symantec_logo.svg", + "description": "Sets the time name for analysis", + "dataTypesDependencies": [ + "SymantecEndpointProtection" + ], + "dataConnectorsDependencies": [ + "SymantecEndpointProtection" + ], + "previewImagesFileNames": [ + "SymantecEndpointProtectionBlack.png", + "SymantecEndpointProtectionWhite.png" + ], + "version": "1.0.0", + "title": "Symantec Endpoint Protection", + "templateRelativePath": "SymantecEndpointProtection.json", + "subtitle": "", + "provider": "Symantec" + }, + { + "workbookKey": "DynamicThreatModeling&Response", + "logoFileName": "", + "description": "Sets the time name for analysis", + "dataTypesDependencies": [ + "SecurityAlert" + ], + "dataConnectorsDependencies": [], + "previewImagesFileNames": [ + "ThreatAnalysis&ResponseWhite1.png", + "ThreatAnalysis&ResponseWhite2.png" + ], + "version": "1.0.0", + "title": "Dynamic Threat Modeling Response", + "templateRelativePath": "DynamicThreatModeling&Response.json", + "subtitle": "", + "provider": "Microsoft" + }, + { + "workbookKey": "ThreatAnalysis&Response", + "logoFileName": "", + "description": "The Defenders for IoT workbook provide guided investigations for OT entities based on open incidents, alert notifications, and activities for OT assets. They also provide a hunting experience across the MITRE ATT&CK® framework for ICS, and are designed to enable analysts, security engineers, and MSSPs to gain situational awareness of OT security posture.", + "dataTypesDependencies": [ + "SecurityAlert" + ], + "dataConnectorsDependencies": [], + "previewImagesFileNames": [ + "ThreatAnalysis&ResponseWhite.png" + ], + "version": "1.0.1", + "title": "Threat Analysis Response", + "templateRelativePath": "ThreatAnalysis&Response.json", + "subtitle": "", + "provider": "Microsoft" + }, + { + "workbookKey": "TrendMicroCAS", + "logoFileName": "Trend_Micro_Logo.svg", + "description": "Sets the time name for analysis", + "dataTypesDependencies": [ + "TrendMicroCAS_CL" + ], + "dataConnectorsDependencies": [ + "TrendMicroCAS" + ], + "previewImagesFileNames": [ + "TrendMicroCASBlack.png", + "TrendMicroCASWhite.png" + ], + "version": "1.0.0", + "title": "TrendMicroCAS", + "templateRelativePath": "TrendMicroCAS.json", + "subtitle": "", + "provider": "TrendMicro" + }, + { + "workbookKey": "GitHubSecurityWorkbook", + "logoFileName": "GitHub.svg", + "description": "Gain insights to GitHub activities that may be interesting for security.", + "dataTypesDependencies": [ + "GitHubAuditLogPolling_CL" + ], + "dataConnectorsDependencies": [ + "GitHubEcAuditLogPolling" + ], + "previewImagesFileNames": [], + "version": "1.0.0", + "title": "GithubWorkbook", + "templateRelativePath": "GitHubWorkbook.json", + "subtitle": "", + "provider": "Microsoft" + }, + { + "workbookKey": "GCPDNSWorkbook", + "logoFileName": "google_logo.svg", + "description": "Sets the time name for analysis", + "dataTypesDependencies": [ + "GCPCloudDNS" + ], + "dataConnectorsDependencies": [ + "GCPDNSDataConnector" + ], + "previewImagesFileNames": [ + "GCPDNSBlack.png", + "GCPDNSWhite.png" + ], + "version": "1.0.0", + "title": "Google Cloud Platform DNS", + "templateRelativePath": "GCPDNS.json", + "subtitle": "", + "provider": "Microsoft" + }, + { + "workbookKey": "AtlassianJiraAuditWorkbook", + "logoFileName": "", + "description": "Sets the time name for analysis", + "dataTypesDependencies": [ + "AtlassianJiraNativePoller_CL" + ], + "dataConnectorsDependencies": [ + "AtlassianJira" + ], + "previewImagesFileNames": [ + "AtlassianJiraAuditWhite.png", + "AtlassianJiraAuditBlack.png" + ], + "version": "1.0.0", + "title": "AtlassianJiraAudit", + "templateRelativePath": "AtlassianJiraAudit.json", + "subtitle": "", + "provider": "Atlassian" + }, + { + "workbookKey": "DigitalGuardianWorkbook", + "logoFileName": "Azure_Sentinel.svg", + "description": "Sets the time name for analysis", + "dataTypesDependencies": [ + "DigitalGuardianDLPEvent" + ], + "dataConnectorsDependencies": [ + "DigitalGuardianDLP" + ], + "previewImagesFileNames": [ + "DigitalGuardianBlack.png", + "DigitalGuardianWhite.png" + ], + "version": "1.0.0", + "title": "DigitalGuardianDLP", + "templateRelativePath": "DigitalGuardian.json", + "subtitle": "", + "provider": "Digital Guardian" + }, + { + "workbookKey": "CiscoDuoWorkbook", + "logoFileName": "cisco-logo-72px.svg", + "description": "Sets the time name for analysis", + "dataTypesDependencies": [ + "CiscoDuo_CL" + ], + "dataConnectorsDependencies": [ + "CiscoDuoSecurity" + ], + "previewImagesFileNames": [ + "CiscoDuoWhite.png", + "CiscoDuoBlack.png" + ], + "version": "1.0.0", + "title": "CiscoDuoSecurity", + "templateRelativePath": "CiscoDuo.json", + "subtitle": "", + "provider": "Cisco" + }, + { + "workbookKey": "SlackAudit", + "logoFileName": "slacklogo.svg", + "description": "Sets the time name for analysis", + "dataTypesDependencies": [ + "SlackAudit_CL" + ], + "dataConnectorsDependencies": [ + "SlackAuditAPI" + ], + "previewImagesFileNames": [ + "SlackAuditApplicationActivityBlack1.png", + "SlackAuditApplicationActivityWhite1.png" + ], + "version": "1.0.0", + "title": "SlackAudit", + "templateRelativePath": "SlackAudit.json", + "subtitle": "", + "provider": "Slack" + }, + { + "workbookKey": "CiscoWSAWorkbook", + "logoFileName": "cisco-logo-72px.svg", + "description": "Sets the time name for analysis", + "dataTypesDependencies": [ + "Syslog" + ], + "dataConnectorsDependencies": [ + "CiscoWSA" + ], + "previewImagesFileNames": [ + "CiscoWSAWhite.png", + "CiscoWSABlack.png" + ], + "version": "1.0.0", + "title": "CiscoWSA", + "templateRelativePath": "CiscoWSA.json", + "subtitle": "", + "provider": "Cisco" + }, + { + "workbookKey": "GCP-IAM-Workbook", + "logoFileName": "google_logo.svg", + "description": "Sets the time name for analysis", + "dataTypesDependencies": [ + "GCP_IAM_CL" + ], + "dataConnectorsDependencies": [ + "GCPIAMDataConnector" + ], + "previewImagesFileNames": [ + "GCPIAMBlack01.png", + "GCPIAMBlack02.png", + "GCPIAMWhite01.png", + "GCPIAMWhite02.png" + ], + "version": "1.0.0", + "title": "Google Cloud Platform IAM", + "templateRelativePath": "GCP_IAM.json", + "subtitle": "", + "provider": "Google" + }, + { + "workbookKey": "ImpervaWAFCloudWorkbook", + "logoFileName": "Imperva_DarkGrey_final_75x75.svg", + "description": "Sets the time name for analysis.", + "dataTypesDependencies": [ + "ImpervaWAFCloud_CL" + ], + "dataConnectorsDependencies": [ + "ImpervaWAFCloudAPI" + ], + "previewImagesFileNames": [ + "ImpervaWAFCloudBlack01.png", + "ImpervaWAFCloudBlack02.png", + "ImpervaWAFCloudWhite01.png", + "ImpervaWAFCloudWhite02.png" + ], + "version": "1.0.0", + "title": "Imperva WAF Cloud Overview", + "templateRelativePath": "Imperva WAF Cloud Overview.json", + "subtitle": "", + "provider": "Microsoft" + }, + { + "workbookKey": "ZscalerZPAWorkbook", + "logoFileName": "ZscalerLogo.svg", + "description": "Select the time range for this Overview.", + "dataTypesDependencies": [ + "ZPA_CL" + ], + "dataConnectorsDependencies": [ + "ZscalerPrivateAccess" + ], + "previewImagesFileNames": [ + "ZscalerZPABlack.png", + "ZscalerZPAWhite.png" + ], + "version": "1.0.0", + "title": "Zscaler Private Access (ZPA)", + "templateRelativePath": "ZscalerZPA.json", + "subtitle": "", + "provider": "Zscaler" + }, + { + "workbookKey": "GoogleWorkspaceWorkbook", + "logoFileName": "google_logo.svg", + "description": "Sets the time name for analysis", + "dataTypesDependencies": [ + "GWorkspace_ReportsAPI_admin_CL", + "GWorkspace_ReportsAPI_calendar_CL", + "GWorkspace_ReportsAPI_drive_CL", + "GWorkspace_ReportsAPI_login_CL", + "GWorkspace_ReportsAPI_login_CL", + "GWorkspace_ReportsAPI_mobile_CL" + ], + "dataConnectorsDependencies": [ + "GoogleWorkspaceReportsAPI" + ], + "previewImagesFileNames": [ + "GoogleWorkspaceBlack.png", + "GoogleWorkspaceWhite.png" + ], + "version": "1.0.0", + "title": "GoogleWorkspaceReports", + "templateRelativePath": "GoogleWorkspace.json", + "subtitle": "", + "provider": "Microsoft" + }, + { + "workbookKey": "NCProtectWorkbook", + "logoFileName": "NCProtectIcon.svg", + "description": "Sets the time name for analysis", + "dataTypesDependencies": [ + "NCProtectUAL_CL" + ], + "dataConnectorsDependencies": [ + "NucleusCyberNCProtect" + ], + "previewImagesFileNames": [ + "", + "" + ], + "version": "1.0.0", + "title": "NucleusCyberProtect", + "templateRelativePath": "NucleusCyber_NCProtect_Workbook.json", + "subtitle": "", + "provider": "archTIS" + }, + { + "workbookKey": "CiscoISEWorkbook", + "logoFileName": "cisco-logo-72px.svg", + "description": "Sets the time name for analysis", + "dataTypesDependencies": [ + "Syslog" + ], + "dataConnectorsDependencies": [ + "CiscoISE" + ], + "previewImagesFileNames": [], + "version": "1.0.0", + "title": "Cisco ISE", + "templateRelativePath": "CiscoISE.json", + "subtitle": "", + "provider": "Cisco" + }, + { + "workbookKey": "IoTOTThreatMonitoringwithDefenderforIoTWorkbook", + "logoFileName": "", + "description": "The OT Threat Monitoring with Defender for IoT Workbook features OT filtering for Security Alerts, Incidents, Vulnerabilities and Asset Inventory. The workbook features a dynamic assessment of the MITRE ATT&CK for ICS matrix across your environment to analyze and respond to OT-based threats. This workbook is designed to enable SecOps Analysts, Security Engineers, and MSSPs to gain situational awareness for IT/OT security posture.", + "dataTypesDependencies": [ + "SecurityAlert", + "SecurityIncident" + ], + "dataConnectorsDependencies": [], + "previewImagesFileNames": [], + "version": "1.0.0", + "title": "Microsoft Defender for IoT", + "templateRelativePath": "IoTOTThreatMonitoringwithDefenderforIoT.json", + "subtitle": "", + "provider": "Microsoft" + }, + { + "workbookKey": "ZeroTrust(TIC3.0)Workbook", + "logoFileName": "Azure_Sentinel.svg", + "description": "Sets the time name for analysis", + "dataTypesDependencies": [ + "SecurityRecommendation" + ], + "dataConnectorsDependencies": [], + "previewImagesFileNames": [ + "ZeroTrust(TIC3.0)Black1.PNG", + "ZeroTrust(TIC3.0)White1.PNG" + ], + "version": "1.0.0", + "title": "ZeroTrust(TIC3.0)", + "templateRelativePath": "ZeroTrustTIC3.json", + "subtitle": "", + "provider": "Microsoft" + }, + { + "workbookKey": "InsiderRiskManagementWorkbook", + "logoFileName": "Azure_Sentinel.svg", + "description": "The Microsoft Insider Risk Management Workbook integrates telemetry from 25+ Microsoft security products to provide actionable insights into insider risk management. Reporting tools provide \u201cGo to Alert\u201d links to provide deeper integration between products and a simplified user experience for exploring alerts. ", + "dataTypesDependencies": [ + "SigninLogsSigninLogs", + "AuditLogs", + "AzureActivity", + "OfficeActivity", + "InformationProtectionLogs_CL", + "SecurityIncident" + ], + "dataConnectorsDependencies": [], + "previewImagesFileNames": [ + "InsiderRiskManagementBlack1.png" + ], + "version": "1.0.0", + "title": "Insider Risk Management", + "templateRelativePath": "InsiderRiskManagement.json", + "subtitle": "", + "provider": "Microsoft" + }, + { + "workbookKey": "CybersecurityMaturityModelCertification(CMMC)2.0Workbook", + "logoFileName": "", + "description": "Sets the time name for analysis.", + "dataTypesDependencies": [ + "InformationProtectionLogs_CL", + "AuditLogs", + "SecurityIncident", + "SigninLogs", + "AzureActivity" + ], + "dataConnectorsDependencies": [], + "previewImagesFileNames": [], + "version": "1.0.0", + "title": "CybersecurityMaturityModelCertification(CMMC)2.0", + "templateRelativePath": "CybersecurityMaturityModelCertification_CMMCV2.json", + "subtitle": "", + "provider": "Microsoft" + }, + { + "workbookKey": "NISTSP80053Workbook", + "logoFileName": "", + "description": "Sets the time name for analysis.", + "dataTypesDependencies": [ + "SigninLogs", + "AuditLogs", + "AzureActivity", + "OfficeActivity", + "SecurityEvents", + "CommonSecurityLog", + "SecurityIncident", + "SecurityRecommendation" + ], + "dataConnectorsDependencies": [ + "SecurityEvents" + ], + "previewImagesFileNames": [], + "version": "1.0.0", + "title": "NISTSP80053workbook", + "templateRelativePath": "NISTSP80053.json", + "subtitle": "", + "provider": "Microsoft" + }, + { + "workbookKey": "DarktraceWorkbook", + "logoFileName": "Darktrace.svg", + "description": "The Darktrace Workbook visualises Model Breach and AI Analyst data received by the Darktrace Data Connector and visualises events across the network, SaaS, IaaS and Email.", + "dataTypesDependencies": [ + "darktrace_model_alerts_CL" + ], + "dataConnectorsDependencies": [ + "DarktraceRESTConnector" + ], + "previewImagesFileNames": [ + "DarktraceWorkbookBlack01.png", + "DarktraceWorkbookBlack02.png", + "DarktraceWorkbookWhite01.png", + "DarktraceWorkbookWhite02.png" + ], + "version": "1.0.1", + "title": "Darktrace", + "templateRelativePath": "DarktraceWorkbook.json", + "subtitle": "", + "provider": "Darktrace" + }, + { + "workbookKey": "RecordedFutureDomainC2DNSWorkbook", + "logoFileName": "RecordedFuture.svg", + "description": "Sets the time name for DNS Events and Threat Intelligence Time Range", + "dataTypesDependencies": [ + "ThreatIntelligenceIndicator" + ], + "dataConnectorsDependencies": [], + "previewImagesFileNames": [], + "version": "1.0.0", + "title": "Recorded Future - C&C DNS Name to DNS Events - Correlation&Threat Hunting", + "templateRelativePath": "Recorded Future - C&C DNS Name to DNS Events - Correlation&Threat Hunting.json", + "subtitle": "", + "provider": "Recorded Future" + }, + { + "workbookKey": "RecordedFutureIPActiveC2Workbook", + "logoFileName": "RecordedFuture.svg", + "description": "Sets the time name for DNS Events and Threat Intelligence Time Range", + "dataTypesDependencies": [ + "ThreatIntelligenceIndicator" + ], + "dataConnectorsDependencies": [], + "previewImagesFileNames": [], + "version": "1.0.0", + "title": "Recorded Future - Actively Communicating C&C IPs to DNS Events - Correlation&Threat Hunting", + "templateRelativePath": "Recorded Future - Actively Communicating C&C IPs to DNS Events - Correlation&Threat Hunting.json", + "subtitle": "", + "provider": "Recorded Future" + }, + { + "workbookKey": "MaturityModelForEventLogManagement_M2131", + "logoFileName": "contrastsecurity_logo.svg", + "description": "Select the time range for this Overview.", + "dataTypesDependencies": [], + "dataConnectorsDependencies": [], + "previewImagesFileNames": [ + "MaturityModelForEventLogManagement_M2131Black.png" + ], + "version": "1.0.0", + "title": "MaturityModelForEventLogManagementM2131", + "templateRelativePath": "MaturityModelForEventLogManagement_M2131.json", + "subtitle": "", + "provider": "Microsoft" + }, + { + "workbookKey": "AzureSQLSecurityWorkbook", + "logoFileName": "AzureSQL.svg", + "description": "Sets the time window in days to search around the alert", + "dataTypesDependencies": [ + "AzureDiagnostics", + "SecurityAlert", + "SecurityIncident" + ], + "dataConnectorsDependencies": [ + "AzureSql" + ], + "previewImagesFileNames": [], + "version": "1.0.0", + "title": "Azure SQL Database Workbook", + "templateRelativePath": "Workbook-AzureSQLSecurity.json", + "subtitle": "", + "provider": "Microsoft" + }, + { + "workbookKey": "ContinuousDiagnostics&Mitigation", + "logoFileName": "", + "description": "Select the time range for this Overview.", + "dataTypesDependencies": [], + "dataConnectorsDependencies": [], + "previewImagesFileNames": [ + "ContinuousDiagnostics&MitigationBlack.png" + ], + "version": "1.0.0", + "title": "ContinuousDiagnostics&Mitigation", + "templateRelativePath": "ContinuousDiagnostics&Mitigation.json", + "subtitle": "", + "provider": "Microsoft" + }, + { + "workbookKey": "UserWorkbook-alexdemichieli-github-update-1", + "logoFileName": "GitHub.svg", + "description": "Repository selector.", + "dataTypesDependencies": [ + "githubscanaudit_CL" + ], + "dataConnectorsDependencies": [ + "GitHubWebhook" + ], + "previewImagesFileNames": [], + "version": "1.0.0", + "title": "GithubWorkbook-update-to-workbook-1", + "templateRelativePath": "update-to-workbook-1.json", + "subtitle": "", + "provider": "Microsoft" + }, + { + "workbookKey": "AtlasianJiraAuditWorkbook", + "logoFileName": "", + "description": "Select the time range for this Overview.", + "dataTypesDependencies": [ + "AtlassianJiraNativePoller_CL" + ], + "dataConnectorsDependencies": [ + "AtlassianJira" + ], + "previewImagesFileNames": [ + "AtlassianJiraAuditBlack.png", + "AtlassianJiraAuditWhite.png" + ], + "version": "1.0.0", + "title": "AtlasianJiraAuditWorkbook", + "templateRelativePath": "AtlasianJiraAuditWorkbook.json", + "subtitle": "", + "provider": "Microsoft" + }, + { + "workbookKey": "AzureSecurityBenchmark", + "logoFileName": "", + "description": "Azure Security Benchmark v3 Workbook provides a mechanism for viewing log queries, azure resource graph, and policies aligned to ASB controls across Microsoft security offerings, Azure, Microsoft 365, 3rd Party, On-Premises, and Multi-cloud workloads. This workbook enables Security Architects, Engineers, SecOps Analysts, Managers, and IT Pros to gain situational awareness visibility for the security posture of cloud workloads. There are also recommendations for selecting, designing, deploying, and configuring Microsoft offerings for alignment with respective ASB requirements and practices.", + "dataTypesDependencies": [ + "SecurityRegulatoryCompliance", + "AzureDiagnostics", + "SecurityIncident", + "SigninLogs", + "SecurityAlert" + ], + "dataConnectorsDependencies": [], + "previewImagesFileNames": [ + "AzureSecurityBenchmark1.png", + "AzureSecurityBenchmark2.png", + "AzureSecurityBenchmark3.png" + ], + "version": "1.0.0", + "title": "Azure Security Benchmark", + "templateRelativePath": "AzureSecurityBenchmark.json", + "subtitle": "", + "provider": "Microsoft" + }, + { + "workbookKey": "ZNAccessOchestratorAudit", + "logoFileName": "", + "description": "This workbook provides a summary of ZeroNetworks data.", + "dataTypesDependencies": [ + "ZNAccessOrchestratorAudit_CL", + "ZNAccessOrchestratorAuditNativePoller_CL" + ], + "dataConnectorsDependencies": [ + "ZeroNetworksAccessOrchestratorAuditFunction", + "ZeroNetworksAccessOrchestratorAuditNativePoller" + ], + "previewImagesFileNames": [], + "version": "1.0.0", + "title": "Zero NetWork", + "templateRelativePath": "ZNSegmentAudit.json", + "subtitle": "", + "provider": "Zero Networks" + }, + { + "workbookKey": "FireworkWorkbook", + "logoFileName": "FlareSystems.svg", + "description": "Select the time range for this Overview.", + "dataTypesDependencies": [ + "Firework_CL" + ], + "dataConnectorsDependencies": [ + "FlareSystemsFirework" + ], + "previewImagesFileNames": [ + "FireworkOverviewBlack01.png", + "FireworkOverviewBlack02.png", + "FireworkOverviewWhite01.png", + "FireworkOverviewWhite02.png" + ], + "version": "1.0.0", + "title": "FlareSystemsFirework", + "templateRelativePath": "FlareSystemsFireworkOverview.json", + "subtitle": "", + "provider": "Flare Systems" + }, + { + "workbookKey": "UserWorkbook-alexdemichieli-github-update-1", + "logoFileName": "GitHub.svg", + "description": "Gain insights to GitHub activities that may be interesting for security.", + "dataTypesDependencies": [ + "GitHubAuditLogPolling_CL" + ], + "dataConnectorsDependencies": [ + "GitHubEcAuditLogPolling" + ], + "previewImagesFileNames": [], + "version": "1.0.0", + "title": "GitHub Security", + "templateRelativePath": "GitHubAdvancedSecurity.json", + "subtitle": "", + "provider": "Microsoft" + }, + { + "workbookKey": "TaniumWorkbook", + "logoFileName": "Tanium.svg", + "description": "Visualize Tanium endpoint and module data", + "dataTypesDependencies": [ + "TaniumComplyCompliance_CL", + "TaniumComplyVulnerabilities_CL", + "TaniumDefenderHealth_CL", + "TaniumDiscoverUnmanagedAssets_CL", + "TaniumHighUptime_CL", + "TaniumMainAsset_CL", + "TaniumPatchListApplicability_CL", + "TaniumPatchListCompliance_CL", + "TaniumSCCMClientHealth_CL", + "TaniumThreatResponse_CL" + ], + "dataConnectorsDependencies": [], + "previewImagesFileNames": [ + "TaniumComplyDark.png", + "TaniumComplyLight.png", + "TaniumDiscoverDark.png", + "TaniumDiscoverLight.png", + "TaniumMSToolingHealthDark.png", + "TaniumMSToolingHealthLight.png", + "TaniumPatchDark.png", + "TaniumPatchLight.png", + "TaniumThreatResponseAlertsDark.png", + "TaniumThreatResponseAlertsLight.png", + "TaniumThreatResponseDark.png", + "TaniumThreatResponseLight.png" + ], + "version": "1.0", + "title": "Tanium Workbook", + "templateRelativePath": "TaniumWorkbook.json", + "subtitle": "", + "provider": "Tanium" + }, + { + "workbookKey": "ActionableAlertsDashboard", + "logoFileName": "", + "description": "None.", + "dataTypesDependencies": [ + "CyberSixgill_Alerts_CL" + ], + "dataConnectorsDependencies": [ + "CybersixgillActionableAlerts" + ], + "previewImagesFileNames": [], + "version": "1.0.0", + "title": "Cybersixgill Actionable Alerts Dashboard", + "templateRelativePath": "ActionableAlertsDashboard.json", + "subtitle": "", + "provider": "Cybersixgill" + }, + { + "workbookKey": "ActionableAlertsList", + "logoFileName": "", + "description": "None.", + "dataTypesDependencies": [ + "CyberSixgill_Alerts_CL" + ], + "dataConnectorsDependencies": [ + "CybersixgillActionableAlerts" + ], + "previewImagesFileNames": [], + "version": "1.0.0", + "title": "Cybersixgill Actionable Alerts List", + "templateRelativePath": "ActionableAlertsList.json", + "subtitle": "", + "provider": "Cybersixgill" + }, + { + "workbookKey": "ArgosCloudSecurityWorkbook", + "logoFileName": "argos-logo.svg", + "description": "The ARGOS Cloud Security integration for Microsoft Sentinel allows you to have all your important cloud security events in one place.", + "dataTypesDependencies": [ + "ARGOS_CL" + ], + "dataConnectorsDependencies": [ + "ARGOSCloudSecurity" + ], + "previewImagesFileNames": [ + "ARGOSCloudSecurityWorkbookBlack.png", + "ARGOSCloudSecurityWorkbookWhite.png" + ], + "version": "1.0.0", + "title": "ARGOS Cloud Security", + "templateRelativePath": "ARGOSCloudSecurityWorkbook.json", + "subtitle": "", + "provider": "ARGOS Cloud Security" + }, + { + "workbookKey": "JamfProtectWorkbook", + "logoFileName": "jamf_logo.svg", + "description": "This Jamf Protect Workbook for Microsoft Sentinel enables you to ingest Jamf Protect events forwarded into Microsoft Sentinel.\n Providing reports into all alerts, device controls and Unfied Logs.", + "dataTypesDependencies": [ + "jamfprotect_CL" + ], + "dataConnectorsDependencies": [], + "previewImagesFileNames": [ + "JamfProtectDashboardBlack.png", + "JamfProtectDashboardWhite.png" + ], + "version": "2.0.0", + "title": "Jamf Protect Workbook", + "templateRelativePath": "JamfProtectDashboard.json", + "subtitle": "", + "provider": "Jamf Software, LLC" + }, + { + "workbookKey": "AIVectraStream", + "logoFileName": "", + "description": "", + "dataTypesDependencies": [ + "VectraStream_CL" + ], + "dataConnectorsDependencies": [ + "AIVectraStream" + ], + "previewImagesFileNames": [], + "version": "1.0.0", + "title": "AIVectraStreamWorkbook", + "templateRelativePath": "AIVectraStreamWorkbook.json", + "subtitle": "", + "provider": "Vectra AI" + }, + { + "workbookKey": "SecurityScorecardWorkbook", + "logoFileName": "", + "description": "This Workbook provides immediate insight into the data coming from SecurityScorecard’s three Sentinel data connectors: SecurityScorecard Cybersecurity Ratings, SecurityScorecard Cybersecurity Ratings - Factors, and SecurityScorecard Cybersecurity Ratings - Issues.", + "dataTypesDependencies": [ + "SecurityScorecardFactor_CL", + "SecurityScorecardIssues_CL", + "SecurityScorecardRatings_CL" + ], + "dataConnectorsDependencies": [ + "SecurityScorecardFactorAzureFunctions", + "SecurityScorecardIssueAzureFunctions", + "SecurityScorecardRatingsAzureFunctions" + ], + "previewImagesFileNames": [ + "SecurityScorecardBlack1.png", + "SecurityScorecardBlack2.png", + "SecurityScorecardBlack3.png", + "SecurityScorecardBlack4.png", + "SecurityScorecardBlack5.png", + "SecurityScorecardBlack6.png", + "SecurityScorecardWhite1.png", + "SecurityScorecardWhite2.png", + "SecurityScorecardWhite3.png", + "SecurityScorecardWhite4.png", + "SecurityScorecardWhite5.png", + "SecurityScorecardWhite6.png" + ], + "version": "1.0.0", + "title": "SecurityScorecard", + "templateRelativePath": "SecurityScorecardWorkbook.json", + "subtitle": "", + "provider": "SecurityScorecard" + }, + { + "workbookKey": "DigitalShadowsWorkbook", + "logoFileName": "DigitalShadowsLogo.svg", + "description": "For gaining insights into Digital Shadows logs.", + "dataTypesDependencies": [ + "DigitalShadows_CL" + ], + "dataConnectorsDependencies": [ + "DigitalShadowsSearchlightAzureFunctions" + ], + "previewImagesFileNames": [ + "DigitalShadowsBlack1.png", + "DigitalShadowsBlack2.png", + "DigitalShadowsBlack3.png", + "DigitalShadowsWhite1.png", + "DigitalShadowsWhite2.png", + "DigitalShadowsWhite3.png" + ], + "version": "1.0.0", + "title": "Digital Shadows", + "templateRelativePath": "DigitalShadows.json", + "subtitle": "", + "provider": "Digital Shadows" + }, + { + "workbookKey": "SalesforceServiceCloudWorkbook", + "logoFileName": "salesforce_logo.svg", + "description": "Sets the time name for analysis.", + "dataTypesDependencies": [ + "SalesforceServiceCloud" + ], + "dataConnectorsDependencies": [ + "SalesforceServiceCloud_CL" + ], + "previewImagesFileNames": [], + "version": "1.0.0", + "title": "Salesforce Service Cloud", + "templateRelativePath": "SalesforceServiceCloud.json", + "subtitle": "", + "provider": "Salesforce" + }, + { + "workbookKey": "NetworkSessionSolution", + "logoFileName": "Azure_Sentinel.svg", + "description": "This workbook is included as part of Network Session Essentials solution and gives a summary of analyzed traffic, helps with threat analysis and investigating suspicious IP’s and traffic analysis. Network Session Essentials Solution also includes playbooks to periodically summarize the logs thus enhancing user experience and improving data search. For the effective usage of workbook, we highly recommend to enable the summarization playbooks that are provided with this solution.", + "dataTypesDependencies": [ + "AWSVPCFlow", + "DeviceNetworkEvents", + "SecurityEvent", + "WindowsEvent", + "CommonSecurityLog", + "Syslog", + "CommonSecurityLog", + "VMConnection", + "AzureDiagnostics", + "AzureDiagnostics", + "CommonSecurityLog", + "Corelight_CL", + "VectraStream", + "CommonSecurityLog", + "CommonSecurityLog", + "Syslog", + "CiscoMerakiNativePoller" + ], + "dataConnectorsDependencies": [ + "AWSS3", + "MicrosoftThreatProtection", + "SecurityEvents", + "WindowsForwardedEvents", + "Zscaler", + "MicrosoftSysmonForLinux", + "PaloAltoNetworks", + "AzureMonitor(VMInsights)", + "AzureFirewall", + "AzureNSG", + "CiscoASA", + "Corelight", + "AIVectraStream", + "CheckPoint", + "Fortinet", + "CiscoMeraki" + ], + "previewImagesFileNames": [], + "version": "1.0.0", + "title": "Network Session Essentials", + "templateRelativePath": "NetworkSessionEssentials.json", + "subtitle": "", + "provider": "Microsoft" + }, + { + "workbookKey": "SAPSODAnalysis", + "logoFileName": "AliterConsulting.svg", + "description": "SAP SOD Analysis", + "dataTypesDependencies": [ + "SAPAuditLog" + ], + "dataConnectorsDependencies": [ + "SAP" + ], + "previewImagesFileNames": [], + "version": "2.0.0", + "title": "SAP SOD Analysis", + "templateRelativePath": "SAP - Segregation of Duties v2.0 (by Aliter Consulting).json", + "subtitle": "", + "provider": "Aliter Consulting" + }, + { + "workbookKey": "TheomWorkbook", + "logoFileName": "theom-logo.svg", + "description": "Theom Alert Statistics", + "dataTypesDependencies": [ + "TheomAlerts_CL" + ], + "dataConnectorsDependencies": [ + "Theom" + ], + "previewImagesFileNames": [ + "TheomWorkbook-black.png", + "TheomWorkbook-white.png" + ], + "version": "1.0.0", + "title": "Theom", + "templateRelativePath": "Theom.json", + "subtitle": "", + "provider": "Theom" + }, + { + "workbookKey": "DynatraceWorkbooks", + "logoFileName": "dynatrace.svg", + "description": "This workbook brings together queries and visualizations to assist you in identifying potential threats surfaced by Dynatrace.", + "dataTypesDependencies": [ + "DynatraceAttacks_CL", + "DynatraceAuditLogs_CL", + "DynatraceProblems_CL", + "DynatraceSecurityProblems_CL" + ], + "dataConnectorsDependencies": [ + "DynatraceAttacks", + "DynatraceAuditLogs", + "DynatraceProblems", + "DynatraceRuntimeVulnerabilities" + ], + "previewImagesFileNames": [ + "DynatraceWorkbookBlack.png", + "DynatraceWorkbookWhite.png" + ], + "version": "2.0.0", + "title": "Dynatrace", + "templateRelativePath": "Dynatrace.json", + "subtitle": "", + "provider": "Dynatrace" + }, + { + "workbookKey": "MDOWorkbook", + "logoFileName": "", + "description": "Gain extensive insight into your organization's Microsoft Defender for Office Activity by analyzing, and correlating events.\nYou can track malware and phishing detection over time.", + "dataTypesDependencies": [ + "SecurityAlert" + ], + "dataConnectorsDependencies": [ + "MicrosoftThreatProtection" + ], + "previewImagesFileNames": [], + "version": "1.0.0", + "title": "Microsoft 365 Defender MDOWorkbook", + "templateRelativePath": "MDO Insights.json", + "subtitle": "", + "provider": "Microsoft" + }, + { + "workbookKey": "AnomaliesVisualizationWorkbook", + "logoFileName": "", + "description": "A workbook that provides contextual information to a user for better insight on Anomalies and their impact. The workbook will help with investigation of anomalies as well as identify patterns that can lead to a threat.", + "dataTypesDependencies": [ + "Anomalies" + ], + "dataConnectorsDependencies": [], + "previewImagesFileNames": [ + "AnomaliesVisualizationWorkbookWhite.png", + "AnomaliesVisualizationWorkbookBlack.png" + ], + "version": "1.0.0", + "title": "AnomaliesVisulization", + "templateRelativePath": "AnomaliesVisualization.json", + "subtitle": "", + "provider": "Microsoft Sentinel Community" + }, + { + "workbookKey": "AnomalyDataWorkbook", + "logoFileName": "", + "description": "A workbook providing details, related Incident, and related Hunting Workbook for a specific Anomaly.", + "dataTypesDependencies": [ + "Anomalies" + ], + "dataConnectorsDependencies": [], + "previewImagesFileNames": [ + "AnomalyDataWorkbookWhite.png", + "AnomalyDataWorkbookBlack.png" + ], + "version": "1.0.0", + "title": "AnomalyData", + "templateRelativePath": "AnomalyData.json", + "subtitle": "", + "provider": "Microsoft Sentinel Community" + }, + { + "workbookKey": "MicrosoftExchangeLeastPrivilegewithRBAC-Online", + "logoFileName": "Azure_Sentinel.svg", + "description": "This Workbook, dedicated to Exchange Online environments is built to have a simple view of non-standard RBAC delegations on an Exchange Online tenant. This Workbook allow you to go deep dive on custom delegation and roles and also members of each delegation, including the nested level and the group imbrication on your environment.", + "dataTypesDependencies": [ + "ESIExchangeOnlineConfig_CL" + ], + "dataConnectorsDependencies": [ + "ESI-ExchangeOnPremisesCollector", + "ESI-ExchangeAdminAuditLogEvents", + "ESI-ExchangeOnlineCollector" + ], + "previewImagesFileNames": [], + "version": "1.0.0", + "title": "Microsoft Exchange Least Privilege with RBAC - Online", + "templateRelativePath": "Microsoft Exchange Least Privilege with RBAC - Online.json", + "subtitle": "", + "provider": "Microsoft" + }, + { + "workbookKey": "MicrosoftExchangeLeastPrivilegewithRBAC", + "logoFileName": "Azure_Sentinel.svg", + "description": "This Workbook, dedicated to On-Premises environments is built to have a simple view of non-standard RBAC delegations on an On-Premises Exchange environment. This Workbook allow you to go deep dive on custom delegation and roles and also members of each delegation, including the nested level and the group imbrication on your environment.", + "dataTypesDependencies": [ + "ESIExchangeOnlineConfig_CL" + ], + "dataConnectorsDependencies": [ + "ESI-ExchangeOnPremisesCollector", + "ESI-ExchangeAdminAuditLogEvents", + "ESI-ExchangeOnlineCollector" + ], + "previewImagesFileNames": [], + "version": "1.0.0", + "title": "Microsoft Exchange Least Privilege with RBAC", + "templateRelativePath": "Microsoft Exchange Least Privilege with RBAC.json", + "subtitle": "", + "provider": "Microsoft" + }, + { + "workbookKey": "MicrosoftExchangeSearchAdminAuditLog", + "logoFileName": "Azure_Sentinel.svg", + "description": "This workbook is dedicated to On-Premises Exchange organizations. It uses the MSExchange Management event logs to give you a simple way to view administrators’ activities in your Exchange environment with Cmdlets usage statistics and multiple pivots to understand who and/or what is affected to modifications on your environment.", + "dataTypesDependencies": [ + "ESIExchangeOnlineConfig_CL" + ], + "dataConnectorsDependencies": [ + "ESI-ExchangeOnPremisesCollector", + "ESI-ExchangeAdminAuditLogEvents", + "ESI-ExchangeOnlineCollector" + ], + "previewImagesFileNames": [], + "version": "1.0.0", + "title": "Microsoft Exchange Search AdminAuditLog", + "templateRelativePath": "Microsoft Exchange Search AdminAuditLog.json", + "subtitle": "", + "provider": "Microsoft" + }, + { + "workbookKey": "MicrosoftExchangeSecurityMonitoring", + "logoFileName": "Azure_Sentinel.svg", + "description": "This Workbook is dedicated to On-Premises Exchange organizations. It uses the MSExchange Management event logs and Microsoft Exchange Security configuration collected by data connectors. It helps to track admin actions, especially on VIP Users and/or on Sensitive Cmdlets. This workbook allows also to list Exchange Services changes, local account activities and local logon on Exchange Servers.", + "dataTypesDependencies": [ + "ESIExchangeOnlineConfig_CL" + ], + "dataConnectorsDependencies": [ + "ESI-ExchangeOnPremisesCollector", + "ESI-ExchangeAdminAuditLogEvents", + "ESI-ExchangeOnlineCollector" + ], + "previewImagesFileNames": [], + "version": "1.0.0", + "title": "Microsoft Exchange Admin Activity", + "templateRelativePath": "Microsoft Exchange Admin Activity.json", + "subtitle": "", + "provider": "Microsoft" + }, + { + "workbookKey": "MicrosoftExchangeSecurityReview-Online", + "logoFileName": "Azure_Sentinel.svg", + "description": "This Workbook is dedicated to Exchange Online tenants. It displays and highlights current Security configuration on various Exchange components specific to Online including delegations, the transport configuration and the linked security risks, and risky protocols.", + "dataTypesDependencies": [ + "ESIExchangeOnlineConfig_CL" + ], + "dataConnectorsDependencies": [ + "ESI-ExchangeOnPremisesCollector", + "ESI-ExchangeAdminAuditLogEvents", + "ESI-ExchangeOnlineCollector" + ], + "previewImagesFileNames": [], + "version": "1.0.0", + "title": "Microsoft Exchange Security Review - Online", + "templateRelativePath": "Microsoft Exchange Security Review - Online.json", + "subtitle": "", + "provider": "Microsoft" + }, + { + "workbookKey": "MicrosoftExchangeSecurityReview", + "logoFileName": "Azure_Sentinel.svg", + "description": "This Workbook is dedicated to On-Premises Exchange organizations. It displays and highlights current Security configuration on various Exchange components including delegations, rights on databases, Exchange and most important AD Groups with members including nested groups, local administrators of servers. This workbook helps also to understand the transport configuration and the linked security risks.", + "dataTypesDependencies": [ + "ESIExchangeOnlineConfig_CL" + ], + "dataConnectorsDependencies": [ + "ESI-ExchangeOnPremisesCollector", + "ESI-ExchangeAdminAuditLogEvents", + "ESI-ExchangeOnlineCollector" + ], + "previewImagesFileNames": [], + "version": "1.0.0", + "title": "Microsoft Exchange Security Review", + "templateRelativePath": "Microsoft Exchange Security Review.json", + "subtitle": "", + "provider": "Microsoft" + }, + { + "workbookKey": "ibossMalwareAndC2Workbook", + "logoFileName": "", + "description": "A workbook providing insights into malware and C2 activity detected by iboss.", + "dataTypesDependencies": [], + "dataConnectorsDependencies": [], + "previewImagesFileNames": [], + "version": "1.0.0", + "title": "iboss Malware and C2", + "templateRelativePath": "ibossMalwareAndC2.json", + "subtitle": "", + "provider": "iboss" + }, + { + "workbookKey": "ibossWebUsageWorkbook", + "logoFileName": "", + "description": "A workbook providing insights into web usage activity detected by iboss.", + "dataTypesDependencies": [], + "dataConnectorsDependencies": [], + "previewImagesFileNames": [], + "version": "1.0.0", + "title": "iboss Web Usage", + "templateRelativePath": "ibossWebUsage.json", + "subtitle": "", + "provider": "iboss" + }, + { + "workbookKey": "Fortiweb-workbook", + "logoFileName": "Azure_Sentinel.svg", + "description": "This workbook depends on a parser based on a Kusto Function to work as expected [**Fortiweb**](https://aka.ms/sentinel-FortiwebDataConnector-parser) which is deployed with the Microsoft Sentinel Solution.", + "dataTypesDependencies": [ + "CommonSecurityLog" + ], + "dataConnectorsDependencies": [ + "FortinetFortiWeb" + ], + "previewImagesFileNames": [], + "version": "1.0.0", + "title": "Fortiweb-workbook", + "templateRelativePath": "Fortiweb-workbook.json", + "subtitle": "", + "provider": "Microsoft" + }, + { + "workbookKey": "ReversingLabs-CapabilitiesOverview", + "logoFileName": "reversinglabs.svg", + "description": "The ReversingLabs-CapabilitiesOverview workbook provides a high level look at your threat intelligence capabilities and how they relate to your operations.", + "dataTypesDependencies": [], + "dataConnectorsDependencies": [], + "previewImagesFileNames": [ + "ReversingLabsTiSummary-White.png", + "ReversingLabsTiSummary-Black.png", + "ReversingLabsOpsSummary-White.png", + "ReversingLabsOpsSummary-Black.png" + ], + "version": "1.1.1", + "title": "ReversingLabs-CapabilitiesOverview", + "templateRelativePath": "ReversingLabs-CapabilitiesOverview.json", + "subtitle": "", + "provider": "ReversingLabs" + }, + { + "workbookKey": "TalonInsights", + "logoFileName": "Talon.svg", + "description": "This workbook provides Talon Security Insights on Log Analytics Query Logs", + "dataTypesDependencies": [], + "dataConnectorsDependencies": [], + "previewImagesFileNames": [ + "TalonInsightsBlack.png", + "TalonInsightsWhite.png" + ], + "version": "2.0.0", + "title": "Talon Insights", + "templateRelativePath": "TalonInsights.json", + "subtitle": "", + "provider": "Talon Security" + }, + { + "workbookKey": "vCenter", + "logoFileName": [], + "description": "This data connector depends on a parser based on Kusto Function **vCenter** to work as expected. [Follow steps to get this Kusto Function](https://aka.ms/sentinel-vCenter-parser)", + "dataTypesDependencies": [ + "vCenter_CL" + ], + "dataConnectorsDependencies": [ + "VMwarevCenter" + ], + "previewImagesFileNames": [], + "version": "1.0.0", + "title": "vCenter", + "templateRelativePath": "vCenter.json", + "subtitle": "", + "provider": "VMware" + }, + { + "workbookKey": "SAP-Monitors-AlertsandPerformance", + "logoFileName": "SAPVMIcon.svg", + "description": "SAP -Monitors- Alerts and Performance", + "dataTypesDependencies": [ + "SAPAuditLog" + ], + "dataConnectorsDependencies": [ + "SAP" + ], + "previewImagesFileNames": [ + "SAPVMIcon.svg" + ], + "version": "2.0.1", + "title": "SAP -Monitors- Alerts and Performance", + "templateRelativePath": "SAP -Monitors- Alerts and Performance.json", + "subtitle": "", + "provider": "Microsoft" + }, + { + "workbookKey": "SAP-SecurityAuditlogandInitialAccess", + "logoFileName": "SAPVMIcon.svg", + "description": "SAP -Security Audit log and Initial Access", + "dataTypesDependencies": [ + "SAPAuditLog" + ], + "dataConnectorsDependencies": [ + "SAP" + ], + "previewImagesFileNames": [ + "SAPVMIcon.svg" + ], + "version": "2.0.1", + "title": "SAP -Security Audit log and Initial Access", + "templateRelativePath": "SAP -Security Audit log and Initial Access.json", + "subtitle": "", + "provider": "Microsoft" + }, + { + "workbookKey": "DNSSolutionWorkbook", + "logoFileName": "", + "description": "This workbook is included as part of the DNS Essentials solution and gives a summary of analyzed DNS traffic. It also helps with threat analysis and investigating suspicious Domains, IPs and DNS traffic. DNS Essentials Solution also includes a playbook to periodically summarize the logs, thus enhancing the user experience and improving data search. For effective usage of workbook, we highly recommend enabling the summarization playbook that is provided with this solution.", + "dataTypesDependencies": [], + "dataConnectorsDependencies": [], + "previewImagesFileNames": [ + "DNSDomainWorkbookWhite.png", + "DNSDomainWorkbookBlack.png" + ], + "version": "1.0.0", + "title": "DNS Solution Workbook", + "templateRelativePath": "DNSSolutionWorkbook.json", + "subtitle": "", + "provider": "Microsoft" + }, + { + "workbookKey": "MicrosoftPowerBIActivityWorkbook", + "logoFileName": "", + "description": "This workbook provides details on Microsoft PowerBI Activity", + "dataTypesDependencies": [ + "PowerBIActivity" + ], + "dataConnectorsDependencies": [ + "Microsoft PowerBI (Preview)" + ], + "previewImagesFileNames": [ + "MicrosoftPowerBIActivityWorkbookBlack.png", + "MicrosoftPowerBIActivityWhite.png" + ], + "version": "1.0.0", + "title": "Microsoft PowerBI Activity Workbook", + "templateRelativePath": "MicrosoftPowerBIActivityWorkbook.json", + "subtitle": "", + "provider": "Microsoft" + }, + { + "workbookKey": "MicrosoftThreatIntelligenceWorkbook", + "logoFileName": "", + "description": "Gain insights into threat indicators ingestion and search for indicators at scale across Microsoft 1st Party, 3rd Party, On-Premises, Hybrid, and Multi-Cloud Workloads. Indicators Search facilitates a simple interface for finding IP, File, Hash, Sender and more across your data. Seamless pivots to correlate indicators with Microsoft Sentinel: Incidents to make your threat intelligence actionable.", + "dataTypesDependencies": [ + "ThreatIntelligenceIndicator", + "SecurityIncident" + ], + "dataConnectorsDependencies": [ + "ThreatIntelligence", + "ThreatIntelligenceTaxii" + ], + "previewImagesFileNames": [ + "ThreatIntelligenceWhite.png", + "ThreatIntelligenceBlack.png" + ], + "version": "1.0.0", + "title": "Threat Intelligence", + "templateRelativePath": "MicrosoftThreatIntelligence.json", + "subtitle": "", + "provider": "Microsoft" + }, + { + "workbookKey": "MicrosoftDefenderForEndPoint", + "logoFileName": "", + "description": "A wokbook to provide details about Microsoft Defender for Endpoint Advance Hunting to Overview & Analyse data brought through M365 Defender Connector.", + "dataTypesDependencies": [], + "dataConnectorsDependencies": [], + "previewImagesFileNames": [ + "microsoftdefenderforendpointwhite.png", + "microsoftdefenderforendpointblack.png" + ], + "version": "1.0.0", + "title": "Microsoft Defender For EndPoint", + "templateRelativePath": "MicrosoftDefenderForEndPoint.json", + "subtitle": "", + "provider": "Microsoft Sentinel Community" + }, + { + "workbookKey": "MicrosoftDefenderForIdentity", + "logoFileName": "", + "description": "Use this workbook to analyse the advance hunting data ingested for Defender For Identity.", + "dataTypesDependencies": [ + "IdentityLogonEvents", + "IdentityQueryEvents", + "IdentityDirectoryEvents", + "SecurityAlert" + ], + "dataConnectorsDependencies": [], + "previewImagesFileNames": [ + "microsoftdefenderforidentityblack.png", + "microsoftdefenderforidentitywhite.png" + ], + "version": "1.0.0", + "title": "Microsoft Defender For Identity", + "templateRelativePath": "MicrosoftDefenderForIdentity.json", + "subtitle": "", + "provider": "Microsoft Sentinel Community" + }, + { + "workbookKey": "EsetProtect", + "logoFileName": "", + "description": "Visualize events and threats from Eset protect.", + "dataTypesDependencies": [ + "ESETPROTECT" + ], + "dataConnectorsDependencies": [ + "ESETPROTECT" + ], + "previewImagesFileNames": [ + "ESETPROTECTBlack.png", + "ESETPROTECTWhite.png" + ], + "version": "1.0.0", + "title": "EsetProtect", + "templateRelativePath": "ESETPROTECT.json", + "subtitle": "", + "provider": "Community" + }, + { + "workbookKey": "CyberArkEPMWorkbook", + "logoFileName": "CyberArk_Logo.svg", + "description": "Sets the time name for analysis", + "dataTypesDependencies": [ + "CyberArkEPM_CL" + ], + "dataConnectorsDependencies": [ + "CyberArkEPM" + ], + "previewImagesFileNames": [ + "CyberArkEPMBlack.png", + "CyberArkEPMWhite.png" + ], + "version": "1.0.0", + "title": "CyberArk EPM", + "templateRelativePath": "CyberArkEPM.json", + "subtitle": "", + "provider": "CyberArk" + }, + { + "workbookKey": "NetskopeWorkbook", + "logoFileName": "Netskope_logo.svg", + "description": "Gain insights and comprehensive monitoring into Netskope events data by analyzing traffic and user activities.\nThis workbook provides insights into various Netskope events types such as Cloud Firewall, Network Private Access, Applications, Security Alerts as well as Web Transactions.\nYou can use this workbook to get visibility in to your Netskope Security Cloud and quickly identify threats, anamolies, traffic patterns, cloud application useage, blocked URL addresses and more.", + "dataTypesDependencies": [ + "Netskope_Events_CL", + "Netskope_Alerts_CL", + "Netskope_WebTX_CL" + ], + "dataConnectorsDependencies": [], + "previewImagesFileNames": [ + "Netskope-ApplicationEvents-Black.png", + "Netskope-ApplicationEvents-White.png", + "Netskope-SecurityAlerts-DLP-Black.png", + "Netskope-SecurityAlerts-DLP-White.png", + "Netskope-NetworkEvents-CFW-Black.png", + "Netskope-NetworkEvents-CFW-White.png", + "Netskope-SecurityAlerts-Malsite-Black.png", + "Netskope-SecurityAlerts-Malsite-White.png", + "Netskope-NetworkEvents-NPA-Black.png", + "Netskope-NetworkEvents-NPA-White.png", + "Netskope-SecurityAlerts-Malware-White.png", + "Netskope-SecurityAlerts-Malware-Black.png", + "Netskope-SecurityAlerts-BehaviorAnalytics-Black.png", + "Netskope-SecurityAlerts-BehaviorAnalytics-White.png", + "Netskope-SecurityAlerts-Overview-Black.png", + "Netskope-SecurityAlerts-Overview-White.png", + "Netskope-SecurityAlerts-CompormisedCredentials-Black.png", + "Netskope-SecurityAlerts-CompromisedCredentials-White.png", + "Netskope-WebTransactions-Black.png", + "Netskope-WebTransactions-White.png" + ], + "version": "1.0", + "title": "Netskope", + "templateRelativePath": "NetskopeEvents.json", + "subtitle": "", + "provider": "Netskope" + }, + { + "workbookKey": "AIShield", + "logoFileName": "", + "description": "Visualize events generated by AIShield. This workbook is dependent on a parser AIShield which is a part of the solution deployment.", + "dataTypesDependencies": [ + "AIShield" + ], + "dataConnectorsDependencies": [ + "AIShield" + ], + "previewImagesFileNames": [ + "AIShieldBlack.png", + "AIShieldWhite.png" + ], + "version": "1.0.0", + "title": "AIShield Workbook", + "templateRelativePath": "AIShield.json", + "subtitle": "", + "provider": "Community" + }, + { + "workbookKey": "AttackSurfaceReduction", + "logoFileName": "M365securityposturelogo.svg", + "description": "This workbook helps you implement the ASR rules of Windows/Defender, and to monitor them over time. The workbook can filter on ASR rules in Audit mode and Block mode.", + "dataTypesDependencies": [ + "DeviceEvents" + ], + "dataConnectorsDependencies": [ + "MicrosoftThreatProtection" + ], + "previewImagesFileNames": [ + "AttackSurfaceReductionWhite.png", + "AttackSurfaceReductionBlack.png" + ], + "version": "1.0.0", + "title": "Attack Surface Reduction Dashboard", + "templateRelativePath": "AttackSurfaceReduction.json", + "subtitle": "", + "provider": "Microsoft Sentinel community" + }, + { + "workbookKey": "IncidentTasksWorkbook", + "logoFileName": "", + "description": "Use this workbook to review and modify existing incidents with tasks. This workbook provides views that higlight incident tasks that are open, closed, or deleted, as well as incidents with tasks that are either owned or unassigned. The workbook also provides SOC metrics around incident task performance, such as percentage of incidents without tasks, average time to close tasks, and more.", + "dataTypesDependencies": [], + "dataConnectorsDependencies": [], + "previewImagesFileNames": [ + "Tasks-Black.png", + "Tasks-White.png" + ], + "version": "1.1.0", + "title": "Incident Tasks Workbook", + "templateRelativePath": "IncidentTasksWorkbook.json", + "subtitle": "", + "provider": "Microsoft", + "support": { + "tier": "Microsoft" + }, + "author": { + "name": "Microsoft Corporation" + }, + "source": { + "kind": "Community" + }, + "categories": { + "domains": [ + "Incident Management", + "SOC Reporting" + ] + } + }, + { + "workbookKey": "NetCleanProActiveWorkbook", + "logoFileName": "NetCleanImpactLogo.svg", + "description": "This workbook provides insights on NetClean ProActive Incidents.", + "dataTypesDependencies": [ + "Netclean_Incidents_CL" + ], + "dataConnectorsDependencies": [ + "Netclean_ProActive_Incidents" + ], + "previewImagesFileNames": [ + "NetCleanProActiveBlack1.png", + "NetCleanProActiveBlack2.png", + "NetCleanProActiveWhite1.png", + "NetCleanProActiveWhite2.png" + ], + "version": "1.0.0", + "title": "NetClean ProActive", + "templateRelativePath": "NetCleanProActiveWorkbook.json", + "subtitle": "", + "provider": "NetClean" + }, + { + "workbookKey": "AutomationHealth", + "logoFileName": "Azure_Sentinel.svg", + "description": "Have a holistic overview of your automation health, gain insights about failures, correlate Microsoft Sentinel health with Logic Apps diagnostics logs and deep dive automation details per incident", + "dataTypesDependencies": [ + "SentinelHealth" + ], + "dataConnectorsDependencies": [], + "previewImagesFileNames": [ + "AutomationHealthBlack.png", + "AutomationHealthWhite.png" + ], + "version": "2.0.0", + "title": "Automation health", + "templateRelativePath": "AutomationHealth.json", + "subtitle": "", + "provider": "Microsoft Sentinel Community" + }, + { + "workbookKey": "SAP-AuditControls", + "logoFileName": "SAPVMIcon.svg", + "description": "SAP -Audit Controls (Preview)", + "dataTypesDependencies": [ + "SAPAuditLog" + ], + "dataConnectorsDependencies": [ + "SAP" + ], + "previewImagesFileNames": [ + "SAPVMIcon.svg" + ], + "version": "1.0.0", + "title": "SAP -Audit Controls (Preview)", + "templateRelativePath": "SAP -Audit Controls (Preview).json", + "subtitle": "", + "provider": "Microsoft" + }, + { + "workbookKey": "ZoomReports", + "logoFileName": "", + "description": "Visualize various details & visuals on Zoom Report data ingested though the solution. This also have a dependency on the parser which is available as a part of Zoom solution named Zoom", + "dataTypesDependencies": [ "Zoom" ], + "dataConnectorsDependencies": ["Zoom Reports"], + "previewImagesFileNames": [ "ZoomReportsBlack.png", "ZoomReportsWhite.png" ], + "version": "1.0.0", + "title": "Zoom Reports", + "templateRelativePath": "ZoomReports.json", + "subtitle": "", + "provider": "42Crunch" + }, + { + "workbookKey": "ForcepointNGFWAdvanced", + "logoFileName": "FPAdvLogo.svg", + "description": "Gain threat intelligence correlated security and application insights on Forcepoint NGFW (Next Generation Firewall). Monitor Forcepoint logging servers health.", + "dataTypesDependencies": [ + "CommonSecurityLog", + "ThreatIntelligenceIndicator" + ], + "dataConnectorsDependencies": [ + "ForcepointNgfw", + "ThreatIntelligence" + ], + "previewImagesFileNames": [ + "ForcepointNGFWAdvancedWhite.png", + "ForcepointNGFWAdvancedBlack.png" + ], + "version": "1.0.0", + "title": "Forcepoint Next Generation Firewall (NGFW) Advanced Workbook", + "templateRelativePath": "ForcepointNGFWAdvanced.json", + "subtitle": "", + "provider": "Forcepoint" + }, + { + "workbookKey": "AzureActivityWorkbook", + "logoFileName": "azureactivity_logo.svg", + "description": "Gain extensive insight into your organization's Azure Activity by analyzing, and correlating all user operations and events.\nYou can learn about all user operations, trends, and anomalous changes over time.\nThis workbook gives you the ability to drill down into caller activities and summarize detected failure and warning events.", + "dataTypesDependencies": [ + "AzureActivity" + ], + "dataConnectorsDependencies": [ + "AzureActivity" + ], + "previewImagesFileNames": [ + "AzureActivityWhite1.png", + "AzureActivityBlack1.png" + ], + "version": "2.0.0", + "title": "Azure Activity", + "templateRelativePath": "AzureActivity.json", + "subtitle": "", + "provider": "Microsoft" + }, + { + "workbookKey": "IdentityAndAccessWorkbook", + "logoFileName": "Microsoft_logo.svg", + "description": "Gain insights into Identity and access operations by collecting and analyzing security logs, using the audit and sign-in logs to gather insights into use of Microsoft products.\nYou can view anomalies and trends across login events from all users and machines. This workbook also identifies suspicious entities from login and access events.", + "dataTypesDependencies": [ + "SecurityEvent" + ], + "dataConnectorsDependencies": [ + "SecurityEvents", + "WindowsSecurityEvents" + ], + "previewImagesFileNames": [ + "IdentityAndAccessWhite.png", + "IdentityAndAccessBlack.png" + ], + "version": "1.1.0", + "title": "Identity & Access", + "templateRelativePath": "IdentityAndAccess.json", + "subtitle": "", + "provider": "Microsoft" + }, + { + "workbookKey": "CheckPointWorkbook", + "logoFileName": "checkpoint_logo.svg", + "description": "Gain insights into Check Point network activities, including number of gateways and servers, security incidents, and identify infected hosts.", + "dataTypesDependencies": [ + "CommonSecurityLog" + ], + "dataConnectorsDependencies": [ + "CheckPoint" + ], + "previewImagesFileNames": [ + "CheckPointWhite.png", + "CheckPointBlack.png" + ], + "version": "1.0.0", + "title": "Check Point Software Technologies", + "templateRelativePath": "CheckPoint.json", + "subtitle": "", + "provider": "Check Point" + }, + { + "workbookKey": "CiscoWorkbook", + "logoFileName": "cisco_logo.svg", + "description": "Gain insights into your Cisco ASA firewalls by analyzing traffic, events, and firewall operations.\nThis workbook analyzes Cisco ASA threat events and identifies suspicious ports, users, protocols and IP addresses.\nYou can learn about trends across user and data traffic directions, and drill down into the Cisco filter results.\nEasily detect attacks on your organization by monitoring management operations, such as configuration and logins.", + "dataTypesDependencies": [ + "CommonSecurityLog" + ], + "dataConnectorsDependencies": [ + "CiscoASA" + ], + "previewImagesFileNames": [ + "CiscoWhite.png", + "CiscoBlack.png" + ], + "version": "1.1.0", + "title": "Cisco - ASA", + "templateRelativePath": "Cisco.json", + "subtitle": "", + "provider": "Microsoft" + }, + { + "workbookKey": "ExchangeOnlineWorkbook", + "logoFileName": "office365_logo.svg", + "description": "Gain insights into Microsoft Exchange online by tracing and analyzing all Exchange operations and user activities.\nThis workbook let you monitor user activities, including logins, account operations, permission changes, and mailbox creations to discover suspicious trends among them.", + "dataTypesDependencies": [ + "OfficeActivity" + ], + "dataConnectorsDependencies": [ + "Office365" + ], + "previewImagesFileNames": [ + "ExchangeOnlineWhite.png", + "ExchangeOnlineBlack.png" + ], + "version": "2.0.0", + "title": "Exchange Online", + "templateRelativePath": "ExchangeOnline.json", + "subtitle": "", + "provider": "Microsoft" + }, + { + "workbookKey": "PaloAltoOverviewWorkbook", + "logoFileName": "paloalto_logo.svg", + "description": "Gain insights and comprehensive monitoring into Palo Alto firewalls by analyzing traffic and activities.\nThis workbook correlates all Palo Alto data with threat events to identify suspicious entities and relationships.\nYou can learn about trends across user and data traffic, and drill down into Palo Alto Wildfire and filter results.", + "dataTypesDependencies": [ + "CommonSecurityLog" + ], + "dataConnectorsDependencies": [ + "PaloAltoNetworks" + ], + "previewImagesFileNames": [ + "PaloAltoOverviewWhite1.png", + "PaloAltoOverviewBlack1.png", + "PaloAltoOverviewWhite2.png", + "PaloAltoOverviewBlack2.png", + "PaloAltoOverviewWhite3.png", + "PaloAltoOverviewBlack3.png" + ], + "version": "1.2.0", + "title": "Palo Alto overview", + "templateRelativePath": "PaloAltoOverview.json", + "subtitle": "", + "provider": "Microsoft" + }, + { + "workbookKey": "PaloAltoNetworkThreatWorkbook", + "logoFileName": "paloalto_logo.svg", + "description": "Gain insights into Palo Alto network activities by analyzing threat events.\nYou can extract meaningful security information by correlating data between threats, applications, and time.\nThis workbook makes it easy to track malware, vulnerability, and virus log events.", + "dataTypesDependencies": [ + "CommonSecurityLog" + ], + "dataConnectorsDependencies": [ + "PaloAltoNetworks" + ], + "previewImagesFileNames": [ + "PaloAltoNetworkThreatWhite1.png", + "PaloAltoNetworkThreatBlack1.png", + "PaloAltoNetworkThreatWhite2.png", + "PaloAltoNetworkThreatBlack2.png" + ], + "version": "1.1.0", + "title": "Palo Alto Network Threat", + "templateRelativePath": "PaloAltoNetworkThreat.json", + "subtitle": "", + "provider": "Palo Alto Networks" + }, + { + "workbookKey": "EsetSMCWorkbook", + "logoFileName": "eset-logo.svg", + "description": "Visualize events and threats from Eset Security Management Center.", + "dataTypesDependencies": [ + "eset_CL" + ], + "dataConnectorsDependencies": [ + "EsetSMC" + ], + "previewImagesFileNames": [ + "esetSMCWorkbook-black.png", + "esetSMCWorkbook-white.png" + ], + "version": "1.0.0", + "title": "Eset Security Management Center Overview", + "templateRelativePath": "esetSMCWorkbook.json", + "subtitle": "", + "provider": "Community" + }, + { + "workbookKey": "FortigateWorkbook", + "logoFileName": "fortinet_logo.svg", + "description": "Gain insights into Fortigate firewalls by analyzing traffic and activities.\nThis workbook finds correlations in Fortigate threat events and identifies suspicious ports, users, protocols and IP addresses.\nYou can learn about trends across user and data traffic, and drill down into the Fortigate filter results.\nEasily detect attacks on your organization by monitoring management operations such as configuration and logins.", + "dataTypesDependencies": [ + "CommonSecurityLog" + ], + "dataConnectorsDependencies": [ + "Fortinet" + ], + "previewImagesFileNames": [ + "FortigateWhite.png", + "FortigateBlack.png" + ], + "version": "1.1.0", + "title": "FortiGate", + "templateRelativePath": "Fortigate.json", + "subtitle": "", + "provider": "Microsoft" + }, + { + "workbookKey": "DnsWorkbook", + "logoFileName": "dns_logo.svg", + "description": "Gain extensive insight into your organization's DNS by analyzing, collecting and correlating all DNS events.\nThis workbook exposes a variety of information about suspicious queries, malicious IP addresses and domain operations.", + "dataTypesDependencies": [ + "DnsInventory", + "DnsEvents" + ], + "dataConnectorsDependencies": [ + "DNS" + ], + "previewImagesFileNames": [ + "DnsWhite.png", + "DnsBlack.png" + ], + "version": "1.3.0", + "title": "DNS", + "templateRelativePath": "Dns.json", + "subtitle": "", + "provider": "Microsoft" + }, + { + "workbookKey": "Office365Workbook", + "logoFileName": "office365_logo.svg", + "description": "Gain insights into Office 365 by tracing and analyzing all operations and activities. You can drill down into your SharePoint, OneDrive, and Exchange.\nThis workbook lets you find usage trends across users, files, folders, and mailboxes, making it easier to identify anomalies in your network.", + "dataTypesDependencies": [ + "OfficeActivity" + ], + "dataConnectorsDependencies": [ + "Office365" + ], + "previewImagesFileNames": [ + "Office365White1.png", + "Office365Black1.png", + "Office365White2.png", + "Office365Black2.png", + "Office365White3.png", + "Office365Black3.png" + ], + "version": "2.0.1", + "title": "Office 365", + "templateRelativePath": "Office365.json", + "subtitle": "", + "provider": "Microsoft" + }, + { + "workbookKey": "SharePointAndOneDriveWorkbook", + "logoFileName": "office365_logo.svg", + "description": "Gain insights into SharePoint and OneDrive by tracing and analyzing all operations and activities.\nYou can view trends across user operation, find correlations between users and files, and identify interesting information such as user IP addresses.", + "dataTypesDependencies": [ + "OfficeActivity" + ], + "dataConnectorsDependencies": [ + "Office365" + ], + "previewImagesFileNames": [ + "SharePointAndOneDriveBlack1.png", + "SharePointAndOneDriveBlack2.png", + "SharePointAndOneDriveWhite1.png", + "SharePointAndOneDriveWhite2.png" + ], + "version": "2.0.0", + "title": "SharePoint & OneDrive", + "templateRelativePath": "SharePointAndOneDrive.json", + "subtitle": "", + "provider": "Microsoft" + }, + { + "workbookKey": "AzureActiveDirectorySigninLogsWorkbook", + "logoFileName": "azureactivedirectory_logo.svg", + "description": "Gain insights into Azure Active Directory by connecting Microsoft Sentinel and using the sign-in logs to gather insights around Azure AD scenarios. \nYou can learn about sign-in operations, such as user sign-ins and locations, email addresses, and IP addresses of your users, as well as failed activities and the errors that triggered the failures.", + "dataTypesDependencies": [ + "SigninLogs" + ], + "dataConnectorsDependencies": [ + "AzureActiveDirectory" + ], + "previewImagesFileNames": [ + "AADsigninBlack1.png", + "AADsigninBlack2.png", + "AADsigninWhite1.png", + "AADsigninWhite2.png" + ], + "version": "2.4.0", + "title": "Azure AD Sign-in logs", + "templateRelativePath": "AzureActiveDirectorySignins.json", + "subtitle": "", + "provider": "Microsoft" + }, + { + "workbookKey": "VirtualMachinesInsightsWorkbook", + "logoFileName": "azurevirtualmachine_logo.svg", + "description": "Gain rich insight into your organization's virtual machines from Azure Monitor, which analyzes and correlates data in your VM network. \nYou will get visibility on your VM parameters and behavior, and will be able to trace sent and received data. \nIdentify malicious attackers and their targets, and drill down into the protocols, source and destination IP addresses, countries, and ports the attacks occur across.", + "dataTypesDependencies": [ + "VMConnection", + "ServiceMapComputer_CL", + "ServiceMapProcess_CL" + ], + "dataConnectorsDependencies": [], + "previewImagesFileNames": [ + "VMInsightBlack1.png", + "VMInsightWhite1.png" + ], + "version": "1.3.0", + "title": "VM insights", + "templateRelativePath": "VirtualMachinesInsights.json", + "subtitle": "", + "provider": "Microsoft" + }, + { + "workbookKey": "AzureActiveDirectoryAuditLogsWorkbook", + "logoFileName": "azureactivedirectory_logo.svg", + "description": "Gain insights into Azure Active Directory by connecting Microsoft Sentinel and using the audit logs to gather insights around Azure AD scenarios. \nYou can learn about user operations, including password and group management, device activities, and top active users and apps.", + "dataTypesDependencies": [ + "AuditLogs" + ], + "dataConnectorsDependencies": [ + "AzureActiveDirectory" + ], + "previewImagesFileNames": [ + "AzureADAuditLogsBlack1.png", + "AzureADAuditLogsWhite1.png" + ], + "version": "1.2.0", + "title": "Azure AD Audit logs", + "templateRelativePath": "AzureActiveDirectoryAuditLogs.json", + "subtitle": "", + "provider": "Microsoft" + }, + { + "workbookKey": "ThreatIntelligenceWorkbook", + "logoFileName": "", + "description": "Gain insights into threat indicators ingestion and search for indicators at scale across Microsoft 1st Party, 3rd Party, On-Premises, Hybrid, and Multi-Cloud Workloads. Indicators Search facilitates a simple interface for finding IP, File, Hash, Sender and more across your data. Seamless pivots to correlate indicators with Microsoft Sentinel: Incidents to make your threat intelligence actionable.", + "dataTypesDependencies": [ + "ThreatIntelligenceIndicator", + "SecurityIncident" + ], + "dataConnectorsDependencies": [ + "ThreatIntelligence", + "ThreatIntelligenceTaxii" + ], + "previewImagesFileNames": [ + "ThreatIntelligenceWhite.png", + "ThreatIntelligenceBlack.png" + ], + "version": "5.0.0", + "title": "Threat Intelligence", + "templateRelativePath": "ThreatIntelligence.json", + "subtitle": "", + "provider": "Microsoft" + }, + { + "workbookKey": "WebApplicationFirewallOverviewWorkbook", + "logoFileName": "waf_logo.svg", + "description": "Gain insights into your organization's Azure web application firewall (WAF). You will get a general overview of your application gateway firewall and application gateway access events.", + "dataTypesDependencies": [ + "AzureDiagnostics" + ], + "dataConnectorsDependencies": [ + "WAF" + ], + "previewImagesFileNames": [ + "WAFOverviewBlack.png", + "WAFOverviewWhite.png" + ], + "version": "1.1.0", + "title": "Microsoft Web Application Firewall (WAF) - overview", + "templateRelativePath": "WebApplicationFirewallOverview.json", + "subtitle": "", + "provider": "Microsoft" + }, + { + "workbookKey": "WebApplicationFirewallFirewallEventsWorkbook", + "logoFileName": "waf_logo.svg", + "description": "Gain insights into your organization's Azure web application firewall (WAF). You will get visibility in to your application gateway firewall. You can view anomalies and trends across all firewall event triggers, attack events, blocked URL addresses and more.", + "dataTypesDependencies": [ + "AzureDiagnostics" + ], + "dataConnectorsDependencies": [ + "WAF" + ], + "previewImagesFileNames": [ + "WAFFirewallEventsBlack1.png", + "WAFFirewallEventsBlack2.png", + "WAFFirewallEventsWhite1.png", + "WAFFirewallEventsWhite2.png" + ], + "version": "1.1.0", + "title": "Microsoft Web Application Firewall (WAF) - firewall events", + "templateRelativePath": "WebApplicationFirewallFirewallEvents.json", + "subtitle": "", + "provider": "Microsoft" + }, + { + "workbookKey": "WebApplicationFirewallGatewayAccessEventsWorkbook", + "logoFileName": "waf_logo.svg", + "description": "Gain insights into your organization's Azure web application firewall (WAF). You will get visibility in to your application gateway access events. You can view anomalies and trends across received and sent data, client IP addresses, URL addresses and more, and drill down into details.", + "dataTypesDependencies": [ + "AzureDiagnostics" + ], + "dataConnectorsDependencies": [ + "WAF" + ], + "previewImagesFileNames": [ + "WAFGatewayAccessEventsBlack1.png", + "WAFGatewayAccessEventsBlack2.png", + "WAFGatewayAccessEventsWhite1.png", + "WAFGatewayAccessEventsWhite2.png" + ], + "version": "1.2.0", + "title": "Microsoft Web Application Firewall (WAF) - gateway access events", + "templateRelativePath": "WebApplicationFirewallGatewayAccessEvents.json", + "subtitle": "", + "provider": "Microsoft" + }, + { + "workbookKey": "LinuxMachinesWorkbook", + "logoFileName": "azurevirtualmachine_logo.svg", + "description": "Gain insights into your workspaces' Linux machines by connecting Microsoft Sentinel and using the logs to gather insights around Linux events and errors.", + "dataTypesDependencies": [ + "Syslog" + ], + "dataConnectorsDependencies": [ + "Syslog" + ], + "previewImagesFileNames": [ + "LinuxMachinesWhite.png", + "LinuxMachinesBlack.png" + ], + "version": "1.1.0", + "title": "Linux machines", + "templateRelativePath": "LinuxMachines.json", + "subtitle": "", + "provider": "Microsoft" + }, + { + "workbookKey": "AzureFirewallWorkbook", + "logoFileName": "AzFirewalls.svg", + "description": "Gain insights into Azure Firewall events. You can learn about your application and network rules, see metrics for firewall activities across URLs, ports, and addresses across multiple workspaces.", + "dataTypesDependencies": [ + "AzureDiagnostics" + ], + "dataConnectorsDependencies": [ + "AzureFirewall" + ], + "previewImagesFileNames": [ + "AzureFirewallWorkbookWhite1.PNG", + "AzureFirewallWorkbookBlack1.PNG", + "AzureFirewallWorkbookWhite2.PNG", + "AzureFirewallWorkbookBlack2.PNG", + "AzureFirewallWorkbookWhite3.PNG", + "AzureFirewallWorkbookBlack3.PNG", + "AzureFirewallWorkbookWhite4.PNG", + "AzureFirewallWorkbookBlack4.PNG", + "AzureFirewallWorkbookWhite5.PNG", + "AzureFirewallWorkbookBlack5.PNG" + ], + "version": "1.3.0", + "title": "Azure Firewall", + "templateRelativePath": "AzureFirewallWorkbook.json", + "subtitle": "", + "provider": "Microsoft" + }, + { + "workbookKey": "AzureDDoSStandardProtection", + "logoFileName": "AzDDoS.svg", + "description": "This workbook visualizes security-relevant Azure DDoS events across several filterable panels. Offering a summary tab, metrics and a investigate tabs across multiple workspaces.", + "dataTypesDependencies": [ + "AzureDiagnostics" + ], + "dataConnectorsDependencies": [ + "DDOS" + ], + "previewImagesFileNames": [ + "AzureDDoSWhite1.PNG", + "AzureDDoSBlack1.PNG", + "AzureDDoSWhite2.PNG", + "AzureDDoSBlack2.PNG", + "AzureDDoSWhite2.PNG", + "AzureDDoSBlack2.PNG" + ], + "version": "1.0.2", + "title": "Azure DDoS Protection Workbook", + "templateRelativePath": "AzDDoSStandardWorkbook.json", + "subtitle": "", + "provider": "Microsoft" + }, + { + "workbookKey": "MicrosoftCloudAppSecurityWorkbook", + "logoFileName": "Microsoft_logo.svg", + "description": "Using this workbook, you can identify which cloud apps are being used in your organization, gain insights from usage trends and drill down to a specific user and application.", + "dataTypesDependencies": [ + "McasShadowItReporting" + ], + "dataConnectorsDependencies": [ + "MicrosoftCloudAppSecurity" + ], + "previewImagesFileNames": [ + "McasDiscoveryBlack.png", + "McasDiscoveryWhite.png" + ], + "version": "1.2.0", + "title": "Microsoft Cloud App Security - discovery logs", + "templateRelativePath": "MicrosoftCloudAppSecurity.json", + "subtitle": "", + "provider": "Microsoft" + }, + { + "workbookKey": "F5BIGIPSytemMetricsWorkbook", + "logoFileName": "f5_logo.svg", + "description": "Gain insight into F5 BIG-IP health and performance. This workbook provides visibility of various metrics including CPU, memory, connectivity, throughput and disk utilization.", + "dataTypesDependencies": [ + "F5Telemetry_system_CL", + "F5Telemetry_AVR_CL" + ], + "dataConnectorsDependencies": [ + "F5BigIp" + ], + "previewImagesFileNames": [ + "F5SMBlack.png", + "F5SMWhite.png" + ], + "version": "1.1.0", + "title": "F5 BIG-IP System Metrics", + "templateRelativePath": "F5BIGIPSystemMetrics.json", + "subtitle": "", + "provider": "F5 Networks" + }, + { + "workbookKey": "F5NetworksWorkbook", + "logoFileName": "f5_logo.svg", + "description": "Gain insights into F5 BIG-IP Application Security Manager (ASM), by analyzing traffic and activities.\nThis workbook provides insight into F5's web application firewall events and identifies attack traffic patterns across multiple ASM instances as well as overall BIG-IP health.", + "dataTypesDependencies": [ + "F5Telemetry_LTM_CL", + "F5Telemetry_system_CL", + "F5Telemetry_ASM_CL" + ], + "dataConnectorsDependencies": [ + "F5BigIp" + ], + "previewImagesFileNames": [ + "F5White.png", + "F5Black.png" + ], + "version": "1.1.0", + "title": "F5 BIG-IP ASM", + "templateRelativePath": "F5Networks.json", + "subtitle": "", + "provider": "F5 Networks" + }, + { + "workbookKey": "AzureNetworkWatcherWorkbook", + "logoFileName": "networkwatcher_logo.svg", + "description": "Gain deeper understanding of your organization's Azure network traffic by analyzing, and correlating Network Security Group flow logs. \nYou can trace malicious traffic flows, and drill down into their protocols, source and destination IP addresses, machines, countries, and subnets. \nThis workbook also helps you protect your network by identifying weak NSG rules.", + "dataTypesDependencies": [ + "AzureNetworkAnalytics_CL" + ], + "dataConnectorsDependencies": [], + "previewImagesFileNames": [ + "AzureNetworkWatcherWhite.png", + "AzureNetworkWatcherBlack.png" + ], + "version": "1.1.0", + "title": "Azure Network Watcher", + "templateRelativePath": "AzureNetworkWatcher.json", + "subtitle": "", + "provider": "Microsoft" + }, + { + "workbookKey": "ZscalerFirewallWorkbook", + "logoFileName": "zscaler_logo.svg", + "description": "Gain insights into your ZIA cloud firewall logs by connecting to Microsoft Sentinel.\nThe Zscaler firewall overview workbook provides an overview and ability to drill down into all cloud firewall activity in your Zscaler instance including non-web related networking events, security events, firewall rules, and bandwidth consumption", + "dataTypesDependencies": [ + "CommonSecurityLog" + ], + "dataConnectorsDependencies": [ + "Zscaler" + ], + "previewImagesFileNames": [ + "ZscalerFirewallWhite1.png", + "ZscalerFirewallBlack1.png", + "ZscalerFirewallWhite2.png", + "ZscalerFirewallBlack2.png" + ], + "version": "1.1.0", + "title": "Zscaler Firewall", + "templateRelativePath": "ZscalerFirewall.json", + "subtitle": "", + "provider": "Zscaler" + }, + { + "workbookKey": "ZscalerWebOverviewWorkbook", + "logoFileName": "zscaler_logo.svg", + "description": "Gain insights into your ZIA web logs by connecting to Microsoft Sentinel.\nThe Zscaler web overview workbook provides a bird's eye view and ability to drill down into all the security and networking events related to web transactions, types of devices, and bandwidth consumption.", + "dataTypesDependencies": [ + "CommonSecurityLog" + ], + "dataConnectorsDependencies": [ + "Zscaler" + ], + "previewImagesFileNames": [ + "ZscalerWebOverviewWhite.png", + "ZscalerWebOverviewBlack.png" + ], + "version": "1.1.0", + "title": "Zscaler Web Overview", + "templateRelativePath": "ZscalerWebOverview.json", + "subtitle": "", + "provider": "Zscaler" + }, + { + "workbookKey": "ZscalerThreatsOverviewWorkbook", + "logoFileName": "zscaler_logo.svg", + "description": "Gain insights into threats blocked by Zscaler Internet access on your network.\nThe Zscaler threat overview workbook shows your entire threat landscape including blocked malware, IPS/AV rules, and blocked cloud apps. Threats are displayed by threat categories, filetypes, inbound vs outbound threats, usernames, user location, and more.", + "dataTypesDependencies": [ + "CommonSecurityLog" + ], + "dataConnectorsDependencies": [ + "Zscaler" + ], + "previewImagesFileNames": [ + "ZscalerThreatsWhite.png", + "ZscalerThreatsBlack.png" + ], + "version": "1.2.0", + "title": "Zscaler Threats", + "templateRelativePath": "ZscalerThreats.json", + "subtitle": "", + "provider": "Zscaler" + }, + { + "workbookKey": "ZscalerOffice365AppsWorkbook", + "logoFileName": "zscaler_logo.svg", + "description": "Gain insights into Office 365 use on your network.\nThe Zscaler Office 365 overview workbook shows you the Microsoft apps running on your network and their individual bandwidth consumption. It also helps identify phishing attempts in which attackers disguised themselves as Microsoft services.", + "dataTypesDependencies": [ + "CommonSecurityLog" + ], + "dataConnectorsDependencies": [ + "Zscaler" + ], + "previewImagesFileNames": [ + "ZscalerOffice365White.png", + "ZscalerOffice365Black.png" + ], + "version": "1.1.0", + "title": "Zscaler Office365 Apps", + "templateRelativePath": "ZscalerOffice365Apps.json", + "subtitle": "", + "provider": "Zscaler" + }, + { + "workbookKey": "InsecureProtocolsWorkbook", + "logoFileName": "Microsoft_logo.svg", + "description": "Gain insights into insecure protocol traffic by collecting and analyzing security events from Microsoft products.\nYou can view analytics and quickly identify use of weak authentication as well as sources of legacy protocol traffic, like NTLM and SMBv1.\nYou will also have the ability to monitor use of weak ciphers, allowing you to find weak spots in your organization's security.", + "dataTypesDependencies": [ + "SecurityEvent", + "Event", + "SigninLogs" + ], + "dataConnectorsDependencies": [ + "SecurityEvents", + "AzureActiveDirectory", + "WindowsSecurityEvents" + ], + "previewImagesFileNames": [ + "InsecureProtocolsWhite1.png", + "InsecureProtocolsBlack1.png", + "InsecureProtocolsWhite2.png", + "InsecureProtocolsBlack2.png" + ], + "version": "2.1.0", + "title": "Insecure Protocols", + "templateRelativePath": "InsecureProtocols.json", + "subtitle": "", + "provider": "Microsoft" + }, + { + "workbookKey": "AmazonWebServicesNetworkActivitiesWorkbook", + "logoFileName": "amazon_web_services_Logo.svg", + "description": "Gain insights into AWS network related resource activities, including the creation, update, and deletions of security groups, network ACLs and routes, gateways, elastic load balancers, VPCs, subnets, and network interfaces.", + "dataTypesDependencies": [ + "AWSCloudTrail" + ], + "dataConnectorsDependencies": [ + "AWS" + ], + "previewImagesFileNames": [ + "AwsNetworkActivitiesWhite.png", + "AwsNetworkActivitiesBlack.png" + ], + "version": "1.0.0", + "title": "AWS Network Activities", + "templateRelativePath": "AmazonWebServicesNetworkActivities.json", + "subtitle": "", + "provider": "Microsoft" + }, + { + "workbookKey": "AmazonWebServicesUserActivitiesWorkbook", + "logoFileName": "amazon_web_services_Logo.svg", + "description": "Gain insights into AWS user activities, including failed sign-in attempts, IP addresses, regions, user agents, and identity types, as well as potential malicious user activities with assumed roles.", + "dataTypesDependencies": [ + "AWSCloudTrail" + ], + "dataConnectorsDependencies": [ + "AWS" + ], + "previewImagesFileNames": [ + "AwsUserActivitiesWhite.png", + "AwsUserActivitiesBlack.png" + ], + "version": "1.0.0", + "title": "AWS User Activities", + "templateRelativePath": "AmazonWebServicesUserActivities.json", + "subtitle": "", + "provider": "Microsoft" + }, + { + "workbookKey": "TrendMicroDeepSecurityAttackActivityWorkbook", + "logoFileName": "trendmicro_logo.svg", + "description": "Visualize and gain insights into the MITRE ATT&CK related activity detected by Trend Micro Deep Security.", + "dataTypesDependencies": [ + "CommonSecurityLog" + ], + "dataConnectorsDependencies": [ + "TrendMicro" + ], + "previewImagesFileNames": [ + "TrendMicroDeepSecurityAttackActivityWhite.png", + "TrendMicroDeepSecurityAttackActivityBlack.png" + ], + "version": "1.0.0", + "title": "Trend Micro Deep Security ATT&CK Related Activity", + "templateRelativePath": "TrendMicroDeepSecurityAttackActivity.json", + "subtitle": "", + "provider": "Trend Micro" + }, + { + "workbookKey": "TrendMicroDeepSecurityOverviewWorkbook", + "logoFileName": "trendmicro_logo.svg", + "description": "Gain insights into your Trend Micro Deep Security security event data by visualizing your Deep Security Anti-Malware, Firewall, Integrity Monitoring, Intrusion Prevention, Log Inspection, and Web Reputation event data.", + "dataTypesDependencies": [ + "CommonSecurityLog" + ], + "dataConnectorsDependencies": [ + "TrendMicro" + ], + "previewImagesFileNames": [ + "TrendMicroDeepSecurityOverviewWhite1.png", + "TrendMicroDeepSecurityOverviewBlack1.png", + "TrendMicroDeepSecurityOverviewWhite2.png", + "TrendMicroDeepSecurityOverviewBlack2.png" + ], + "version": "1.0.0", + "title": "Trend Micro Deep Security Events", + "templateRelativePath": "TrendMicroDeepSecurityOverview.json", + "subtitle": "", + "provider": "Trend Micro" + }, + { + "workbookKey": "ExtraHopDetectionSummaryWorkbook", + "logoFileName": "extrahop_logo.svg", + "description": "Gain insights into ExtraHop Reveal(x) detections by analyzing traffic and activities.\nThis workbook provides an overview of security detections in your organization's network, including high-risk detections and top participants.", + "dataTypesDependencies": [ + "CommonSecurityLog" + ], + "dataConnectorsDependencies": [ + "ExtraHopNetworks" + ], + "previewImagesFileNames": [ + "ExtrahopWhite.png", + "ExtrahopBlack.png" + ], + "version": "1.0.0", + "title": "ExtraHop", + "templateRelativePath": "ExtraHopDetectionSummary.json", + "subtitle": "", + "provider": "ExtraHop Networks" + }, + { + "workbookKey": "BarracudaCloudFirewallWorkbook", + "logoFileName": "barracuda_logo.svg", + "description": "Gain insights into your Barracuda CloudGen Firewall by analyzing firewall operations and events.\nThis workbook provides insights into rule enforcement, network activities, including number of connections, top users, and helps you identify applications that are popular on your network.", + "dataTypesDependencies": [ + "CommonSecurityLog", + "Syslog" + ], + "dataConnectorsDependencies": [ + "BarracudaCloudFirewall" + ], + "previewImagesFileNames": [ + "BarracudaWhite1.png", + "BarracudaBlack1.png", + "BarracudaWhite2.png", + "BarracudaBlack2.png" + ], + "version": "1.0.0", + "title": "Barracuda CloudGen FW", + "templateRelativePath": "Barracuda.json", + "subtitle": "", + "provider": "Barracuda" + }, + { + "workbookKey": "CitrixWorkbook", + "logoFileName": "citrix_logo.svg", + "description": "Citrix Analytics for Security aggregates and correlates information across network traffic, users, files and endpoints in Citrix environments. This generates actionable insights that enable Citrix administrators and security teams to remediate user security threats through automation while optimizing IT operations. Machine learning and artificial intelligence empowers Citrix Analytics for Security to identify and take automated action to prevent data exfiltration. While delivered as a cloud service, Citrix Analytics for Security can generate insights from resources located on-premises, in the cloud, or in hybrid architectures. The Citrix Analytics Workbook further enhances the value of both your Citrix Analytics for Security and Microsoft Sentinel. The Workbook enables you to integrate data sources together, helping you gain even richer insights. It also gives Security Operations (SOC) teams the ability to correlate data from disparate logs, helping you identify and proactively remediate security risk quickly. Additionally, valuable dashboards that were unique to the Citrix Analytics for Security can now be implemented in Sentinel. You can also create new custom Workbooks that were not previously available, helping extend the value of both investments.", + "dataTypesDependencies": [ + "CitrixAnalytics_userProfile_CL", + "CitrixAnalytics_riskScoreChange_CL", + "CitrixAnalytics_indicatorSummary_CL", + "CitrixAnalytics_indicatorEventDetails_CL" + ], + "dataConnectorsDependencies": [ + "Citrix" + ], + "previewImagesFileNames": [ + "CitrixWhite.png", + "CitrixBlack.png" + ], + "version": "2.1.0", + "title": "Citrix Analytics", + "templateRelativePath": "Citrix.json", + "subtitle": "", + "provider": "Citrix Systems Inc." + }, + { + "workbookKey": "OneIdentityWorkbook", + "logoFileName": "oneIdentity_logo.svg", + "description": "This simple workbook gives an overview of sessions going through your SafeGuard for Privileged Sessions device.", + "dataTypesDependencies": [ + "CommonSecurityLog" + ], + "dataConnectorsDependencies": [ + "OneIdentity" + ], + "previewImagesFileNames": [ + "OneIdentityWhite.png", + "OneIdentityBlack.png" + ], + "version": "1.0.0", + "title": "One Identity", + "templateRelativePath": "OneIdentity.json", + "subtitle": "", + "provider": "One Identity LLC." + }, + { + "workbookKey": "SecurityStatusWorkbook", + "logoFileName": "", + "description": "This workbook gives an overview of Security Settings for VMs and Azure Arc.", + "dataTypesDependencies": [ + "CommonSecurityLog", + "SecurityEvent", + "Syslog" + ], + "dataConnectorsDependencies": [], + "previewImagesFileNames": [ + "AzureSentinelSecurityStatusBlack.png", + "AzureSentinelSecurityStatusWhite.png" + ], + "version": "1.3.0", + "title": "Security Status", + "templateRelativePath": "SecurityStatus.json", + "subtitle": "", + "provider": "Microsoft" + }, + { + "workbookKey": "AzureSentinelSecurityAlertsWorkbook", + "logoFileName": "Azure_Sentinel.svg", + "description": "Security Alerts dashboard for alerts in your Microsoft Sentinel environment.", + "dataTypesDependencies": [ + "SecurityAlert" + ], + "dataConnectorsDependencies": [], + "previewImagesFileNames": [ + "AzureSentinelSecurityAlertsWhite.png", + "AzureSentinelSecurityAlertsBlack.png" + ], + "version": "1.1.0", + "title": "Security Alerts", + "templateRelativePath": "AzureSentinelSecurityAlerts.json", + "subtitle": "", + "provider": "Microsoft" + }, + { + "workbookKey": "SquadraTechnologiesSecRMMWorkbook", + "logoFileName": "SquadraTechnologiesLogo.svg", + "description": "This workbook gives an overview of security data for removable storage activity such as USB thumb drives and USB connected mobile devices.", + "dataTypesDependencies": [ + "secRMM_CL" + ], + "dataConnectorsDependencies": [ + "SquadraTechnologiesSecRmm" + ], + "previewImagesFileNames": [ + "SquadraTechnologiesSecRMMWhite.PNG", + "SquadraTechnologiesSecRMMBlack.PNG" + ], + "version": "1.0.0", + "title": "Squadra Technologies SecRMM - USB removable storage security", + "templateRelativePath": "SquadraTechnologiesSecRMM.json", + "subtitle": "", + "provider": "Squadra Technologies" + }, + { + "workbookKey": "IoT-Alerts", + "logoFileName": "IoTIcon.svg", + "description": "Gain insights into your IoT data workloads from Azure IoT Hub managed deployments, monitor alerts across all your IoT Hub deployments, detect devices at risk and act upon potential threats.", + "dataTypesDependencies": [ + "SecurityAlert" + ], + "dataConnectorsDependencies": [ + "IoT" + ], + "previewImagesFileNames": [ + "IOTBlack1.png", + "IOTWhite1.png" + ], + "version": "1.2.0", + "title": "Azure Defender for IoT Alerts", + "templateRelativePath": "IOT_Alerts.json", + "subtitle": "", + "provider": "Microsoft" + }, + { + "workbookKey": "IoTAssetDiscovery", + "logoFileName": "IoTIcon.svg", + "description": "IoT Devices asset discovery from Firewall logs By Azure Defender for IoT", + "dataTypesDependencies": [ + "CommonSecurityLog" + ], + "dataConnectorsDependencies": [ + "Fortinet" + ], + "previewImagesFileNames": [ + "workbook-iotassetdiscovery-screenshot-Black.PNG", + "workbook-iotassetdiscovery-screenshot-White.PNG" + ], + "version": "1.0.0", + "title": "IoT Asset Discovery", + "templateRelativePath": "IoTAssetDiscovery.json", + "subtitle": "", + "provider": "Microsoft" + }, + { + "workbookKey": "ForcepointCASBWorkbook", + "logoFileName": "FP_Green_Emblem_RGB-01.svg", + "description": "Get insights on user risk with the Forcepoint CASB (Cloud Access Security Broker) workbook.", + "dataTypesDependencies": [ + "CommonSecurityLog" + ], + "dataConnectorsDependencies": [ + "ForcepointCasb" + ], + "previewImagesFileNames": [ + "ForcepointCASBWhite.png", + "ForcepointCASBBlack.png" + ], + "version": "1.0.0", + "title": "Forcepoint Cloud Access Security Broker (CASB)", + "templateRelativePath": "ForcepointCASB.json", + "subtitle": "", + "provider": "Forcepoint" + }, + { + "workbookKey": "ForcepointNGFWWorkbook", + "logoFileName": "FP_Green_Emblem_RGB-01.svg", + "description": "Get insights on firewall activities with the Forcepoint NGFW (Next Generation Firewall) workbook.", + "dataTypesDependencies": [ + "CommonSecurityLog" + ], + "dataConnectorsDependencies": [ + "ForcepointNgfw" + ], + "previewImagesFileNames": [ + "ForcepointNGFWWhite.png", + "ForcepointNGFWBlack.png" + ], + "version": "1.0.0", + "title": "Forcepoint Next Generation Firewall (NGFW)", + "templateRelativePath": "ForcepointNGFW.json", + "subtitle": "", + "provider": "Forcepoint" + }, + { + "workbookKey": "ForcepointDLPWorkbook", + "logoFileName": "FP_Green_Emblem_RGB-01.svg", + "description": "Get insights on DLP incidents with the Forcepoint DLP (Data Loss Prevention) workbook.", + "dataTypesDependencies": [ + "ForcepointDLPEvents_CL" + ], + "dataConnectorsDependencies": [ + "ForcepointDlp" + ], + "previewImagesFileNames": [ + "ForcepointDLPWhite.png", + "ForcepointDLPBlack.png" + ], + "version": "1.0.0", + "title": "Forcepoint Data Loss Prevention (DLP)", + "templateRelativePath": "ForcepointDLP.json", + "subtitle": "", + "provider": "Forcepoint" + }, + { + "workbookKey": "ZimperiumMTDWorkbook", + "logoFileName": "ZIMPERIUM-logo_square2.svg", + "description": "This workbook provides insights on Zimperium Mobile Threat Defense (MTD) threats and mitigations.", + "dataTypesDependencies": [ + "ZimperiumThreatLog_CL", + "ZimperiumMitigationLog_CL" + ], + "dataConnectorsDependencies": [ + "ZimperiumMtdAlerts" + ], + "previewImagesFileNames": [ + "ZimperiumWhite.png", + "ZimperiumBlack.png" + ], + "version": "1.0.0", + "title": "Zimperium Mobile Threat Defense (MTD)", + "templateRelativePath": "ZimperiumWorkbooks.json", + "subtitle": "", + "provider": "Zimperium" + }, + { + "workbookKey": "AzureAuditActivityAndSigninWorkbook", + "logoFileName": "azureactivedirectory_logo.svg", + "description": "Gain insights into Azure Active Directory Audit, Activity and Signins with one workbook. This workbook can be used by Security and Azure administrators.", + "dataTypesDependencies": [ + "AzureActivity", + "AuditLogs", + "SigninLogs" + ], + "dataConnectorsDependencies": [ + "AzureActiveDirectory" + ], + "previewImagesFileNames": [ + "AzureAuditActivityAndSigninWhite1.png", + "AzureAuditActivityAndSigninWhite2.png", + "AzureAuditActivityAndSigninBlack1.png", + "AzureAuditActivityAndSigninBlack2.png" + ], + "version": "1.2.0", + "title": "Azure AD Audit, Activity and Sign-in logs", + "templateRelativePath": "AzureAuditActivityAndSignin.json", + "subtitle": "", + "provider": "Microsoft Sentinel community" + }, + { + "workbookKey": "WindowsFirewall", + "logoFileName": "Microsoft_logo.svg", + "description": "Gain insights into Windows Firewall logs in combination with security and Azure signin logs", + "dataTypesDependencies": [ + "WindowsFirewall", + "SecurityEvent", + "SigninLogs" + ], + "dataConnectorsDependencies": [ + "SecurityEvents", + "WindowsFirewall", + "WindowsSecurityEvents" + ], + "previewImagesFileNames": [ + "WindowsFirewallWhite1.png", + "WindowsFirewallWhite2.png", + "WindowsFirewallBlack1.png", + "WindowsFirewallBlack2.png" + ], + "version": "1.0.0", + "title": "Windows Firewall", + "templateRelativePath": "WindowsFirewall.json", + "subtitle": "", + "provider": "Microsoft Sentinel community" + }, + { + "workbookKey": "EventAnalyzerwWorkbook", + "logoFileName": "", + "description": "The Event Analyzer workbook allows to explore, audit and speed up analysis of Windows Event Logs, including all event details and attributes, such as security, application, system, setup, directory service, DNS and others.", + "dataTypesDependencies": [ + "SecurityEvent" + ], + "dataConnectorsDependencies": [ + "SecurityEvents", + "WindowsSecurityEvents" + ], + "previewImagesFileNames": [ + "EventAnalyzer-Workbook-White.png", + "EventAnalyzer-Workbook-Black.png" + ], + "version": "1.0.0", + "title": "Event Analyzer", + "templateRelativePath": "EventAnalyzer.json", + "subtitle": "", + "provider": "Microsoft Sentinel community" + }, + { + "workbookKey": "ASC-ComplianceandProtection", + "logoFileName": "", + "description": "Gain insight into regulatory compliance, alert trends, security posture, and more with this workbook based on Azure Security Center data.", + "dataTypesDependencies": [ + "SecurityAlert", + "ProtectionStatus", + "SecurityRecommendation", + "SecurityBaseline", + "SecurityBaselineSummary", + "Update", + "ConfigurationChange" + ], + "dataConnectorsDependencies": [ + "AzureSecurityCenter" + ], + "previewImagesFileNames": [ + "ASCCaPBlack.png", + "ASCCaPWhite.png" + ], + "version": "1.2.0", + "title": "ASC Compliance and Protection", + "templateRelativePath": "ASC-ComplianceandProtection.json", + "subtitle": "", + "provider": "Microsoft Sentinel community" + }, + { + "workbookKey": "AIVectraDetectWorkbook", + "logoFileName": "AIVectraDetect.svg", + "description": "Start investigating network attacks surfaced by Vectra Detect directly from Sentinel. View critical hosts, accounts, campaigns and detections. Also monitor Vectra system health and audit logs.", + "dataTypesDependencies": [ + "CommonSecurityLog" + ], + "dataConnectorsDependencies": [ + "AIVectraDetect" + ], + "previewImagesFileNames": [ + "AIVectraDetectWhite1.png", + "AIVectraDetectBlack1.png" + ], + "version": "1.1.1", + "title": "Vectra AI Detect", + "templateRelativePath": "AIVectraDetectWorkbook.json", + "subtitle": "", + "provider": "Vectra AI" + }, + { + "workbookKey": "Perimeter81OverviewWorkbook", + "logoFileName": "Perimeter81_Logo.svg", + "description": "Gain insights and comprehensive monitoring into your Perimeter 81 account by analyzing activities.", + "dataTypesDependencies": [ + "Perimeter81_CL" + ], + "dataConnectorsDependencies": [ + "Perimeter81ActivityLogs" + ], + "previewImagesFileNames": [ + "Perimeter81OverviewWhite1.png", + "Perimeter81OverviewBlack1.png", + "Perimeter81OverviewWhite2.png", + "Perimeter81OverviewBlack2.png" + ], + "version": "1.0.0", + "title": "Perimeter 81 Overview", + "templateRelativePath": "Perimeter81OverviewWorkbook.json", + "subtitle": "", + "provider": "Perimeter 81" + }, + { + "workbookKey": "SymantecProxySGWorkbook", + "logoFileName": "symantec_logo.svg", + "description": "Gain insight into Symantec ProxySG by analyzing, collecting and correlating proxy data.\nThis workbook provides visibility into ProxySG Access logs", + "dataTypesDependencies": [ + "Syslog" + ], + "dataConnectorsDependencies": [ + "SymantecProxySG" + ], + "previewImagesFileNames": [ + "SymantecProxySGWhite.png", + "SymantecProxySGBlack.png" + ], + "version": "1.0.0", + "title": "Symantec ProxySG", + "templateRelativePath": "SymantecProxySG.json", + "subtitle": "", + "provider": "Symantec" + }, + { + "workbookKey": "IllusiveASMWorkbook", + "logoFileName": "illusive_logo_workbook.svg", + "description": "Gain insights into your organization's Cyber Hygiene and Attack Surface risk.\nIllusive ASM automates discovery and clean-up of credential violations, allows drill-down inspection of pathways to critical assets, and provides risk insights that inform intelligent decision-making to reduce attacker mobility.", + "dataTypesDependencies": [ + "CommonSecurityLog" + ], + "dataConnectorsDependencies": [ + "illusiveAttackManagementSystem" + ], + "previewImagesFileNames": [ + "IllusiveASMWhite.png", + "IllusiveASMBlack.png" + ], + "version": "1.0.0", + "title": "Illusive ASM Dashboard", + "templateRelativePath": "IllusiveASM.json", + "subtitle": "", + "provider": "Illusive" + }, + { + "workbookKey": "IllusiveADSWorkbook", + "logoFileName": "illusive_logo_workbook.svg", + "description": "Gain insights into unauthorized lateral movement in your organization's network.\nIllusive ADS is designed to paralyzes attackers and eradicates in-network threats by creating a hostile environment for the attackers across all the layers of the attack surface.", + "dataTypesDependencies": [ + "CommonSecurityLog" + ], + "dataConnectorsDependencies": [ + "illusiveAttackManagementSystem" + ], + "previewImagesFileNames": [ + "IllusiveADSWhite.png", + "IllusiveADSBlack.png" + ], + "version": "1.0.0", + "title": "Illusive ADS Dashboard", + "templateRelativePath": "IllusiveADS.json", + "subtitle": "", + "provider": "Illusive" + }, + { + "workbookKey": "PulseConnectSecureWorkbook", + "logoFileName": "", + "description": "Gain insight into Pulse Secure VPN by analyzing, collecting and correlating vulnerability data.\nThis workbook provides visibility into user VPN activities", + "dataTypesDependencies": [ + "Syslog" + ], + "dataConnectorsDependencies": [ + "PulseConnectSecure" + ], + "previewImagesFileNames": [ + "PulseConnectSecureWhite.png", + "PulseConnectSecureBlack.png" + ], + "version": "1.0.0", + "title": "Pulse Connect Secure", + "templateRelativePath": "PulseConnectSecure.json", + "subtitle": "", + "provider": "Pulse Secure" + }, + { + "workbookKey": "InfobloxNIOSWorkbook", + "logoFileName": "infoblox_logo.svg", + "description": "Gain insight into Infoblox NIOS by analyzing, collecting and correlating DHCP and DNS data.\nThis workbook provides visibility into DHCP and DNS traffic", + "dataTypesDependencies": [ + "Syslog" + ], + "dataConnectorsDependencies": [ + "InfobloxNIOS" + ], + "previewImagesFileNames": [], + "version": "1.1.0", + "title": "Infoblox NIOS", + "templateRelativePath": "Infoblox-Workbook-V2.json", + "subtitle": "", + "provider": "Infoblox" + }, + { + "workbookKey": "SymantecVIPWorkbook", + "logoFileName": "symantec_logo.svg", + "description": "Gain insight into Symantec VIP by analyzing, collecting and correlating strong authentication data.\nThis workbook provides visibility into user authentications", + "dataTypesDependencies": [ + "Syslog" + ], + "dataConnectorsDependencies": [ + "SymantecVIP" + ], + "previewImagesFileNames": [ + "SymantecVIPWhite.png", + "SymantecVIPBlack.png" + ], + "version": "1.0.0", + "title": "Symantec VIP", + "templateRelativePath": "SymantecVIP.json", + "subtitle": "", + "provider": "Symantec" + }, + { + "workbookKey": "ProofPointTAPWorkbook", + "logoFileName": "proofpointlogo.svg", + "description": "Gain extensive insight into Proofpoint Targeted Attack Protection (TAP) by analyzing, collecting and correlating TAP log events.\nThis workbook provides visibility into message and click events that were permitted, delivered, or blocked", + "dataTypesDependencies": [ + "ProofPointTAPMessagesBlocked_CL", + "ProofPointTAPMessagesDelivered_CL", + "ProofPointTAPClicksPermitted_CL", + "ProofPointTAPClicksBlocked_CL" + ], + "dataConnectorsDependencies": [ + "ProofpointTAP" + ], + "previewImagesFileNames": [ + "ProofpointTAPWhite.png", + "ProofpointTAPBlack.png" + ], + "version": "1.0.0", + "title": "Proofpoint TAP", + "templateRelativePath": "ProofpointTAP.json", + "subtitle": "", + "provider": "Proofpoint" + }, + { + "workbookKey": "QualysVMWorkbook", + "logoFileName": "qualys_logo.svg", + "description": "Gain insight into Qualys Vulnerability Management by analyzing, collecting and correlating vulnerability data.\nThis workbook provides visibility into vulnerabilities detected from vulnerability scans", + "dataTypesDependencies": [ + "QualysHostDetection_CL" + ], + "dataConnectorsDependencies": [ + "QualysVulnerabilityManagement" + ], + "previewImagesFileNames": [ + "QualysVMWhite.png", + "QualysVMBlack.png" + ], + "version": "1.0.0", + "title": "Qualys Vulnerability Management", + "templateRelativePath": "QualysVM.json", + "subtitle": "", + "provider": "Qualys" + }, + { + "workbookKey": "QualysVMV2Workbook", + "logoFileName": "qualys_logo.svg", + "description": "Gain insight into Qualys Vulnerability Management by analyzing, collecting and correlating vulnerability data.\nThis workbook provides visibility into vulnerabilities detected from vulnerability scans", + "dataTypesDependencies": [ + "QualysHostDetectionV2_CL" + ], + "dataConnectorsDependencies": [ + "QualysVulnerabilityManagement" + ], + "previewImagesFileNames": [ + "QualysVMWhite.png", + "QualysVMBlack.png" + ], + "version": "1.0.0", + "title": "Qualys Vulnerability Management", + "templateRelativePath": "QualysVMv2.json", + "subtitle": "", + "provider": "Qualys" + }, + { + "workbookKey": "GitHubSecurityWorkbook", + "logoFileName": "GitHub.svg", + "description": "Gain insights to GitHub activities that may be interesting for security.", + "dataTypesDependencies": [ + "Github_CL", + "GitHubRepoLogs_CL" + ], + "dataConnectorsDependencies": [], + "previewImagesFileNames": [ + "GitHubSecurityWhite.png", + "GitHubSecurityBlack.png" + ], + "version": "1.0.0", + "title": "GitHub Security", + "templateRelativePath": "GitHubSecurityWorkbook.json", + "subtitle": "", + "provider": "Microsoft Sentinel community" + }, + { + "workbookKey": "VisualizationDemo", + "logoFileName": "", + "description": "Learn and explore the many ways of displaying information within Microsoft Sentinel workbooks", + "dataTypesDependencies": [ + "SecurityAlert" + ], + "dataConnectorsDependencies": [], + "previewImagesFileNames": [ + "VisualizationDemoBlack.png", + "VisualizationDemoWhite.png" + ], + "version": "1.0.0", + "title": "Visualizations Demo", + "templateRelativePath": "VisualizationDemo.json", + "subtitle": "", + "provider": "Microsoft Sentinel Community" + }, + { + "workbookKey": "SophosXGFirewallWorkbook", + "logoFileName": "sophos_logo.svg", + "description": "Gain insight into Sophos XG Firewall by analyzing, collecting and correlating firewall data.\nThis workbook provides visibility into network traffic", + "dataTypesDependencies": [ + "Syslog" + ], + "dataConnectorsDependencies": [ + "SophosXGFirewall" + ], + "previewImagesFileNames": [ + "SophosXGFirewallWhite.png", + "SophosXGFirewallBlack.png" + ], + "version": "1.0.0", + "title": "Sophos XG Firewall", + "templateRelativePath": "SophosXGFirewall.json", + "subtitle": "", + "provider": "Sophos" + }, + { + "workbookKey": "SysmonThreatHuntingWorkbook", + "logoFileName": "", + "description": "Simplify your threat hunts using Sysmon data mapped to MITRE ATT&CK data. This workbook gives you the ability to drilldown into system activity based on known ATT&CK techniques as well as other threat hunting entry points such as user activity, network connections or virtual machine Sysmon events.\nPlease note that for this workbook to work you must have deployed Sysmon on your virtual machines in line with the instructions at https://github.com/BlueTeamLabs/sentinel-attack/wiki/Onboarding-sysmon-data-to-Azure-Sentinel", + "dataTypesDependencies": [ + "Event" + ], + "dataConnectorsDependencies": [], + "previewImagesFileNames": [ + "SysmonThreatHuntingWhite1.png", + "SysmonThreatHuntingBlack1.png" + ], + "version": "1.4.0", + "title": "Sysmon Threat Hunting", + "templateRelativePath": "SysmonThreatHunting.json", + "subtitle": "", + "provider": "Microsoft Sentinel community" + }, + { + "workbookKey": "WebApplicationFirewallWAFTypeEventsWorkbook", + "logoFileName": "webapplicationfirewall(WAF)_logo.svg", + "description": "Gain insights into your organization's Azure web application firewall (WAF) across various services such as Azure Front Door Service and Application Gateway. You can view event triggers, full messages, attacks over time, among other data. Several aspects of the workbook are interactable to allow users to further understand their data", + "dataTypesDependencies": [ + "AzureDiagnostics" + ], + "dataConnectorsDependencies": [ + "WAF" + ], + "previewImagesFileNames": [ + "WAFFirewallWAFTypeEventsBlack1.PNG", + "WAFFirewallWAFTypeEventsBlack2.PNG", + "WAFFirewallWAFTypeEventsBlack3.PNG", + "WAFFirewallWAFTypeEventsBlack4.PNG", + "WAFFirewallWAFTypeEventsWhite1.png", + "WAFFirewallWAFTypeEventsWhite2.PNG", + "WAFFirewallWAFTypeEventsWhite3.PNG", + "WAFFirewallWAFTypeEventsWhite4.PNG" + ], + "version": "1.1.0", + "title": "Microsoft Web Application Firewall (WAF) - Azure WAF", + "templateRelativePath": "WebApplicationFirewallWAFTypeEvents.json", + "subtitle": "", + "provider": "Microsoft" + }, + { + "workbookKey": "OrcaAlertsOverviewWorkbook", + "logoFileName": "Orca_logo.svg", + "description": "A visualized overview of Orca security alerts.\nExplore, analize and learn about your security posture using Orca alerts Overview", + "dataTypesDependencies": [ + "OrcaAlerts_CL" + ], + "dataConnectorsDependencies": [ + "OrcaSecurityAlerts" + ], + "previewImagesFileNames": [ + "OrcaAlertsWhite.png", + "OrcaAlertsBlack.png" + ], + "version": "1.1.0", + "title": "Orca alerts overview", + "templateRelativePath": "OrcaAlerts.json", + "subtitle": "", + "provider": "Orca Security" + }, + { + "workbookKey": "CyberArkWorkbook", + "logoFileName": "CyberArk_Logo.svg", + "description": "The CyberArk Syslog connector allows you to easily connect all your CyberArk security solution logs with your Microsoft Sentinel, to view dashboards, create custom alerts, and improve investigation. Integration between CyberArk and Microsoft Sentinel makes use of the CEF Data Connector to properly parse and display CyberArk Syslog messages.", + "dataTypesDependencies": [ + "CommonSecurityLog" + ], + "dataConnectorsDependencies": [ + "CyberArk" + ], + "previewImagesFileNames": [ + "CyberArkActivitiesWhite.PNG", + "CyberArkActivitiesBlack.PNG" + ], + "version": "1.1.0", + "title": "CyberArk EPV Events", + "templateRelativePath": "CyberArkEPV.json", + "subtitle": "", + "provider": "CyberArk" + }, + { + "workbookKey": "UserEntityBehaviorAnalyticsWorkbook", + "logoFileName": "Azure_Sentinel.svg", + "description": "Identify compromised users and insider threats using User and Entity Behavior Analytics. Gain insights into anomalous user behavior from baselines learned from behavior patterns", + "dataTypesDependencies": [ + "BehaviorAnalytics" + ], + "dataConnectorsDependencies": [], + "previewImagesFileNames": [ + "UserEntityBehaviorAnalyticsBlack1.png", + "UserEntityBehaviorAnalyticsWhite1.png" + ], + "version": "1.2.0", + "title": "User And Entity Behavior Analytics", + "templateRelativePath": "UserEntityBehaviorAnalytics.json", + "subtitle": "", + "provider": "Microsoft" + }, + { + "workbookKey": "CitrixWAF", + "logoFileName": "citrix_logo.svg", + "description": "Gain insight into the Citrix WAF logs", + "dataTypesDependencies": [ + "CommonSecurityLog" + ], + "dataConnectorsDependencies": [ + "CitrixWAF" + ], + "previewImagesFileNames": [ + "CitrixWAFBlack.png", + "CitrixWAFWhite.png" + ], + "version": "1.0.0", + "title": "Citrix WAF (Web App Firewall)", + "templateRelativePath": "CitrixWAF.json", + "subtitle": "", + "provider": "Citrix Systems Inc." + }, + { + "workbookKey": "UnifiSGWorkbook", + "logoFileName": "", + "description": "Gain insights into Unifi Security Gateways analyzing traffic and activities.", + "dataTypesDependencies": [ + "CommonSecurityLog" + ], + "dataConnectorsDependencies": [], + "previewImagesFileNames": [ + "UnifiSGBlack.png", + "UnifiSGWhite.png" + ], + "version": "1.0.0", + "title": "Unifi Security Gateway", + "templateRelativePath": "UnfiSG.json", + "subtitle": "", + "provider": "Microsoft Sentinel community" + }, + { + "workbookKey": "UnifiSGNetflowWorkbook", + "logoFileName": "", + "description": "Gain insights into Unifi Security Gateways analyzing traffic and activities using Netflow.", + "dataTypesDependencies": [ + "netflow_CL" + ], + "dataConnectorsDependencies": [], + "previewImagesFileNames": [ + "UnifiSGNetflowBlack.png", + "UnifiSGNetflowWhite.png" + ], + "version": "1.0.0", + "title": "Unifi Security Gateway - NetFlow", + "templateRelativePath": "UnfiSGNetflow.json", + "subtitle": "", + "provider": "Microsoft Sentinel community" + }, + { + "workbookKey": "NormalizedNetworkEventsWorkbook", + "logoFileName": "Azure_Sentinel.svg", + "description": "See insights on multiple networking appliances and other network sessions, that have been parsed or mapped to the normalized networking sessions table. Note this requires enabling parsers for the different products - to learn more, visit https://aka.ms/sentinelnormalizationdocs", + "dataTypesDependencies": [], + "dataConnectorsDependencies": [], + "previewImagesFileNames": [ + "NormalizedNetworkEventsWhite.png", + "NormalizedNetworkEventsBlack.png" + ], + "version": "1.0.0", + "title": "Normalized network events", + "templateRelativePath": "NormalizedNetworkEvents.json", + "subtitle": "", + "provider": "Microsoft" + }, + { + "workbookKey": "WorkspaceAuditingWorkbook", + "logoFileName": "Azure_Sentinel.svg", + "description": "Workspace auditing report\r\nUse this report to understand query runs across your workspace.", + "dataTypesDependencies": [ + "LAQueryLogs" + ], + "dataConnectorsDependencies": [], + "previewImagesFileNames": [ + "WorkspaceAuditingWhite.png", + "WorkspaceAuditingBlack.png" + ], + "version": "1.0.0", + "title": "Workspace audit", + "templateRelativePath": "WorkspaceAuditing.json", + "subtitle": "", + "provider": "Microsoft Sentinel community" + }, + { + "workbookKey": "MITREATTACKWorkbook", + "logoFileName": "Azure_Sentinel.svg", + "description": "Workbook to showcase MITRE ATT&CK Coverage for Microsoft Sentinel", + "dataTypesDependencies": [], + "dataConnectorsDependencies": [], + "previewImagesFileNames": [ + "MITREATTACKWhite1.PNG", + "MITREATTACKWhite2.PNG", + "MITREATTACKBlack1.PNG", + "MITREATTACKBlack2.PNG" + ], + "version": "1.0.0", + "title": "MITRE ATT&CK Workbook", + "templateRelativePath": "MITREAttack.json", + "subtitle": "", + "provider": "Microsoft Sentinel community" + }, + { + "workbookKey": "BETTERMTDWorkbook", + "logoFileName": "BETTER_MTD_logo.svg", + "description": "Workbook using the BETTER Mobile Threat Defense (MTD) connector, to give insights into your mobile devices, installed application and overall device security posture.", + "dataTypesDependencies": [ + "BetterMTDDeviceLog_CL", + "BetterMTDAppLog_CL", + "BetterMTDIncidentLog_CL", + "BetterMTDNetflowLog_CL" + ], + "dataConnectorsDependencies": [ + "BetterMTD" + ], + "previewImagesFileNames": [ + "BetterMTDWorkbookPreviewWhite1.png", + "BetterMTDWorkbookPreviewWhite2.png", + "BetterMTDWorkbookPreviewWhite3.png", + "BetterMTDWorkbookPreviewBlack1.png", + "BetterMTDWorkbookPreviewBlack2.png", + "BetterMTDWorkbookPreviewBlack3.png" + ], + "version": "1.1.0", + "title": "BETTER Mobile Threat Defense (MTD)", + "templateRelativePath": "BETTER_MTD_Workbook.json", + "subtitle": "", + "provider": "BETTER Mobile" + }, + { + "workbookKey": "AlsidIoEWorkbook", + "logoFileName": "Alsid.svg", + "description": "Workbook showcasing the state and evolution of your Alsid for AD Indicators of Exposures alerts.", + "dataTypesDependencies": [ + "AlsidForADLog_CL" + ], + "dataConnectorsDependencies": [ + "AlsidForAD" + ], + "previewImagesFileNames": [ + "AlsidIoEBlack1.png", + "AlsidIoEBlack2.png", + "AlsidIoEBlack3.png", + "AlsidIoEWhite1.png", + "AlsidIoEWhite2.png", + "AlsidIoEWhite3.png" + ], + "version": "1.0.0", + "title": "Alsid for AD | Indicators of Exposure", + "templateRelativePath": "AlsidIoE.json", + "subtitle": "", + "provider": "Alsid" + }, + { + "workbookKey": "AlsidIoAWorkbook", + "logoFileName": "Alsid.svg", + "description": "Workbook showcasing the state and evolution of your Alsid for AD Indicators of Attack alerts.", + "dataTypesDependencies": [ + "AlsidForADLog_CL" + ], + "dataConnectorsDependencies": [ + "AlsidForAD" + ], + "previewImagesFileNames": [ + "AlsidIoABlack1.png", + "AlsidIoABlack2.png", + "AlsidIoABlack3.png", + "AlsidIoAWhite1.png", + "AlsidIoAWhite2.png", + "AlsidIoAWhite3.png" + ], + "version": "1.0.0", + "title": "Alsid for AD | Indicators of Attack", + "templateRelativePath": "AlsidIoA.json", + "subtitle": "", + "provider": "Alsid" + }, + { + "workbookKey": "InvestigationInsightsWorkbook", + "logoFileName": "Microsoft_logo.svg", + "description": "Help analysts gain insight into incident, bookmark and entity data through the Investigation Insights Workbook. This workbook provides common queries and detailed visualizations to help an analyst investigate suspicious activities quickly with an easy to use interface. Analysts can start their investigation from a Sentinel incident, bookmark, or by simply entering the entity data into the workbook manually.", + "dataTypesDependencies": [ + "AuditLogs", + "AzureActivity", + "CommonSecurityLog", + "OfficeActivity", + "SecurityEvent", + "SigninLogs", + "ThreatIntelligenceIndicator" + ], + "dataConnectorsDependencies": [ + "AzureActivity", + "SecurityEvents", + "Office365", + "AzureActiveDirectory", + "ThreatIntelligence", + "ThreatIntelligenceTaxii", + "WindowsSecurityEvents" + ], + "previewImagesFileNames": [ + "InvestigationInsightsWhite1.png", + "InvestigationInsightsBlack1.png", + "InvestigationInsightsWhite2.png", + "InvestigationInsightsBlack2.png" + ], + "version": "1.4.0", + "title": "Investigation Insights", + "templateRelativePath": "InvestigationInsights.json", + "subtitle": "", + "provider": "Microsoft Sentinel community" + }, + { + "workbookKey": "AksSecurityWorkbook", + "logoFileName": "Kubernetes_services.svg", + "description": "See insights about the security of your AKS clusters. The workbook helps to identify sensitive operations in the clusters and get insights based on Azure Defender alerts.", + "dataTypesDependencies": [ + "SecurityAlert", + "AzureDiagnostics" + ], + "dataConnectorsDependencies": [ + "AzureSecurityCenter", + "AzureKubernetes" + ], + "previewImagesFileNames": [ + "AksSecurityWhite.png", + "AksSecurityBlack.png" + ], + "version": "1.5.0", + "title": "Azure Kubernetes Service (AKS) Security", + "templateRelativePath": "AksSecurity.json", + "subtitle": "", + "provider": "Microsoft" + }, + { + "workbookKey": "AzureKeyVaultWorkbook", + "logoFileName": "KeyVault.svg", + "description": "See insights about the security of your Azure key vaults. The workbook helps to identify sensitive operations in the key vaults and get insights based on Azure Defender alerts.", + "dataTypesDependencies": [ + "SecurityAlert", + "AzureDiagnostics" + ], + "dataConnectorsDependencies": [ + "AzureSecurityCenter", + "AzureKeyVault" + ], + "previewImagesFileNames": [ + "AkvSecurityWhite.png", + "AkvSecurityBlack.png" + ], + "version": "1.1.0", + "title": "Azure Key Vault Security", + "templateRelativePath": "AzureKeyVaultWorkbook.json", + "subtitle": "", + "provider": "Microsoft" + }, + { + "workbookKey": "IncidentOverview", + "logoFileName": "Azure_Sentinel.svg", + "description": "The Incident Overview workbook is designed to assist in triaging and investigation by providing in-depth information about the incident, including:\r\n* General information\r\n* Entity data\r\n* Triage time (time between incident creation and first response)\r\n* Mitigation time (time between incident creation and closing)\r\n* Comments\r\n\r\nCustomize this workbook by saving and editing it. \r\nYou can reach this workbook template from the incidents panel as well. Once you have customized it, the link from the incident panel will open the customized workbook instead of the template.\r\n", + "dataTypesDependencies": [ + "SecurityAlert", + "SecurityIncident" + ], + "dataConnectorsDependencies": [], + "previewImagesFileNames": [ + "IncidentOverviewBlack1.png", + "IncidentOverviewWhite1.png", + "IncidentOverviewBlack2.png", + "IncidentOverviewWhite2.png" + ], + "version": "2.1.0", + "title": "Incident overview", + "templateRelativePath": "IncidentOverview.json", + "subtitle": "", + "provider": "Microsoft" + }, + { + "workbookKey": "SecurityOperationsEfficiency", + "logoFileName": "Azure_Sentinel.svg", + "description": "Security operations center managers can view overall efficiency metrics and measures regarding the performance of their team. They can find operations by multiple indicators over time including severity, MITRE tactics, mean time to triage, mean time to resolve and more. The SOC manager can develop a picture of the performance in both general and specific areas over time and use it to improve efficiency.", + "dataTypesDependencies": [ + "SecurityAlert", + "SecurityIncident" + ], + "dataConnectorsDependencies": [], + "previewImagesFileNames": [ + "SecurityEfficiencyWhite1.png", + "SecurityEfficiencyWhite2.png", + "SecurityEfficiencyBlack1.png", + "SecurityEfficiencyBlack2.png" + ], + "version": "1.5.0", + "title": "Security Operations Efficiency", + "templateRelativePath": "SecurityOperationsEfficiency.json", + "subtitle": "", + "provider": "Microsoft" + }, + { + "workbookKey": "DataCollectionHealthMonitoring", + "logoFileName": "Azure_Sentinel.svg", + "description": "Gain insights into your workspace's data ingestion status. In this workbook, you can view additional monitors and detect anomalies that will help you determine your workspace\u2019s data collection health.", + "dataTypesDependencies": [], + "dataConnectorsDependencies": [], + "previewImagesFileNames": [ + "HealthMonitoringWhite1.png", + "HealthMonitoringWhite2.png", + "HealthMonitoringWhite3.png", + "HealthMonitoringBlack1.png", + "HealthMonitoringBlack2.png", + "HealthMonitoringBlack3.png" + ], + "version": "1.0.0", + "title": "Data collection health monitoring", + "templateRelativePath": "DataCollectionHealthMonitoring.json", + "subtitle": "", + "provider": "Microsoft" + }, + { + "workbookKey": "OnapsisAlarmsWorkbook", + "logoFileName": "onapsis_logo.svg", + "description": "Gain insights into what is going on in your SAP Systems with this overview of the alarms triggered in the Onapsis Platform. Incidents are enriched with context and next steps to help your Security team respond effectively.", + "dataTypesDependencies": [ + "CommonSecurityLog" + ], + "dataConnectorsDependencies": [ + "OnapsisPlatform" + ], + "previewImagesFileNames": [ + "OnapsisWhite1.PNG", + "OnapsisBlack1.PNG", + "OnapsisWhite2.PNG", + "OnapsisBlack2.PNG" + ], + "version": "1.0.0", + "title": "Onapsis Alarms Overview", + "templateRelativePath": "OnapsisAlarmsOverview.json", + "subtitle": "", + "provider": "Onapsis" + }, + { + "workbookKey": "DelineaWorkbook", + "logoFileName": "DelineaLogo.svg", + "description": "The Delinea Secret Server Syslog connector", + "dataTypesDependencies": [ + "CommonSecurityLog" + ], + "dataConnectorsDependencies": [ + "DelineaSecretServer_CEF" + ], + "previewImagesFileNames": [ + "DelineaWorkbookWhite.PNG", + "DelineaWorkbookBlack.PNG" + ], + "version": "1.0.0", + "title": "Delinea Secret Server Workbook", + "templateRelativePath": "DelineaWorkbook.json", + "subtitle": "", + "provider": "Delinea" + }, + { + "workbookKey": "ForcepointCloudSecurityGatewayWorkbook", + "logoFileName": "Forcepoint_new_logo.svg", + "description": "Use this report to understand query runs across your workspace.", + "dataTypesDependencies": [ + "CommonSecurityLog" + ], + "dataConnectorsDependencies": [ + "ForcepointCSG" + ], + "previewImagesFileNames": [ + "ForcepointCloudSecurityGatewayWhite.png", + "ForcepointCloudSecurityGatewayBlack.png" + ], + "version": "1.0.0", + "title": "Forcepoint Cloud Security Gateway Workbook", + "templateRelativePath": "ForcepointCloudSecuirtyGatewayworkbook.json", + "subtitle": "", + "provider": "Forcepoint" + }, + { + "workbookKey": "IntsightsIOCWorkbook", + "logoFileName": "IntSights_logo.svg", + "description": "", + "dataTypesDependencies": [ + "ThreatIntelligenceIndicator", + "SecurityAlert" + ], + "dataConnectorsDependencies": [ + "ThreatIntelligenceTaxii" + ], + "previewImagesFileNames": [ + "IntsightsIOCWhite.png", + "IntsightsMatchedWhite.png", + "IntsightsMatchedBlack.png", + "IntsightsIOCBlack.png" + ], + "version": "2.0.0", + "title": "IntSights IOC Workbook", + "templateRelativePath": "IntsightsIOCWorkbook.json", + "subtitle": "", + "provider": "IntSights Cyber Intelligence" + }, + { + "workbookKey": "DarktraceSummaryWorkbook", + "logoFileName": "Darktrace.svg", + "description": "A workbook containing relevant KQL queries to help you visualise the data in model breaches from the Darktrace Connector", + "dataTypesDependencies": [ + "CommonSecurityLog" + ], + "dataConnectorsDependencies": [ + "Darktrace" + ], + "previewImagesFileNames": [ + "AIA-DarktraceSummaryWhite.png", + "AIA-DarktraceSummaryBlack.png" + ], + "version": "1.1.0", + "title": "AI Analyst Darktrace Model Breach Summary", + "templateRelativePath": "AIA-Darktrace.json", + "subtitle": "", + "provider": "Darktrace" + }, + { + "workbookKey": "TrendMicroXDR", + "logoFileName": "trendmicro_logo.svg", + "description": "Gain insights from Trend Vision One with this overview of the Alerts triggered.", + "dataTypesDependencies": [ + "TrendMicro_XDR_WORKBENCH_CL" + ], + "dataConnectorsDependencies": [ + "TrendMicroXDR" + ], + "previewImagesFileNames": [ + "TrendMicroXDROverviewWhite.png", + "TrendMicroXDROverviewBlack.png" + ], + "version": "1.3.0", + "title": "Trend Vision One Alert Overview", + "templateRelativePath": "TrendMicroXDROverview.json", + "subtitle": "", + "provider": "Trend Micro" + }, + { + "workbookKey": "CyberpionOverviewWorkbook", + "logoFileName": "cyberpion_logo.svg", + "description": "Use Cyberpion's Security Logs and this workbook, to get an overview of your online assets, gain insights into their current state, and find ways to better secure your ecosystem.", + "dataTypesDependencies": [ + "CyberpionActionItems_CL" + ], + "dataConnectorsDependencies": [ + "CyberpionSecurityLogs" + ], + "previewImagesFileNames": [ + "CyberpionActionItemsBlack.png", + "CyberpionActionItemsWhite.png" + ], + "version": "1.0.0", + "title": "Cyberpion Overview", + "templateRelativePath": "CyberpionOverviewWorkbook.json", + "subtitle": "", + "provider": "Cyberpion" + }, + { + "workbookKey": "SolarWindsPostCompromiseHuntingWorkbook", + "logoFileName": "MSTIC-Logo.svg", + "description": "This hunting workbook is intended to help identify activity related to the Solorigate compromise and subsequent attacks discovered in December 2020", + "dataTypesDependencies": [ + "CommonSecurityLog", + "SigninLogs", + "AuditLogs", + "AADServicePrincipalSignInLogs", + "OfficeActivity", + "BehaviorAnalytics", + "SecurityEvent", + "DeviceProcessEvents", + "SecurityAlert", + "DnsEvents" + ], + "dataConnectorsDependencies": [ + "AzureActiveDirectory", + "SecurityEvents", + "Office365", + "MicrosoftThreatProtection", + "DNS", + "WindowsSecurityEvents" + ], + "previewImagesFileNames": [ + "SolarWindsPostCompromiseHuntingWhite.png", + "SolarWindsPostCompromiseHuntingBlack.png" + ], + "version": "1.5.0", + "title": "SolarWinds Post Compromise Hunting", + "templateRelativePath": "SolarWindsPostCompromiseHunting.json", + "subtitle": "", + "provider": "Microsoft" + }, + { + "workbookKey": "ProofpointPODWorkbook", + "logoFileName": "proofpointlogo.svg", + "description": "Gain insights into your Proofpoint on Demand Email Security activities, including maillog and messages data. The Workbook provides users with an executive dashboard showing the reporting capabilities, message traceability and monitoring.", + "dataTypesDependencies": [ + "ProofpointPOD_maillog_CL", + "ProofpointPOD_message_CL" + ], + "dataConnectorsDependencies": [ + "ProofpointPOD" + ], + "previewImagesFileNames": [ + "ProofpointPODMainBlack1.png", + "ProofpointPODMainBlack2.png", + "ProofpointPODMainWhite1.png", + "ProofpointPODMainWhite2.png", + "ProofpointPODMessageSummaryBlack.png", + "ProofpointPODMessageSummaryWhite.png", + "ProofpointPODTLSBlack.png", + "ProofpointPODTLSWhite.png" + ], + "version": "1.0.0", + "title": "Proofpoint On-Demand Email Security", + "templateRelativePath": "ProofpointPOD.json", + "subtitle": "", + "provider": "Proofpoint" + }, + { + "workbookKey": "CiscoUmbrellaWorkbook", + "logoFileName": "cisco_logo.svg", + "description": "Gain insights into Cisco Umbrella activities, including the DNS, Proxy and Cloud Firewall data. Workbook shows general information along with threat landscape including categories, blocked destinations and URLs.", + "dataTypesDependencies": [ + "Cisco_Umbrella_dns_CL", + "Cisco_Umbrella_proxy_CL", + "Cisco_Umbrella_ip_CL", + "Cisco_Umbrella_cloudfirewall_CL" + ], + "dataConnectorsDependencies": [ + "CiscoUmbrellaDataConnector" + ], + "previewImagesFileNames": [ + "CiscoUmbrellaDNSBlack1.png", + "CiscoUmbrellaDNSBlack2.png", + "CiscoUmbrellaDNSWhite1.png", + "CiscoUmbrellaDNSWhite2.png", + "CiscoUmbrellaFirewallBlack.png", + "CiscoUmbrellaFirewallWhite.png", + "CiscoUmbrellaMainBlack1.png", + "CiscoUmbrellaMainBlack2.png", + "CiscoUmbrellaMainWhite1.png", + "CiscoUmbrellaMainWhite2.png", + "CiscoUmbrellaProxyBlack1.png", + "CiscoUmbrellaProxyBlack2.png", + "CiscoUmbrellaProxyWhite1.png", + "CiscoUmbrellaProxyWhite2.png" + ], + "version": "1.0.0", + "title": "Cisco Umbrella", + "templateRelativePath": "CiscoUmbrella.json", + "subtitle": "", + "provider": "Cisco" + }, + { + "workbookKey": "AnalyticsEfficiencyWorkbook", + "logoFileName": "Azure_Sentinel.svg", + "description": "Gain insights into the efficacy of your analytics rules. In this workbook you can analyze and monitor the analytics rules found in your workspace to achieve better performance by your SOC.", + "dataTypesDependencies": [ + "SecurityAlert", + "SecurityIncident" + ], + "dataConnectorsDependencies": [], + "previewImagesFileNames": [ + "AnalyticsEfficiencyBlack.png", + "AnalyticsEfficiencyWhite.png" + ], + "version": "1.2.0", + "title": "Analytics Efficiency", + "templateRelativePath": "AnalyticsEfficiency.json", + "subtitle": "", + "provider": "Microsoft" + }, + { + "workbookKey": "WorkspaceUsage", + "logoFileName": "Azure_Sentinel.svg", + "description": "Gain insights into your workspace's usage. In this workbook, you can view your workspace\u2019s data consumption, latency, recommended tasks and Cost and Usage statistics.", + "dataTypesDependencies": [], + "dataConnectorsDependencies": [], + "previewImagesFileNames": [ + "WorkspaceUsageBlack.png", + "WorkspaceUsageWhite.png" + ], + "version": "1.6.0", + "title": "Workspace Usage Report", + "templateRelativePath": "WorkspaceUsage.json", + "subtitle": "", + "provider": "Microsoft Sentinel community" + }, + { + "workbookKey": "SentinelCentral", + "logoFileName": "Azure_Sentinel.svg", + "description": "Use this report to view Incident (and Alert data) across many workspaces, this works with Azure Lighthouse and across any subscription you have access to.", + "dataTypesDependencies": [], + "dataConnectorsDependencies": [], + "previewImagesFileNames": [ + "SentinelCentralBlack.png", + "SentinelCentralWhite.png" + ], + "version": "2.1.0", + "title": "Sentinel Central", + "templateRelativePath": "SentinelCentral.json", + "subtitle": "", + "provider": "Microsoft Sentinel community" + }, + { + "workbookKey": "CognniIncidentsWorkbook", + "logoFileName": "cognni-logo.svg", + "description": "Gain intelligent insights into the risks to your important financial, legal, HR, and governance information. This workbook lets you monitor your at-risk information to determine when and why incidents occurred, as well as who was involved. These incidents are broken into high, medium, and low risk incidents for each information category.", + "dataTypesDependencies": [ + "CognniIncidents_CL" + ], + "dataConnectorsDependencies": [ + "CognniSentinelDataConnector" + ], + "previewImagesFileNames": [ + "CognniBlack.PNG", + "CognniWhite.PNG" + ], + "version": "1.0.0", + "title": "Cognni Important Information Incidents", + "templateRelativePath": "CognniIncidentsWorkbook.json", + "subtitle": "", + "provider": "Cognni" + }, + { + "workbookKey": "pfsense", + "logoFileName": "pfsense_logo.svg", + "description": "Gain insights into pfsense logs from both filterlog and nginx.", + "dataTypesDependencies": [ + "CommonSecurityLog" + ], + "dataConnectorsDependencies": [], + "previewImagesFileNames": [ + "pfsenseBlack.png", + "pfsenseWhite.png" + ], + "version": "1.0.0", + "title": "pfsense", + "templateRelativePath": "pfsense.json", + "subtitle": "", + "provider": "Microsoft Sentinel community" + }, + { + "workbookKey": "ExchangeCompromiseHunting", + "logoFileName": "MSTIC-Logo.svg", + "description": "This workbook is intended to help defenders in responding to the Exchange Server vulnerabilities disclosed in March 2021, as well as hunting for potential compromise activity. More details on these vulnearbilities can be found at: https://aka.ms/exchangevulns", + "dataTypesDependencies": [ + "SecurityEvent", + "W3CIISLog" + ], + "dataConnectorsDependencies": [ + "SecurityEvents", + "AzureMonitor(IIS)", + "WindowsSecurityEvents" + ], + "previewImagesFileNames": [ + "ExchangeBlack.png", + "ExchangeWhite.png" + ], + "version": "1.0.0", + "title": "Exchange Compromise Hunting", + "templateRelativePath": "ExchangeCompromiseHunting.json", + "subtitle": "", + "provider": "Microsoft" + }, + { + "workbookKey": "SOCProcessFrameworkWorkbook", + "logoFileName": "Azure_Sentinel.svg", + "description": "Built by Microsoft's Sentinel GBB's - This workbook contains years of SOC Best Practices and is intended to help SOCs mature and leverage industry standards in Operationalizing their SOC in using Microsoft Sentinel. It contains Processes and Procedures every SOC should consider and builds a high level of operational excellence.", + "dataTypesDependencies": [], + "dataConnectorsDependencies": [], + "previewImagesFileNames": [ + "SOCProcessFrameworkCoverImage1White.png", + "SOCProcessFrameworkCoverImage1Black.png", + "SOCProcessFrameworkCoverImage2White.png", + "SOCProcessFrameworkCoverImage2Black.png" + ], + "version": "1.1.0", + "title": "SOC Process Framework", + "templateRelativePath": "SOCProcessFramework.json", + "subtitle": "", + "provider": "Microsoft Sentinel Community" + }, + { + "workbookKey": "Building_a_SOCLargeStaffWorkbook", + "logoFileName": "Azure_Sentinel.svg", + "description": "Built by Microsoft's Sentinel GBB's - This workbook contains years of SOC Best Practices and is intended to help SOCs mature and leverage industry standards in Operationalizing their SOC in using Microsoft Sentinel. It contains Processes and Procedures every SOC should consider and builds a high level of operational excellence.", + "dataTypesDependencies": [], + "dataConnectorsDependencies": [], + "previewImagesFileNames": [ + "SOCProcessFrameworkCoverImage1White.png", + "SOCProcessFrameworkCoverImage1Black.png", + "SOCProcessFrameworkCoverImage2White.png", + "SOCProcessFrameworkCoverImage2Black.png" + ], + "version": "1.1.0", + "title": "SOC Large Staff", + "templateRelativePath": "Building_a_SOCLargeStaff.json", + "subtitle": "", + "provider": "Microsoft Sentinel Community" + }, + { + "workbookKey": "Building_a_SOCMediumStaffWorkbook", + "logoFileName": "Azure_Sentinel.svg", + "description": "Built by Microsoft's Sentinel GBB's - This workbook contains years of SOC Best Practices and is intended to help SOCs mature and leverage industry standards in Operationalizing their SOC in using Microsoft Sentinel. It contains Processes and Procedures every SOC should consider and builds a high level of operational excellence.", + "dataTypesDependencies": [], + "dataConnectorsDependencies": [], + "previewImagesFileNames": [ + "SOCProcessFrameworkCoverImage1White.png", + "SOCProcessFrameworkCoverImage1Black.png", + "SOCProcessFrameworkCoverImage2White.png", + "SOCProcessFrameworkCoverImage2Black.png" + ], + "version": "1.1.0", + "title": "SOC Medium Staff", + "templateRelativePath": "Building_a_SOCMediumStaff.json", + "subtitle": "", + "provider": "Microsoft Sentinel Community" + }, + { + "workbookKey": "Building_a_SOCPartTimeStaffWorkbook", + "logoFileName": "Azure_Sentinel.svg", + "description": "Built by Microsoft's Sentinel GBB's - This workbook contains years of SOC Best Practices and is intended to help SOCs mature and leverage industry standards in Operationalizing their SOC in using Microsoft Sentinel. It contains Processes and Procedures every SOC should consider and builds a high level of operational excellence.", + "dataTypesDependencies": [], + "dataConnectorsDependencies": [], + "previewImagesFileNames": [ + "SOCProcessFrameworkCoverImage1White.png", + "SOCProcessFrameworkCoverImage1Black.png", + "SOCProcessFrameworkCoverImage2White.png", + "SOCProcessFrameworkCoverImage2Black.png" + ], + "version": "1.1.0", + "title": "SOC Part Time Staff", + "templateRelativePath": "Building_a_SOCPartTimeStaff.json", + "subtitle": "", + "provider": "Microsoft Sentinel Community" + }, + { + "workbookKey": "Building_a_SOCSmallStaffWorkbook", + "logoFileName": "Azure_Sentinel.svg", + "description": "Built by Microsoft's Sentinel GBB's - This workbook contains years of SOC Best Practices and is intended to help SOCs mature and leverage industry standards in Operationalizing their SOC in using Microsoft Sentinel. It contains Processes and Procedures every SOC should consider and builds a high level of operational excellence.", + "dataTypesDependencies": [], + "dataConnectorsDependencies": [], + "previewImagesFileNames": [ + "SOCProcessFrameworkCoverImage1White.png", + "SOCProcessFrameworkCoverImage1Black.png", + "SOCProcessFrameworkCoverImage2White.png", + "SOCProcessFrameworkCoverImage2Black.png" + ], + "version": "1.1.0", + "title": "SOC Small Staff", + "templateRelativePath": "Building_a_SOCSmallStaff.json", + "subtitle": "", + "provider": "Microsoft Sentinel Community" + }, + { + "workbookKey": "SOCIRPlanningWorkbook", + "logoFileName": "Azure_Sentinel.svg", + "description": "Built by Microsoft's Sentinel GBB's - This workbook contains years of SOC Best Practices and is intended to help SOCs mature and leverage industry standards in Operationalizing their SOC in using Microsoft Sentinel. It contains Processes and Procedures every SOC should consider and builds a high level of operational excellence.", + "dataTypesDependencies": [], + "dataConnectorsDependencies": [], + "previewImagesFileNames": [ + "SOCProcessFrameworkCoverImage1White.png", + "SOCProcessFrameworkCoverImage1Black.png", + "SOCProcessFrameworkCoverImage2White.png", + "SOCProcessFrameworkCoverImage2Black.png" + ], + "version": "1.1.0", + "title": "SOC IR Planning", + "templateRelativePath": "SOCIRPlanning.json", + "subtitle": "", + "provider": "Microsoft Sentinel Community" + }, + { + "workbookKey": "UpdateSOCMaturityScoreWorkbook", + "logoFileName": "Azure_Sentinel.svg", + "description": "Built by Microsoft's Sentinel GBB's - This workbook contains years of SOC Best Practices and is intended to help SOCs mature and leverage industry standards in Operationalizing their SOC in using Microsoft Sentinel. It contains Processes and Procedures every SOC should consider and builds a high level of operational excellence.", + "dataTypesDependencies": [], + "dataConnectorsDependencies": [], + "previewImagesFileNames": [ + "SOCProcessFrameworkCoverImage1White.png", + "SOCProcessFrameworkCoverImage1Black.png", + "SOCProcessFrameworkCoverImage2White.png", + "SOCProcessFrameworkCoverImage2Black.png" + ], + "version": "1.1.0", + "title": "Update SOC Maturity Score", + "templateRelativePath": "UpdateSOCMaturityScore.json", + "subtitle": "", + "provider": "Microsoft Sentinel Community" + }, + { + "workbookKey": "Microsoft365SecurityPosture", + "logoFileName": "M365securityposturelogo.svg", + "description": "This workbook presents security posture data collected from Azure Security Center, M365 Defender, Defender for Endpoint, and Microsoft Cloud App Security. This workbook relies on the M365 Security Posture Playbook in order to bring the data in.", + "dataTypesDependencies": [ + "M365SecureScore_CL", + "MDfESecureScore_CL", + "MDfEExposureScore_CL", + "MDfERecommendations_CL", + "MDfEVulnerabilitiesList_CL", + "McasShadowItReporting" + ], + "dataConnectorsDependencies": [], + "previewImagesFileNames": [ + "M365securitypostureblack.png", + "M365securityposturewhite.png" + ], + "version": "1.0.0", + "title": "Microsoft 365 Security Posture", + "templateRelativePath": "M365SecurityPosture.json", + "subtitle": "", + "provider": "Microsoft Sentinel Community" + }, + { + "workbookKey": "AzureSentinelCost", + "logoFileName": "Azure_Sentinel.svg", + "description": "This workbook provides an estimated cost across the main billed items in Microsoft Sentinel: ingestion, retention and automation. It also provides insight about the possible impact of the Microsoft 365 E5 offer.", + "dataTypesDependencies": [], + "dataConnectorsDependencies": [], + "previewImagesFileNames": [ + "AzureSentinelCostWhite.png", + "AzureSentinelCostBlack.png" + ], + "version": "1.5.0", + "title": "Microsoft Sentinel Cost", + "templateRelativePath": "AzureSentinelCost.json", + "subtitle": "", + "provider": "Microsoft Sentinel Community" + }, + { + "workbookKey": "ADXvsLA", + "logoFileName": "Azure_Sentinel.svg", + "description": "This workbook shows the tables from Microsoft Sentinel which are backed up in ADX. It also provides a comparison between the entries in the Microsoft Sentinel tables and the ADX tables. Lastly some general information about the queries and ingestion on ADX is shown.", + "dataTypesDependencies": [], + "dataConnectorsDependencies": [], + "previewImagesFileNames": [ + "ADXvsLABlack.PNG", + "ADXvsLAWhite.PNG" + ], + "version": "1.0.0", + "title": "ADXvsLA", + "templateRelativePath": "ADXvsLA.json", + "subtitle": "", + "provider": "Microsoft Sentinel Community" + }, + { + "workbookKey": "MicrosoftDefenderForOffice365", + "logoFileName": "office365_logo.svg", + "description": "Gain insights into your Microsoft Defender for Office 365 raw data logs. This workbook lets you look at trends in email senders, attachments and embedded URL data to find anomalies. You can also search by, sender, recipient, subject, attachment or embedded URL to find where the related messages have been sent.", + "dataTypesDependencies": [ + "EmailEvents", + "EmailUrlInfo", + "EmailAttachmentInfo" + ], + "dataConnectorsDependencies": [], + "previewImagesFileNames": [ + "MDOWhite1.png", + "MDOBlack1.png", + "MDOWhite2.png", + "MDOBlack2.png" + ], + "version": "1.0.0", + "title": "Microsoft Defender For Office 365", + "templateRelativePath": "MicrosoftDefenderForOffice365.json", + "subtitle": "", + "provider": "Microsoft Sentinel Community" + }, + { + "workbookKey": "ProofPointThreatDashboard", + "logoFileName": "", + "description": "Provides an overview of email threat activity based on log data provided by ProofPoint", + "dataTypesDependencies": [ + "ProofpointPOD_message_CL", + "ProofpointPOD_maillog_CL", + "ProofPointTAPClicksBlocked_CL", + "ProofPointTAPClicksPermitted_CL", + "ProofPointTAPMessagesBlocked_CL", + "ProofPointTAPMessagesDelivered_CL" + ], + "dataConnectorsDependencies": [ + "ProofpointTAP", + "ProofpointPOD" + ], + "previewImagesFileNames": [ + "ProofPointThreatDashboardBlack1.png", + "ProofPointThreatDashboardWhite1.png" + ], + "version": "1.0.0", + "title": "ProofPoint Threat Dashboard", + "templateRelativePath": "ProofPointThreatDashboard.json", + "subtitle": "", + "provider": "Microsoft Sentinel Community" + }, + { + "workbookKey": "AMAmigrationTracker", + "logoFileName": "Azure_Sentinel.svg", + "description": "See what Azure and Azure Arc servers have Log Analytics agent or Azure Monitor agent installed. Review what DCR (data collection rules) apply to your machines and whether you are collecting logs from those machines into your selected workspaces.", + "dataTypesDependencies": [], + "dataConnectorsDependencies": [], + "previewImagesFileNames": [ + "AMAtrackingWhite1.png", + "AMAtrackingWhite2.png", + "AMAtrackingWhite3.png", + "AMAtrackingBlack1.png", + "AMAtrackingBlack2.png", + "AMAtrackingBlack3.png" + ], + "version": "1.1.0", + "title": "AMA migration tracker", + "templateRelativePath": "AMAmigrationTracker.json", + "subtitle": "", + "provider": "Microsoft Sentinel Community" + }, + { + "workbookKey": "AdvancedKQL", + "logoFileName": "Azure_Sentinel.svg", + "description": "This interactive Workbook is designed to improve your KQL proficiency by using a use-case driven approach.", + "dataTypesDependencies": [], + "dataConnectorsDependencies": [], + "previewImagesFileNames": [ + "AdvancedKQLWhite.png", + "AdvancedKQLBlack.png" + ], + "version": "1.3.0", + "title": "Advanced KQL for Microsoft Sentinel", + "templateRelativePath": "AdvancedKQL.json", + "subtitle": "", + "provider": "Microsoft Sentinel Community" + }, + { + "workbookKey": "DSTIMWorkbook", + "logoFileName": "DSTIM.svg", + "description": "Identify sensitive data blast radius (i.e., who accessed sensitive data, what kinds of sensitive data, from where and when) in a given data security incident investigation or as part of Threat Hunting. Prioritize your investigation based on insights provided with integrations with Watchlists(VIPUsers, TerminatedEmployees and HighValueAssets), Threat Intelligence feed, UEBA baselines and much more.", + "dataTypesDependencies": [ + "DSMAzureBlobStorageLogs", + "DSMDataClassificationLogs", + "DSMDataLabelingLogs", + "Anomalies", + "ThreatIntelligenceIndicator", + "AADManagedIdentitySignInLogs", + "SecurityAlert", + "SigninLogs" + ], + "dataConnectorsDependencies": [], + "previewImagesFileNames": [ + "DSTIMWorkbookBlack.png", + "DSTIMWorkbookWhite.png" + ], + "version": "1.9.0", + "title": "Data Security - Sensitive Data Impact Assessment", + "templateRelativePath": "DSTIMWorkbook.json", + "subtitle": "", + "provider": "Microsoft", + "featureFlag": "DSTIMWorkbook" + }, + { + "workbookKey": "IntrotoKQLWorkbook", + "logoFileName": "", + "description": "Learn and practice the Kusto Query Language. This workbook introduces and provides 100 to 200 level content for new and existing users looking to learn KQL. This workbook will be updated with content over time.", + "dataTypesDependencies": [], + "dataConnectorsDependencies": [], + "previewImagesFileNames": [ + "IntrotoKQL-black.png", + "IntrotoKQL-white.png" + ], + "version": "1.0.0", + "title": "Intro to KQL", + "templateRelativePath": "IntrotoKQL.json", + "subtitle": "", + "provider": "Microsoft Sentinel Community" + }, + { + "workbookKey": "Log4jPostCompromiseHuntingWorkbook", + "logoFileName": "", + "description": "This hunting workbook is intended to help identify activity related to the Log4j compromise discovered in December 2021.", + "dataTypesDependencies": [ + "SecurityNestedRecommendation", + "AzureDiagnostics", + "OfficeActivity", + "W3CIISLog", + "AWSCloudTrail", + "SigninLogs", + "AADNonInteractiveUserSignInLogs", + "imWebSessions", + "imNetworkSession" + ], + "dataConnectorsDependencies": [], + "previewImagesFileNames": [ + "Log4jPostCompromiseHuntingBlack.png", + "Log4jPostCompromiseHuntingWhite.png" + ], + "version": "1.0.0", + "title": "Log4j Post Compromise Hunting", + "templateRelativePath": "Log4jPostCompromiseHunting.json", + "subtitle": "", + "provider": "Microsoft Sentinel Community" + }, + { + "workbookKey": "Log4jImpactAssessmentWorkbook", + "logoFileName": "", + "description": "This hunting workbook is intended to help identify activity related to the Log4j compromise discovered in December 2021.", + "dataTypesDependencies": [ + "SecurityIncident", + "SecurityAlert", + "AzureSecurityCenter", + "MDfESecureScore_CL", + "MDfEExposureScore_CL", + "MDfERecommendations_CL", + "MDfEVulnerabilitiesList_CL" + ], + "dataConnectorsDependencies": [], + "previewImagesFileNames": [], + "version": "1.0.0", + "title": "Log4j Impact Assessment", + "templateRelativePath": "Log4jImpactAssessment.json", + "subtitle": "", + "provider": "Microsoft Sentinel Community" + }, + { + "workbookKey": "UserMap", + "logoFileName": "", + "description": "This Workbook shows MaliciousIP, User SigninLog Data (this shows user Signin Locations and distance between as well as order visited) and WAF information.", + "dataTypesDependencies": [ + "SigninLogs", + "AzureDiagnostics", + "WireData", + "VMconnection", + "CommonSecurityLog", + "WindowsFirewall", + "W3CIISLog", + "DnsEvents" + ], + "dataConnectorsDependencies": [ + "AzureActiveDirectory" + ], + "previewImagesFileNames": [ + "UserMapBlack.png", + "UserMapWhite.png" + ], + "version": "1.0.0", + "title": "User Map information", + "templateRelativePath": "UserMap.json", + "subtitle": "", + "provider": "Microsoft Sentinel Community" + }, + { + "workbookKey": "AWSS3", + "logoFileName": "", + "description": ".", + "dataTypesDependencies": [ + "AWSCloudTrail", + "AWSGuardDuty", + "AWSVPCFlow" + ], + "dataConnectorsDependencies": [ + "AWSS3" + ], + "previewImagesFileNames": [ + "AWSS3Black.png", + "AWSS3White.png", + "AWSS3White1.png" + ], + "version": "1.0.0", + "title": "AWS S3 Workbook", + "templateRelativePath": "AWSS3.json", + "subtitle": "", + "provider": "Microsoft Sentinel Community" + }, + { + "workbookKey": "LogSourcesAndAnalyticRulesCoverageWorkbook", + "logoFileName": "", + "description": "This workbook is intended to show how the different tables in a Log Analytics workspace are being used by the different Microsoft Sentinel features, like analytics, hunting queries, playbooks and queries in general.", + "dataTypesDependencies": [], + "dataConnectorsDependencies": [], + "previewImagesFileNames": [ + "LogSourcesAndAnalyticRulesCoverageBlack.png", + "LogSourcesAndAnalyticRulesCoverageWhite.png" + ], + "version": "1.1.0", + "title": "Log Sources & Analytic Rules Coverage", + "templateRelativePath": "LogSourcesAndAnalyticRulesCoverage.json", + "subtitle": "", + "provider": "Microsoft Sentinel Community" + }, + { + "workbookKey": "CiscoFirepower", + "logoFileName": "", + "description": "Gain insights into your Cisco Firepower firewalls. This workbook analyzes Cisco Firepower device logs.", + "dataTypesDependencies": [ + "CommonSecurityLog" + ], + "dataConnectorsDependencies": [], + "previewImagesFileNames": [ + "CiscoFirepowerBlack.png", + "CiscoFirepowerWhite.png" + ], + "version": "1.0.0", + "title": "Cisco Firepower", + "templateRelativePath": "CiscoFirepower.json", + "subtitle": "", + "provider": "Microsoft Sentinel Community" + }, + { + "workbookKey": "MicrorosftTeams", + "logoFileName": "microsoftteams.svg", + "description": "This workbook is intended to identify the activities on Microrsoft Teams.", + "dataTypesDependencies": [ + "OfficeActivity" + ], + "dataConnectorsDependencies": [], + "previewImagesFileNames": [ + "MicrosoftTeamsBlack.png", + "MicrosoftTeamsWhite.png" + ], + "version": "1.0.0", + "title": "Microsoft Teams", + "templateRelativePath": "MicrosoftTeams.json", + "subtitle": "", + "provider": "Microsoft Sentinel Community" + }, + { + "workbookKey": "ArchivingBasicLogsRetention", + "logoFileName": "ArchivingBasicLogsRetention.svg", + "description": "This workbooks shows workspace and table retention periods, basic logs, and search & restore tables. It also allows you to update table retention periods, plans, and delete search or restore tables.", + "dataTypesDependencies": [], + "dataConnectorsDependencies": [], + "previewImagesFileNames": [ + "ArchivingBasicLogsRetentionBlack1.png", + "ArchivingBasicLogsRetentionWhite1.png" + ], + "version": "1.1.0", + "title": "Archiving, Basic Logs, and Retention", + "templateRelativePath": "ArchivingBasicLogsRetention.json", + "subtitle": "", + "provider": "Microsoft Sentinel Community" + }, + { + "workbookKey": "OktaSingleSignOnWorkbook", + "logoFileName": "okta_logo.svg", + "description": "Gain extensive insight into Okta Single Sign-On (SSO) by analyzing, collecting and correlating Audit and Event events.\nThis workbook provides visibility into message and click events that were permitted, delivered, or blocked", + "dataTypesDependencies": [ + "Okta_CL" + ], + "dataConnectorsDependencies": [ + "OktaSSO" + ], + "previewImagesFileNames": [ + "OktaSingleSignOnWhite.png", + "OktaSingleSignOnBlack.png" + ], + "version": "1.2", + "title": "Okta Single Sign-On", + "templateRelativePath": "OktaSingleSignOn.json", + "subtitle": "", + "provider": "Okta" + }, + { + "workbookKey": "MicrosoftDefenderForEndPoint", + "logoFileName": "", + "description": "A wokbook to provide details about Microsoft Defender for Endpoint Advance Hunting to Overview & Analyse data brought through M365 Defender Connector.", + "dataTypesDependencies": [], + "dataConnectorsDependencies": [], + "previewImagesFileNames": [ + "microsoftdefenderforendpointwhite.png", + "microsoftdefenderforendpointblack.png" + ], + "version": "1.0.0", + "title": "MicrosoftDefenderForEndPoint", + "templateRelativePath": "MicrosoftDefenderForEndPoint.json", + "subtitle": "", + "provider": "Microsoft Sentinel Community" + }, + { + "workbookKey": "Dynamics365Workbooks", + "logoFileName": "DynamicsLogo.svg", + "description": "This workbook brings together queries and visualizations to assist you in identifying potential threats in your Dynamics 365 audit data.", + "dataTypesDependencies": [ + "Dynamics365Activity" + ], + "dataConnectorsDependencies": [ + "Dynamics365" + ], + "previewImagesFileNames": [ + "Dynamics365WorkbookBlack.png", + "Dynamics365WorkbookWhite.png" + ], + "version": "1.0.3", + "title": "Dynamics365Workbooks", + "templateRelativePath": "Dynamics365Workbooks.json", + "subtitle": "", + }, + { + "workbookKey": "ForcepointNGFWAdvanced", + "logoFileName": "FPAdvLogo.svg", + "description": "Gain threat intelligence correlated security and application insights on Forcepoint NGFW (Next Generation Firewall). Monitor Forcepoint logging servers health.", + "dataTypesDependencies": [ + "CommonSecurityLog", + "ThreatIntelligenceIndicator" + ], + "dataConnectorsDependencies": [ + "ForcepointNgfw", + "ThreatIntelligence" + ], + "previewImagesFileNames": [ + "ForcepointNGFWAdvancedWhite.png", + "ForcepointNGFWAdvancedBlack.png" + ], + "version": "1.0.0", + "title": "Forcepoint Next Generation Firewall (NGFW) Advanced Workbook", + "templateRelativePath": "ForcepointNGFWAdvanced.json", + "subtitle": "", + "provider": "Forcepoint" + }, + { + "workbookKey": "AzureActivityWorkbook", + "logoFileName": "azureactivity_logo.svg", + "description": "Gain extensive insight into your organization's Azure Activity by analyzing, and correlating all user operations and events.\nYou can learn about all user operations, trends, and anomalous changes over time.\nThis workbook gives you the ability to drill down into caller activities and summarize detected failure and warning events.", + "dataTypesDependencies": [ + "AzureActivity" + ], + "dataConnectorsDependencies": [ + "AzureActivity" + ], + "previewImagesFileNames": [ + "AzureActivityWhite1.png", + "AzureActivityBlack1.png" + ], + "version": "2.0.0", + "title": "Azure Activity", + "templateRelativePath": "AzureActivity.json", + "subtitle": "", + "provider": "Microsoft" + }, + { + "workbookKey": "IdentityAndAccessWorkbook", + "logoFileName": "Microsoft_logo.svg", + "description": "Gain insights into Identity and access operations by collecting and analyzing security logs, using the audit and sign-in logs to gather insights into use of Microsoft products.\nYou can view anomalies and trends across login events from all users and machines. This workbook also identifies suspicious entities from login and access events.", + "dataTypesDependencies": [ + "SecurityEvent" + ], + "dataConnectorsDependencies": [ + "SecurityEvents", + "WindowsSecurityEvents" + ], + "previewImagesFileNames": [ + "IdentityAndAccessWhite.png", + "IdentityAndAccessBlack.png" + ], + "version": "1.1.0", + "title": "Identity & Access", + "templateRelativePath": "IdentityAndAccess.json", + "subtitle": "", + "provider": "Microsoft" + }, + { + "workbookKey": "CheckPointWorkbook", + "logoFileName": "checkpoint_logo.svg", + "description": "Gain insights into Check Point network activities, including number of gateways and servers, security incidents, and identify infected hosts.", + "dataTypesDependencies": [ + "CommonSecurityLog" + ], + "dataConnectorsDependencies": [ + "CheckPoint" + ], + "previewImagesFileNames": [ + "CheckPointWhite.png", + "CheckPointBlack.png" + ], + "version": "1.0.0", + "title": "Check Point Software Technologies", + "templateRelativePath": "CheckPoint.json", + "subtitle": "", + "provider": "Check Point" + }, + { + "workbookKey": "CiscoWorkbook", + "logoFileName": "cisco_logo.svg", + "description": "Gain insights into your Cisco ASA firewalls by analyzing traffic, events, and firewall operations.\nThis workbook analyzes Cisco ASA threat events and identifies suspicious ports, users, protocols and IP addresses.\nYou can learn about trends across user and data traffic directions, and drill down into the Cisco filter results.\nEasily detect attacks on your organization by monitoring management operations, such as configuration and logins.", + "dataTypesDependencies": [ + "CommonSecurityLog" + ], + "dataConnectorsDependencies": [ + "CiscoASA" + ], + "previewImagesFileNames": [ + "CiscoWhite.png", + "CiscoBlack.png" + ], + "version": "1.1.0", + "title": "Cisco - ASA", + "templateRelativePath": "Cisco.json", + "subtitle": "", + "provider": "Microsoft" + }, + { + "workbookKey": "ExchangeOnlineWorkbook", + "logoFileName": "office365_logo.svg", + "description": "Gain insights into Microsoft Exchange online by tracing and analyzing all Exchange operations and user activities.\nThis workbook let you monitor user activities, including logins, account operations, permission changes, and mailbox creations to discover suspicious trends among them.", + "dataTypesDependencies": [ + "OfficeActivity" + ], + "dataConnectorsDependencies": [ + "Office365" + ], + "previewImagesFileNames": [ + "ExchangeOnlineWhite.png", + "ExchangeOnlineBlack.png" + ], + "version": "2.0.0", + "title": "Exchange Online", + "templateRelativePath": "ExchangeOnline.json", + "subtitle": "", + "provider": "Microsoft" + }, + { + "workbookKey": "PaloAltoOverviewWorkbook", + "logoFileName": "paloalto_logo.svg", + "description": "Gain insights and comprehensive monitoring into Palo Alto firewalls by analyzing traffic and activities.\nThis workbook correlates all Palo Alto data with threat events to identify suspicious entities and relationships.\nYou can learn about trends across user and data traffic, and drill down into Palo Alto Wildfire and filter results.", + "dataTypesDependencies": [ + "CommonSecurityLog" + ], + "dataConnectorsDependencies": [ + "PaloAltoNetworks" + ], + "previewImagesFileNames": [ + "PaloAltoOverviewWhite1.png", + "PaloAltoOverviewBlack1.png", + "PaloAltoOverviewWhite2.png", + "PaloAltoOverviewBlack2.png", + "PaloAltoOverviewWhite3.png", + "PaloAltoOverviewBlack3.png" + ], + "version": "1.2.0", + "title": "Palo Alto overview", + "templateRelativePath": "PaloAltoOverview.json", + "subtitle": "", + "provider": "Microsoft" + }, + { + "workbookKey": "PaloAltoNetworkThreatWorkbook", + "logoFileName": "paloalto_logo.svg", + "description": "Gain insights into Palo Alto network activities by analyzing threat events.\nYou can extract meaningful security information by correlating data between threats, applications, and time.\nThis workbook makes it easy to track malware, vulnerability, and virus log events.", + "dataTypesDependencies": [ + "CommonSecurityLog" + ], + "dataConnectorsDependencies": [ + "PaloAltoNetworks" + ], + "previewImagesFileNames": [ + "PaloAltoNetworkThreatWhite1.png", + "PaloAltoNetworkThreatBlack1.png", + "PaloAltoNetworkThreatWhite2.png", + "PaloAltoNetworkThreatBlack2.png" + ], + "version": "1.1.0", + "title": "Palo Alto Network Threat", + "templateRelativePath": "PaloAltoNetworkThreat.json", + "subtitle": "", + "provider": "Palo Alto Networks" + }, + { + "workbookKey": "EsetSMCWorkbook", + "logoFileName": "eset-logo.svg", + "description": "Visualize events and threats from Eset Security Management Center.", + "dataTypesDependencies": [ + "eset_CL" + ], + "dataConnectorsDependencies": [ + "EsetSMC" + ], + "previewImagesFileNames": [ + "esetSMCWorkbook-black.png", + "esetSMCWorkbook-white.png" + ], + "version": "1.0.0", + "title": "Eset Security Management Center Overview", + "templateRelativePath": "esetSMCWorkbook.json", + "subtitle": "", + "provider": "Community" + }, + { + "workbookKey": "FortigateWorkbook", + "logoFileName": "fortinet_logo.svg", + "description": "Gain insights into Fortigate firewalls by analyzing traffic and activities.\nThis workbook finds correlations in Fortigate threat events and identifies suspicious ports, users, protocols and IP addresses.\nYou can learn about trends across user and data traffic, and drill down into the Fortigate filter results.\nEasily detect attacks on your organization by monitoring management operations such as configuration and logins.", + "dataTypesDependencies": [ + "CommonSecurityLog" + ], + "dataConnectorsDependencies": [ + "Fortinet" + ], + "previewImagesFileNames": [ + "FortigateWhite.png", + "FortigateBlack.png" + ], + "version": "1.1.0", + "title": "FortiGate", + "templateRelativePath": "Fortigate.json", + "subtitle": "", + "provider": "Microsoft" + }, + { + "workbookKey": "DnsWorkbook", + "logoFileName": "dns_logo.svg", + "description": "Gain extensive insight into your organization's DNS by analyzing, collecting and correlating all DNS events.\nThis workbook exposes a variety of information about suspicious queries, malicious IP addresses and domain operations.", + "dataTypesDependencies": [ + "DnsInventory", + "DnsEvents" + ], + "dataConnectorsDependencies": [ + "DNS" + ], + "previewImagesFileNames": [ + "DnsWhite.png", + "DnsBlack.png" + ], + "version": "1.3.0", + "title": "DNS", + "templateRelativePath": "Dns.json", + "subtitle": "", + "provider": "Microsoft" + }, + { + "workbookKey": "Office365Workbook", + "logoFileName": "office365_logo.svg", + "description": "Gain insights into Office 365 by tracing and analyzing all operations and activities. You can drill down into your SharePoint, OneDrive, and Exchange.\nThis workbook lets you find usage trends across users, files, folders, and mailboxes, making it easier to identify anomalies in your network.", + "dataTypesDependencies": [ + "OfficeActivity" + ], + "dataConnectorsDependencies": [ + "Office365" + ], + "previewImagesFileNames": [ + "Office365White1.png", + "Office365Black1.png", + "Office365White2.png", + "Office365Black2.png", + "Office365White3.png", + "Office365Black3.png" + ], + "version": "2.0.1", + "title": "Office 365", + "templateRelativePath": "Office365.json", + "subtitle": "", + "provider": "Microsoft" + }, + { + "workbookKey": "SharePointAndOneDriveWorkbook", + "logoFileName": "office365_logo.svg", + "description": "Gain insights into SharePoint and OneDrive by tracing and analyzing all operations and activities.\nYou can view trends across user operation, find correlations between users and files, and identify interesting information such as user IP addresses.", + "dataTypesDependencies": [ + "OfficeActivity" + ], + "dataConnectorsDependencies": [ + "Office365" + ], + "previewImagesFileNames": [ + "SharePointAndOneDriveBlack1.png", + "SharePointAndOneDriveBlack2.png", + "SharePointAndOneDriveWhite1.png", + "SharePointAndOneDriveWhite2.png" + ], + "version": "2.0.0", + "title": "SharePoint & OneDrive", + "templateRelativePath": "SharePointAndOneDrive.json", + "subtitle": "", + "provider": "Microsoft" + }, + { + "workbookKey": "AzureActiveDirectorySigninLogsWorkbook", + "logoFileName": "azureactivedirectory_logo.svg", + "description": "Gain insights into Azure Active Directory by connecting Microsoft Sentinel and using the sign-in logs to gather insights around Azure AD scenarios. \nYou can learn about sign-in operations, such as user sign-ins and locations, email addresses, and IP addresses of your users, as well as failed activities and the errors that triggered the failures.", + "dataTypesDependencies": [ + "SigninLogs" + ], + "dataConnectorsDependencies": [ + "AzureActiveDirectory" + ], + "previewImagesFileNames": [ + "AADsigninBlack1.png", + "AADsigninBlack2.png", + "AADsigninWhite1.png", + "AADsigninWhite2.png" + ], + "version": "2.4.0", + "title": "Azure AD Sign-in logs", + "templateRelativePath": "AzureActiveDirectorySignins.json", + "subtitle": "", + "provider": "Microsoft" + }, + { + "workbookKey": "VirtualMachinesInsightsWorkbook", + "logoFileName": "azurevirtualmachine_logo.svg", + "description": "Gain rich insight into your organization's virtual machines from Azure Monitor, which analyzes and correlates data in your VM network. \nYou will get visibility on your VM parameters and behavior, and will be able to trace sent and received data. \nIdentify malicious attackers and their targets, and drill down into the protocols, source and destination IP addresses, countries, and ports the attacks occur across.", + "dataTypesDependencies": [ + "VMConnection", + "ServiceMapComputer_CL", + "ServiceMapProcess_CL" + ], + "dataConnectorsDependencies": [], + "previewImagesFileNames": [ + "VMInsightBlack1.png", + "VMInsightWhite1.png" + ], + "version": "1.3.0", + "title": "VM insights", + "templateRelativePath": "VirtualMachinesInsights.json", + "subtitle": "", + "provider": "Microsoft" + }, + { + "workbookKey": "AzureActiveDirectoryAuditLogsWorkbook", + "logoFileName": "azureactivedirectory_logo.svg", + "description": "Gain insights into Azure Active Directory by connecting Microsoft Sentinel and using the audit logs to gather insights around Azure AD scenarios. \nYou can learn about user operations, including password and group management, device activities, and top active users and apps.", + "dataTypesDependencies": [ + "AuditLogs" + ], + "dataConnectorsDependencies": [ + "AzureActiveDirectory" + ], + "previewImagesFileNames": [ + "AzureADAuditLogsBlack1.png", + "AzureADAuditLogsWhite1.png" + ], + "version": "1.2.0", + "title": "Azure AD Audit logs", + "templateRelativePath": "AzureActiveDirectoryAuditLogs.json", + "subtitle": "", + "provider": "Microsoft" + }, + { + "workbookKey": "ThreatIntelligenceWorkbook", + "logoFileName": "", + "description": "Gain insights into threat indicators ingestion and search for indicators at scale across Microsoft 1st Party, 3rd Party, On-Premises, Hybrid, and Multi-Cloud Workloads. Indicators Search facilitates a simple interface for finding IP, File, Hash, Sender and more across your data. Seamless pivots to correlate indicators with Microsoft Sentinel: Incidents to make your threat intelligence actionable.", + "dataTypesDependencies": [ + "ThreatIntelligenceIndicator", + "SecurityIncident" + ], + "dataConnectorsDependencies": [ + "ThreatIntelligence", + "ThreatIntelligenceTaxii" + ], + "previewImagesFileNames": [ + "ThreatIntelligenceWhite.png", + "ThreatIntelligenceBlack.png" + ], + "version": "5.0.0", + "title": "Threat Intelligence", + "templateRelativePath": "ThreatIntelligence.json", + "subtitle": "", + "provider": "Microsoft" + }, + { + "workbookKey": "WebApplicationFirewallOverviewWorkbook", + "logoFileName": "waf_logo.svg", + "description": "Gain insights into your organization's Azure web application firewall (WAF). You will get a general overview of your application gateway firewall and application gateway access events.", + "dataTypesDependencies": [ + "AzureDiagnostics" + ], + "dataConnectorsDependencies": [ + "WAF" + ], + "previewImagesFileNames": [ + "WAFOverviewBlack.png", + "WAFOverviewWhite.png" + ], + "version": "1.1.0", + "title": "Microsoft Web Application Firewall (WAF) - overview", + "templateRelativePath": "WebApplicationFirewallOverview.json", + "subtitle": "", + "provider": "Microsoft" + }, + { + "workbookKey": "WebApplicationFirewallFirewallEventsWorkbook", + "logoFileName": "waf_logo.svg", + "description": "Gain insights into your organization's Azure web application firewall (WAF). You will get visibility in to your application gateway firewall. You can view anomalies and trends across all firewall event triggers, attack events, blocked URL addresses and more.", + "dataTypesDependencies": [ + "AzureDiagnostics" + ], + "dataConnectorsDependencies": [ + "WAF" + ], + "previewImagesFileNames": [ + "WAFFirewallEventsBlack1.png", + "WAFFirewallEventsBlack2.png", + "WAFFirewallEventsWhite1.png", + "WAFFirewallEventsWhite2.png" + ], + "version": "1.1.0", + "title": "Microsoft Web Application Firewall (WAF) - firewall events", + "templateRelativePath": "WebApplicationFirewallFirewallEvents.json", + "subtitle": "", + "provider": "Microsoft" + }, + { + "workbookKey": "WebApplicationFirewallGatewayAccessEventsWorkbook", + "logoFileName": "waf_logo.svg", + "description": "Gain insights into your organization's Azure web application firewall (WAF). You will get visibility in to your application gateway access events. You can view anomalies and trends across received and sent data, client IP addresses, URL addresses and more, and drill down into details.", + "dataTypesDependencies": [ + "AzureDiagnostics" + ], + "dataConnectorsDependencies": [ + "WAF" + ], + "previewImagesFileNames": [ + "WAFGatewayAccessEventsBlack1.png", + "WAFGatewayAccessEventsBlack2.png", + "WAFGatewayAccessEventsWhite1.png", + "WAFGatewayAccessEventsWhite2.png" + ], + "version": "1.2.0", + "title": "Microsoft Web Application Firewall (WAF) - gateway access events", + "templateRelativePath": "WebApplicationFirewallGatewayAccessEvents.json", + "subtitle": "", + "provider": "Microsoft" + }, + { + "workbookKey": "LinuxMachinesWorkbook", + "logoFileName": "azurevirtualmachine_logo.svg", + "description": "Gain insights into your workspaces' Linux machines by connecting Microsoft Sentinel and using the logs to gather insights around Linux events and errors.", + "dataTypesDependencies": [ + "Syslog" + ], + "dataConnectorsDependencies": [ + "Syslog" + ], + "previewImagesFileNames": [ + "LinuxMachinesWhite.png", + "LinuxMachinesBlack.png" + ], + "version": "1.1.0", + "title": "Linux machines", + "templateRelativePath": "LinuxMachines.json", + "subtitle": "", + "provider": "Microsoft" + }, + { + "workbookKey": "AzureFirewallWorkbook", + "logoFileName": "AzFirewalls.svg", + "description": "Gain insights into Azure Firewall events. You can learn about your application and network rules, see metrics for firewall activities across URLs, ports, and addresses across multiple workspaces.", + "dataTypesDependencies": [ + "AzureDiagnostics" + ], + "dataConnectorsDependencies": [ + "AzureFirewall" + ], + "previewImagesFileNames": [ + "AzureFirewallWorkbookWhite1.PNG", + "AzureFirewallWorkbookBlack1.PNG", + "AzureFirewallWorkbookWhite2.PNG", + "AzureFirewallWorkbookBlack2.PNG", + "AzureFirewallWorkbookWhite3.PNG", + "AzureFirewallWorkbookBlack3.PNG", + "AzureFirewallWorkbookWhite4.PNG", + "AzureFirewallWorkbookBlack4.PNG", + "AzureFirewallWorkbookWhite5.PNG", + "AzureFirewallWorkbookBlack5.PNG" + ], + "version": "1.3.0", + "title": "Azure Firewall", + "templateRelativePath": "AzureFirewallWorkbook.json", + "subtitle": "", + "provider": "Microsoft" + }, + { + "workbookKey": "AzureFirewallWorkbook-StructuredLogs", + "logoFileName": "AzFirewalls.svg", + "description": "Gain insights into Azure Firewall events using the new Structured Logs for Azure Firewall. You can learn about your application and network rules, see metrics for firewall activities across URLs, ports, and addresses across multiple workspaces.", + "dataTypesDependencies": [ + "AZFWNetworkRule", + "AZFWApplicationRule", + "AZFWDnsQuery", + "AZFWThreatIntel" + ], + "dataConnectorsDependencies": [ + "AzureFirewall" + ], + "previewImagesFileNames": [ + "AzureFirewallWorkbookWhite1.PNG", + "AzureFirewallWorkbookBlack1.PNG", + "AzureFirewallWorkbookWhite2.PNG", + "AzureFirewallWorkbookBlack2.PNG", + "AzureFirewallWorkbookWhite3.PNG", + "AzureFirewallWorkbookBlack3.PNG", + "AzureFirewallWorkbookWhite4.PNG", + "AzureFirewallWorkbookBlack4.PNG", + "AzureFirewallWorkbookWhite5.PNG", + "AzureFirewallWorkbookBlack5.PNG" + ], + "version": "1.0.0", + "title": "Azure Firewall Structured Logs", + "templateRelativePath": "AzureFirewallWorkbook-StructuredLogs.json", + "subtitle": "", + "provider": "Microsoft" + }, + { + "workbookKey": "AzureDDoSStandardProtection", + "logoFileName": "AzDDoS.svg", + "description": "This workbook visualizes security-relevant Azure DDoS events across several filterable panels. Offering a summary tab, metrics and a investigate tabs across multiple workspaces.", + "dataTypesDependencies": [ + "AzureDiagnostics" + ], + "dataConnectorsDependencies": [ + "DDOS" + ], + "previewImagesFileNames": [ + "AzureDDoSWhite1.PNG", + "AzureDDoSBlack1.PNG", + "AzureDDoSWhite2.PNG", + "AzureDDoSBlack2.PNG", + "AzureDDoSWhite2.PNG", + "AzureDDoSBlack2.PNG" + ], + "version": "1.0.2", + "title": "Azure DDoS Protection Workbook", + "templateRelativePath": "AzDDoSStandardWorkbook.json", + "subtitle": "", + "provider": "Microsoft" + }, + { + "workbookKey": "MicrosoftCloudAppSecurityWorkbook", + "logoFileName": "Microsoft_logo.svg", + "description": "Using this workbook, you can identify which cloud apps are being used in your organization, gain insights from usage trends and drill down to a specific user and application.", + "dataTypesDependencies": [ + "McasShadowItReporting" + ], + "dataConnectorsDependencies": [ + "MicrosoftCloudAppSecurity" + ], + "previewImagesFileNames": [ + "McasDiscoveryBlack.png", + "McasDiscoveryWhite.png" + ], + "version": "1.2.0", + "title": "Microsoft Cloud App Security - discovery logs", + "templateRelativePath": "MicrosoftCloudAppSecurity.json", + "subtitle": "", + "provider": "Microsoft" + }, + { + "workbookKey": "F5BIGIPSytemMetricsWorkbook", + "logoFileName": "f5_logo.svg", + "description": "Gain insight into F5 BIG-IP health and performance. This workbook provides visibility of various metrics including CPU, memory, connectivity, throughput and disk utilization.", + "dataTypesDependencies": [ + "F5Telemetry_system_CL", + "F5Telemetry_AVR_CL" + ], + "dataConnectorsDependencies": [ + "F5BigIp" + ], + "previewImagesFileNames": [ + "F5SMBlack.png", + "F5SMWhite.png" + ], + "version": "1.1.0", + "title": "F5 BIG-IP System Metrics", + "templateRelativePath": "F5BIGIPSystemMetrics.json", + "subtitle": "", + "provider": "F5 Networks" + }, + { + "workbookKey": "F5NetworksWorkbook", + "logoFileName": "f5_logo.svg", + "description": "Gain insights into F5 BIG-IP Application Security Manager (ASM), by analyzing traffic and activities.\nThis workbook provides insight into F5's web application firewall events and identifies attack traffic patterns across multiple ASM instances as well as overall BIG-IP health.", + "dataTypesDependencies": [ + "F5Telemetry_LTM_CL", + "F5Telemetry_system_CL", + "F5Telemetry_ASM_CL" + ], + "dataConnectorsDependencies": [ + "F5BigIp" + ], + "previewImagesFileNames": [ + "F5White.png", + "F5Black.png" + ], + "version": "1.1.0", + "title": "F5 BIG-IP ASM", + "templateRelativePath": "F5Networks.json", + "subtitle": "", + "provider": "F5 Networks" + }, + { + "workbookKey": "AzureNetworkWatcherWorkbook", + "logoFileName": "networkwatcher_logo.svg", + "description": "Gain deeper understanding of your organization's Azure network traffic by analyzing, and correlating Network Security Group flow logs. \nYou can trace malicious traffic flows, and drill down into their protocols, source and destination IP addresses, machines, countries, and subnets. \nThis workbook also helps you protect your network by identifying weak NSG rules.", + "dataTypesDependencies": [ + "AzureNetworkAnalytics_CL" + ], + "dataConnectorsDependencies": [], + "previewImagesFileNames": [ + "AzureNetworkWatcherWhite.png", + "AzureNetworkWatcherBlack.png" + ], + "version": "1.1.0", + "title": "Azure Network Watcher", + "templateRelativePath": "AzureNetworkWatcher.json", + "subtitle": "", + "provider": "Microsoft" + }, + { + "workbookKey": "ZscalerFirewallWorkbook", + "logoFileName": "zscaler_logo.svg", + "description": "Gain insights into your ZIA cloud firewall logs by connecting to Microsoft Sentinel.\nThe Zscaler firewall overview workbook provides an overview and ability to drill down into all cloud firewall activity in your Zscaler instance including non-web related networking events, security events, firewall rules, and bandwidth consumption", + "dataTypesDependencies": [ + "CommonSecurityLog" + ], + "dataConnectorsDependencies": [ + "Zscaler" + ], + "previewImagesFileNames": [ + "ZscalerFirewallWhite1.png", + "ZscalerFirewallBlack1.png", + "ZscalerFirewallWhite2.png", + "ZscalerFirewallBlack2.png" + ], + "version": "1.1.0", + "title": "Zscaler Firewall", + "templateRelativePath": "ZscalerFirewall.json", + "subtitle": "", + "provider": "Zscaler" + }, + { + "workbookKey": "ZscalerWebOverviewWorkbook", + "logoFileName": "zscaler_logo.svg", + "description": "Gain insights into your ZIA web logs by connecting to Microsoft Sentinel.\nThe Zscaler web overview workbook provides a bird's eye view and ability to drill down into all the security and networking events related to web transactions, types of devices, and bandwidth consumption.", + "dataTypesDependencies": [ + "CommonSecurityLog" + ], + "dataConnectorsDependencies": [ + "Zscaler" + ], + "previewImagesFileNames": [ + "ZscalerWebOverviewWhite.png", + "ZscalerWebOverviewBlack.png" + ], + "version": "1.1.0", + "title": "Zscaler Web Overview", + "templateRelativePath": "ZscalerWebOverview.json", + "subtitle": "", + "provider": "Zscaler" + }, + { + "workbookKey": "ZscalerThreatsOverviewWorkbook", + "logoFileName": "zscaler_logo.svg", + "description": "Gain insights into threats blocked by Zscaler Internet access on your network.\nThe Zscaler threat overview workbook shows your entire threat landscape including blocked malware, IPS/AV rules, and blocked cloud apps. Threats are displayed by threat categories, filetypes, inbound vs outbound threats, usernames, user location, and more.", + "dataTypesDependencies": [ + "CommonSecurityLog" + ], + "dataConnectorsDependencies": [ + "Zscaler" + ], + "previewImagesFileNames": [ + "ZscalerThreatsWhite.png", + "ZscalerThreatsBlack.png" + ], + "version": "1.2.0", + "title": "Zscaler Threats", + "templateRelativePath": "ZscalerThreats.json", + "subtitle": "", + "provider": "Zscaler" + }, + { + "workbookKey": "ZscalerOffice365AppsWorkbook", + "logoFileName": "zscaler_logo.svg", + "description": "Gain insights into Office 365 use on your network.\nThe Zscaler Office 365 overview workbook shows you the Microsoft apps running on your network and their individual bandwidth consumption. It also helps identify phishing attempts in which attackers disguised themselves as Microsoft services.", + "dataTypesDependencies": [ + "CommonSecurityLog" + ], + "dataConnectorsDependencies": [ + "Zscaler" + ], + "previewImagesFileNames": [ + "ZscalerOffice365White.png", + "ZscalerOffice365Black.png" + ], + "version": "1.1.0", + "title": "Zscaler Office365 Apps", + "templateRelativePath": "ZscalerOffice365Apps.json", + "subtitle": "", + "provider": "Zscaler" + }, + { + "workbookKey": "InsecureProtocolsWorkbook", + "logoFileName": "Microsoft_logo.svg", + "description": "Gain insights into insecure protocol traffic by collecting and analyzing security events from Microsoft products.\nYou can view analytics and quickly identify use of weak authentication as well as sources of legacy protocol traffic, like NTLM and SMBv1.\nYou will also have the ability to monitor use of weak ciphers, allowing you to find weak spots in your organization's security.", + "dataTypesDependencies": [ + "SecurityEvent", + "Event", + "SigninLogs" + ], + "dataConnectorsDependencies": [ + "SecurityEvents", + "AzureActiveDirectory", + "WindowsSecurityEvents" + ], + "previewImagesFileNames": [ + "InsecureProtocolsWhite1.png", + "InsecureProtocolsBlack1.png", + "InsecureProtocolsWhite2.png", + "InsecureProtocolsBlack2.png" + ], + "version": "2.1.0", + "title": "Insecure Protocols", + "templateRelativePath": "InsecureProtocols.json", + "subtitle": "", + "provider": "Microsoft" + }, + { + "workbookKey": "AmazonWebServicesNetworkActivitiesWorkbook", + "logoFileName": "amazon_web_services_Logo.svg", + "description": "Gain insights into AWS network related resource activities, including the creation, update, and deletions of security groups, network ACLs and routes, gateways, elastic load balancers, VPCs, subnets, and network interfaces.", + "dataTypesDependencies": [ + "AWSCloudTrail" + ], + "dataConnectorsDependencies": [ + "AWS" + ], + "previewImagesFileNames": [ + "AwsNetworkActivitiesWhite.png", + "AwsNetworkActivitiesBlack.png" + ], + "version": "1.0.0", + "title": "AWS Network Activities", + "templateRelativePath": "AmazonWebServicesNetworkActivities.json", + "subtitle": "", + "provider": "Microsoft" + }, + { + "workbookKey": "AmazonWebServicesUserActivitiesWorkbook", + "logoFileName": "amazon_web_services_Logo.svg", + "description": "Gain insights into AWS user activities, including failed sign-in attempts, IP addresses, regions, user agents, and identity types, as well as potential malicious user activities with assumed roles.", + "dataTypesDependencies": [ + "AWSCloudTrail" + ], + "dataConnectorsDependencies": [ + "AWS" + ], + "previewImagesFileNames": [ + "AwsUserActivitiesWhite.png", + "AwsUserActivitiesBlack.png" + ], + "version": "1.0.0", + "title": "AWS User Activities", + "templateRelativePath": "AmazonWebServicesUserActivities.json", + "subtitle": "", + "provider": "Microsoft" + }, + { + "workbookKey": "TrendMicroDeepSecurityAttackActivityWorkbook", + "logoFileName": "trendmicro_logo.svg", + "description": "Visualize and gain insights into the MITRE ATT&CK related activity detected by Trend Micro Deep Security.", + "dataTypesDependencies": [ + "CommonSecurityLog" + ], + "dataConnectorsDependencies": [ + "TrendMicro" + ], + "previewImagesFileNames": [ + "TrendMicroDeepSecurityAttackActivityWhite.png", + "TrendMicroDeepSecurityAttackActivityBlack.png" + ], + "version": "1.0.0", + "title": "Trend Micro Deep Security ATT&CK Related Activity", + "templateRelativePath": "TrendMicroDeepSecurityAttackActivity.json", + "subtitle": "", + "provider": "Trend Micro" + }, + { + "workbookKey": "TrendMicroDeepSecurityOverviewWorkbook", + "logoFileName": "trendmicro_logo.svg", + "description": "Gain insights into your Trend Micro Deep Security security event data by visualizing your Deep Security Anti-Malware, Firewall, Integrity Monitoring, Intrusion Prevention, Log Inspection, and Web Reputation event data.", + "dataTypesDependencies": [ + "CommonSecurityLog" + ], + "dataConnectorsDependencies": [ + "TrendMicro" + ], + "previewImagesFileNames": [ + "TrendMicroDeepSecurityOverviewWhite1.png", + "TrendMicroDeepSecurityOverviewBlack1.png", + "TrendMicroDeepSecurityOverviewWhite2.png", + "TrendMicroDeepSecurityOverviewBlack2.png" + ], + "version": "1.0.0", + "title": "Trend Micro Deep Security Events", + "templateRelativePath": "TrendMicroDeepSecurityOverview.json", + "subtitle": "", + "provider": "Trend Micro" + }, + { + "workbookKey": "ExtraHopDetectionSummaryWorkbook", + "logoFileName": "extrahop_logo.svg", + "description": "Gain insights into ExtraHop Reveal(x) detections by analyzing traffic and activities.\nThis workbook provides an overview of security detections in your organization's network, including high-risk detections and top participants.", + "dataTypesDependencies": [ + "CommonSecurityLog" + ], + "dataConnectorsDependencies": [ + "ExtraHopNetworks" + ], + "previewImagesFileNames": [ + "ExtrahopWhite.png", + "ExtrahopBlack.png" + ], + "version": "1.0.0", + "title": "ExtraHop", + "templateRelativePath": "ExtraHopDetectionSummary.json", + "subtitle": "", + "provider": "ExtraHop Networks" + }, + { + "workbookKey": "BarracudaCloudFirewallWorkbook", + "logoFileName": "barracuda_logo.svg", + "description": "Gain insights into your Barracuda CloudGen Firewall by analyzing firewall operations and events.\nThis workbook provides insights into rule enforcement, network activities, including number of connections, top users, and helps you identify applications that are popular on your network.", + "dataTypesDependencies": [ + "CommonSecurityLog", + "Syslog" + ], + "dataConnectorsDependencies": [ + "BarracudaCloudFirewall" + ], + "previewImagesFileNames": [ + "BarracudaWhite1.png", + "BarracudaBlack1.png", + "BarracudaWhite2.png", + "BarracudaBlack2.png" + ], + "version": "1.0.0", + "title": "Barracuda CloudGen FW", + "templateRelativePath": "Barracuda.json", + "subtitle": "", + "provider": "Barracuda" + }, + { + "workbookKey": "CitrixWorkbook", + "logoFileName": "citrix_logo.svg", + "description": "Citrix Analytics for Security aggregates and correlates information across network traffic, users, files and endpoints in Citrix environments. This generates actionable insights that enable Citrix administrators and security teams to remediate user security threats through automation while optimizing IT operations. Machine learning and artificial intelligence empowers Citrix Analytics for Security to identify and take automated action to prevent data exfiltration. While delivered as a cloud service, Citrix Analytics for Security can generate insights from resources located on-premises, in the cloud, or in hybrid architectures. The Citrix Analytics Workbook further enhances the value of both your Citrix Analytics for Security and Microsoft Sentinel. The Workbook enables you to integrate data sources together, helping you gain even richer insights. It also gives Security Operations (SOC) teams the ability to correlate data from disparate logs, helping you identify and proactively remediate security risk quickly. Additionally, valuable dashboards that were unique to the Citrix Analytics for Security can now be implemented in Sentinel. You can also create new custom Workbooks that were not previously available, helping extend the value of both investments.", + "dataTypesDependencies": [ + "CitrixAnalytics_userProfile_CL", + "CitrixAnalytics_riskScoreChange_CL", + "CitrixAnalytics_indicatorSummary_CL", + "CitrixAnalytics_indicatorEventDetails_CL" + ], + "dataConnectorsDependencies": [ + "Citrix" + ], + "previewImagesFileNames": [ + "CitrixWhite.png", + "CitrixBlack.png" + ], + "version": "2.1.0", + "title": "Citrix Analytics", + "templateRelativePath": "Citrix.json", + "subtitle": "", + "provider": "Citrix Systems Inc." + }, + { + "workbookKey": "OneIdentityWorkbook", + "logoFileName": "oneIdentity_logo.svg", + "description": "This simple workbook gives an overview of sessions going through your SafeGuard for Privileged Sessions device.", + "dataTypesDependencies": [ + "CommonSecurityLog" + ], + "dataConnectorsDependencies": [ + "OneIdentity" + ], + "previewImagesFileNames": [ + "OneIdentityWhite.png", + "OneIdentityBlack.png" + ], + "version": "1.0.0", + "title": "One Identity", + "templateRelativePath": "OneIdentity.json", + "subtitle": "", + "provider": "One Identity LLC." + }, + { + "workbookKey": "SecurityStatusWorkbook", + "logoFileName": "", + "description": "This workbook gives an overview of Security Settings for VMs and Azure Arc.", + "dataTypesDependencies": [ + "CommonSecurityLog", + "SecurityEvent", + "Syslog" + ], + "dataConnectorsDependencies": [], + "previewImagesFileNames": [ + "AzureSentinelSecurityStatusBlack.png", + "AzureSentinelSecurityStatusWhite.png" + ], + "version": "1.3.0", + "title": "Security Status", + "templateRelativePath": "SecurityStatus.json", + "subtitle": "", + "provider": "Microsoft" + }, + { + "workbookKey": "AzureSentinelSecurityAlertsWorkbook", + "logoFileName": "Azure_Sentinel.svg", + "description": "Security Alerts dashboard for alerts in your Microsoft Sentinel environment.", + "dataTypesDependencies": [ + "SecurityAlert" + ], + "dataConnectorsDependencies": [], + "previewImagesFileNames": [ + "AzureSentinelSecurityAlertsWhite.png", + "AzureSentinelSecurityAlertsBlack.png" + ], + "version": "1.1.0", + "title": "Security Alerts", + "templateRelativePath": "AzureSentinelSecurityAlerts.json", + "subtitle": "", + "provider": "Microsoft" + }, + { + "workbookKey": "SquadraTechnologiesSecRMMWorkbook", + "logoFileName": "SquadraTechnologiesLogo.svg", + "description": "This workbook gives an overview of security data for removable storage activity such as USB thumb drives and USB connected mobile devices.", + "dataTypesDependencies": [ + "secRMM_CL" + ], + "dataConnectorsDependencies": [ + "SquadraTechnologiesSecRmm" + ], + "previewImagesFileNames": [ + "SquadraTechnologiesSecRMMWhite.PNG", + "SquadraTechnologiesSecRMMBlack.PNG" + ], + "version": "1.0.0", + "title": "Squadra Technologies SecRMM - USB removable storage security", + "templateRelativePath": "SquadraTechnologiesSecRMM.json", + "subtitle": "", + "provider": "Squadra Technologies" + }, + { + "workbookKey": "IoT-Alerts", + "logoFileName": "IoTIcon.svg", + "description": "Gain insights into your IoT data workloads from Azure IoT Hub managed deployments, monitor alerts across all your IoT Hub deployments, detect devices at risk and act upon potential threats.", + "dataTypesDependencies": [ + "SecurityAlert" + ], + "dataConnectorsDependencies": [ + "IoT" + ], + "previewImagesFileNames": [ + "IOTBlack1.png", + "IOTWhite1.png" + ], + "version": "1.2.0", + "title": "Azure Defender for IoT Alerts", + "templateRelativePath": "IOT_Alerts.json", + "subtitle": "", + "provider": "Microsoft" + }, + { + "workbookKey": "IoTAssetDiscovery", + "logoFileName": "IoTIcon.svg", + "description": "IoT Devices asset discovery from Firewall logs By Azure Defender for IoT", + "dataTypesDependencies": [ + "CommonSecurityLog" + ], + "dataConnectorsDependencies": [ + "Fortinet" + ], + "previewImagesFileNames": [ + "workbook-iotassetdiscovery-screenshot-Black.PNG", + "workbook-iotassetdiscovery-screenshot-White.PNG" + ], + "version": "1.0.0", + "title": "IoT Asset Discovery", + "templateRelativePath": "IoTAssetDiscovery.json", + "subtitle": "", + "provider": "Microsoft" + }, + { + "workbookKey": "ForcepointCASBWorkbook", + "logoFileName": "FP_Green_Emblem_RGB-01.svg", + "description": "Get insights on user risk with the Forcepoint CASB (Cloud Access Security Broker) workbook.", + "dataTypesDependencies": [ + "CommonSecurityLog" + ], + "dataConnectorsDependencies": [ + "ForcepointCasb" + ], + "previewImagesFileNames": [ + "ForcepointCASBWhite.png", + "ForcepointCASBBlack.png" + ], + "version": "1.0.0", + "title": "Forcepoint Cloud Access Security Broker (CASB)", + "templateRelativePath": "ForcepointCASB.json", + "subtitle": "", + "provider": "Forcepoint" + }, + { + "workbookKey": "ForcepointNGFWWorkbook", + "logoFileName": "FP_Green_Emblem_RGB-01.svg", + "description": "Get insights on firewall activities with the Forcepoint NGFW (Next Generation Firewall) workbook.", + "dataTypesDependencies": [ + "CommonSecurityLog" + ], + "dataConnectorsDependencies": [ + "ForcepointNgfw" + ], + "previewImagesFileNames": [ + "ForcepointNGFWWhite.png", + "ForcepointNGFWBlack.png" + ], + "version": "1.0.0", + "title": "Forcepoint Next Generation Firewall (NGFW)", + "templateRelativePath": "ForcepointNGFW.json", + "subtitle": "", + "provider": "Forcepoint" + }, + { + "workbookKey": "ForcepointDLPWorkbook", + "logoFileName": "FP_Green_Emblem_RGB-01.svg", + "description": "Get insights on DLP incidents with the Forcepoint DLP (Data Loss Prevention) workbook.", + "dataTypesDependencies": [ + "ForcepointDLPEvents_CL" + ], + "dataConnectorsDependencies": [ + "ForcepointDlp" + ], + "previewImagesFileNames": [ + "ForcepointDLPWhite.png", + "ForcepointDLPBlack.png" + ], + "version": "1.0.0", + "title": "Forcepoint Data Loss Prevention (DLP)", + "templateRelativePath": "ForcepointDLP.json", + "subtitle": "", + "provider": "Forcepoint" + }, + { + "workbookKey": "ZimperiumMTDWorkbook", + "logoFileName": "ZIMPERIUM-logo_square2.svg", + "description": "This workbook provides insights on Zimperium Mobile Threat Defense (MTD) threats and mitigations.", + "dataTypesDependencies": [ + "ZimperiumThreatLog_CL", + "ZimperiumMitigationLog_CL" + ], + "dataConnectorsDependencies": [ + "ZimperiumMtdAlerts" + ], + "previewImagesFileNames": [ + "ZimperiumWhite.png", + "ZimperiumBlack.png" + ], + "version": "1.0.0", + "title": "Zimperium Mobile Threat Defense (MTD)", + "templateRelativePath": "ZimperiumWorkbooks.json", + "subtitle": "", + "provider": "Zimperium" + }, + { + "workbookKey": "AzureAuditActivityAndSigninWorkbook", + "logoFileName": "azureactivedirectory_logo.svg", + "description": "Gain insights into Azure Active Directory Audit, Activity and Signins with one workbook. This workbook can be used by Security and Azure administrators.", + "dataTypesDependencies": [ + "AzureActivity", + "AuditLogs", + "SigninLogs" + ], + "dataConnectorsDependencies": [ + "AzureActiveDirectory" + ], + "previewImagesFileNames": [ + "AzureAuditActivityAndSigninWhite1.png", + "AzureAuditActivityAndSigninWhite2.png", + "AzureAuditActivityAndSigninBlack1.png", + "AzureAuditActivityAndSigninBlack2.png" + ], + "version": "1.2.0", + "title": "Azure AD Audit, Activity and Sign-in logs", + "templateRelativePath": "AzureAuditActivityAndSignin.json", + "subtitle": "", + "provider": "Microsoft Sentinel community" + }, + { + "workbookKey": "WindowsFirewall", + "logoFileName": "Microsoft_logo.svg", + "description": "Gain insights into Windows Firewall logs in combination with security and Azure signin logs", + "dataTypesDependencies": [ + "WindowsFirewall", + "SecurityEvent", + "SigninLogs" + ], + "dataConnectorsDependencies": [ + "SecurityEvents", + "WindowsFirewall", + "WindowsSecurityEvents" + ], + "previewImagesFileNames": [ + "WindowsFirewallWhite1.png", + "WindowsFirewallWhite2.png", + "WindowsFirewallBlack1.png", + "WindowsFirewallBlack2.png" + ], + "version": "1.0.0", + "title": "Windows Firewall", + "templateRelativePath": "WindowsFirewall.json", + "subtitle": "", + "provider": "Microsoft Sentinel community" + }, + { + "workbookKey": "EventAnalyzerwWorkbook", + "logoFileName": "", + "description": "The Event Analyzer workbook allows to explore, audit and speed up analysis of Windows Event Logs, including all event details and attributes, such as security, application, system, setup, directory service, DNS and others.", + "dataTypesDependencies": [ + "SecurityEvent" + ], + "dataConnectorsDependencies": [ + "SecurityEvents", + "WindowsSecurityEvents" + ], + "previewImagesFileNames": [ + "EventAnalyzer-Workbook-White.png", + "EventAnalyzer-Workbook-Black.png" + ], + "version": "1.0.0", + "title": "Event Analyzer", + "templateRelativePath": "EventAnalyzer.json", + "subtitle": "", + "provider": "Microsoft Sentinel community" + }, + { + "workbookKey": "ASC-ComplianceandProtection", + "logoFileName": "", + "description": "Gain insight into regulatory compliance, alert trends, security posture, and more with this workbook based on Azure Security Center data.", + "dataTypesDependencies": [ + "SecurityAlert", + "ProtectionStatus", + "SecurityRecommendation", + "SecurityBaseline", + "SecurityBaselineSummary", + "Update", + "ConfigurationChange" + ], + "dataConnectorsDependencies": [ + "AzureSecurityCenter" + ], + "previewImagesFileNames": [ + "ASCCaPBlack.png", + "ASCCaPWhite.png" + ], + "version": "1.2.0", + "title": "ASC Compliance and Protection", + "templateRelativePath": "ASC-ComplianceandProtection.json", + "subtitle": "", + "provider": "Microsoft Sentinel community" + }, + { + "workbookKey": "AIVectraDetectWorkbook", + "logoFileName": "AIVectraDetect.svg", + "description": "Start investigating network attacks surfaced by Vectra Detect directly from Sentinel. View critical hosts, accounts, campaigns and detections. Also monitor Vectra system health and audit logs.", + "dataTypesDependencies": [ + "CommonSecurityLog" + ], + "dataConnectorsDependencies": [ + "AIVectraDetect" + ], + "previewImagesFileNames": [ + "AIVectraDetectWhite1.png", + "AIVectraDetectBlack1.png" + ], + "version": "1.1.1", + "title": "Vectra AI Detect", + "templateRelativePath": "AIVectraDetectWorkbook.json", + "subtitle": "", + "provider": "Vectra AI" + }, + { + "workbookKey": "Perimeter81OverviewWorkbook", + "logoFileName": "Perimeter81_Logo.svg", + "description": "Gain insights and comprehensive monitoring into your Perimeter 81 account by analyzing activities.", + "dataTypesDependencies": [ + "Perimeter81_CL" + ], + "dataConnectorsDependencies": [ + "Perimeter81ActivityLogs" + ], + "previewImagesFileNames": [ + "Perimeter81OverviewWhite1.png", + "Perimeter81OverviewBlack1.png", + "Perimeter81OverviewWhite2.png", + "Perimeter81OverviewBlack2.png" + ], + "version": "1.0.0", + "title": "Perimeter 81 Overview", + "templateRelativePath": "Perimeter81OverviewWorkbook.json", + "subtitle": "", + "provider": "Perimeter 81" + }, + { + "workbookKey": "SymantecProxySGWorkbook", + "logoFileName": "symantec_logo.svg", + "description": "Gain insight into Symantec ProxySG by analyzing, collecting and correlating proxy data.\nThis workbook provides visibility into ProxySG Access logs", + "dataTypesDependencies": [ + "Syslog" + ], + "dataConnectorsDependencies": [ + "SymantecProxySG" + ], + "previewImagesFileNames": [ + "SymantecProxySGWhite.png", + "SymantecProxySGBlack.png" + ], + "version": "1.0.0", + "title": "Symantec ProxySG", + "templateRelativePath": "SymantecProxySG.json", + "subtitle": "", + "provider": "Symantec" + }, + { + "workbookKey": "IllusiveASMWorkbook", + "logoFileName": "illusive_logo_workbook.svg", + "description": "Gain insights into your organization's Cyber Hygiene and Attack Surface risk.\nIllusive ASM automates discovery and clean-up of credential violations, allows drill-down inspection of pathways to critical assets, and provides risk insights that inform intelligent decision-making to reduce attacker mobility.", + "dataTypesDependencies": [ + "CommonSecurityLog" + ], + "dataConnectorsDependencies": [ + "illusiveAttackManagementSystem" + ], + "previewImagesFileNames": [ + "IllusiveASMWhite.png", + "IllusiveASMBlack.png" + ], + "version": "1.0.0", + "title": "Illusive ASM Dashboard", + "templateRelativePath": "IllusiveASM.json", + "subtitle": "", + "provider": "Illusive" + }, + { + "workbookKey": "IllusiveADSWorkbook", + "logoFileName": "illusive_logo_workbook.svg", + "description": "Gain insights into unauthorized lateral movement in your organization's network.\nIllusive ADS is designed to paralyzes attackers and eradicates in-network threats by creating a hostile environment for the attackers across all the layers of the attack surface.", + "dataTypesDependencies": [ + "CommonSecurityLog" + ], + "dataConnectorsDependencies": [ + "illusiveAttackManagementSystem" + ], + "previewImagesFileNames": [ + "IllusiveADSWhite.png", + "IllusiveADSBlack.png" + ], + "version": "1.0.0", + "title": "Illusive ADS Dashboard", + "templateRelativePath": "IllusiveADS.json", + "subtitle": "", + "provider": "Illusive" + }, + { + "workbookKey": "PulseConnectSecureWorkbook", + "logoFileName": "", + "description": "Gain insight into Pulse Secure VPN by analyzing, collecting and correlating vulnerability data.\nThis workbook provides visibility into user VPN activities", + "dataTypesDependencies": [ + "Syslog" + ], + "dataConnectorsDependencies": [ + "PulseConnectSecure" + ], + "previewImagesFileNames": [ + "PulseConnectSecureWhite.png", + "PulseConnectSecureBlack.png" + ], + "version": "1.0.0", + "title": "Pulse Connect Secure", + "templateRelativePath": "PulseConnectSecure.json", + "subtitle": "", + "provider": "Pulse Secure" + }, + { + "workbookKey": "InfobloxNIOSWorkbook", + "logoFileName": "infoblox_logo.svg", + "description": "Gain insight into Infoblox NIOS by analyzing, collecting and correlating DHCP and DNS data.\nThis workbook provides visibility into DHCP and DNS traffic", + "dataTypesDependencies": [ + "Syslog" + ], + "dataConnectorsDependencies": [ + "InfobloxNIOS" + ], + "previewImagesFileNames": [], + "version": "1.1.0", + "title": "Infoblox NIOS", + "templateRelativePath": "Infoblox-Workbook-V2.json", + "subtitle": "", + "provider": "Infoblox" + }, + { + "workbookKey": "SymantecVIPWorkbook", + "logoFileName": "symantec_logo.svg", + "description": "Gain insight into Symantec VIP by analyzing, collecting and correlating strong authentication data.\nThis workbook provides visibility into user authentications", + "dataTypesDependencies": [ + "Syslog" + ], + "dataConnectorsDependencies": [ + "SymantecVIP" + ], + "previewImagesFileNames": [ + "SymantecVIPWhite.png", + "SymantecVIPBlack.png" + ], + "version": "1.0.0", + "title": "Symantec VIP", + "templateRelativePath": "SymantecVIP.json", + "subtitle": "", + "provider": "Symantec" + }, + { + "workbookKey": "ProofPointTAPWorkbook", + "logoFileName": "proofpointlogo.svg", + "description": "Gain extensive insight into Proofpoint Targeted Attack Protection (TAP) by analyzing, collecting and correlating TAP log events.\nThis workbook provides visibility into message and click events that were permitted, delivered, or blocked", + "dataTypesDependencies": [ + "ProofPointTAPMessagesBlocked_CL", + "ProofPointTAPMessagesDelivered_CL", + "ProofPointTAPClicksPermitted_CL", + "ProofPointTAPClicksBlocked_CL" + ], + "dataConnectorsDependencies": [ + "ProofpointTAP" + ], + "previewImagesFileNames": [ + "ProofpointTAPWhite.png", + "ProofpointTAPBlack.png" + ], + "version": "1.0.0", + "title": "Proofpoint TAP", + "templateRelativePath": "ProofpointTAP.json", + "subtitle": "", + "provider": "Proofpoint" + }, + { + "workbookKey": "QualysVMV2Workbook", + "logoFileName": "qualys_logo.svg", + "description": "Gain insight into Qualys Vulnerability Management by analyzing, collecting and correlating vulnerability data.\nThis workbook provides visibility into vulnerabilities detected from vulnerability scans", + "dataTypesDependencies": [ + "QualysHostDetectionV2_CL" + ], + "dataConnectorsDependencies": [ + "QualysVulnerabilityManagement" + ], + "previewImagesFileNames": [ + "QualysVMWhite.png", + "QualysVMBlack.png" + ], + "version": "1.0.0", + "title": "Qualys Vulnerability Management", + "templateRelativePath": "QualysVMv2.json", + "subtitle": "", + "provider": "Qualys" + }, + { + "workbookKey": "GitHubSecurityWorkbook", + "logoFileName": "GitHub.svg", + "description": "Gain insights to GitHub activities that may be interesting for security.", + "dataTypesDependencies": [ + "Github_CL", + "GitHubRepoLogs_CL" + ], + "dataConnectorsDependencies": [], + "previewImagesFileNames": [ + "GitHubSecurityWhite.png", + "GitHubSecurityBlack.png" + ], + "version": "1.0.0", + "title": "GitHub Security", + "templateRelativePath": "GitHubSecurityWorkbook.json", + "subtitle": "", + "provider": "Microsoft Sentinel community" + }, + { + "workbookKey": "VisualizationDemo", + "logoFileName": "", + "description": "Learn and explore the many ways of displaying information within Microsoft Sentinel workbooks", + "dataTypesDependencies": [ + "SecurityAlert" + ], + "dataConnectorsDependencies": [], + "previewImagesFileNames": [ + "VisualizationDemoBlack.png", + "VisualizationDemoWhite.png" + ], + "version": "1.0.0", + "title": "Visualizations Demo", + "templateRelativePath": "VisualizationDemo.json", + "subtitle": "", + "provider": "Microsoft Sentinel Community" + }, + { + "workbookKey": "SophosXGFirewallWorkbook", + "logoFileName": "sophos_logo.svg", + "description": "Gain insight into Sophos XG Firewall by analyzing, collecting and correlating firewall data.\nThis workbook provides visibility into network traffic", + "dataTypesDependencies": [ + "Syslog" + ], + "dataConnectorsDependencies": [ + "SophosXGFirewall" + ], + "previewImagesFileNames": [ + "SophosXGFirewallWhite.png", + "SophosXGFirewallBlack.png" + ], + "version": "1.0.0", + "title": "Sophos XG Firewall", + "templateRelativePath": "SophosXGFirewall.json", + "subtitle": "", + "provider": "Sophos" + }, + { + "workbookKey": "SysmonThreatHuntingWorkbook", + "logoFileName": "", + "description": "Simplify your threat hunts using Sysmon data mapped to MITRE ATT&CK data. This workbook gives you the ability to drilldown into system activity based on known ATT&CK techniques as well as other threat hunting entry points such as user activity, network connections or virtual machine Sysmon events.\nPlease note that for this workbook to work you must have deployed Sysmon on your virtual machines in line with the instructions at https://github.com/BlueTeamLabs/sentinel-attack/wiki/Onboarding-sysmon-data-to-Azure-Sentinel", + "dataTypesDependencies": [ + "Event" + ], + "dataConnectorsDependencies": [], + "previewImagesFileNames": [ + "SysmonThreatHuntingWhite1.png", + "SysmonThreatHuntingBlack1.png" + ], + "version": "1.4.0", + "title": "Sysmon Threat Hunting", + "templateRelativePath": "SysmonThreatHunting.json", + "subtitle": "", + "provider": "Microsoft Sentinel community" + }, + { + "workbookKey": "WebApplicationFirewallWAFTypeEventsWorkbook", + "logoFileName": "webapplicationfirewall(WAF)_logo.svg", + "description": "Gain insights into your organization's Azure web application firewall (WAF) across various services such as Azure Front Door Service and Application Gateway. You can view event triggers, full messages, attacks over time, among other data. Several aspects of the workbook are interactable to allow users to further understand their data", + "dataTypesDependencies": [ + "AzureDiagnostics" + ], + "dataConnectorsDependencies": [ + "WAF" + ], + "previewImagesFileNames": [ + "WAFFirewallWAFTypeEventsBlack1.PNG", + "WAFFirewallWAFTypeEventsBlack2.PNG", + "WAFFirewallWAFTypeEventsBlack3.PNG", + "WAFFirewallWAFTypeEventsBlack4.PNG", + "WAFFirewallWAFTypeEventsWhite1.png", + "WAFFirewallWAFTypeEventsWhite2.PNG", + "WAFFirewallWAFTypeEventsWhite3.PNG", + "WAFFirewallWAFTypeEventsWhite4.PNG" + ], + "version": "1.1.0", + "title": "Microsoft Web Application Firewall (WAF) - Azure WAF", + "templateRelativePath": "WebApplicationFirewallWAFTypeEvents.json", + "subtitle": "", + "provider": "Microsoft" + }, + { + "workbookKey": "OrcaAlertsOverviewWorkbook", + "logoFileName": "Orca_logo.svg", + "description": "A visualized overview of Orca security alerts.\nExplore, analize and learn about your security posture using Orca alerts Overview", + "dataTypesDependencies": [ + "OrcaAlerts_CL" + ], + "dataConnectorsDependencies": [ + "OrcaSecurityAlerts" + ], + "previewImagesFileNames": [ + "OrcaAlertsWhite.png", + "OrcaAlertsBlack.png" + ], + "version": "1.1.0", + "title": "Orca alerts overview", + "templateRelativePath": "OrcaAlerts.json", + "subtitle": "", + "provider": "Orca Security" + }, + { + "workbookKey": "CyberArkWorkbook", + "logoFileName": "CyberArk_Logo.svg", + "description": "The CyberArk Syslog connector allows you to easily connect all your CyberArk security solution logs with your Microsoft Sentinel, to view dashboards, create custom alerts, and improve investigation. Integration between CyberArk and Microsoft Sentinel makes use of the CEF Data Connector to properly parse and display CyberArk Syslog messages.", + "dataTypesDependencies": [ + "CommonSecurityLog" + ], + "dataConnectorsDependencies": [ + "CyberArk" + ], + "previewImagesFileNames": [ + "CyberArkActivitiesWhite.PNG", + "CyberArkActivitiesBlack.PNG" + ], + "version": "1.1.0", + "title": "CyberArk EPV Events", + "templateRelativePath": "CyberArkEPV.json", + "subtitle": "", + "provider": "CyberArk" + }, + { + "workbookKey": "UserEntityBehaviorAnalyticsWorkbook", + "logoFileName": "Azure_Sentinel.svg", + "description": "Identify compromised users and insider threats using User and Entity Behavior Analytics. Gain insights into anomalous user behavior from baselines learned from behavior patterns", + "dataTypesDependencies": [ + "BehaviorAnalytics" + ], + "dataConnectorsDependencies": [], + "previewImagesFileNames": [ + "UserEntityBehaviorAnalyticsBlack1.png", + "UserEntityBehaviorAnalyticsWhite1.png" + ], + "version": "1.2.0", + "title": "User And Entity Behavior Analytics", + "templateRelativePath": "UserEntityBehaviorAnalytics.json", + "subtitle": "", + "provider": "Microsoft" + }, + { + "workbookKey": "CitrixWAF", + "logoFileName": "citrix_logo.svg", + "description": "Gain insight into the Citrix WAF logs", + "dataTypesDependencies": [ + "CommonSecurityLog" + ], + "dataConnectorsDependencies": [ + "CitrixWAF" + ], + "previewImagesFileNames": [ + "CitrixWAFBlack.png", + "CitrixWAFWhite.png" + ], + "version": "1.0.0", + "title": "Citrix WAF (Web App Firewall)", + "templateRelativePath": "CitrixWAF.json", + "subtitle": "", + "provider": "Citrix Systems Inc." + }, + { + "workbookKey": "UnifiSGWorkbook", + "logoFileName": "", + "description": "Gain insights into Unifi Security Gateways analyzing traffic and activities.", + "dataTypesDependencies": [ + "CommonSecurityLog" + ], + "dataConnectorsDependencies": [], + "previewImagesFileNames": [ + "UnifiSGBlack.png", + "UnifiSGWhite.png" + ], + "version": "1.0.0", + "title": "Unifi Security Gateway", + "templateRelativePath": "UnfiSG.json", + "subtitle": "", + "provider": "Microsoft Sentinel community" + }, + { + "workbookKey": "UnifiSGNetflowWorkbook", + "logoFileName": "", + "description": "Gain insights into Unifi Security Gateways analyzing traffic and activities using Netflow.", + "dataTypesDependencies": [ + "netflow_CL" + ], + "dataConnectorsDependencies": [], + "previewImagesFileNames": [ + "UnifiSGNetflowBlack.png", + "UnifiSGNetflowWhite.png" + ], + "version": "1.0.0", + "title": "Unifi Security Gateway - NetFlow", + "templateRelativePath": "UnfiSGNetflow.json", + "subtitle": "", + "provider": "Microsoft Sentinel community" + }, + { + "workbookKey": "NormalizedNetworkEventsWorkbook", + "logoFileName": "Azure_Sentinel.svg", + "description": "See insights on multiple networking appliances and other network sessions, that have been parsed or mapped to the normalized networking sessions table. Note this requires enabling parsers for the different products - to learn more, visit https://aka.ms/sentinelnormalizationdocs", + "dataTypesDependencies": [], + "dataConnectorsDependencies": [], + "previewImagesFileNames": [ + "NormalizedNetworkEventsWhite.png", + "NormalizedNetworkEventsBlack.png" + ], + "version": "1.0.0", + "title": "Normalized network events", + "templateRelativePath": "NormalizedNetworkEvents.json", + "subtitle": "", + "provider": "Microsoft" + }, + { + "workbookKey": "WorkspaceAuditingWorkbook", + "logoFileName": "Azure_Sentinel.svg", + "description": "Workspace auditing report\r\nUse this report to understand query runs across your workspace.", + "dataTypesDependencies": [ + "LAQueryLogs" + ], + "dataConnectorsDependencies": [], + "previewImagesFileNames": [ + "WorkspaceAuditingWhite.png", + "WorkspaceAuditingBlack.png" + ], + "version": "1.0.0", + "title": "Workspace audit", + "templateRelativePath": "WorkspaceAuditing.json", + "subtitle": "", + "provider": "Microsoft Sentinel community" + }, + { + "workbookKey": "MITREATTACKWorkbook", + "logoFileName": "Azure_Sentinel.svg", + "description": "Workbook to showcase MITRE ATT&CK Coverage for Microsoft Sentinel", + "dataTypesDependencies": [ + "SecurityAlert" + ], + "dataConnectorsDependencies": [], + "previewImagesFileNames": [ + "MITREATTACKWhite1.PNG", + "MITREATTACKWhite2.PNG", + "MITREATTACKBlack1.PNG", + "MITREATTACKBlack2.PNG" + ], + "version": "1.0.1", + "title": "MITRE ATT&CK Workbook", + "templateRelativePath": "MITREAttack.json", + "subtitle": "", + "provider": "Microsoft Sentinel community" + }, + { + "workbookKey": "BETTERMTDWorkbook", + "logoFileName": "BETTER_MTD_logo.svg", + "description": "Workbook using the BETTER Mobile Threat Defense (MTD) connector, to give insights into your mobile devices, installed application and overall device security posture.", + "dataTypesDependencies": [ + "BetterMTDDeviceLog_CL", + "BetterMTDAppLog_CL", + "BetterMTDIncidentLog_CL", + "BetterMTDNetflowLog_CL" + ], + "dataConnectorsDependencies": [ + "BetterMTD" + ], + "previewImagesFileNames": [ + "BetterMTDWorkbookPreviewWhite1.png", + "BetterMTDWorkbookPreviewWhite2.png", + "BetterMTDWorkbookPreviewWhite3.png", + "BetterMTDWorkbookPreviewBlack1.png", + "BetterMTDWorkbookPreviewBlack2.png", + "BetterMTDWorkbookPreviewBlack3.png" + ], + "version": "1.1.0", + "title": "BETTER Mobile Threat Defense (MTD)", + "templateRelativePath": "BETTER_MTD_Workbook.json", + "subtitle": "", + "provider": "BETTER Mobile" + }, + { + "workbookKey": "AlsidIoEWorkbook", + "logoFileName": "Alsid.svg", + "description": "Workbook showcasing the state and evolution of your Alsid for AD Indicators of Exposures alerts.", + "dataTypesDependencies": [ + "AlsidForADLog_CL" + ], + "dataConnectorsDependencies": [ + "AlsidForAD" + ], + "previewImagesFileNames": [ + "AlsidIoEBlack1.png", + "AlsidIoEBlack2.png", + "AlsidIoEBlack3.png", + "AlsidIoEWhite1.png", + "AlsidIoEWhite2.png", + "AlsidIoEWhite3.png" + ], + "version": "1.0.0", + "title": "Alsid for AD | Indicators of Exposure", + "templateRelativePath": "AlsidIoE.json", + "subtitle": "", + "provider": "Alsid" + }, + { + "workbookKey": "AlsidIoAWorkbook", + "logoFileName": "Alsid.svg", + "description": "Workbook showcasing the state and evolution of your Alsid for AD Indicators of Attack alerts.", + "dataTypesDependencies": [ + "AlsidForADLog_CL" + ], + "dataConnectorsDependencies": [ + "AlsidForAD" + ], + "previewImagesFileNames": [ + "AlsidIoABlack1.png", + "AlsidIoABlack2.png", + "AlsidIoABlack3.png", + "AlsidIoAWhite1.png", + "AlsidIoAWhite2.png", + "AlsidIoAWhite3.png" + ], + "version": "1.0.0", + "title": "Alsid for AD | Indicators of Attack", + "templateRelativePath": "AlsidIoA.json", + "subtitle": "", + "provider": "Alsid" + }, + { + "workbookKey": "InvestigationInsightsWorkbook", + "logoFileName": "Microsoft_logo.svg", + "description": "Help analysts gain insight into incident, bookmark and entity data through the Investigation Insights Workbook. This workbook provides common queries and detailed visualizations to help an analyst investigate suspicious activities quickly with an easy to use interface. Analysts can start their investigation from a Microsoft Sentinel incident, bookmark, or by simply entering the entity data into the workbook manually.", + "dataTypesDependencies": [ + "AuditLogs", + "AzureActivity", + "CommonSecurityLog", + "OfficeActivity", + "SecurityEvent", + "SigninLogs", + "ThreatIntelligenceIndicator" + ], + "dataConnectorsDependencies": [ + "AzureActivity", + "SecurityEvents", + "Office365", + "AzureActiveDirectory", + "ThreatIntelligence", + "ThreatIntelligenceTaxii", + "WindowsSecurityEvents" + ], + "previewImagesFileNames": [ + "InvestigationInsightsWhite1.png", + "InvestigationInsightsBlack1.png", + "InvestigationInsightsWhite2.png", + "InvestigationInsightsBlack2.png" + ], + "version": "1.4.0", + "title": "Investigation Insights", + "templateRelativePath": "InvestigationInsights.json", + "subtitle": "", + "provider": "Microsoft Sentinel community" + }, + { + "workbookKey": "AksSecurityWorkbook", + "logoFileName": "Kubernetes_services.svg", + "description": "See insights about the security of your AKS clusters. The workbook helps to identify sensitive operations in the clusters and get insights based on Azure Defender alerts.", + "dataTypesDependencies": [ + "SecurityAlert", + "AzureDiagnostics" + ], + "dataConnectorsDependencies": [ + "AzureSecurityCenter", + "AzureKubernetes" + ], + "previewImagesFileNames": [ + "AksSecurityWhite.png", + "AksSecurityBlack.png" + ], + "version": "1.5.0", + "title": "Azure Kubernetes Service (AKS) Security", + "templateRelativePath": "AksSecurity.json", + "subtitle": "", + "provider": "Microsoft" + }, + { + "workbookKey": "AzureKeyVaultWorkbook", + "logoFileName": "KeyVault.svg", + "description": "See insights about the security of your Azure key vaults. The workbook helps to identify sensitive operations in the key vaults and get insights based on Azure Defender alerts.", + "dataTypesDependencies": [ + "SecurityAlert", + "AzureDiagnostics" + ], + "dataConnectorsDependencies": [ + "AzureSecurityCenter", + "AzureKeyVault" + ], + "previewImagesFileNames": [ + "AkvSecurityWhite.png", + "AkvSecurityBlack.png" + ], + "version": "1.1.0", + "title": "Azure Key Vault Security", + "templateRelativePath": "AzureKeyVaultWorkbook.json", + "subtitle": "", + "provider": "Microsoft" + }, + { + "workbookKey": "IncidentOverview", + "logoFileName": "Azure_Sentinel.svg", + "description": "The Incident Overview workbook is designed to assist in triaging and investigation by providing in-depth information about the incident, including:\r\n* General information\r\n* Entity data\r\n* Triage time (time between incident creation and first response)\r\n* Mitigation time (time between incident creation and closing)\r\n* Comments\r\n\r\nCustomize this workbook by saving and editing it. \r\nYou can reach this workbook template from the incidents panel as well. Once you have customized it, the link from the incident panel will open the customized workbook instead of the template.\r\n", + "dataTypesDependencies": [ + "SecurityAlert", + "SecurityIncident" + ], + "dataConnectorsDependencies": [], + "previewImagesFileNames": [ + "IncidentOverviewBlack1.png", + "IncidentOverviewWhite1.png", + "IncidentOverviewBlack2.png", + "IncidentOverviewWhite2.png" + ], + "version": "2.1.0", + "title": "Incident overview", + "templateRelativePath": "IncidentOverview.json", + "subtitle": "", + "provider": "Microsoft" + }, + { + "workbookKey": "SecurityOperationsEfficiency", + "logoFileName": "Azure_Sentinel.svg", + "description": "Security operations center managers can view overall efficiency metrics and measures regarding the performance of their team. They can find operations by multiple indicators over time including severity, MITRE tactics, mean time to triage, mean time to resolve and more. The SOC manager can develop a picture of the performance in both general and specific areas over time and use it to improve efficiency.", + "dataTypesDependencies": [ + "SecurityAlert", + "SecurityIncident" + ], + "dataConnectorsDependencies": [], + "previewImagesFileNames": [ + "SecurityEfficiencyWhite1.png", + "SecurityEfficiencyWhite2.png", + "SecurityEfficiencyBlack1.png", + "SecurityEfficiencyBlack2.png" + ], + "version": "1.5.0", + "title": "Security Operations Efficiency", + "templateRelativePath": "SecurityOperationsEfficiency.json", + "subtitle": "", + "provider": "Microsoft" + }, + { + "workbookKey": "DataCollectionHealthMonitoring", + "logoFileName": "Azure_Sentinel.svg", + "description": "Gain insights into your workspace's data ingestion status. In this workbook, you can view additional monitors and detect anomalies that will help you determine your workspace\u2019s data collection health.", + "dataTypesDependencies": [], + "dataConnectorsDependencies": [], + "previewImagesFileNames": [ + "HealthMonitoringWhite1.png", + "HealthMonitoringWhite2.png", + "HealthMonitoringWhite3.png", + "HealthMonitoringBlack1.png", + "HealthMonitoringBlack2.png", + "HealthMonitoringBlack3.png" + ], + "version": "1.0.0", + "title": "Data collection health monitoring", + "templateRelativePath": "DataCollectionHealthMonitoring.json", + "subtitle": "", + "provider": "Microsoft" + }, + { + "workbookKey": "OnapsisAlarmsWorkbook", + "logoFileName": "onapsis_logo.svg", + "description": "Gain insights into what is going on in your SAP Systems with this overview of the alarms triggered in the Onapsis Platform. Incidents are enriched with context and next steps to help your Security team respond effectively.", + "dataTypesDependencies": [ + "CommonSecurityLog" + ], + "dataConnectorsDependencies": [ + "OnapsisPlatform" + ], + "previewImagesFileNames": [ + "OnapsisWhite1.PNG", + "OnapsisBlack1.PNG", + "OnapsisWhite2.PNG", + "OnapsisBlack2.PNG" + ], + "version": "1.0.0", + "title": "Onapsis Alarms Overview", + "templateRelativePath": "OnapsisAlarmsOverview.json", + "subtitle": "", + "provider": "Onapsis" + }, + { + "workbookKey": "DelineaWorkbook", + "logoFileName": "DelineaLogo.svg", + "description": "The Delinea Secret Server Syslog connector", + "dataTypesDependencies": [ + "CommonSecurityLog" + ], + "dataConnectorsDependencies": [ + "DelineaSecretServer_CEF" + ], + "previewImagesFileNames": [ + "DelineaWorkbookWhite.PNG", + "DelineaWorkbookBlack.PNG" + ], + "version": "1.0.0", + "title": "Delinea Secret Server Workbook", + "templateRelativePath": "DelineaWorkbook.json", + "subtitle": "", + "provider": "Delinea" + }, + { + "workbookKey": "ForcepointCloudSecurityGatewayWorkbook", + "logoFileName": "Forcepoint_new_logo.svg", + "description": "Use this report to understand query runs across your workspace.", + "dataTypesDependencies": [ + "CommonSecurityLog" + ], + "dataConnectorsDependencies": [ + "ForcepointCSG" + ], + "previewImagesFileNames": [ + "ForcepointCloudSecurityGatewayWhite.png", + "ForcepointCloudSecurityGatewayBlack.png" + ], + "version": "1.0.0", + "title": "Forcepoint Cloud Security Gateway Workbook", + "templateRelativePath": "ForcepointCloudSecuirtyGatewayworkbook.json", + "subtitle": "", + "provider": "Forcepoint" + }, + { + "workbookKey": "IntsightsIOCWorkbook", + "logoFileName": "IntSights_logo.svg", + "description": "This Microsoft Sentinel workbook provides an overview of Indicators of Compromise (IOCs) and their correlations allowing users to analyze and visualize indicators based on severity, type, and other parameters.", + "dataTypesDependencies": [ + "ThreatIntelligenceIndicator", + "SecurityAlert" + ], + "dataConnectorsDependencies": [ + "ThreatIntelligenceTaxii" + ], + "previewImagesFileNames": [ + "IntsightsIOCWhite.png", + "IntsightsMatchedWhite.png", + "IntsightsMatchedBlack.png", + "IntsightsIOCBlack.png" + ], + "version": "2.0.0", + "title": "IntSights IOC Workbook", + "templateRelativePath": "IntsightsIOCWorkbook.json", + "subtitle": "", + "provider": "IntSights Cyber Intelligence" + }, + { + "workbookKey": "DarktraceSummaryWorkbook", + "logoFileName": "Darktrace.svg", + "description": "A workbook containing relevant KQL queries to help you visualise the data in model breaches from the Darktrace Connector", + "dataTypesDependencies": [ + "CommonSecurityLog" + ], + "dataConnectorsDependencies": [ + "Darktrace" + ], + "previewImagesFileNames": [ + "AIA-DarktraceSummaryWhite.png", + "AIA-DarktraceSummaryBlack.png" + ], + "version": "1.1.0", + "title": "AI Analyst Darktrace Model Breach Summary", + "templateRelativePath": "AIA-Darktrace.json", + "subtitle": "", + "provider": "Darktrace" + }, + { + "workbookKey": "TrendMicroXDR", + "logoFileName": "trendmicro_logo.svg", + "description": "Gain insights from Trend Vision One with this overview of the Alerts triggered.", + "dataTypesDependencies": [ + "TrendMicro_XDR_WORKBENCH_CL" + ], + "dataConnectorsDependencies": [ + "TrendMicroXDR" + ], + "previewImagesFileNames": [ + "TrendMicroXDROverviewWhite.png", + "TrendMicroXDROverviewBlack.png" + ], + "version": "1.3.0", + "title": "Trend Vision One Alert Overview", + "templateRelativePath": "TrendMicroXDROverview.json", + "subtitle": "", + "provider": "Trend Micro" + }, + { + "workbookKey": "CyberpionOverviewWorkbook", + "logoFileName": "cyberpion_logo.svg", + "description": "Use Cyberpion's Security Logs and this workbook, to get an overview of your online assets, gain insights into their current state, and find ways to better secure your ecosystem.", + "dataTypesDependencies": [ + "CyberpionActionItems_CL" + ], + "dataConnectorsDependencies": [ + "CyberpionSecurityLogs" + ], + "previewImagesFileNames": [ + "CyberpionActionItemsBlack.png", + "CyberpionActionItemsWhite.png" + ], + "version": "1.0.0", + "title": "Cyberpion Overview", + "templateRelativePath": "CyberpionOverviewWorkbook.json", + "subtitle": "", + "provider": "Cyberpion" + }, + { + "workbookKey": "SolarWindsPostCompromiseHuntingWorkbook", + "logoFileName": "MSTIC-Logo.svg", + "description": "This hunting workbook is intended to help identify activity related to the Solorigate compromise and subsequent attacks discovered in December 2020", + "dataTypesDependencies": [ + "CommonSecurityLog", + "SigninLogs", + "AuditLogs", + "AADServicePrincipalSignInLogs", + "OfficeActivity", + "BehaviorAnalytics", + "SecurityEvent", + "DeviceProcessEvents", + "SecurityAlert", + "DnsEvents" + ], + "dataConnectorsDependencies": [ + "AzureActiveDirectory", + "SecurityEvents", + "Office365", + "MicrosoftThreatProtection", + "DNS", + "WindowsSecurityEvents" + ], + "previewImagesFileNames": [ + "SolarWindsPostCompromiseHuntingWhite.png", + "SolarWindsPostCompromiseHuntingBlack.png" + ], + "version": "1.5.0", + "title": "SolarWinds Post Compromise Hunting", + "templateRelativePath": "SolarWindsPostCompromiseHunting.json", + "subtitle": "", + "provider": "Microsoft" + }, + { + "workbookKey": "ProofpointPODWorkbook", + "logoFileName": "proofpointlogo.svg", + "description": "Gain insights into your Proofpoint on Demand Email Security activities, including maillog and messages data. The Workbook provides users with an executive dashboard showing the reporting capabilities, message traceability and monitoring.", + "dataTypesDependencies": [ + "ProofpointPOD_maillog_CL", + "ProofpointPOD_message_CL" + ], + "dataConnectorsDependencies": [ + "ProofpointPOD" + ], + "previewImagesFileNames": [ + "ProofpointPODMainBlack1.png", + "ProofpointPODMainBlack2.png", + "ProofpointPODMainWhite1.png", + "ProofpointPODMainWhite2.png", + "ProofpointPODMessageSummaryBlack.png", + "ProofpointPODMessageSummaryWhite.png", + "ProofpointPODTLSBlack.png", + "ProofpointPODTLSWhite.png" + ], + "version": "1.0.0", + "title": "Proofpoint On-Demand Email Security", + "templateRelativePath": "ProofpointPOD.json", + "subtitle": "", + "provider": "Proofpoint" + }, + { + "workbookKey": "CiscoUmbrellaWorkbook", + "logoFileName": "cisco_logo.svg", + "description": "Gain insights into Cisco Umbrella activities, including the DNS, Proxy and Cloud Firewall data. Workbook shows general information along with threat landscape including categories, blocked destinations and URLs.", + "dataTypesDependencies": [ + "Cisco_Umbrella_dns_CL", + "Cisco_Umbrella_proxy_CL", + "Cisco_Umbrella_ip_CL", + "Cisco_Umbrella_cloudfirewall_CL" + ], + "dataConnectorsDependencies": [ + "CiscoUmbrellaDataConnector" + ], + "previewImagesFileNames": [ + "CiscoUmbrellaDNSBlack1.png", + "CiscoUmbrellaDNSBlack2.png", + "CiscoUmbrellaDNSWhite1.png", + "CiscoUmbrellaDNSWhite2.png", + "CiscoUmbrellaFirewallBlack.png", + "CiscoUmbrellaFirewallWhite.png", + "CiscoUmbrellaMainBlack1.png", + "CiscoUmbrellaMainBlack2.png", + "CiscoUmbrellaMainWhite1.png", + "CiscoUmbrellaMainWhite2.png", + "CiscoUmbrellaProxyBlack1.png", + "CiscoUmbrellaProxyBlack2.png", + "CiscoUmbrellaProxyWhite1.png", + "CiscoUmbrellaProxyWhite2.png" + ], + "version": "1.0.0", + "title": "Cisco Umbrella", + "templateRelativePath": "CiscoUmbrella.json", + "subtitle": "", + "provider": "Cisco" + }, + { + "workbookKey": "AnalyticsEfficiencyWorkbook", + "logoFileName": "Azure_Sentinel.svg", + "description": "Gain insights into the efficacy of your analytics rules. In this workbook you can analyze and monitor the analytics rules found in your workspace to achieve better performance by your SOC.", + "dataTypesDependencies": [ + "SecurityAlert", + "SecurityIncident" + ], + "dataConnectorsDependencies": [], + "previewImagesFileNames": [ + "AnalyticsEfficiencyBlack.png", + "AnalyticsEfficiencyWhite.png" + ], + "version": "1.2.0", + "title": "Analytics Efficiency", + "templateRelativePath": "AnalyticsEfficiency.json", + "subtitle": "", + "provider": "Microsoft" + }, + { + "workbookKey": "WorkspaceUsage", + "logoFileName": "Azure_Sentinel.svg", + "description": "Gain insights into your workspace's usage. In this workbook, you can view your workspace\u2019s data consumption, latency, recommended tasks and Cost and Usage statistics.", + "dataTypesDependencies": [], + "dataConnectorsDependencies": [], + "previewImagesFileNames": [ + "WorkspaceUsageBlack.png", + "WorkspaceUsageWhite.png" + ], + "version": "1.6.0", + "title": "Workspace Usage Report", + "templateRelativePath": "WorkspaceUsage.json", + "subtitle": "", + "provider": "Microsoft Sentinel community" + }, + { + "workbookKey": "SentinelCentral", + "logoFileName": "Azure_Sentinel.svg", + "description": "Use this report to view Incident (and Alert data) across many workspaces, this works with Azure Lighthouse and across any subscription you have access to.", + "dataTypesDependencies": [ + "SecurityIncident" + ], + "dataConnectorsDependencies": [], + "previewImagesFileNames": [ + "SentinelCentralBlack.png", + "SentinelCentralWhite.png" + ], + "version": "2.1.1", + "title": "Microsoft Sentinel Central", + "templateRelativePath": "SentinelCentral.json", + "subtitle": "", + "provider": "Microsoft Sentinel community" + }, + { + "workbookKey": "CognniIncidentsWorkbook", + "logoFileName": "cognni-logo.svg", + "description": "Gain intelligent insights into the risks to your important financial, legal, HR, and governance information. This workbook lets you monitor your at-risk information to determine when and why incidents occurred, as well as who was involved. These incidents are broken into high, medium, and low risk incidents for each information category.", + "dataTypesDependencies": [ + "CognniIncidents_CL" + ], + "dataConnectorsDependencies": [ + "CognniSentinelDataConnector" + ], + "previewImagesFileNames": [ + "CognniBlack.PNG", + "CognniWhite.PNG" + ], + "version": "1.0.0", + "title": "Cognni Important Information Incidents", + "templateRelativePath": "CognniIncidentsWorkbook.json", + "subtitle": "", + "provider": "Cognni" + }, + { + "workbookKey": "pfsense", + "logoFileName": "pfsense_logo.svg", + "description": "Gain insights into pfsense logs from both filterlog and nginx.", + "dataTypesDependencies": [ + "CommonSecurityLog" + ], + "dataConnectorsDependencies": [], + "previewImagesFileNames": [ + "pfsenseBlack.png", + "pfsenseWhite.png" + ], + "version": "1.0.0", + "title": "pfsense", + "templateRelativePath": "pfsense.json", + "subtitle": "", + "provider": "Microsoft Sentinel community" + }, + { + "workbookKey": "ExchangeCompromiseHunting", + "logoFileName": "MSTIC-Logo.svg", + "description": "This workbook is intended to help defenders in responding to the Exchange Server vulnerabilities disclosed in March 2021, as well as hunting for potential compromise activity. More details on these vulnearbilities can be found at: https://aka.ms/exchangevulns", + "dataTypesDependencies": [ + "SecurityEvent", + "W3CIISLog" + ], + "dataConnectorsDependencies": [ + "SecurityEvents", + "AzureMonitor(IIS)", + "WindowsSecurityEvents" + ], + "previewImagesFileNames": [ + "ExchangeBlack.png", + "ExchangeWhite.png" + ], + "version": "1.0.0", + "title": "Exchange Compromise Hunting", + "templateRelativePath": "ExchangeCompromiseHunting.json", + "subtitle": "", + "provider": "Microsoft" + }, + { + "workbookKey": "SOCProcessFrameworkWorkbook", + "logoFileName": "Azure_Sentinel.svg", + "description": "Built by Microsoft's Sentinel GBB's - This workbook contains years of SOC Best Practices and is intended to help SOCs mature and leverage industry standards in Operationalizing their SOC in using Microsoft Sentinel. It contains Processes and Procedures every SOC should consider and builds a high level of operational excellence.", + "dataTypesDependencies": [], + "dataConnectorsDependencies": [], + "previewImagesFileNames": [ + "SOCProcessFrameworkCoverImage1White.png", + "SOCProcessFrameworkCoverImage1Black.png", + "SOCProcessFrameworkCoverImage2White.png", + "SOCProcessFrameworkCoverImage2Black.png" + ], + "version": "1.1.0", + "title": "SOC Process Framework", + "templateRelativePath": "SOCProcessFramework.json", + "subtitle": "", + "provider": "Microsoft Sentinel Community" + }, + { + "workbookKey": "Building_a_SOCLargeStaffWorkbook", + "logoFileName": "Azure_Sentinel.svg", + "description": "Built by Microsoft's Sentinel GBB's - This workbook contains years of SOC Best Practices and is intended to help SOCs mature and leverage industry standards in Operationalizing their SOC in using Microsoft Sentinel. It contains Processes and Procedures every SOC should consider and builds a high level of operational excellence.", + "dataTypesDependencies": [], + "dataConnectorsDependencies": [], + "previewImagesFileNames": [ + "SOCProcessFrameworkCoverImage1White.png", + "SOCProcessFrameworkCoverImage1Black.png", + "SOCProcessFrameworkCoverImage2White.png", + "SOCProcessFrameworkCoverImage2Black.png" + ], + "version": "1.1.0", + "title": "SOC Large Staff", + "templateRelativePath": "Building_a_SOCLargeStaff.json", + "subtitle": "", + "provider": "Microsoft Sentinel Community" + }, + { + "workbookKey": "Building_a_SOCMediumStaffWorkbook", + "logoFileName": "Azure_Sentinel.svg", + "description": "Built by Microsoft's Sentinel GBB's - This workbook contains years of SOC Best Practices and is intended to help SOCs mature and leverage industry standards in Operationalizing their SOC in using Microsoft Sentinel. It contains Processes and Procedures every SOC should consider and builds a high level of operational excellence.", + "dataTypesDependencies": [], + "dataConnectorsDependencies": [], + "previewImagesFileNames": [ + "SOCProcessFrameworkCoverImage1White.png", + "SOCProcessFrameworkCoverImage1Black.png", + "SOCProcessFrameworkCoverImage2White.png", + "SOCProcessFrameworkCoverImage2Black.png" + ], + "version": "1.1.0", + "title": "SOC Medium Staff", + "templateRelativePath": "Building_a_SOCMediumStaff.json", + "subtitle": "", + "provider": "Microsoft Sentinel Community" + }, + { + "workbookKey": "Building_a_SOCPartTimeStaffWorkbook", + "logoFileName": "Azure_Sentinel.svg", + "description": "Built by Microsoft's Sentinel GBB's - This workbook contains years of SOC Best Practices and is intended to help SOCs mature and leverage industry standards in Operationalizing their SOC in using Microsoft Sentinel. It contains Processes and Procedures every SOC should consider and builds a high level of operational excellence.", + "dataTypesDependencies": [], + "dataConnectorsDependencies": [], + "previewImagesFileNames": [ + "SOCProcessFrameworkCoverImage1White.png", + "SOCProcessFrameworkCoverImage1Black.png", + "SOCProcessFrameworkCoverImage2White.png", + "SOCProcessFrameworkCoverImage2Black.png" + ], + "version": "1.1.0", + "title": "SOC Part Time Staff", + "templateRelativePath": "Building_a_SOCPartTimeStaff.json", + "subtitle": "", + "provider": "Microsoft Sentinel Community" + }, + { + "workbookKey": "Building_a_SOCSmallStaffWorkbook", + "logoFileName": "Azure_Sentinel.svg", + "description": "Built by Microsoft's Sentinel GBB's - This workbook contains years of SOC Best Practices and is intended to help SOCs mature and leverage industry standards in Operationalizing their SOC in using Microsoft Sentinel. It contains Processes and Procedures every SOC should consider and builds a high level of operational excellence.", + "dataTypesDependencies": [], + "dataConnectorsDependencies": [], + "previewImagesFileNames": [ + "SOCProcessFrameworkCoverImage1White.png", + "SOCProcessFrameworkCoverImage1Black.png", + "SOCProcessFrameworkCoverImage2White.png", + "SOCProcessFrameworkCoverImage2Black.png" + ], + "version": "1.1.0", + "title": "SOC Small Staff", + "templateRelativePath": "Building_a_SOCSmallStaff.json", + "subtitle": "", + "provider": "Microsoft Sentinel Community" + }, + { + "workbookKey": "SOCIRPlanningWorkbook", + "logoFileName": "Azure_Sentinel.svg", + "description": "Built by Microsoft's Sentinel GBB's - This workbook contains years of SOC Best Practices and is intended to help SOCs mature and leverage industry standards in Operationalizing their SOC in using Microsoft Sentinel. It contains Processes and Procedures every SOC should consider and builds a high level of operational excellence.", + "dataTypesDependencies": [], + "dataConnectorsDependencies": [], + "previewImagesFileNames": [ + "SOCProcessFrameworkCoverImage1White.png", + "SOCProcessFrameworkCoverImage1Black.png", + "SOCProcessFrameworkCoverImage2White.png", + "SOCProcessFrameworkCoverImage2Black.png" + ], + "version": "1.1.0", + "title": "SOC IR Planning", + "templateRelativePath": "SOCIRPlanning.json", + "subtitle": "", + "provider": "Microsoft Sentinel Community" + }, + { + "workbookKey": "UpdateSOCMaturityScoreWorkbook", + "logoFileName": "Azure_Sentinel.svg", + "description": "Built by Microsoft's Sentinel GBB's - This workbook contains years of SOC Best Practices and is intended to help SOCs mature and leverage industry standards in Operationalizing their SOC in using Microsoft Sentinel. It contains Processes and Procedures every SOC should consider and builds a high level of operational excellence.", + "dataTypesDependencies": [], + "dataConnectorsDependencies": [], + "previewImagesFileNames": [ + "SOCProcessFrameworkCoverImage1White.png", + "SOCProcessFrameworkCoverImage1Black.png", + "SOCProcessFrameworkCoverImage2White.png", + "SOCProcessFrameworkCoverImage2Black.png" + ], + "version": "1.1.0", + "title": "Update SOC Maturity Score", + "templateRelativePath": "UpdateSOCMaturityScore.json", + "subtitle": "", + "provider": "Microsoft Sentinel Community" + }, + { + "workbookKey": "Microsoft365SecurityPosture", + "logoFileName": "M365securityposturelogo.svg", + "description": "This workbook presents security posture data collected from Azure Security Center, M365 Defender, Defender for Endpoint, and Microsoft Cloud App Security. This workbook relies on the M365 Security Posture Playbook in order to bring the data in.", + "dataTypesDependencies": [ + "M365SecureScore_CL", + "MDfESecureScore_CL", + "MDfEExposureScore_CL", + "MDfERecommendations_CL", + "MDfEVulnerabilitiesList_CL", + "McasShadowItReporting" + ], + "dataConnectorsDependencies": [], + "previewImagesFileNames": [ + "M365securitypostureblack.png", + "M365securityposturewhite.png" + ], + "version": "1.0.0", + "title": "Microsoft 365 Security Posture", + "templateRelativePath": "M365SecurityPosture.json", + "subtitle": "", + "provider": "Microsoft Sentinel Community" + }, + { + "workbookKey": "AzureSentinelCost", + "logoFileName": "Azure_Sentinel.svg", + "description": "This workbook provides an estimated cost across the main billed items in Microsoft Sentinel: ingestion, retention and automation. It also provides insight about the possible impact of the Microsoft 365 E5 offer.", + "dataTypesDependencies": [ + "Usage" + ], + "dataConnectorsDependencies": [], + "previewImagesFileNames": [ + "AzureSentinelCostWhite.png", + "AzureSentinelCostBlack.png" + ], + "version": "1.5.1", + "title": "Microsoft Sentinel Cost", + "templateRelativePath": "AzureSentinelCost.json", + "subtitle": "", + "provider": "Microsoft Sentinel Community" + }, + { + "workbookKey": "ADXvsLA", + "logoFileName": "Azure_Sentinel.svg", + "description": "This workbook shows the tables from Microsoft Sentinel which are backed up in ADX. It also provides a comparison between the entries in the Microsoft Sentinel tables and the ADX tables. Lastly some general information about the queries and ingestion on ADX is shown.", + "dataTypesDependencies": [], + "dataConnectorsDependencies": [], + "previewImagesFileNames": [ + "ADXvsLABlack.PNG", + "ADXvsLAWhite.PNG" + ], + "version": "1.0.0", + "title": "ADXvsLA", + "templateRelativePath": "ADXvsLA.json", + "subtitle": "", + "provider": "Microsoft Sentinel Community" + }, + { + "workbookKey": "MicrosoftDefenderForOffice365", + "logoFileName": "office365_logo.svg", + "description": "Gain insights into your Microsoft Defender for Office 365 raw data logs. This workbook lets you look at trends in email senders, attachments and embedded URL data to find anomalies. You can also search by, sender, recipient, subject, attachment or embedded URL to find where the related messages have been sent.", + "dataTypesDependencies": [ + "EmailEvents", + "EmailUrlInfo", + "EmailAttachmentInfo" + ], + "dataConnectorsDependencies": [], + "previewImagesFileNames": [ + "MDOWhite1.png", + "MDOBlack1.png", + "MDOWhite2.png", + "MDOBlack2.png" + ], + "version": "1.0.0", + "title": "Microsoft Defender For Office 365", + "templateRelativePath": "MicrosoftDefenderForOffice365.json", + "subtitle": "", + "provider": "Microsoft Sentinel Community" + }, + { + "workbookKey": "ProofPointThreatDashboard", + "logoFileName": "", + "description": "Provides an overview of email threat activity based on log data provided by ProofPoint", + "dataTypesDependencies": [ + "ProofpointPOD_message_CL", + "ProofpointPOD_maillog_CL", + "ProofPointTAPClicksBlocked_CL", + "ProofPointTAPClicksPermitted_CL", + "ProofPointTAPMessagesBlocked_CL", + "ProofPointTAPMessagesDelivered_CL" + ], + "dataConnectorsDependencies": [ + "ProofpointTAP", + "ProofpointPOD" + ], + "previewImagesFileNames": [ + "ProofPointThreatDashboardBlack1.png", + "ProofPointThreatDashboardWhite1.png" + ], + "version": "1.0.0", + "title": "ProofPoint Threat Dashboard", + "templateRelativePath": "ProofPointThreatDashboard.json", + "subtitle": "", + "provider": "Microsoft Sentinel Community" + }, + { + "workbookKey": "AMAmigrationTracker", + "logoFileName": "Azure_Sentinel.svg", + "description": "See what Azure and Azure Arc servers have Log Analytics agent or Azure Monitor agent installed. Review what DCR (data collection rules) apply to your machines and whether you are collecting logs from those machines into your selected workspaces.", + "dataTypesDependencies": [], + "dataConnectorsDependencies": [], + "previewImagesFileNames": [ + "AMAtrackingWhite1.png", + "AMAtrackingWhite2.png", + "AMAtrackingWhite3.png", + "AMAtrackingBlack1.png", + "AMAtrackingBlack2.png", + "AMAtrackingBlack3.png" + ], + "version": "1.1.0", + "title": "AMA migration tracker", + "templateRelativePath": "AMAmigrationTracker.json", + "subtitle": "", + "provider": "Microsoft Sentinel Community" + }, + { + "workbookKey": "AdvancedKQL", + "logoFileName": "Azure_Sentinel.svg", + "description": "This interactive Workbook is designed to improve your KQL proficiency by using a use-case driven approach.", + "dataTypesDependencies": [], + "dataConnectorsDependencies": [], + "previewImagesFileNames": [ + "AdvancedKQLWhite.png", + "AdvancedKQLBlack.png" + ], + "version": "1.3.0", + "title": "Advanced KQL for Microsoft Sentinel", + "templateRelativePath": "AdvancedKQL.json", + "subtitle": "", + "provider": "Microsoft Sentinel Community" + }, + { + "workbookKey": "DSTIMWorkbook", + "logoFileName": "DSTIM.svg", + "description": "Identify sensitive data blast radius (i.e., who accessed sensitive data, what kinds of sensitive data, from where and when) in a given data security incident investigation or as part of Threat Hunting. Prioritize your investigation based on insights provided with integrations with Watchlists(VIPUsers, TerminatedEmployees and HighValueAssets), Threat Intelligence feed, UEBA baselines and much more.", + "dataTypesDependencies": [ + "DSMAzureBlobStorageLogs", + "DSMDataClassificationLogs", + "DSMDataLabelingLogs", + "Anomalies", + "ThreatIntelligenceIndicator", + "AADManagedIdentitySignInLogs", + "SecurityAlert", + "SigninLogs" + ], + "dataConnectorsDependencies": [], + "previewImagesFileNames": [ + "DSTIMWorkbookBlack.png", + "DSTIMWorkbookWhite.png" + ], + "version": "1.9.0", + "title": "Data Security - Sensitive Data Impact Assessment", + "templateRelativePath": "DSTIMWorkbook.json", + "subtitle": "", + "provider": "Microsoft", + "featureFlag": "DSTIMWorkbook" + }, + { + "workbookKey": "IntrotoKQLWorkbook", + "logoFileName": "", + "description": "Learn and practice the Kusto Query Language. This workbook introduces and provides 100 to 200 level content for new and existing users looking to learn KQL. This workbook will be updated with content over time.", + "dataTypesDependencies": [], + "dataConnectorsDependencies": [], + "previewImagesFileNames": [ + "IntrotoKQL-black.png", + "IntrotoKQL-white.png" + ], + "version": "1.0.0", + "title": "Intro to KQL", + "templateRelativePath": "IntrotoKQL.json", + "subtitle": "", + "provider": "Microsoft Sentinel Community" + }, + { + "workbookKey": "Log4jPostCompromiseHuntingWorkbook", + "logoFileName": "", + "description": "This hunting workbook is intended to help identify activity related to the Log4j compromise discovered in December 2021.", + "dataTypesDependencies": [ + "SecurityNestedRecommendation", + "AzureDiagnostics", + "OfficeActivity", + "W3CIISLog", + "AWSCloudTrail", + "SigninLogs", + "AADNonInteractiveUserSignInLogs", + "imWebSessions", + "imNetworkSession" + ], + "dataConnectorsDependencies": [], + "previewImagesFileNames": [ + "Log4jPostCompromiseHuntingBlack.png", + "Log4jPostCompromiseHuntingWhite.png" + ], + "version": "1.0.0", + "title": "Log4j Post Compromise Hunting", + "templateRelativePath": "Log4jPostCompromiseHunting.json", + "subtitle": "", + "provider": "Microsoft Sentinel Community" + }, + { + "workbookKey": "Log4jImpactAssessmentWorkbook", + "logoFileName": "", + "description": "This hunting workbook is intended to help identify activity related to the Log4j compromise discovered in December 2021.", + "dataTypesDependencies": [ + "SecurityIncident", + "SecurityAlert", + "AzureSecurityCenter", + "MDfESecureScore_CL", + "MDfEExposureScore_CL", + "MDfERecommendations_CL", + "MDfEVulnerabilitiesList_CL" + ], + "dataConnectorsDependencies": [], + "previewImagesFileNames": [], + "version": "1.0.0", + "title": "Log4j Impact Assessment", + "templateRelativePath": "Log4jImpactAssessment.json", + "subtitle": "", + "provider": "Microsoft Sentinel Community" + }, + { + "workbookKey": "UserMap", + "logoFileName": "", + "description": "This Workbook shows MaliciousIP, User SigninLog Data (this shows user Signin Locations and distance between as well as order visited) and WAF information.", + "dataTypesDependencies": [ + "SigninLogs", + "AzureDiagnostics", + "WireData", + "VMconnection", + "CommonSecurityLog", + "WindowsFirewall", + "W3CIISLog", + "DnsEvents" + ], + "dataConnectorsDependencies": [ + "AzureActiveDirectory" + ], + "previewImagesFileNames": [ + "UserMapBlack.png", + "UserMapWhite.png" + ], + "version": "1.0.0", + "title": "User Map information", + "templateRelativePath": "UserMap.json", + "subtitle": "", + "provider": "Microsoft Sentinel Community" + }, + { + "workbookKey": "AWSS3", + "logoFileName": "", + "description": ".", + "dataTypesDependencies": [ + "AWSCloudTrail", + "AWSGuardDuty", + "AWSVPCFlow" + ], + "dataConnectorsDependencies": [ + "AWSS3" + ], + "previewImagesFileNames": [ + "AWSS3Black.png", + "AWSS3White.png", + "AWSS3White1.png" + ], + "version": "1.0.0", + "title": "AWS S3 Workbook", + "templateRelativePath": "AWSS3.json", + "subtitle": "", + "provider": "Microsoft Sentinel Community" + }, + { + "workbookKey": "LogSourcesAndAnalyticRulesCoverageWorkbook", + "logoFileName": "", + "description": "This workbook is intended to show how the different tables in a Log Analytics workspace are being used by the different Microsoft Sentinel features, like analytics, hunting queries, playbooks and queries in general.", + "dataTypesDependencies": [], + "dataConnectorsDependencies": [], + "previewImagesFileNames": [ + "LogSourcesAndAnalyticRulesCoverageBlack.png", + "LogSourcesAndAnalyticRulesCoverageWhite.png" + ], + "version": "1.1.0", + "title": "Log Sources & Analytic Rules Coverage", + "templateRelativePath": "LogSourcesAndAnalyticRulesCoverage.json", + "subtitle": "", + "provider": "Microsoft Sentinel Community" + }, + { + "workbookKey": "CiscoFirepower", + "logoFileName": "", + "description": "Gain insights into your Cisco Firepower firewalls. This workbook analyzes Cisco Firepower device logs.", + "dataTypesDependencies": [ + "CommonSecurityLog" + ], + "dataConnectorsDependencies": [], + "previewImagesFileNames": [ + "CiscoFirepowerBlack.png", + "CiscoFirepowerWhite.png" + ], + "version": "1.0.0", + "title": "Cisco Firepower", + "templateRelativePath": "CiscoFirepower.json", + "subtitle": "", + "provider": "Microsoft Sentinel Community" + }, + { + "workbookKey": "MicrorosftTeams", + "logoFileName": "microsoftteams.svg", + "description": "This workbook is intended to identify the activities on Microrsoft Teams.", + "dataTypesDependencies": [ + "OfficeActivity" + ], + "dataConnectorsDependencies": [], + "previewImagesFileNames": [ + "MicrosoftTeamsBlack.png", + "MicrosoftTeamsWhite.png" + ], + "version": "1.0.0", + "title": "Microsoft Teams", + "templateRelativePath": "MicrosoftTeams.json", + "subtitle": "", + "provider": "Microsoft Sentinel Community" + }, + { + "workbookKey": "ArchivingBasicLogsRetention", + "logoFileName": "ArchivingBasicLogsRetention.svg", + "description": "This workbooks shows workspace and table retention periods, basic logs, and search & restore tables. It also allows you to update table retention periods, plans, and delete search or restore tables.", + "dataTypesDependencies": [], + "dataConnectorsDependencies": [], + "previewImagesFileNames": [ + "ArchivingBasicLogsRetentionBlack1.png", + "ArchivingBasicLogsRetentionWhite1.png" + ], + "version": "1.1.0", + "title": "Archiving, Basic Logs, and Retention", + "templateRelativePath": "ArchivingBasicLogsRetention.json", + "subtitle": "", + "provider": "Microsoft Sentinel Community" + }, + { + "workbookKey": "OktaSingleSignOnWorkbook", + "logoFileName": "okta_logo.svg", + "description": "Gain extensive insight into Okta Single Sign-On (SSO) by analyzing, collecting and correlating Audit and Event events.\nThis workbook provides visibility into message and click events that were permitted, delivered, or blocked", + "dataTypesDependencies": [ + "Okta_CL" + ], + "dataConnectorsDependencies": [ + "OktaSSO" + ], + "previewImagesFileNames": [ + "OktaSingleSignOnWhite.png", + "OktaSingleSignOnBlack.png" + ], + "version": "1.2", + "title": "Okta Single Sign-On", + "templateRelativePath": "OktaSingleSignOn.json", + "subtitle": "", + "provider": "Okta" + }, + { + "workbookKey": "Dynamics365Workbooks", + "logoFileName": "DynamicsLogo.svg", + "description": "This workbook brings together queries and visualizations to assist you in identifying potential threats in your Dynamics 365 audit data.", + "dataTypesDependencies": [ + "Dynamics365Activity" + ], + "dataConnectorsDependencies": [ + "Dynamics365" + ], + "previewImagesFileNames": [ + "Dynamics365WorkbookBlack.png", + "Dynamics365WorkbookWhite.png" + ], + "version": "1.0.3", + "title": "Dynamics365Workbooks", + "templateRelativePath": "Dynamics365Workbooks.json", + "subtitle": "", + "provider": "Microsoft Sentinel Community" + }, + { + "workbookKey": "CiscoMerakiWorkbook", + "logoFileName": "", + "description": "Gain insights into the Events from Cisco Meraki Solution and analyzing all the different types of Security Events. This workbook also helps in identifying the Events from affected devices, IPs and the nodes where malware was successfully detected.\nIP data received in Events is correlated with Threat Intelligence to identify if the reported IP address is known bad based on threat intelligence data.", + "dataTypesDependencies": [ + "meraki_CL", + "CiscoMerakiNativePoller", + "ThreatIntelligenceIndicator" + ], + "dataConnectorsDependencies": [ + "CiscoMeraki", + "CiscoMerakiNativePolling", + "ThreatIntelligence" + ], + "previewImagesFileNames": [ + "CiscoMerakiWorkbookWhite.png", + "CiscoMerakiWorkbookBlack.png" + ], + "version": "1.0.0", + "title": "CiscoMerakiWorkbook", + "templateRelativePath": "CiscoMerakiWorkbook.json", + "subtitle": "", + "provider": "Microsoft" + }, + { + "workbookKey": "SentinelOneWorkbook", + "logoFileName": "", + "description": "Sets the time name for analysis.", + "dataTypesDependencies": [ + "SentinelOne_CL" + ], + "dataConnectorsDependencies": [ + "SentinelOne" + ], + "previewImagesFileNames": [ + "SentinelOneBlack.png", + "SentinelOneWhite.png" + ], + "version": "1.0.0", + "title": "SentinelOneWorkbook", + "templateRelativePath": "SentinelOne.json", + "subtitle": "", + "provider": "Microsoft" + }, + { + "workbookKey": "TrendMicroApexOneWorkbook", + "logoFileName": "trendmicro_logo.svg", + "description": "Sets the time name for analysis.", + "dataTypesDependencies": [ + "CommonSecurityLog" + ], + "dataConnectorsDependencies": [ + "TrendMicroApexOne" + ], + "previewImagesFileNames": [ + "TrendMicroApexOneBlack.png", + "TrendMicroApexOneWhite.png" + ], + "version": "1.0.0", + "title": "Trend Micro Apex One", + "templateRelativePath": "TrendMicroApexOne.json", + "subtitle": "", + "provider": "TrendMicro" + }, + { + "workbookKey": "ContrastProtect", + "logoFileName": "contrastsecurity_logo.svg", + "description": "Select the time range for this Overview.", + "dataTypesDependencies": [ + "CommonSecurityLog" + ], + "dataConnectorsDependencies": [ + "ContrastProtect" + ], + "previewImagesFileNames": [ + "ContrastProtectAllBlack.png", + "ContrastProtectAllWhite.png", + "ContrastProtectEffectiveBlack.png", + "ContrastProtectEffectiveWhite.png", + "ContrastProtectSummaryBlack.png", + "ContrastProtectSummaryWhite.png" + ], + "version": "1.0.0", + "title": "Contrast Protect", + "templateRelativePath": "ContrastProtect.json", + "subtitle": "", + "provider": "contrast security" + }, + { + "workbookKey": "ArmorbloxOverview", + "logoFileName": "armorblox.svg", + "description": "INCIDENTS FROM SELECTED TIME RANGE", + "dataTypesDependencies": [ + "Armorblox_CL" + ], + "dataConnectorsDependencies": [ + "Armorblox" + ], + "previewImagesFileNames": [ + "ArmorbloxOverviewBlack01.png", + "ArmorbloxOverviewBlack02.png", + "ArmorbloxOverviewWhite01.png", + "ArmorbloxOverviewWhite02.png" + ], + "version": "1.0.0", + "title": "Armorblox", + "templateRelativePath": "ArmorbloxOverview.json", + "subtitle": "", + "provider": "Armorblox" + }, + { + "workbookKey": "PaloAltoCDL", + "logoFileName": "paloalto_logo.svg", + "description": "Sets the time name for analysis", + "dataTypesDependencies": [ + "CommonSecurityLog" + ], + "dataConnectorsDependencies": [ + "PaloAltoCDL" + ], + "previewImagesFileNames": [ + "PaloAltoBlack.png", + "PaloAltoWhite.png" + ], + "version": "1.0.0", + "title": "Palo Alto Networks Cortex Data Lake", + "templateRelativePath": "PaloAltoCDL.json", + "subtitle": "", + "provider": "Palo Alto Networks" + }, + { + "workbookKey": "VMwareCarbonBlack", + "logoFileName": "Azure_Sentinel.svg", + "description": "Sets the time name for analysis", + "dataTypesDependencies": [ + "CarbonBlackEvents_CL", + "CarbonBlackAuditLogs_CL", + "CarbonBlackNotifications_CL" + ], + "dataConnectorsDependencies": [ + "VMwareCarbonBlack" + ], + "previewImagesFileNames": [ + "VMwareCarbonBlack.png", + "VMwareCarbonWhite.png" + ], + "version": "1.0.0", + "title": "VMware Carbon Black Cloud", + "templateRelativePath": "VMwareCarbonBlack.json", + "subtitle": "", + "provider": "Microsoft" + }, + { + "workbookKey": "arista-networks", + "logoFileName": "AristaAwakeSecurity.svg", + "description": "Sets the time name for analysis", + "dataTypesDependencies": [ + "CommonSecurityLog" + ], + "dataConnectorsDependencies": [ + "AristaAwakeSecurity" + ], + "previewImagesFileNames": [ + "AristaAwakeSecurityDevicesBlack.png", + "AristaAwakeSecurityDevicesWhite.png", + "AristaAwakeSecurityModelsBlack.png", + "AristaAwakeSecurityModelsWhite.png", + "AristaAwakeSecurityOverviewBlack.png", + "AristaAwakeSecurityOverviewWhite.png" + ], + "version": "1.0.0", + "title": "Arista Awake", + "templateRelativePath": "AristaAwakeSecurityWorkbook.json", + "subtitle": "", + "provider": "Arista Networks" + }, + { + "workbookKey": "TomcatWorkbook", + "logoFileName": "Azure_Sentinel.svg", + "description": "Sets the time name for analysis", + "dataTypesDependencies": [ + "Tomcat_CL" + ], + "dataConnectorsDependencies": [ + "ApacheTomcat" + ], + "previewImagesFileNames": [ + "TomcatBlack.png", + "TomcatWhite.png" + ], + "version": "1.0.0", + "title": "ApacheTomcat", + "templateRelativePath": "Tomcat.json", + "subtitle": "", + "provider": "Apache" + }, + { + "workbookKey": "ClarotyWorkbook", + "logoFileName": "Azure_Sentinel.svg", + "description": "Sets the time name for analysis", + "dataTypesDependencies": [ + "CommonSecurityLog" + ], + "dataConnectorsDependencies": [ + "Claroty" + ], + "previewImagesFileNames": [ + "ClarotyBlack.png", + "ClarotyWhite.png" + ], + "version": "1.0.0", + "title": "Claroty", + "templateRelativePath": "ClarotyOverview.json", + "subtitle": "", + "provider": "Claroty" + }, + { + "workbookKey": "ApacheHTTPServerWorkbook", + "logoFileName": "apache.svg", + "description": "Sets the time name for analysis", + "dataTypesDependencies": [ + "ApacheHTTPServer_CL" + ], + "dataConnectorsDependencies": [ + "ApacheHTTPServer" + ], + "previewImagesFileNames": [ + "ApacheHTTPServerOverviewBlack01.png", + "ApacheHTTPServerOverviewBlack02.png", + "ApacheHTTPServerOverviewWhite01.png", + "ApacheHTTPServerOverviewWhite02.png" + ], + "version": "1.0.0", + "title": "Apache HTTP Server", + "templateRelativePath": "ApacheHTTPServer.json", + "subtitle": "", + "provider": "Apache Software Foundation" + }, + { + "workbookKey": "OCIWorkbook", + "logoFileName": "Azure_Sentinel.svg", + "description": "Sets the time name for analysis", + "dataTypesDependencies": [ + "OCI_Logs_CL" + ], + "dataConnectorsDependencies": [ + "OracleCloudInfrastructureLogsConnector" + ], + "previewImagesFileNames": [ + "OCIBlack.png", + "OCIWhite.png" + ], + "version": "1.0.0", + "title": "Oracle Cloud Infrastructure", + "templateRelativePath": "OracleCloudInfrastructureOCI.json", + "subtitle": "", + "provider": "Microsoft" + }, + { + "workbookKey": "OracleWeblogicServerWorkbook", + "logoFileName": "Azure_Sentinel.svg", + "description": "Sets the time name for analysis", + "dataTypesDependencies": [ + "OracleWebLogicServer_CL" + ], + "dataConnectorsDependencies": [ + "OracleWebLogicServer" + ], + "previewImagesFileNames": [ + "OracleWeblogicServerBlack.png", + "OracleWeblogicServerWhite.png" + ], + "version": "1.0.0", + "title": "Oracle WebLogic Server", + "templateRelativePath": "OracleWorkbook.json", + "subtitle": "", + "provider": "Oracle" + }, + { + "workbookKey": "BitglassWorkbook", + "logoFileName": "Azure_Sentinel.svg", + "description": "Sets the time name for analysis", + "dataTypesDependencies": [ + "BitglassLogs_CL" + ], + "dataConnectorsDependencies": [ + "Bitglass" + ], + "previewImagesFileNames": [ + "BitglassBlack.png", + "BitglassWhite.png" + ], + "version": "1.0.0", + "title": "Bitglass", + "templateRelativePath": "Bitglass.json", + "subtitle": "", + "provider": "Bitglass" + }, + { + "workbookKey": "NGINXWorkbook", + "logoFileName": "Azure_Sentinel.svg", + "description": "Sets the time name for analysis", + "dataTypesDependencies": [ + "NGINX_CL" + ], + "dataConnectorsDependencies": [ + "NGINXHTTPServer" + ], + "previewImagesFileNames": [ + "NGINXOverviewBlack01.png", + "NGINXOverviewBlack02.png", + "NGINXOverviewWhite01.png", + "NGINXOverviewWhite02.png" + ], + "version": "1.0.0", + "title": "NGINX HTTP Server", + "templateRelativePath": "NGINX.json", + "subtitle": "", + "provider": "Microsoft" + }, + { + "workbookKey": "vArmourAppContollerWorkbook", + "logoFileName": "varmour-logo.svg", + "description": "Sets the time name for analysis", + "dataTypesDependencies": [ + "CommonSecurityLog" + ], + "dataConnectorsDependencies": [ + "vArmourAC" + ], + "previewImagesFileNames": [ + "vArmourAppControllerAppBlack.png", + "vArmourAppControllerAppBlack-1.png", + "vArmourAppControllerAppBlack-2.png", + "vArmourAppControllerAppBlack-3.png", + "vArmourAppControllerAppBlack-4.png", + "vArmourAppControllerAppBlack-5.png", + "vArmourAppControllerAppBlack-6.png", + "vArmourAppControllerAppBlack-7.png", + "vArmourAppControllerAppWhite.png", + "vArmourAppControllerAppWhite-1.png", + "vArmourAppControllerAppWhite-2.png", + "vArmourAppControllerAppWhite-3.png", + "vArmourAppControllerAppWhite-4.png", + "vArmourAppControllerAppWhite-5.png", + "vArmourAppControllerAppWhite-6.png", + "vArmourAppControllerAppWhite-7.png" + ], + "version": "1.0.0", + "title": "vArmour Application Controller", + "templateRelativePath": "vArmour_AppContoller_Workbook.json", + "subtitle": "", + "provider": "vArmour" + }, + { + "workbookKey": "CorelightWorkbook", + "logoFileName": "corelight.svg", + "description": "Sets the time name for analysis", + "dataTypesDependencies": [ + "Corelight_CL" + ], + "dataConnectorsDependencies": [ + "Corelight" + ], + "previewImagesFileNames": [ + "CorelightConnectionsBlack1.png", + "CorelightConnectionsBlack2.png", + "CorelightConnectionsWhite1.png", + "CorelightConnectionsWhite2.png", + "CorelightDNSBlack1.png", + "CorelightDNSWhite1.png", + "CorelightFileBlack1.png", + "CorelightFileBlack2.png", + "CorelightFileWhite1.png", + "CorelightFileWhite2.png", + "CorelightMainBlack1.png", + "CorelightMainWhite1.png", + "CorelightSoftwareBlack1.png", + "CorelightSoftwareWhite1.png" + ], + "version": "1.0.0", + "title": "Corelight", + "templateRelativePath": "Corelight.json", + "subtitle": "", + "provider": "Corelight" + }, + { + "workbookKey": "LookoutEvents", + "logoFileName": "lookout.svg", + "description": "Sets the time name for analysis", + "dataTypesDependencies": [ + "Lookout_CL" + ], + "dataConnectorsDependencies": [ + "LookoutAPI" + ], + "previewImagesFileNames": [ + "SampleLookoutWorkBookBlack.png", + "SampleLookoutWorkBookWhite.png" + ], + "version": "1.0.0", + "title": "Lookout", + "templateRelativePath": "LookoutEvents.json", + "subtitle": "", + "provider": "Lookout" + }, + { + "workbookKey": "sentinel-MicrosoftPurview", + "logoFileName": "MicrosoftPurview.svg", + "description": "Sets the time name for analysis", + "dataTypesDependencies": [ + "AzureDiagnostics" + ], + "dataConnectorsDependencies": [ + "MicrosoftAzurePurview" + ], + "previewImagesFileNames": [ + "" + ], + "version": "1.0.0", + "title": "Microsoft Purview", + "templateRelativePath": "MicrosoftPurview.json", + "subtitle": "", + "provider": "Microsoft" + }, + { + "workbookKey": "InfobloxCDCB1TDWorkbook", + "logoFileName": "infoblox_logo.svg", + "description": "Sets the time name for analysis", + "dataTypesDependencies": [ + "CommonSecurityLog" + ], + "dataConnectorsDependencies": [ + "InfobloxCloudDataConnector" + ], + "previewImagesFileNames": [ + "InfobloxCDCB1TDBlack.png", + "InfobloxCDCB1TDWhite.png" + ], + "version": "1.0.0", + "title": "Infoblox Cloud Data Connector", + "templateRelativePath": "InfobloxCDCB1TDWorkbook.json", + "subtitle": "", + "provider": "InfoBlox" + }, + { + "workbookKey": "UbiquitiUniFiWorkbook", + "logoFileName": "ubiquiti.svg", + "description": "Sets the time name for analysis", + "dataTypesDependencies": [ + "Ubiquiti_CL" + ], + "dataConnectorsDependencies": [ + "UbiquitiUnifi" + ], + "previewImagesFileNames": [ + "UbiquitiOverviewBlack01.png", + "UbiquitiOverviewBlack02.png", + "UbiquitiOverviewWhite01.png", + "UbiquitiOverviewWhite02.png" + ], + "version": "1.0.0", + "title": "Ubiquiti UniFi", + "templateRelativePath": "Ubiquiti.json", + "subtitle": "", + "provider": "Microsoft" + }, + { + "workbookKey": "VMwareESXiWorkbook", + "logoFileName": "Azure_Sentinel.svg", + "description": "Sets the time name for analysis", + "dataTypesDependencies": [ + "Syslog" + ], + "dataConnectorsDependencies": [ + "VMwareESXi" + ], + "previewImagesFileNames": [ + "VMWareESXiBlack.png", + "VMWareESXiWhite.png" + ], + "version": "1.0.0", + "title": "VMware ESXi", + "templateRelativePath": "VMWareESXi.json", + "subtitle": "", + "provider": "Microsoft" + }, + { + "workbookKey": "SnowflakeWorkbook", + "logoFileName": "Azure_Sentinel.svg", + "description": "Sets the time name for analysis", + "dataTypesDependencies": [ + "Snowflake_CL" + ], + "dataConnectorsDependencies": [ + "SnowflakeDataConnector" + ], + "previewImagesFileNames": [ + "SnowflakeBlack.png", + "SnowflakeWhite.png" + ], + "version": "1.0.0", + "title": "Snowflake", + "templateRelativePath": "Snowflake.json", + "subtitle": "", + "provider": "Snowflake" + }, + { + "workbookKey": "LastPassWorkbook", + "logoFileName": "LastPass.svg", + "description": "Sets the time name for analysis", + "dataTypesDependencies": [ + "LastPassNativePoller_CL" + ], + "dataConnectorsDependencies": [ + "LastPassAPIConnector" + ], + "previewImagesFileNames": [ + "LastPassBlack.png", + "LastPassWhite.png" + ], + "version": "1.0.0", + "title": "Lastpass Enterprise Activity Monitoring", + "templateRelativePath": "LastPassWorkbook.json", + "subtitle": "", + "provider": "LastPass" + }, + { + "workbookKey": "SecurityBridgeWorkbook", + "logoFileName": "SecurityBridgeLogo-Vector-TM_75x75.svg", + "description": "Sets the time name for analysis", + "dataTypesDependencies": [ + "SecurityBridgeLogs" + ], + "dataConnectorsDependencies": [ + "SecurityBridgeSAP" + ], + "previewImagesFileNames": [ + "SecurityBridgeThreatDetectionWhite.png", + "SecurityBridgeThreatDetectionWhite1.png" + ], + "version": "1.0.0", + "title": "SecurityBridge App", + "templateRelativePath": "SecurityBridgeThreatDetectionforSAP.json", + "subtitle": "", + "provider": "SecurityBridge" + }, + { + "workbookKey": "PaloAltoPrismaCloudWorkbook", + "logoFileName": "paloalto_logo.svg", + "description": "Sets the time name for analysis.", + "dataTypesDependencies": [ + "PaloAltoPrismaCloudAlert_CL", + "PaloAltoPrismaCloudAudit_CL" + ], + "dataConnectorsDependencies": [ + "PaloAltoPrismaCloud" + ], + "previewImagesFileNames": [ + "PaloAltoPrismaCloudBlack01.png", + "PaloAltoPrismaCloudBlack02.png", + "PaloAltoPrismaCloudWhite01.png", + "PaloAltoPrismaCloudWhite02.png" + ], + "version": "1.0.0", + "title": "Palo Alto Prisma", + "templateRelativePath": "PaloAltoPrismaCloudOverview.json", + "subtitle": "", + "provider": "Microsoft" + }, + { + "workbookKey": "PingFederateWorkbook", + "logoFileName": "PingIdentity.svg", + "description": "Sets the time name for analysis", + "dataTypesDependencies": [ + "PingFederateEvent" + ], + "dataConnectorsDependencies": [ + "PingFederate" + ], + "previewImagesFileNames": [ + "PingFederateBlack1.png", + "PingFederateWhite1.png" + ], + "version": "1.0.0", + "title": "PingFederate", + "templateRelativePath": "PingFederate.json", + "subtitle": "", + "provider": "Microsoft" + }, + { + "workbookKey": "McAfeeePOWorkbook", + "logoFileName": "mcafee_logo.svg", + "description": "Sets the time name for analysis", + "dataTypesDependencies": [ + "McAfeeEPOEvent" + ], + "dataConnectorsDependencies": [ + "McAfeeePO" + ], + "previewImagesFileNames": [ + "McAfeeePOBlack1.png", + "McAfeeePOBlack2.png", + "McAfeeePOWhite1.png", + "McAfeeePOWhite2.png" + ], + "version": "1.0.0", + "title": "McAfee ePolicy Orchestrator", + "templateRelativePath": "McAfeeePOOverview.json", + "subtitle": "", + "provider": "Microsoft" + }, + { + "workbookKey": "OracleDatabaseAudit", + "logoFileName": "oracle_logo.svg", + "description": "Sets the time name for analysis", + "dataTypesDependencies": [ + "Syslog" + ], + "dataConnectorsDependencies": [ + "OracleDatabaseAudit" + ], + "previewImagesFileNames": [ + "OracleDatabaseAuditBlack1.png", + "OracleDatabaseAuditBlack2.png", + "OracleDatabaseAuditWhite1.png", + "OracleDatabaseAuditWhite2.png" + ], + "version": "1.0.0", + "title": "Oracle Database Audit", + "templateRelativePath": "OracleDatabaseAudit.json", + "subtitle": "", + "provider": "Oracle" + }, + { + "workbookKey": "SenservaProAnalyticsWorkbook", + "logoFileName": "SenservaPro_logo.svg", + "description": "Sets the time name for analysis", + "dataTypesDependencies": [ + "SenservaPro_CL" + ], + "dataConnectorsDependencies": [ + "SenservaPro" + ], + "previewImagesFileNames": [ + "SenservaProAnalyticsBlack.png", + "SenservaProAnalyticsWhite.png" + ], + "version": "1.0.0", + "title": "SenservaProAnalytics", + "templateRelativePath": "SenservaProAnalyticsWorkbook.json", + "subtitle": "", + "provider": "Senserva Pro" + }, + { + "workbookKey": "SenservaProMultipleWorkspaceWorkbook", + "logoFileName": "SenservaPro_logo.svg", + "description": "Sets the time name for analysis", + "dataTypesDependencies": [ + "SenservaPro_CL" + ], + "dataConnectorsDependencies": [ + "SenservaPro" + ], + "previewImagesFileNames": [ + "SenservaProMultipleWorkspaceWorkbookBlack.png", + "SenservaProMultipleWorkspaceWorkbookWhite.png" + ], + "version": "1.0.0", + "title": "SenservaProMultipleWorkspace", + "templateRelativePath": "SenservaProMultipleWorkspaceWorkbook.json", + "subtitle": "", + "provider": "Senserva Pro" + }, + { + "workbookKey": "SenservaProSecureScoreMultiTenantWorkbook", + "logoFileName": "SenservaPro_logo.svg", + "description": "Sets the time name for analysis", + "dataTypesDependencies": [ + "SenservaPro_CL" + ], + "dataConnectorsDependencies": [ + "SenservaPro" + ], + "previewImagesFileNames": [ + "SenservaProSecureScoreMultiTenantBlack.png", + "SenservaProSecureScoreMultiTenantWhite.png" + ], + "version": "1.0.0", + "title": "SenservaProSecureScoreMultiTenant", + "templateRelativePath": "SenservaProSecureScoreMultiTenantWorkbook.json", + "subtitle": "", + "provider": "Senserva Pro" + }, + { + "workbookKey": "CiscoSecureEndpointOverviewWorkbook", + "logoFileName": "cisco-logo-72px.svg", + "description": "Sets the time name for analysis", + "dataTypesDependencies": [ + "CiscoSecureEndpoint" + ], + "dataConnectorsDependencies": [ + "CiscoSecureEndpoint" + ], + "previewImagesFileNames": [ + "CiscoSecureEndpointBlack.png", + "CiscoSecureEndpointWhite.png" + ], + "version": "1.0.0", + "title": "Cisco Secure Endpoint", + "templateRelativePath": "Cisco Secure Endpoint Overview.json", + "subtitle": "", + "provider": "Cisco" + }, + { + "workbookKey": "InfoSecGlobalWorkbook", + "logoFileName": "infosecglobal.svg", + "description": "Sets the time name for analysis.", + "dataTypesDependencies": [ + "InfoSecAnalytics_CL" + ], + "dataConnectorsDependencies": [ + "InfoSecDataConnector" + ], + "previewImagesFileNames": [ + "InfoSecGlobalWorkbookBlack.png", + "InfoSecGlobalWorkbookWhite.png" + ], + "version": "1.0.0", + "title": "AgileSec Analytics Connector", + "templateRelativePath": "InfoSecGlobal.json", + "subtitle": "", + "provider": "InfoSecGlobal" + }, + { + "workbookKey": "CrowdStrikeFalconEndpointProtectionWorkbook", + "logoFileName": "crowdstrike.svg", + "description": "Sets the time name for analysis", + "dataTypesDependencies": [ + "CrowdstrikeReplicatorLogs_CL" + ], + "dataConnectorsDependencies": [ + "CrowdstrikeReplicator" + ], + "previewImagesFileNames": [ + "CrowdStrikeFalconEndpointProtectionBlack.png", + "CrowdStrikeFalconEndpointProtectionWhite.png" + ], + "version": "1.0.0", + "title": "CrowdStrike Falcon Endpoint Protection", + "templateRelativePath": "CrowdStrikeFalconEndpointProtection.json", + "subtitle": "", + "provider": "Microsoft" + }, + { + "workbookKey": "IronDefenseAlertDashboard", + "logoFileName": "IronNet.svg", + "description": "Sets the time name for analysis", + "dataTypesDependencies": [ + "CommonSecurityLog" + ], + "dataConnectorsDependencies": [ + "IronNetIronDefense" + ], + "previewImagesFileNames": [ + "IronDefenseDashboardBlack.png", + "IronDefenseDashboardWhit.png" + ], + "version": "1.0.0", + "title": "IronDefenseAlertDashboard", + "templateRelativePath": "IronDefenseAlertDashboard.json", + "subtitle": "", + "provider": "Microsoft" + }, + { + "workbookKey": "IronDefenseAlertDetails", + "logoFileName": "IronNet.svg", + "description": "Sets the time name for analysis", + "dataTypesDependencies": [ + "CommonSecurityLog" + ], + "dataConnectorsDependencies": [ + "IronNetIronDefense" + ], + "previewImagesFileNames": [ + "IronDefenseAlertsBlack.png", + "IronDefenseAlertsWhite.png" + ], + "version": "1.0.0", + "title": "IronDefenseAlertDetails", + "templateRelativePath": "IronDefenseAlertDetails.json", + "subtitle": "", + "provider": "Microsoft" + }, + { + "workbookKey": "CiscoSEGWorkbook", + "logoFileName": "cisco-logo-72px.svg", + "description": "Sets the time name for analysis", + "dataTypesDependencies": [ + "CommonSecurityLog" + ], + "dataConnectorsDependencies": [ + "CiscoSEG" + ], + "previewImagesFileNames": [ + "CiscoSEGBlack.png", + "CiscoSEGWhite.png" + ], + "version": "1.0.0", + "title": "Cisco Secure Email Gateway", + "templateRelativePath": "CiscoSEG.json", + "subtitle": "", + "provider": "Cisco" + }, + { + "workbookKey": "EatonForeseerHealthAndAccess", + "logoFileName": "Azure_Sentinel.svg", + "description": "This workbook gives an insight into the health of all the Windows VMs in this subscription running Eaton Foreseer and the unauthorized access into the Eaton Foreseer application running on these VMs.", + "dataTypesDependencies": [ + "SecurityEvent" + ], + "dataConnectorsDependencies": [], + "previewImagesFileNames": [ + "EatonForeseerHealthAndAccessBlack.png", + "EatonForeseerHealthAndAccessWhite.png" + ], + "version": "1.0.0", + "title": "EatonForeseerHealthAndAccess", + "templateRelativePath": "EatonForeseerHealthAndAccess.json", + "subtitle": "", + "provider": "Eaton" + }, + { + "workbookKey": "PCIDSSComplianceWorkbook", + "logoFileName": "Azure_Sentinel.svg", + "description": "Choose your subscription and workspace in which PCI assets are deployed", + "dataTypesDependencies": [ + "AzureDaignostics", + "SecurityEvent", + "SecurityAlert", + "OracleDatabaseAuditEvent", + "Syslog", + "Anomalies" + ], + "dataConnectorsDependencies": [], + "previewImagesFileNames": [ + "PCIDSSComplianceBlack01.PNG", + "PCIDSSComplianceBlack02.PNG", + "PCIDSSComplianceWhite01.PNG", + "PCIDSSComplianceWhite02.PNG" + ], + "version": "1.0.0", + "title": "PCI DSS Compliance", + "templateRelativePath": "PCIDSSCompliance.json", + "subtitle": "", + "provider": "Microsoft" + }, + { + "workbookKey": "SonraiSecurityWorkbook", + "logoFileName": "Sonrai.svg", + "description": "Sets the time name for analysis", + "dataTypesDependencies": [ + "Sonrai_Tickets_CL" + ], + "dataConnectorsDependencies": [ + "SonraiDataConnector" + ], + "previewImagesFileNames": [ + "SonraiWorkbookBlack.png", + "SonraiWorkbookWhite.png" + ], + "version": "1.0.0", + "title": "Sonrai", + "templateRelativePath": "Sonrai.json", + "subtitle": "", + "provider": "Sonrai" + }, + { + "workbookKey": "CloudflareWorkbook", + "logoFileName": "cloudflare.svg", + "description": "Sets the time name for analysis", + "dataTypesDependencies": [ + "Cloudflare_CL" + ], + "dataConnectorsDependencies": [ + "CloudflareDataConnector" + ], + "previewImagesFileNames": [ + "CloudflareOverviewBlack01.png", + "CloudflareOverviewBlack02.png", + "CloudflareOverviewWhite01.png", + "CloudflareOverviewWhite02.png" + ], + "version": "1.0.0", + "title": "Cloudflare", + "templateRelativePath": "Cloudflare.json", + "subtitle": "", + "provider": "Cloudflare" + }, + { + "workbookKey": "SemperisDSPWorkbook", + "logoFileName": "Semperis.svg", + "description": "Specify the time range on which to query the data", + "dataTypesDependencies": [ + "dsp_parser" + ], + "dataConnectorsDependencies": [ + "SemperisDSP" + ], + "previewImagesFileNames": [ + "SemperisDSPOverview1Black.png", + "SemperisDSPOverview1White.png", + "SemperisDSPOverview2Black.png", + "SemperisDSPOverview2White.png", + "SemperisDSPOverview3Black.png", + "SemperisDSPOverview3White.png" + ], + "version": "1.0.0", + "title": "Semperis Directory Services Protector", + "templateRelativePath": "SemperisDSPWorkbook.json", + "subtitle": "", + "provider": "Semperis" + }, + { + "workbookKey": "BoxWorkbook", + "logoFileName": "box.svg", + "description": "Sets the time name for analysis", + "dataTypesDependencies": [ + "BoxEvents_CL" + ], + "dataConnectorsDependencies": [ + "BoxDataConnector" + ], + "previewImagesFileNames": [ + "BoxBlack1.png", + "BoxWhite1.png", + "BoxBlack2.png", + "BoxWhite2.png" + ], + "version": "1.0.0", + "title": "Box", + "templateRelativePath": "Box.json", + "subtitle": "", + "provider": "Box" + }, + { + "workbookKey": "SymantecEndpointProtection", + "logoFileName": "symantec_logo.svg", + "description": "Sets the time name for analysis", + "dataTypesDependencies": [ + "SymantecEndpointProtection" + ], + "dataConnectorsDependencies": [ + "SymantecEndpointProtection" + ], + "previewImagesFileNames": [ + "SymantecEndpointProtectionBlack.png", + "SymantecEndpointProtectionWhite.png" + ], + "version": "1.0.0", + "title": "Symantec Endpoint Protection", + "templateRelativePath": "SymantecEndpointProtection.json", + "subtitle": "", + "provider": "Symantec" + }, + { + "workbookKey": "DynamicThreatModeling&Response", + "logoFileName": "", + "description": "Sets the time name for analysis", + "dataTypesDependencies": [ + "SecurityAlert" + ], + "dataConnectorsDependencies": [], + "previewImagesFileNames": [ + "ThreatAnalysis&ResponseWhite1.png", + "ThreatAnalysis&ResponseWhite2.png" + ], + "version": "1.0.0", + "title": "Dynamic Threat Modeling Response", + "templateRelativePath": "DynamicThreatModeling&Response.json", + "subtitle": "", + "provider": "Microsoft" + }, + { + "workbookKey": "ThreatAnalysis&Response", + "logoFileName": "", + "description": "The Defenders for IoT workbook provide guided investigations for OT entities based on open incidents, alert notifications, and activities for OT assets. They also provide a hunting experience across the MITRE ATT&CK® framework for ICS, and are designed to enable analysts, security engineers, and MSSPs to gain situational awareness of OT security posture.", + "dataTypesDependencies": [ + "SecurityAlert" + ], + "dataConnectorsDependencies": [], + "previewImagesFileNames": [ + "ThreatAnalysis&ResponseWhite.png" + ], + "version": "1.0.1", + "title": "Threat Analysis Response", + "templateRelativePath": "ThreatAnalysis&Response.json", + "subtitle": "", + "provider": "Microsoft" + }, + { + "workbookKey": "TrendMicroCAS", + "logoFileName": "Trend_Micro_Logo.svg", + "description": "Sets the time name for analysis", + "dataTypesDependencies": [ + "TrendMicroCAS_CL" + ], + "dataConnectorsDependencies": [ + "TrendMicroCAS" + ], + "previewImagesFileNames": [ + "TrendMicroCASBlack.png", + "TrendMicroCASWhite.png" + ], + "version": "1.0.0", + "title": "TrendMicroCAS", + "templateRelativePath": "TrendMicroCAS.json", + "subtitle": "", + "provider": "TrendMicro" + }, + { + "workbookKey": "GitHubSecurityWorkbook", + "logoFileName": "GitHub.svg", + "description": "Gain insights to GitHub activities that may be interesting for security.", + "dataTypesDependencies": [ + "GitHubAuditLogPolling_CL" + ], + "dataConnectorsDependencies": [ + "GitHubEcAuditLogPolling" + ], + "previewImagesFileNames": [], + "version": "1.0.0", + "title": "GithubWorkbook", + "templateRelativePath": "GitHubWorkbook.json", + "subtitle": "", + "provider": "Microsoft" + }, + { + "workbookKey": "GCPDNSWorkbook", + "logoFileName": "google_logo.svg", + "description": "Sets the time name for analysis", + "dataTypesDependencies": [ + "GCPCloudDNS" + ], + "dataConnectorsDependencies": [ + "GCPDNSDataConnector" + ], + "previewImagesFileNames": [ + "GCPDNSBlack.png", + "GCPDNSWhite.png" + ], + "version": "1.0.0", + "title": "Google Cloud Platform DNS", + "templateRelativePath": "GCPDNS.json", + "subtitle": "", + "provider": "Microsoft" + }, + { + "workbookKey": "AtlassianJiraAuditWorkbook", + "logoFileName": "", + "description": "Sets the time name for analysis", + "dataTypesDependencies": [ + "AtlassianJiraNativePoller_CL" + ], + "dataConnectorsDependencies": [ + "AtlassianJira" + ], + "previewImagesFileNames": [ + "AtlassianJiraAuditWhite.png", + "AtlassianJiraAuditBlack.png" + ], + "version": "1.0.0", + "title": "AtlassianJiraAudit", + "templateRelativePath": "AtlassianJiraAudit.json", + "subtitle": "", + "provider": "Atlassian" + }, + { + "workbookKey": "DigitalGuardianWorkbook", + "logoFileName": "Azure_Sentinel.svg", + "description": "Sets the time name for analysis", + "dataTypesDependencies": [ + "DigitalGuardianDLPEvent" + ], + "dataConnectorsDependencies": [ + "DigitalGuardianDLP" + ], + "previewImagesFileNames": [ + "DigitalGuardianBlack.png", + "DigitalGuardianWhite.png" + ], + "version": "1.0.0", + "title": "DigitalGuardianDLP", + "templateRelativePath": "DigitalGuardian.json", + "subtitle": "", + "provider": "Digital Guardian" + }, + { + "workbookKey": "CiscoDuoWorkbook", + "logoFileName": "cisco-logo-72px.svg", + "description": "Sets the time name for analysis", + "dataTypesDependencies": [ + "CiscoDuo_CL" + ], + "dataConnectorsDependencies": [ + "CiscoDuoSecurity" + ], + "previewImagesFileNames": [ + "CiscoDuoWhite.png", + "CiscoDuoBlack.png" + ], + "version": "1.0.0", + "title": "CiscoDuoSecurity", + "templateRelativePath": "CiscoDuo.json", + "subtitle": "", + "provider": "Cisco" + }, + { + "workbookKey": "SlackAudit", + "logoFileName": "slacklogo.svg", + "description": "Sets the time name for analysis", + "dataTypesDependencies": [ + "SlackAudit_CL" + ], + "dataConnectorsDependencies": [ + "SlackAuditAPI" + ], + "previewImagesFileNames": [ + "SlackAuditApplicationActivityBlack1.png", + "SlackAuditApplicationActivityWhite1.png" + ], + "version": "1.0.0", + "title": "SlackAudit", + "templateRelativePath": "SlackAudit.json", + "subtitle": "", + "provider": "Slack" + }, + { + "workbookKey": "CiscoWSAWorkbook", + "logoFileName": "cisco-logo-72px.svg", + "description": "Sets the time name for analysis", + "dataTypesDependencies": [ + "Syslog" + ], + "dataConnectorsDependencies": [ + "CiscoWSA" + ], + "previewImagesFileNames": [ + "CiscoWSAWhite.png", + "CiscoWSABlack.png" + ], + "version": "1.0.0", + "title": "CiscoWSA", + "templateRelativePath": "CiscoWSA.json", + "subtitle": "", + "provider": "Cisco" + }, + { + "workbookKey": "GCP-IAM-Workbook", + "logoFileName": "google_logo.svg", + "description": "Sets the time name for analysis", + "dataTypesDependencies": [ + "GCP_IAM_CL" + ], + "dataConnectorsDependencies": [ + "GCPIAMDataConnector" + ], + "previewImagesFileNames": [ + "GCPIAMBlack01.png", + "GCPIAMBlack02.png", + "GCPIAMWhite01.png", + "GCPIAMWhite02.png" + ], + "version": "1.0.0", + "title": "Google Cloud Platform IAM", + "templateRelativePath": "GCP_IAM.json", + "subtitle": "", + "provider": "Google" + }, + { + "workbookKey": "ImpervaWAFCloudWorkbook", + "logoFileName": "Imperva_DarkGrey_final_75x75.svg", + "description": "Sets the time name for analysis.", + "dataTypesDependencies": [ + "ImpervaWAFCloud_CL" + ], + "dataConnectorsDependencies": [ + "ImpervaWAFCloudAPI" + ], + "previewImagesFileNames": [ + "ImpervaWAFCloudBlack01.png", + "ImpervaWAFCloudBlack02.png", + "ImpervaWAFCloudWhite01.png", + "ImpervaWAFCloudWhite02.png" + ], + "version": "1.0.0", + "title": "Imperva WAF Cloud Overview", + "templateRelativePath": "Imperva WAF Cloud Overview.json", + "subtitle": "", + "provider": "Microsoft" + }, + { + "workbookKey": "ZscalerZPAWorkbook", + "logoFileName": "ZscalerLogo.svg", + "description": "Select the time range for this Overview.", + "dataTypesDependencies": [ + "ZPA_CL" + ], + "dataConnectorsDependencies": [ + "ZscalerPrivateAccess" + ], + "previewImagesFileNames": [ + "ZscalerZPABlack.png", + "ZscalerZPAWhite.png" + ], + "version": "1.0.0", + "title": "Zscaler Private Access (ZPA)", + "templateRelativePath": "ZscalerZPA.json", + "subtitle": "", + "provider": "Zscaler" + }, + { + "workbookKey": "GoogleWorkspaceWorkbook", + "logoFileName": "google_logo.svg", + "description": "Sets the time name for analysis", + "dataTypesDependencies": [ + "GWorkspace_ReportsAPI_admin_CL", + "GWorkspace_ReportsAPI_calendar_CL", + "GWorkspace_ReportsAPI_drive_CL", + "GWorkspace_ReportsAPI_login_CL", + "GWorkspace_ReportsAPI_login_CL", + "GWorkspace_ReportsAPI_mobile_CL" + ], + "dataConnectorsDependencies": [ + "GoogleWorkspaceReportsAPI" + ], + "previewImagesFileNames": [ + "GoogleWorkspaceBlack.png", + "GoogleWorkspaceWhite.png" + ], + "version": "1.0.0", + "title": "GoogleWorkspaceReports", + "templateRelativePath": "GoogleWorkspace.json", + "subtitle": "", + "provider": "Microsoft" + }, + { + "workbookKey": "NCProtectWorkbook", + "logoFileName": "NCProtectIcon.svg", + "description": "Sets the time name for analysis", + "dataTypesDependencies": [ + "NCProtectUAL_CL" + ], + "dataConnectorsDependencies": [ + "NucleusCyberNCProtect" + ], + "previewImagesFileNames": [ + "", + "" + ], + "version": "1.0.0", + "title": "NucleusCyberProtect", + "templateRelativePath": "NucleusCyber_NCProtect_Workbook.json", + "subtitle": "", + "provider": "archTIS" + }, + { + "workbookKey": "CiscoISEWorkbook", + "logoFileName": "cisco-logo-72px.svg", + "description": "Sets the time name for analysis", + "dataTypesDependencies": [ + "Syslog" + ], + "dataConnectorsDependencies": [ + "CiscoISE" + ], + "previewImagesFileNames": [], + "version": "1.0.0", + "title": "Cisco ISE", + "templateRelativePath": "CiscoISE.json", + "subtitle": "", + "provider": "Cisco" + }, + { + "workbookKey": "IoTOTThreatMonitoringwithDefenderforIoTWorkbook", + "logoFileName": "", + "description": "The OT Threat Monitoring with Defender for IoT Workbook features OT filtering for Security Alerts, Incidents, Vulnerabilities and Asset Inventory. The workbook features a dynamic assessment of the MITRE ATT&CK for ICS matrix across your environment to analyze and respond to OT-based threats. This workbook is designed to enable SecOps Analysts, Security Engineers, and MSSPs to gain situational awareness for IT/OT security posture.", + "dataTypesDependencies": [ + "SecurityAlert", + "SecurityIncident" + ], + "dataConnectorsDependencies": [], + "previewImagesFileNames": [], + "version": "1.0.0", + "title": "Microsoft Defender for IoT", + "templateRelativePath": "IoTOTThreatMonitoringwithDefenderforIoT.json", + "subtitle": "", + "provider": "Microsoft" + }, + { + "workbookKey": "ZeroTrust(TIC3.0)Workbook", + "logoFileName": "Azure_Sentinel.svg", + "description": "Sets the time name for analysis", + "dataTypesDependencies": [ + "SecurityRecommendation" + ], + "dataConnectorsDependencies": [], + "previewImagesFileNames": [ + "ZeroTrust(TIC3.0)Black1.PNG", + "ZeroTrust(TIC3.0)White1.PNG" + ], + "version": "1.0.0", + "title": "ZeroTrust(TIC3.0)", + "templateRelativePath": "ZeroTrustTIC3.json", + "subtitle": "", + "provider": "Microsoft" + }, + { + "workbookKey": "InsiderRiskManagementWorkbook", + "logoFileName": "Azure_Sentinel.svg", + "description": "The Microsoft Insider Risk Management Workbook integrates telemetry from 25+ Microsoft security products to provide actionable insights into insider risk management. Reporting tools provide \u201cGo to Alert\u201d links to provide deeper integration between products and a simplified user experience for exploring alerts. ", + "dataTypesDependencies": [ + "SigninLogsSigninLogs", + "AuditLogs", + "AzureActivity", + "OfficeActivity", + "InformationProtectionLogs_CL", + "SecurityIncident" + ], + "dataConnectorsDependencies": [], + "previewImagesFileNames": [ + "InsiderRiskManagementBlack1.png" + ], + "version": "1.0.0", + "title": "Insider Risk Management", + "templateRelativePath": "InsiderRiskManagement.json", + "subtitle": "", + "provider": "Microsoft" + }, + { + "workbookKey": "CybersecurityMaturityModelCertification(CMMC)2.0Workbook", + "logoFileName": "", + "description": "Sets the time name for analysis.", + "dataTypesDependencies": [ + "InformationProtectionLogs_CL", + "AuditLogs", + "SecurityIncident", + "SigninLogs", + "AzureActivity" + ], + "dataConnectorsDependencies": [], + "previewImagesFileNames": [], + "version": "1.0.0", + "title": "CybersecurityMaturityModelCertification(CMMC)2.0", + "templateRelativePath": "CybersecurityMaturityModelCertification_CMMCV2.json", + "subtitle": "", + "provider": "Microsoft" + }, + { + "workbookKey": "NISTSP80053Workbook", + "logoFileName": "", + "description": "Sets the time name for analysis.", + "dataTypesDependencies": [ + "SigninLogs", + "AuditLogs", + "AzureActivity", + "OfficeActivity", + "SecurityEvents", + "CommonSecurityLog", + "SecurityIncident", + "SecurityRecommendation" + ], + "dataConnectorsDependencies": [ + "SecurityEvents" + ], + "previewImagesFileNames": [], + "version": "1.0.0", + "title": "NISTSP80053workbook", + "templateRelativePath": "NISTSP80053.json", + "subtitle": "", + "provider": "Microsoft" + }, + { + "workbookKey": "DarktraceWorkbook", + "logoFileName": "Darktrace.svg", + "description": "The Darktrace Workbook visualises Model Breach and AI Analyst data received by the Darktrace Data Connector and visualises events across the network, SaaS, IaaS and Email.", + "dataTypesDependencies": [ + "darktrace_model_alerts_CL" + ], + "dataConnectorsDependencies": [ + "DarktraceRESTConnector" + ], + "previewImagesFileNames": [ + "DarktraceWorkbookBlack01.png", + "DarktraceWorkbookBlack02.png", + "DarktraceWorkbookWhite01.png", + "DarktraceWorkbookWhite02.png" + ], + "version": "1.0.1", + "title": "Darktrace", + "templateRelativePath": "DarktraceWorkbook.json", + "subtitle": "", + "provider": "Darktrace" + }, + { + "workbookKey": "RecordedFutureDomainC2DNSWorkbook", + "logoFileName": "RecordedFuture.svg", + "description": "Sets the time name for DNS Events and Threat Intelligence Time Range", + "dataTypesDependencies": [ + "ThreatIntelligenceIndicator" + ], + "dataConnectorsDependencies": [], + "previewImagesFileNames": [], + "version": "1.0.0", + "title": "Recorded Future - C&C DNS Name to DNS Events - Correlation&Threat Hunting", + "templateRelativePath": "Recorded Future - C&C DNS Name to DNS Events - Correlation&Threat Hunting.json", + "subtitle": "", + "provider": "Recorded Future" + }, + { + "workbookKey": "RecordedFutureIPActiveC2Workbook", + "logoFileName": "RecordedFuture.svg", + "description": "Sets the time name for DNS Events and Threat Intelligence Time Range", + "dataTypesDependencies": [ + "ThreatIntelligenceIndicator" + ], + "dataConnectorsDependencies": [], + "previewImagesFileNames": [], + "version": "1.0.0", + "title": "Recorded Future - Actively Communicating C&C IPs to DNS Events - Correlation&Threat Hunting", + "templateRelativePath": "Recorded Future - Actively Communicating C&C IPs to DNS Events - Correlation&Threat Hunting.json", + "subtitle": "", + "provider": "Recorded Future" + }, + { + "workbookKey": "MaturityModelForEventLogManagement_M2131", + "logoFileName": "contrastsecurity_logo.svg", + "description": "Select the time range for this Overview.", + "dataTypesDependencies": [], + "dataConnectorsDependencies": [], + "previewImagesFileNames": [ + "MaturityModelForEventLogManagement_M2131Black.png" + ], + "version": "1.0.0", + "title": "MaturityModelForEventLogManagementM2131", + "templateRelativePath": "MaturityModelForEventLogManagement_M2131.json", + "subtitle": "", + "provider": "Microsoft" + }, + { + "workbookKey": "AzureSQLSecurityWorkbook", + "logoFileName": "AzureSQL.svg", + "description": "Sets the time window in days to search around the alert", + "dataTypesDependencies": [ + "AzureDiagnostics", + "SecurityAlert", + "SecurityIncident" + ], + "dataConnectorsDependencies": [ + "AzureSql" + ], + "previewImagesFileNames": [], + "version": "1.0.0", + "title": "Azure SQL Database Workbook", + "templateRelativePath": "Workbook-AzureSQLSecurity.json", + "subtitle": "", + "provider": "Microsoft" + }, + { + "workbookKey": "ContinuousDiagnostics&Mitigation", + "logoFileName": "", + "description": "Select the time range for this Overview.", + "dataTypesDependencies": [], + "dataConnectorsDependencies": [], + "previewImagesFileNames": [ + "ContinuousDiagnostics&MitigationBlack.png" + ], + "version": "1.0.0", + "title": "ContinuousDiagnostics&Mitigation", + "templateRelativePath": "ContinuousDiagnostics&Mitigation.json", + "subtitle": "", + "provider": "Microsoft" + }, + { + "workbookKey": "UserWorkbook-alexdemichieli-github-update-1", + "logoFileName": "GitHub.svg", + "description": "Repository selector.", + "dataTypesDependencies": [ + "githubscanaudit_CL" + ], + "dataConnectorsDependencies": [ + "GitHubWebhook" + ], + "previewImagesFileNames": [], + "version": "1.0.0", + "title": "GithubWorkbook-update-to-workbook-1", + "templateRelativePath": "update-to-workbook-1.json", + "subtitle": "", + "provider": "Microsoft" + }, + { + "workbookKey": "AtlasianJiraAuditWorkbook", + "logoFileName": "", + "description": "Select the time range for this Overview.", + "dataTypesDependencies": [ + "AtlassianJiraNativePoller_CL" + ], + "dataConnectorsDependencies": [ + "AtlassianJira" + ], + "previewImagesFileNames": [ + "AtlassianJiraAuditBlack.png", + "AtlassianJiraAuditWhite.png" + ], + "version": "1.0.0", + "title": "AtlasianJiraAuditWorkbook", + "templateRelativePath": "AtlasianJiraAuditWorkbook.json", + "subtitle": "", + "provider": "Microsoft" + }, + { + "workbookKey": "AzureSecurityBenchmark", + "logoFileName": "", + "description": "Azure Security Benchmark v3 Workbook provides a mechanism for viewing log queries, azure resource graph, and policies aligned to ASB controls across Microsoft security offerings, Azure, Microsoft 365, 3rd Party, On-Premises, and Multi-cloud workloads. This workbook enables Security Architects, Engineers, SecOps Analysts, Managers, and IT Pros to gain situational awareness visibility for the security posture of cloud workloads. There are also recommendations for selecting, designing, deploying, and configuring Microsoft offerings for alignment with respective ASB requirements and practices.", + "dataTypesDependencies": [ + "SecurityRegulatoryCompliance", + "AzureDiagnostics", + "SecurityIncident", + "SigninLogs", + "SecurityAlert" + ], + "dataConnectorsDependencies": [], + "previewImagesFileNames": [ + "AzureSecurityBenchmark1.png", + "AzureSecurityBenchmark2.png", + "AzureSecurityBenchmark3.png" + ], + "version": "1.0.0", + "title": "Azure Security Benchmark", + "templateRelativePath": "AzureSecurityBenchmark.json", + "subtitle": "", + "provider": "Microsoft" + }, + { + "workbookKey": "ZNAccessOchestratorAudit", + "logoFileName": "", + "description": "This workbook provides a summary of ZeroNetworks data.", + "dataTypesDependencies": [ + "ZNAccessOrchestratorAudit_CL", + "ZNAccessOrchestratorAuditNativePoller_CL" + ], + "dataConnectorsDependencies": [ + "ZeroNetworksAccessOrchestratorAuditFunction", + "ZeroNetworksAccessOrchestratorAuditNativePoller" + ], + "previewImagesFileNames": [], + "version": "1.0.0", + "title": "Zero NetWork", + "templateRelativePath": "ZNSegmentAudit.json", + "subtitle": "", + "provider": "Zero Networks" + }, + { + "workbookKey": "FireworkWorkbook", + "logoFileName": "FlareSystems.svg", + "description": "Select the time range for this Overview.", + "dataTypesDependencies": [ + "Firework_CL" + ], + "dataConnectorsDependencies": [ + "FlareSystemsFirework" + ], + "previewImagesFileNames": [ + "FireworkOverviewBlack01.png", + "FireworkOverviewBlack02.png", + "FireworkOverviewWhite01.png", + "FireworkOverviewWhite02.png" + ], + "version": "1.0.0", + "title": "FlareSystemsFirework", + "templateRelativePath": "FlareSystemsFireworkOverview.json", + "subtitle": "", + "provider": "Flare Systems" + }, + { + "workbookKey": "UserWorkbook-alexdemichieli-github-update-1", + "logoFileName": "GitHub.svg", + "description": "Gain insights to GitHub activities that may be interesting for security.", + "dataTypesDependencies": [ + "GitHubAuditLogPolling_CL" + ], + "dataConnectorsDependencies": [ + "GitHubEcAuditLogPolling" + ], + "previewImagesFileNames": [], + "version": "1.0.0", + "title": "GitHub Security", + "templateRelativePath": "GitHubAdvancedSecurity.json", + "subtitle": "", + "provider": "Microsoft" + }, + { + "workbookKey": "TaniumWorkbook", + "logoFileName": "Tanium.svg", + "description": "Visualize Tanium endpoint and module data", + "dataTypesDependencies": [ + "TaniumComplyCompliance_CL", + "TaniumComplyVulnerabilities_CL", + "TaniumDefenderHealth_CL", + "TaniumDiscoverUnmanagedAssets_CL", + "TaniumHighUptime_CL", + "TaniumMainAsset_CL", + "TaniumPatchListApplicability_CL", + "TaniumPatchListCompliance_CL", + "TaniumSCCMClientHealth_CL", + "TaniumThreatResponse_CL" + ], + "dataConnectorsDependencies": [], + "previewImagesFileNames": [ + "TaniumComplyDark.png", + "TaniumComplyLight.png", + "TaniumDiscoverDark.png", + "TaniumDiscoverLight.png", + "TaniumMSToolingHealthDark.png", + "TaniumMSToolingHealthLight.png", + "TaniumPatchDark.png", + "TaniumPatchLight.png", + "TaniumThreatResponseAlertsDark.png", + "TaniumThreatResponseAlertsLight.png", + "TaniumThreatResponseDark.png", + "TaniumThreatResponseLight.png" + ], + "version": "1.0", + "title": "Tanium Workbook", + "templateRelativePath": "TaniumWorkbook.json", + "subtitle": "", + "provider": "Tanium" + }, + { + "workbookKey": "ActionableAlertsDashboard", + "logoFileName": "", + "description": "None.", + "dataTypesDependencies": [ + "CyberSixgill_Alerts_CL" + ], + "dataConnectorsDependencies": [ + "CybersixgillActionableAlerts" + ], + "previewImagesFileNames": [], + "version": "1.0.0", + "title": "Cybersixgill Actionable Alerts Dashboard", + "templateRelativePath": "ActionableAlertsDashboard.json", + "subtitle": "", + "provider": "Cybersixgill" + }, + { + "workbookKey": "ActionableAlertsList", + "logoFileName": "", + "description": "None.", + "dataTypesDependencies": [ + "CyberSixgill_Alerts_CL" + ], + "dataConnectorsDependencies": [ + "CybersixgillActionableAlerts" + ], + "previewImagesFileNames": [], + "version": "1.0.0", + "title": "Cybersixgill Actionable Alerts List", + "templateRelativePath": "ActionableAlertsList.json", + "subtitle": "", + "provider": "Cybersixgill" + }, + { + "workbookKey": "ArgosCloudSecurityWorkbook", + "logoFileName": "argos-logo.svg", + "description": "The ARGOS Cloud Security integration for Microsoft Sentinel allows you to have all your important cloud security events in one place.", + "dataTypesDependencies": [ + "ARGOS_CL" + ], + "dataConnectorsDependencies": [ + "ARGOSCloudSecurity" + ], + "previewImagesFileNames": [ + "ARGOSCloudSecurityWorkbookBlack.png", + "ARGOSCloudSecurityWorkbookWhite.png" + ], + "version": "1.0.0", + "title": "ARGOS Cloud Security", + "templateRelativePath": "ARGOSCloudSecurityWorkbook.json", + "subtitle": "", + "provider": "ARGOS Cloud Security" + }, + { + "workbookKey": "JamfProtectWorkbook", + "logoFileName": "jamf_logo.svg", + "description": "This Jamf Protect Workbook for Microsoft Sentinel enables you to ingest Jamf Protect events forwarded into Microsoft Sentinel.\n Providing reports into all alerts, device controls and Unfied Logs.", + "dataTypesDependencies": [ + "jamfprotect_CL" + ], + "dataConnectorsDependencies": [], + "previewImagesFileNames": [ + "JamfProtectDashboardBlack.png", + "JamfProtectDashboardWhite.png" + ], + "version": "2.0.0", + "title": "Jamf Protect Workbook", + "templateRelativePath": "JamfProtectDashboard.json", + "subtitle": "", + "provider": "Jamf Software, LLC" + }, + { + "workbookKey": "AIVectraStream", + "logoFileName": "", + "description": "", + "dataTypesDependencies": [ + "VectraStream_CL" + ], + "dataConnectorsDependencies": [ + "AIVectraStream" + ], + "previewImagesFileNames": [], + "version": "1.0.0", + "title": "AIVectraStreamWorkbook", + "templateRelativePath": "AIVectraStreamWorkbook.json", + "subtitle": "", + "provider": "Vectra AI" + }, + { + "workbookKey": "SecurityScorecardWorkbook", + "logoFileName": "", + "description": "This Workbook provides immediate insight into the data coming from SecurityScorecard’s three Sentinel data connectors: SecurityScorecard Cybersecurity Ratings, SecurityScorecard Cybersecurity Ratings - Factors, and SecurityScorecard Cybersecurity Ratings - Issues.", + "dataTypesDependencies": [ + "SecurityScorecardFactor_CL", + "SecurityScorecardIssues_CL", + "SecurityScorecardRatings_CL" + ], + "dataConnectorsDependencies": [ + "SecurityScorecardFactorAzureFunctions", + "SecurityScorecardIssueAzureFunctions", + "SecurityScorecardRatingsAzureFunctions" + ], + "previewImagesFileNames": [ + "SecurityScorecardBlack1.png", + "SecurityScorecardBlack2.png", + "SecurityScorecardBlack3.png", + "SecurityScorecardBlack4.png", + "SecurityScorecardBlack5.png", + "SecurityScorecardBlack6.png", + "SecurityScorecardWhite1.png", + "SecurityScorecardWhite2.png", + "SecurityScorecardWhite3.png", + "SecurityScorecardWhite4.png", + "SecurityScorecardWhite5.png", + "SecurityScorecardWhite6.png" + ], + "version": "1.0.0", + "title": "SecurityScorecard", + "templateRelativePath": "SecurityScorecardWorkbook.json", + "subtitle": "", + "provider": "SecurityScorecard" + }, + { + "workbookKey": "DigitalShadowsWorkbook", + "logoFileName": "DigitalShadowsLogo.svg", + "description": "For gaining insights into Digital Shadows logs.", + "dataTypesDependencies": [ + "DigitalShadows_CL" + ], + "dataConnectorsDependencies": [ + "DigitalShadowsSearchlightAzureFunctions" + ], + "previewImagesFileNames": [ + "DigitalShadowsBlack1.png", + "DigitalShadowsBlack2.png", + "DigitalShadowsBlack3.png", + "DigitalShadowsWhite1.png", + "DigitalShadowsWhite2.png", + "DigitalShadowsWhite3.png" + ], + "version": "1.0.0", + "title": "Digital Shadows", + "templateRelativePath": "DigitalShadows.json", + "subtitle": "", + "provider": "Digital Shadows" + }, + { + "workbookKey": "SalesforceServiceCloudWorkbook", + "logoFileName": "salesforce_logo.svg", + "description": "Sets the time name for analysis.", + "dataTypesDependencies": [ + "SalesforceServiceCloud" + ], + "dataConnectorsDependencies": [ + "SalesforceServiceCloud_CL" + ], + "previewImagesFileNames": [], + "version": "1.0.0", + "title": "Salesforce Service Cloud", + "templateRelativePath": "SalesforceServiceCloud.json", + "subtitle": "", + "provider": "Salesforce" + }, + { + "workbookKey": "NetworkSessionSolution", + "logoFileName": "Azure_Sentinel.svg", + "description": "This workbook is included as part of Network Session Essentials solution and gives a summary of analyzed traffic, helps with threat analysis and investigating suspicious IP’s and traffic analysis. Network Session Essentials Solution also includes playbooks to periodically summarize the logs thus enhancing user experience and improving data search. For the effective usage of workbook, we highly recommend to enable the summarization playbooks that are provided with this solution.", + "dataTypesDependencies": [ + "AWSVPCFlow", + "DeviceNetworkEvents", + "SecurityEvent", + "WindowsEvent", + "CommonSecurityLog", + "Syslog", + "CommonSecurityLog", + "VMConnection", + "AzureDiagnostics", + "AzureDiagnostics", + "CommonSecurityLog", + "Corelight_CL", + "VectraStream", + "CommonSecurityLog", + "CommonSecurityLog", + "Syslog", + "CiscoMerakiNativePoller" + ], + "dataConnectorsDependencies": [ + "AWSS3", + "MicrosoftThreatProtection", + "SecurityEvents", + "WindowsForwardedEvents", + "Zscaler", + "MicrosoftSysmonForLinux", + "PaloAltoNetworks", + "AzureMonitor(VMInsights)", + "AzureFirewall", + "AzureNSG", + "CiscoASA", + "Corelight", + "AIVectraStream", + "CheckPoint", + "Fortinet", + "CiscoMeraki" + ], + "previewImagesFileNames": [], + "version": "1.0.0", + "title": "Network Session Essentials", + "templateRelativePath": "NetworkSessionEssentials.json", + "subtitle": "", + "provider": "Microsoft" + }, + { + "workbookKey": "SAPSODAnalysis", + "logoFileName": "AliterConsulting.svg", + "description": "SAP SOD Analysis", + "dataTypesDependencies": [ + "SAPAuditLog" + ], + "dataConnectorsDependencies": [ + "SAP" + ], + "previewImagesFileNames": [], + "version": "2.0.0", + "title": "SAP SOD Analysis", + "templateRelativePath": "SAP - Segregation of Duties v2.0 (by Aliter Consulting).json", + "subtitle": "", + "provider": "Aliter Consulting" + }, + { + "workbookKey": "TheomWorkbook", + "logoFileName": "theom-logo.svg", + "description": "Theom Alert Statistics", + "dataTypesDependencies": [ + "TheomAlerts_CL" + ], + "dataConnectorsDependencies": [ + "Theom" + ], + "previewImagesFileNames": [ + "TheomWorkbook-black.png", + "TheomWorkbook-white.png" + ], + "version": "1.0.0", + "title": "Theom", + "templateRelativePath": "Theom.json", + "subtitle": "", + "provider": "Theom" + }, + { + "workbookKey": "DynatraceWorkbooks", + "logoFileName": "dynatrace.svg", + "description": "This workbook brings together queries and visualizations to assist you in identifying potential threats surfaced by Dynatrace.", + "dataTypesDependencies": [ + "DynatraceAttacks_CL", + "DynatraceAuditLogs_CL", + "DynatraceProblems_CL", + "DynatraceSecurityProblems_CL" + ], + "dataConnectorsDependencies": [ + "DynatraceAttacks", + "DynatraceAuditLogs", + "DynatraceProblems", + "DynatraceRuntimeVulnerabilities" + ], + "previewImagesFileNames": [ + "DynatraceWorkbookBlack.png", + "DynatraceWorkbookWhite.png" + ], + "version": "2.0.0", + "title": "Dynatrace", + "templateRelativePath": "Dynatrace.json", + "subtitle": "", + "provider": "Dynatrace" + }, + { + "workbookKey": "MDOWorkbook", + "logoFileName": "", + "description": "Gain extensive insight into your organization's Microsoft Defender for Office Activity by analyzing, and correlating events.\nYou can track malware and phishing detection over time.", + "dataTypesDependencies": [ + "SecurityAlert" + ], + "dataConnectorsDependencies": [ + "MicrosoftThreatProtection" + ], + "previewImagesFileNames": [], + "version": "1.0.0", + "title": "Microsoft 365 Defender MDOWorkbook", + "templateRelativePath": "MDO Insights.json", + "subtitle": "", + "provider": "Microsoft" + }, + { + "workbookKey": "AnomaliesVisualizationWorkbook", + "logoFileName": "", + "description": "A workbook that provides contextual information to a user for better insight on Anomalies and their impact. The workbook will help with investigation of anomalies as well as identify patterns that can lead to a threat.", + "dataTypesDependencies": [ + "Anomalies" + ], + "dataConnectorsDependencies": [], + "previewImagesFileNames": [ + "AnomaliesVisualizationWorkbookWhite.png", + "AnomaliesVisualizationWorkbookBlack.png" + ], + "version": "1.0.0", + "title": "AnomaliesVisulization", + "templateRelativePath": "AnomaliesVisualization.json", + "subtitle": "", + "provider": "Microsoft Sentinel Community" + }, + { + "workbookKey": "AnomalyDataWorkbook", + "logoFileName": "", + "description": "A workbook providing details, related Incident, and related Hunting Workbook for a specific Anomaly.", + "dataTypesDependencies": [ + "Anomalies" + ], + "dataConnectorsDependencies": [], + "previewImagesFileNames": [ + "AnomalyDataWorkbookWhite.png", + "AnomalyDataWorkbookBlack.png" + ], + "version": "1.0.0", + "title": "AnomalyData", + "templateRelativePath": "AnomalyData.json", + "subtitle": "", + "provider": "Microsoft Sentinel Community" + }, + { + "workbookKey": "MicrosoftExchangeLeastPrivilegewithRBAC-Online", + "logoFileName": "Azure_Sentinel.svg", + "description": "This Workbook, dedicated to Exchange Online environments is built to have a simple view of non-standard RBAC delegations on an Exchange Online tenant. This Workbook allow you to go deep dive on custom delegation and roles and also members of each delegation, including the nested level and the group imbrication on your environment.", + "dataTypesDependencies": [ + "ESIExchangeOnlineConfig_CL" + ], + "dataConnectorsDependencies": [ + "ESI-ExchangeOnPremisesCollector", + "ESI-ExchangeAdminAuditLogEvents", + "ESI-ExchangeOnlineCollector" + ], + "previewImagesFileNames": [], + "version": "1.0.0", + "title": "Microsoft Exchange Least Privilege with RBAC - Online", + "templateRelativePath": "Microsoft Exchange Least Privilege with RBAC - Online.json", + "subtitle": "", + "provider": "Microsoft" + }, + { + "workbookKey": "MicrosoftExchangeLeastPrivilegewithRBAC", + "logoFileName": "Azure_Sentinel.svg", + "description": "This Workbook, dedicated to On-Premises environments is built to have a simple view of non-standard RBAC delegations on an On-Premises Exchange environment. This Workbook allow you to go deep dive on custom delegation and roles and also members of each delegation, including the nested level and the group imbrication on your environment.", + "dataTypesDependencies": [ + "ESIExchangeOnlineConfig_CL" + ], + "dataConnectorsDependencies": [ + "ESI-ExchangeOnPremisesCollector", + "ESI-ExchangeAdminAuditLogEvents", + "ESI-ExchangeOnlineCollector" + ], + "previewImagesFileNames": [], + "version": "1.0.0", + "title": "Microsoft Exchange Least Privilege with RBAC", + "templateRelativePath": "Microsoft Exchange Least Privilege with RBAC.json", + "subtitle": "", + "provider": "Microsoft" + }, + { + "workbookKey": "MicrosoftExchangeSearchAdminAuditLog", + "logoFileName": "Azure_Sentinel.svg", + "description": "This workbook is dedicated to On-Premises Exchange organizations. It uses the MSExchange Management event logs to give you a simple way to view administrators’ activities in your Exchange environment with Cmdlets usage statistics and multiple pivots to understand who and/or what is affected to modifications on your environment.", + "dataTypesDependencies": [ + "ESIExchangeOnlineConfig_CL" + ], + "dataConnectorsDependencies": [ + "ESI-ExchangeOnPremisesCollector", + "ESI-ExchangeAdminAuditLogEvents", + "ESI-ExchangeOnlineCollector" + ], + "previewImagesFileNames": [], + "version": "1.0.0", + "title": "Microsoft Exchange Search AdminAuditLog", + "templateRelativePath": "Microsoft Exchange Search AdminAuditLog.json", + "subtitle": "", + "provider": "Microsoft" + }, + { + "workbookKey": "MicrosoftExchangeSecurityMonitoring", + "logoFileName": "Azure_Sentinel.svg", + "description": "This Workbook is dedicated to On-Premises Exchange organizations. It uses the MSExchange Management event logs and Microsoft Exchange Security configuration collected by data connectors. It helps to track admin actions, especially on VIP Users and/or on Sensitive Cmdlets. This workbook allows also to list Exchange Services changes, local account activities and local logon on Exchange Servers.", + "dataTypesDependencies": [ + "ESIExchangeOnlineConfig_CL" + ], + "dataConnectorsDependencies": [ + "ESI-ExchangeOnPremisesCollector", + "ESI-ExchangeAdminAuditLogEvents", + "ESI-ExchangeOnlineCollector" + ], + "previewImagesFileNames": [], + "version": "1.0.0", + "title": "Microsoft Exchange Admin Activity", + "templateRelativePath": "Microsoft Exchange Admin Activity.json", + "subtitle": "", + "provider": "Microsoft" + }, + { + "workbookKey": "MicrosoftExchangeSecurityReview-Online", + "logoFileName": "Azure_Sentinel.svg", + "description": "This Workbook is dedicated to Exchange Online tenants. It displays and highlights current Security configuration on various Exchange components specific to Online including delegations, the transport configuration and the linked security risks, and risky protocols.", + "dataTypesDependencies": [ + "ESIExchangeOnlineConfig_CL" + ], + "dataConnectorsDependencies": [ + "ESI-ExchangeOnPremisesCollector", + "ESI-ExchangeAdminAuditLogEvents", + "ESI-ExchangeOnlineCollector" + ], + "previewImagesFileNames": [], + "version": "1.0.0", + "title": "Microsoft Exchange Security Review - Online", + "templateRelativePath": "Microsoft Exchange Security Review - Online.json", + "subtitle": "", + "provider": "Microsoft" + }, + { + "workbookKey": "MicrosoftExchangeSecurityReview", + "logoFileName": "Azure_Sentinel.svg", + "description": "This Workbook is dedicated to On-Premises Exchange organizations. It displays and highlights current Security configuration on various Exchange components including delegations, rights on databases, Exchange and most important AD Groups with members including nested groups, local administrators of servers. This workbook helps also to understand the transport configuration and the linked security risks.", + "dataTypesDependencies": [ + "ESIExchangeOnlineConfig_CL" + ], + "dataConnectorsDependencies": [ + "ESI-ExchangeOnPremisesCollector", + "ESI-ExchangeAdminAuditLogEvents", + "ESI-ExchangeOnlineCollector" + ], + "previewImagesFileNames": [], + "version": "1.0.0", + "title": "Microsoft Exchange Security Review", + "templateRelativePath": "Microsoft Exchange Security Review.json", + "subtitle": "", + "provider": "Microsoft" + }, + { + "workbookKey": "ibossMalwareAndC2Workbook", + "logoFileName": "", + "description": "A workbook providing insights into malware and C2 activity detected by iboss.", + "dataTypesDependencies": [], + "dataConnectorsDependencies": [], + "previewImagesFileNames": [], + "version": "1.0.0", + "title": "iboss Malware and C2", + "templateRelativePath": "ibossMalwareAndC2.json", + "subtitle": "", + "provider": "iboss" + }, + { + "workbookKey": "ibossWebUsageWorkbook", + "logoFileName": "", + "description": "A workbook providing insights into web usage activity detected by iboss.", + "dataTypesDependencies": [], + "dataConnectorsDependencies": [], + "previewImagesFileNames": [], + "version": "1.0.0", + "title": "iboss Web Usage", + "templateRelativePath": "ibossWebUsage.json", + "subtitle": "", + "provider": "iboss" + }, + { + "workbookKey": "Fortiweb-workbook", + "logoFileName": "Azure_Sentinel.svg", + "description": "This workbook depends on a parser based on a Kusto Function to work as expected [**Fortiweb**](https://aka.ms/sentinel-FortiwebDataConnector-parser) which is deployed with the Microsoft Sentinel Solution.", + "dataTypesDependencies": [ + "CommonSecurityLog" + ], + "dataConnectorsDependencies": [ + "FortinetFortiWeb" + ], + "previewImagesFileNames": [], + "version": "1.0.0", + "title": "Fortiweb-workbook", + "templateRelativePath": "Fortiweb-workbook.json", + "subtitle": "", + "provider": "Microsoft" + }, + { + "workbookKey": "ReversingLabs-CapabilitiesOverview", + "logoFileName": "reversinglabs.svg", + "description": "The ReversingLabs-CapabilitiesOverview workbook provides a high level look at your threat intelligence capabilities and how they relate to your operations.", + "dataTypesDependencies": [], + "dataConnectorsDependencies": [], + "previewImagesFileNames": [ + "ReversingLabsTiSummary-White.png", + "ReversingLabsTiSummary-Black.png", + "ReversingLabsOpsSummary-White.png", + "ReversingLabsOpsSummary-Black.png" + ], + "version": "1.1.1", + "title": "ReversingLabs-CapabilitiesOverview", + "templateRelativePath": "ReversingLabs-CapabilitiesOverview.json", + "subtitle": "", + "provider": "ReversingLabs" + }, + { + "workbookKey": "TalonInsights", + "logoFileName": "Talon.svg", + "description": "This workbook provides Talon Security Insights on Log Analytics Query Logs", + "dataTypesDependencies": [], + "dataConnectorsDependencies": [], + "previewImagesFileNames": [ + "TalonInsightsBlack.png", + "TalonInsightsWhite.png" + ], + "version": "2.0.0", + "title": "Talon Insights", + "templateRelativePath": "TalonInsights.json", + "subtitle": "", + "provider": "Talon Security" + }, + { + "workbookKey": "vCenter", + "logoFileName": [], + "description": "This data connector depends on a parser based on Kusto Function **vCenter** to work as expected. [Follow steps to get this Kusto Function](https://aka.ms/sentinel-vCenter-parser)", + "dataTypesDependencies": [ + "vCenter_CL" + ], + "dataConnectorsDependencies": [ + "VMwarevCenter" + ], + "previewImagesFileNames": [], + "version": "1.0.0", + "title": "vCenter", + "templateRelativePath": "vCenter.json", + "subtitle": "", + "provider": "VMware" + }, + { + "workbookKey": "SAP-Monitors-AlertsandPerformance", + "logoFileName": "SAPVMIcon.svg", + "description": "SAP -Monitors- Alerts and Performance", + "dataTypesDependencies": [ + "SAPAuditLog" + ], + "dataConnectorsDependencies": [ + "SAP" + ], + "previewImagesFileNames": [ + "SAPVMIcon.svg" + ], + "version": "2.0.1", + "title": "SAP -Monitors- Alerts and Performance", + "templateRelativePath": "SAP -Monitors- Alerts and Performance.json", + "subtitle": "", + "provider": "Microsoft" + }, + { + "workbookKey": "SAP-SecurityAuditlogandInitialAccess", + "logoFileName": "SAPVMIcon.svg", + "description": "SAP -Security Audit log and Initial Access", + "dataTypesDependencies": [ + "SAPAuditLog" + ], + "dataConnectorsDependencies": [ + "SAP" + ], + "previewImagesFileNames": [ + "SAPVMIcon.svg" + ], + "version": "2.0.1", + "title": "SAP -Security Audit log and Initial Access", + "templateRelativePath": "SAP -Security Audit log and Initial Access.json", + "subtitle": "", + "provider": "Microsoft" + }, + { + "workbookKey": "DNSSolutionWorkbook", + "logoFileName": "", + "description": "This workbook is included as part of the DNS Essentials solution and gives a summary of analyzed DNS traffic. It also helps with threat analysis and investigating suspicious Domains, IPs and DNS traffic. DNS Essentials Solution also includes a playbook to periodically summarize the logs, thus enhancing the user experience and improving data search. For effective usage of workbook, we highly recommend enabling the summarization playbook that is provided with this solution.", + "dataTypesDependencies": [], + "dataConnectorsDependencies": [], + "previewImagesFileNames": [ + "DNSDomainWorkbookWhite.png", + "DNSDomainWorkbookBlack.png" + ], + "version": "1.0.0", + "title": "DNS Solution Workbook", + "templateRelativePath": "DNSSolutionWorkbook.json", + "subtitle": "", + "provider": "Microsoft" + }, + { + "workbookKey": "MicrosoftPowerBIActivityWorkbook", + "logoFileName": "", + "description": "This workbook provides details on Microsoft PowerBI Activity", + "dataTypesDependencies": [ + "PowerBIActivity" + ], + "dataConnectorsDependencies": [ + "Microsoft PowerBI (Preview)" + ], + "previewImagesFileNames": [ + "MicrosoftPowerBIActivityWorkbookBlack.png", + "MicrosoftPowerBIActivityWhite.png" + ], + "version": "1.0.0", + "title": "Microsoft PowerBI Activity Workbook", + "templateRelativePath": "MicrosoftPowerBIActivityWorkbook.json", + "subtitle": "", + "provider": "Microsoft" + }, + { + "workbookKey": "MicrosoftThreatIntelligenceWorkbook", + "logoFileName": "", + "description": "Gain insights into threat indicators ingestion and search for indicators at scale across Microsoft 1st Party, 3rd Party, On-Premises, Hybrid, and Multi-Cloud Workloads. Indicators Search facilitates a simple interface for finding IP, File, Hash, Sender and more across your data. Seamless pivots to correlate indicators with Microsoft Sentinel: Incidents to make your threat intelligence actionable.", + "dataTypesDependencies": [ + "ThreatIntelligenceIndicator", + "SecurityIncident" + ], + "dataConnectorsDependencies": [ + "ThreatIntelligence", + "ThreatIntelligenceTaxii" + ], + "previewImagesFileNames": [ + "ThreatIntelligenceWhite.png", + "ThreatIntelligenceBlack.png" + ], + "version": "1.0.0", + "title": "Threat Intelligence", + "templateRelativePath": "MicrosoftThreatIntelligence.json", + "subtitle": "", + "provider": "Microsoft" + }, + { + "workbookKey": "MicrosoftDefenderForEndPoint", + "logoFileName": "", + "description": "A wokbook to provide details about Microsoft Defender for Endpoint Advance Hunting to Overview & Analyse data brought through M365 Defender Connector.", + "dataTypesDependencies": [], + "dataConnectorsDependencies": [], + "previewImagesFileNames": [ + "microsoftdefenderforendpointwhite.png", + "microsoftdefenderforendpointblack.png" + ], + "version": "1.0.0", + "title": "Microsoft Defender For EndPoint", + "templateRelativePath": "MicrosoftDefenderForEndPoint.json", + "subtitle": "", + "provider": "Microsoft Sentinel Community" + }, + { + "workbookKey": "MicrosoftDefenderForIdentity", + "logoFileName": "", + "description": "Use this workbook to analyse the advance hunting data ingested for Defender For Identity.", + "dataTypesDependencies": [ + "IdentityLogonEvents", + "IdentityQueryEvents", + "IdentityDirectoryEvents", + "SecurityAlert" + ], + "dataConnectorsDependencies": [], + "previewImagesFileNames": [ + "microsoftdefenderforidentityblack.png", + "microsoftdefenderforidentitywhite.png" + ], + "version": "1.0.0", + "title": "Microsoft Defender For Identity", + "templateRelativePath": "MicrosoftDefenderForIdentity.json", + "subtitle": "", + "provider": "Microsoft Sentinel Community" + }, + { + "workbookKey": "EsetProtect", + "logoFileName": "", + "description": "Visualize events and threats from Eset protect.", + "dataTypesDependencies": [ + "ESETPROTECT" + ], + "dataConnectorsDependencies": [ + "ESETPROTECT" + ], + "previewImagesFileNames": [ + "ESETPROTECTBlack.png", + "ESETPROTECTWhite.png" + ], + "version": "1.0.0", + "title": "EsetProtect", + "templateRelativePath": "ESETPROTECT.json", + "subtitle": "", + "provider": "Community" + }, + { + "workbookKey": "CyberArkEPMWorkbook", + "logoFileName": "CyberArk_Logo.svg", + "description": "Sets the time name for analysis", + "dataTypesDependencies": [ + "CyberArkEPM_CL" + ], + "dataConnectorsDependencies": [ + "CyberArkEPM" + ], + "previewImagesFileNames": [ + "CyberArkEPMBlack.png", + "CyberArkEPMWhite.png" + ], + "version": "1.0.0", + "title": "CyberArk EPM", + "templateRelativePath": "CyberArkEPM.json", + "subtitle": "", + "provider": "CyberArk" + }, + { + "workbookKey": "NetskopeWorkbook", + "logoFileName": "Netskope_logo.svg", + "description": "Gain insights and comprehensive monitoring into Netskope events data by analyzing traffic and user activities.\nThis workbook provides insights into various Netskope events types such as Cloud Firewall, Network Private Access, Applications, Security Alerts as well as Web Transactions.\nYou can use this workbook to get visibility in to your Netskope Security Cloud and quickly identify threats, anamolies, traffic patterns, cloud application useage, blocked URL addresses and more.", + "dataTypesDependencies": [ + "Netskope_Events_CL", + "Netskope_Alerts_CL", + "Netskope_WebTX_CL" + ], + "dataConnectorsDependencies": [], + "previewImagesFileNames": [ + "Netskope-ApplicationEvents-Black.png", + "Netskope-ApplicationEvents-White.png", + "Netskope-SecurityAlerts-DLP-Black.png", + "Netskope-SecurityAlerts-DLP-White.png", + "Netskope-NetworkEvents-CFW-Black.png", + "Netskope-NetworkEvents-CFW-White.png", + "Netskope-SecurityAlerts-Malsite-Black.png", + "Netskope-SecurityAlerts-Malsite-White.png", + "Netskope-NetworkEvents-NPA-Black.png", + "Netskope-NetworkEvents-NPA-White.png", + "Netskope-SecurityAlerts-Malware-White.png", + "Netskope-SecurityAlerts-Malware-Black.png", + "Netskope-SecurityAlerts-BehaviorAnalytics-Black.png", + "Netskope-SecurityAlerts-BehaviorAnalytics-White.png", + "Netskope-SecurityAlerts-Overview-Black.png", + "Netskope-SecurityAlerts-Overview-White.png", + "Netskope-SecurityAlerts-CompormisedCredentials-Black.png", + "Netskope-SecurityAlerts-CompromisedCredentials-White.png", + "Netskope-WebTransactions-Black.png", + "Netskope-WebTransactions-White.png" + ], + "version": "1.0", + "title": "Netskope", + "templateRelativePath": "NetskopeEvents.json", + "subtitle": "", + "provider": "Netskope" + }, + { + "workbookKey": "AIShield", + "logoFileName": "", + "description": "Visualize events generated by AIShield. This workbook is dependent on a parser AIShield which is a part of the solution deployment.", + "dataTypesDependencies": [ + "AIShield" + ], + "dataConnectorsDependencies": [ + "AIShield" + ], + "previewImagesFileNames": [ + "AIShieldBlack.png", + "AIShieldWhite.png" + ], + "version": "1.0.0", + "title": "AIShield Workbook", + "templateRelativePath": "AIShield.json", + "subtitle": "", + "provider": "Community" + }, + { + "workbookKey": "AttackSurfaceReduction", + "logoFileName": "M365securityposturelogo.svg", + "description": "This workbook helps you implement the ASR rules of Windows/Defender, and to monitor them over time. The workbook can filter on ASR rules in Audit mode and Block mode.", + "dataTypesDependencies": [ + "DeviceEvents" + ], + "dataConnectorsDependencies": [ + "MicrosoftThreatProtection" + ], + "previewImagesFileNames": [ + "AttackSurfaceReductionWhite.png", + "AttackSurfaceReductionBlack.png" + ], + "version": "1.0.0", + "title": "Attack Surface Reduction Dashboard", + "templateRelativePath": "AttackSurfaceReduction.json", + "subtitle": "", + "provider": "Microsoft Sentinel community" + }, + { + "workbookKey": "IncidentTasksWorkbook", + "logoFileName": "", + "description": "Use this workbook to review and modify existing incidents with tasks. This workbook provides views that higlight incident tasks that are open, closed, or deleted, as well as incidents with tasks that are either owned or unassigned. The workbook also provides SOC metrics around incident task performance, such as percentage of incidents without tasks, average time to close tasks, and more.", + "dataTypesDependencies": [], + "dataConnectorsDependencies": [], + "previewImagesFileNames": [ + "Tasks-Black.png", + "Tasks-White.png" + ], + "version": "1.1.0", + "title": "Incident Tasks Workbook", + "templateRelativePath": "IncidentTasksWorkbook.json", + "subtitle": "", + "provider": "Microsoft", + "support": { + "tier": "Microsoft" + }, + "author": { + "name": "Microsoft Corporation" + }, + "source": { + "kind": "Community" + }, + "categories": { + "domains": [ + "Incident Management", + "SOC Reporting" + ] + } + }, + { + "workbookKey": "NetCleanProActiveWorkbook", + "logoFileName": "NetCleanImpactLogo.svg", + "description": "This workbook provides insights on NetClean ProActive Incidents.", + "dataTypesDependencies": [ + "Netclean_Incidents_CL" + ], + "dataConnectorsDependencies": [ + "Netclean_ProActive_Incidents" + ], + "previewImagesFileNames": [ + "NetCleanProActiveBlack1.png", + "NetCleanProActiveBlack2.png", + "NetCleanProActiveWhite1.png", + "NetCleanProActiveWhite2.png" + ], + "version": "1.0.0", + "title": "NetClean ProActive", + "templateRelativePath": "NetCleanProActiveWorkbook.json", + "subtitle": "", + "provider": "NetClean" + }, + { + "workbookKey": "AutomationHealth", + "logoFileName": "Azure_Sentinel.svg", + "description": "Have a holistic overview of your automation health, gain insights about failures, correlate Microsoft Sentinel health with Logic Apps diagnostics logs and deep dive automation details per incident", + "dataTypesDependencies": [ + "SentinelHealth" + ], + "dataConnectorsDependencies": [], + "previewImagesFileNames": [ + "AutomationHealthBlack.png", + "AutomationHealthWhite.png" + ], + "version": "2.0.0", + "title": "Automation health", + "templateRelativePath": "AutomationHealth.json", + "subtitle": "", + "provider": "Microsoft Sentinel Community" + }, + { + "workbookKey": "SAP-AuditControls", + "logoFileName": "SAPVMIcon.svg", + "description": "SAP -Audit Controls (Preview)", + "dataTypesDependencies": [ + "SAPAuditLog" + ], + "dataConnectorsDependencies": [ + "SAP" + ], + "previewImagesFileNames": [ + "SAPVMIcon.svg" + ], + "version": "1.0.0", + "title": "SAP -Audit Controls (Preview)", + "templateRelativePath": "SAP -Audit Controls (Preview).json", + "subtitle": "", + "provider": "Microsoft" + }, + { + "workbookKey": "ZoomReports", + "logoFileName": "", + "description": "This Workbook provides immediate insight into the data coming from SecurityScorecard’s three Sentinel data connectors: SecurityScorecard Cybersecurity Ratings, SecurityScorecard Cybersecurity Ratings - Factors, and SecurityScorecard Cybersecurity Ratings - Issues.", + "dataTypesDependencies": [ + "SecurityScorecardFactor_CL", + "SecurityScorecardIssues_CL", + "SecurityScorecardRatings_CL" + ], + "dataConnectorsDependencies": [ + "SecurityScorecardFactorAzureFunctions", + "SecurityScorecardIssueAzureFunctions", + "SecurityScorecardRatingsAzureFunctions" + ], + "previewImagesFileNames": [ + "SecurityScorecardBlack1.png", + "SecurityScorecardBlack2.png", + "SecurityScorecardBlack3.png", + "SecurityScorecardBlack4.png", + "SecurityScorecardBlack5.png", + "SecurityScorecardBlack6.png", + "SecurityScorecardWhite1.png", + "SecurityScorecardWhite2.png", + "SecurityScorecardWhite3.png", + "SecurityScorecardWhite4.png", + "SecurityScorecardWhite5.png", + "SecurityScorecardWhite6.png" + ], + "version": "1.0.0", + "title": "SecurityScorecard", + "templateRelativePath": "SecurityScorecardWorkbook.json", + "subtitle": "", + "provider": "SecurityScorecard" + }, + { + "workbookKey": "DigitalShadowsWorkbook", + "logoFileName": "DigitalShadowsLogo.svg", + "description": "test", + "dataTypesDependencies": [ + "DigitalShadows_CL" + ], + "dataConnectorsDependencies": [ + "DigitalShadowsSearchlightAzureFunctions" + ], + "previewImagesFileNames": [ + "DigitalShadowsBlack1.png", + "DigitalShadowsBlack2.png", + "DigitalShadowsBlack3.png", + "DigitalShadowsWhite1.png", + "DigitalShadowsWhite2.png", + "DigitalShadowsWhite3.png" + ], + "version": "1.0.0", + "title": "Zoom Reports", + "templateRelativePath": "ZoomReports.json", + "subtitle": "", + "provider": "42Crunch" + }, + { + "workbookKey": "ForcepointNGFWAdvanced", + "logoFileName": "FPAdvLogo.svg", + "description": "Gain threat intelligence correlated security and application insights on Forcepoint NGFW (Next Generation Firewall). Monitor Forcepoint logging servers health.", + "dataTypesDependencies": [ + "CommonSecurityLog", + "ThreatIntelligenceIndicator" + ], + "dataConnectorsDependencies": [ + "ForcepointNgfw", + "ThreatIntelligence" + ], + "previewImagesFileNames": [ + "ForcepointNGFWAdvancedWhite.png", + "ForcepointNGFWAdvancedBlack.png" + ], + "version": "1.0.0", + "title": "Forcepoint Next Generation Firewall (NGFW) Advanced Workbook", + "templateRelativePath": "ForcepointNGFWAdvanced.json", + "subtitle": "", + "provider": "Forcepoint" + }, + { + "workbookKey": "AzureActivityWorkbook", + "logoFileName": "azureactivity_logo.svg", + "description": "Gain extensive insight into your organization's Azure Activity by analyzing, and correlating all user operations and events.\nYou can learn about all user operations, trends, and anomalous changes over time.\nThis workbook gives you the ability to drill down into caller activities and summarize detected failure and warning events.", + "dataTypesDependencies": [ + "AzureActivity" + ], + "dataConnectorsDependencies": [ + "AzureActivity" + ], + "previewImagesFileNames": [ + "AzureActivityWhite1.png", + "AzureActivityBlack1.png" + ], + "version": "2.0.0", + "title": "Azure Activity", + "templateRelativePath": "AzureActivity.json", + "subtitle": "", + "provider": "Microsoft" + }, + { + "workbookKey": "IdentityAndAccessWorkbook", + "logoFileName": "Microsoft_logo.svg", + "description": "Gain insights into Identity and access operations by collecting and analyzing security logs, using the audit and sign-in logs to gather insights into use of Microsoft products.\nYou can view anomalies and trends across login events from all users and machines. This workbook also identifies suspicious entities from login and access events.", + "dataTypesDependencies": [ + "SecurityEvent" + ], + "dataConnectorsDependencies": [ + "SecurityEvents", + "WindowsSecurityEvents" + ], + "previewImagesFileNames": [ + "IdentityAndAccessWhite.png", + "IdentityAndAccessBlack.png" + ], + "version": "1.1.0", + "title": "Identity & Access", + "templateRelativePath": "IdentityAndAccess.json", + "subtitle": "", + "provider": "Microsoft" + }, + { + "workbookKey": "CheckPointWorkbook", + "logoFileName": "checkpoint_logo.svg", + "description": "Gain insights into Check Point network activities, including number of gateways and servers, security incidents, and identify infected hosts.", + "dataTypesDependencies": [ + "CommonSecurityLog" + ], + "dataConnectorsDependencies": [ + "CheckPoint" + ], + "previewImagesFileNames": [ + "CheckPointWhite.png", + "CheckPointBlack.png" + ], + "version": "1.0.0", + "title": "Check Point Software Technologies", + "templateRelativePath": "CheckPoint.json", + "subtitle": "", + "provider": "Check Point" + }, + { + "workbookKey": "CiscoWorkbook", + "logoFileName": "cisco_logo.svg", + "description": "Gain insights into your Cisco ASA firewalls by analyzing traffic, events, and firewall operations.\nThis workbook analyzes Cisco ASA threat events and identifies suspicious ports, users, protocols and IP addresses.\nYou can learn about trends across user and data traffic directions, and drill down into the Cisco filter results.\nEasily detect attacks on your organization by monitoring management operations, such as configuration and logins.", + "dataTypesDependencies": [ + "CommonSecurityLog" + ], + "dataConnectorsDependencies": [ + "CiscoASA" + ], + "previewImagesFileNames": [ + "CiscoWhite.png", + "CiscoBlack.png" + ], + "version": "1.1.0", + "title": "Cisco - ASA", + "templateRelativePath": "Cisco.json", + "subtitle": "", + "provider": "Microsoft" + }, + { + "workbookKey": "ExchangeOnlineWorkbook", + "logoFileName": "office365_logo.svg", + "description": "Gain insights into Microsoft Exchange online by tracing and analyzing all Exchange operations and user activities.\nThis workbook let you monitor user activities, including logins, account operations, permission changes, and mailbox creations to discover suspicious trends among them.", + "dataTypesDependencies": [ + "OfficeActivity" + ], + "dataConnectorsDependencies": [ + "Office365" + ], + "previewImagesFileNames": [ + "ExchangeOnlineWhite.png", + "ExchangeOnlineBlack.png" + ], + "version": "2.0.0", + "title": "Exchange Online", + "templateRelativePath": "ExchangeOnline.json", + "subtitle": "", + "provider": "Microsoft" + }, + { + "workbookKey": "PaloAltoOverviewWorkbook", + "logoFileName": "paloalto_logo.svg", + "description": "Gain insights and comprehensive monitoring into Palo Alto firewalls by analyzing traffic and activities.\nThis workbook correlates all Palo Alto data with threat events to identify suspicious entities and relationships.\nYou can learn about trends across user and data traffic, and drill down into Palo Alto Wildfire and filter results.", + "dataTypesDependencies": [ + "CommonSecurityLog" + ], + "dataConnectorsDependencies": [ + "PaloAltoNetworks" + ], + "previewImagesFileNames": [ + "PaloAltoOverviewWhite1.png", + "PaloAltoOverviewBlack1.png", + "PaloAltoOverviewWhite2.png", + "PaloAltoOverviewBlack2.png", + "PaloAltoOverviewWhite3.png", + "PaloAltoOverviewBlack3.png" + ], + "version": "1.2.0", + "title": "Palo Alto overview", + "templateRelativePath": "PaloAltoOverview.json", + "subtitle": "", + "provider": "Microsoft" + }, + { + "workbookKey": "PaloAltoNetworkThreatWorkbook", + "logoFileName": "paloalto_logo.svg", + "description": "Gain insights into Palo Alto network activities by analyzing threat events.\nYou can extract meaningful security information by correlating data between threats, applications, and time.\nThis workbook makes it easy to track malware, vulnerability, and virus log events.", + "dataTypesDependencies": [ + "CommonSecurityLog" + ], + "dataConnectorsDependencies": [ + "PaloAltoNetworks" + ], + "previewImagesFileNames": [ + "PaloAltoNetworkThreatWhite1.png", + "PaloAltoNetworkThreatBlack1.png", + "PaloAltoNetworkThreatWhite2.png", + "PaloAltoNetworkThreatBlack2.png" + ], + "version": "1.1.0", + "title": "Palo Alto Network Threat", + "templateRelativePath": "PaloAltoNetworkThreat.json", + "subtitle": "", + "provider": "Palo Alto Networks" + }, + { + "workbookKey": "EsetSMCWorkbook", + "logoFileName": "eset-logo.svg", + "description": "Visualize events and threats from Eset Security Management Center.", + "dataTypesDependencies": [ + "eset_CL" + ], + "dataConnectorsDependencies": [ + "EsetSMC" + ], + "previewImagesFileNames": [ + "esetSMCWorkbook-black.png", + "esetSMCWorkbook-white.png" + ], + "version": "1.0.0", + "title": "Eset Security Management Center Overview", + "templateRelativePath": "esetSMCWorkbook.json", + "subtitle": "", + "provider": "Community" + }, + { + "workbookKey": "FortigateWorkbook", + "logoFileName": "fortinet_logo.svg", + "description": "Gain insights into Fortigate firewalls by analyzing traffic and activities.\nThis workbook finds correlations in Fortigate threat events and identifies suspicious ports, users, protocols and IP addresses.\nYou can learn about trends across user and data traffic, and drill down into the Fortigate filter results.\nEasily detect attacks on your organization by monitoring management operations such as configuration and logins.", + "dataTypesDependencies": [ + "CommonSecurityLog" + ], + "dataConnectorsDependencies": [ + "Fortinet" + ], + "previewImagesFileNames": [ + "FortigateWhite.png", + "FortigateBlack.png" + ], + "version": "1.1.0", + "title": "FortiGate", + "templateRelativePath": "Fortigate.json", + "subtitle": "", + "provider": "Microsoft" + }, + { + "workbookKey": "DnsWorkbook", + "logoFileName": "dns_logo.svg", + "description": "Gain extensive insight into your organization's DNS by analyzing, collecting and correlating all DNS events.\nThis workbook exposes a variety of information about suspicious queries, malicious IP addresses and domain operations.", + "dataTypesDependencies": [ + "DnsInventory", + "DnsEvents" + ], + "dataConnectorsDependencies": [ + "DNS" + ], + "previewImagesFileNames": [ + "DnsWhite.png", + "DnsBlack.png" + ], + "version": "1.3.0", + "title": "DNS", + "templateRelativePath": "Dns.json", + "subtitle": "", + "provider": "Microsoft" + }, + { + "workbookKey": "Office365Workbook", + "logoFileName": "office365_logo.svg", + "description": "Gain insights into Office 365 by tracing and analyzing all operations and activities. You can drill down into your SharePoint, OneDrive, and Exchange.\nThis workbook lets you find usage trends across users, files, folders, and mailboxes, making it easier to identify anomalies in your network.", + "dataTypesDependencies": [ + "OfficeActivity" + ], + "dataConnectorsDependencies": [ + "Office365" + ], + "previewImagesFileNames": [ + "Office365White1.png", + "Office365Black1.png", + "Office365White2.png", + "Office365Black2.png", + "Office365White3.png", + "Office365Black3.png" + ], + "version": "2.0.1", + "title": "Office 365", + "templateRelativePath": "Office365.json", + "subtitle": "", + "provider": "Microsoft" + }, + { + "workbookKey": "SharePointAndOneDriveWorkbook", + "logoFileName": "office365_logo.svg", + "description": "Gain insights into SharePoint and OneDrive by tracing and analyzing all operations and activities.\nYou can view trends across user operation, find correlations between users and files, and identify interesting information such as user IP addresses.", + "dataTypesDependencies": [ + "OfficeActivity" + ], + "dataConnectorsDependencies": [ + "Office365" + ], + "previewImagesFileNames": [ + "SharePointAndOneDriveBlack1.png", + "SharePointAndOneDriveBlack2.png", + "SharePointAndOneDriveWhite1.png", + "SharePointAndOneDriveWhite2.png" + ], + "version": "2.0.0", + "title": "SharePoint & OneDrive", + "templateRelativePath": "SharePointAndOneDrive.json", + "subtitle": "", + "provider": "Microsoft" + }, + { + "workbookKey": "AzureActiveDirectorySigninLogsWorkbook", + "logoFileName": "azureactivedirectory_logo.svg", + "description": "Gain insights into Azure Active Directory by connecting Microsoft Sentinel and using the sign-in logs to gather insights around Azure AD scenarios. \nYou can learn about sign-in operations, such as user sign-ins and locations, email addresses, and IP addresses of your users, as well as failed activities and the errors that triggered the failures.", + "dataTypesDependencies": [ + "SigninLogs" + ], + "dataConnectorsDependencies": [ + "AzureActiveDirectory" + ], + "previewImagesFileNames": [ + "AADsigninBlack1.png", + "AADsigninBlack2.png", + "AADsigninWhite1.png", + "AADsigninWhite2.png" + ], + "version": "2.4.0", + "title": "Azure AD Sign-in logs", + "templateRelativePath": "AzureActiveDirectorySignins.json", + "subtitle": "", + "provider": "Microsoft" + }, + { + "workbookKey": "VirtualMachinesInsightsWorkbook", + "logoFileName": "azurevirtualmachine_logo.svg", + "description": "Gain rich insight into your organization's virtual machines from Azure Monitor, which analyzes and correlates data in your VM network. \nYou will get visibility on your VM parameters and behavior, and will be able to trace sent and received data. \nIdentify malicious attackers and their targets, and drill down into the protocols, source and destination IP addresses, countries, and ports the attacks occur across.", + "dataTypesDependencies": [ + "VMConnection", + "ServiceMapComputer_CL", + "ServiceMapProcess_CL" + ], + "dataConnectorsDependencies": [], + "previewImagesFileNames": [ + "VMInsightBlack1.png", + "VMInsightWhite1.png" + ], + "version": "1.3.0", + "title": "VM insights", + "templateRelativePath": "VirtualMachinesInsights.json", + "subtitle": "", + "provider": "Microsoft" + }, + { + "workbookKey": "AzureActiveDirectoryAuditLogsWorkbook", + "logoFileName": "azureactivedirectory_logo.svg", + "description": "Gain insights into Azure Active Directory by connecting Microsoft Sentinel and using the audit logs to gather insights around Azure AD scenarios. \nYou can learn about user operations, including password and group management, device activities, and top active users and apps.", + "dataTypesDependencies": [ + "AuditLogs" + ], + "dataConnectorsDependencies": [ + "AzureActiveDirectory" + ], + "previewImagesFileNames": [ + "AzureADAuditLogsBlack1.png", + "AzureADAuditLogsWhite1.png" + ], + "version": "1.2.0", + "title": "Azure AD Audit logs", + "templateRelativePath": "AzureActiveDirectoryAuditLogs.json", + "subtitle": "", + "provider": "Microsoft" + }, + { + "workbookKey": "ThreatIntelligenceWorkbook", + "logoFileName": "", + "description": "Gain insights into threat indicators ingestion and search for indicators at scale across Microsoft 1st Party, 3rd Party, On-Premises, Hybrid, and Multi-Cloud Workloads. Indicators Search facilitates a simple interface for finding IP, File, Hash, Sender and more across your data. Seamless pivots to correlate indicators with Microsoft Sentinel: Incidents to make your threat intelligence actionable.", + "dataTypesDependencies": [ + "ThreatIntelligenceIndicator", + "SecurityIncident" + ], + "dataConnectorsDependencies": [ + "ThreatIntelligence", + "ThreatIntelligenceTaxii" + ], + "previewImagesFileNames": [ + "ThreatIntelligenceWhite.png", + "ThreatIntelligenceBlack.png" + ], + "version": "5.0.0", + "title": "Threat Intelligence", + "templateRelativePath": "ThreatIntelligence.json", + "subtitle": "", + "provider": "Microsoft" + }, + { + "workbookKey": "WebApplicationFirewallOverviewWorkbook", + "logoFileName": "waf_logo.svg", + "description": "Gain insights into your organization's Azure web application firewall (WAF). You will get a general overview of your application gateway firewall and application gateway access events.", + "dataTypesDependencies": [ + "AzureDiagnostics" + ], + "dataConnectorsDependencies": [ + "WAF" + ], + "previewImagesFileNames": [ + "WAFOverviewBlack.png", + "WAFOverviewWhite.png" + ], + "version": "1.1.0", + "title": "Microsoft Web Application Firewall (WAF) - overview", + "templateRelativePath": "WebApplicationFirewallOverview.json", + "subtitle": "", + "provider": "Microsoft" + }, + { + "workbookKey": "WebApplicationFirewallFirewallEventsWorkbook", + "logoFileName": "waf_logo.svg", + "description": "Gain insights into your organization's Azure web application firewall (WAF). You will get visibility in to your application gateway firewall. You can view anomalies and trends across all firewall event triggers, attack events, blocked URL addresses and more.", + "dataTypesDependencies": [ + "AzureDiagnostics" + ], + "dataConnectorsDependencies": [ + "WAF" + ], + "previewImagesFileNames": [ + "WAFFirewallEventsBlack1.png", + "WAFFirewallEventsBlack2.png", + "WAFFirewallEventsWhite1.png", + "WAFFirewallEventsWhite2.png" + ], + "version": "1.1.0", + "title": "Microsoft Web Application Firewall (WAF) - firewall events", + "templateRelativePath": "WebApplicationFirewallFirewallEvents.json", + "subtitle": "", + "provider": "Microsoft" + }, + { + "workbookKey": "WebApplicationFirewallGatewayAccessEventsWorkbook", + "logoFileName": "waf_logo.svg", + "description": "Gain insights into your organization's Azure web application firewall (WAF). You will get visibility in to your application gateway access events. You can view anomalies and trends across received and sent data, client IP addresses, URL addresses and more, and drill down into details.", + "dataTypesDependencies": [ + "AzureDiagnostics" + ], + "dataConnectorsDependencies": [ + "WAF" + ], + "previewImagesFileNames": [ + "WAFGatewayAccessEventsBlack1.png", + "WAFGatewayAccessEventsBlack2.png", + "WAFGatewayAccessEventsWhite1.png", + "WAFGatewayAccessEventsWhite2.png" + ], + "version": "1.2.0", + "title": "Microsoft Web Application Firewall (WAF) - gateway access events", + "templateRelativePath": "WebApplicationFirewallGatewayAccessEvents.json", + "subtitle": "", + "provider": "Microsoft" + }, + { + "workbookKey": "LinuxMachinesWorkbook", + "logoFileName": "azurevirtualmachine_logo.svg", + "description": "Gain insights into your workspaces' Linux machines by connecting Microsoft Sentinel and using the logs to gather insights around Linux events and errors.", + "dataTypesDependencies": [ + "Syslog" + ], + "dataConnectorsDependencies": [ + "Syslog" + ], + "previewImagesFileNames": [ + "LinuxMachinesWhite.png", + "LinuxMachinesBlack.png" + ], + "version": "1.1.0", + "title": "Linux machines", + "templateRelativePath": "LinuxMachines.json", + "subtitle": "", + "provider": "Microsoft" + }, + { + "workbookKey": "AzureFirewallWorkbook", + "logoFileName": "AzFirewalls.svg", + "description": "Gain insights into Azure Firewall events. You can learn about your application and network rules, see metrics for firewall activities across URLs, ports, and addresses across multiple workspaces.", + "dataTypesDependencies": [ + "AzureDiagnostics" + ], + "dataConnectorsDependencies": [ + "AzureFirewall" + ], + "previewImagesFileNames": [ + "AzureFirewallWorkbookWhite1.PNG", + "AzureFirewallWorkbookBlack1.PNG", + "AzureFirewallWorkbookWhite2.PNG", + "AzureFirewallWorkbookBlack2.PNG", + "AzureFirewallWorkbookWhite3.PNG", + "AzureFirewallWorkbookBlack3.PNG", + "AzureFirewallWorkbookWhite4.PNG", + "AzureFirewallWorkbookBlack4.PNG", + "AzureFirewallWorkbookWhite5.PNG", + "AzureFirewallWorkbookBlack5.PNG" + ], + "version": "1.3.0", + "title": "Azure Firewall", + "templateRelativePath": "AzureFirewallWorkbook.json", + "subtitle": "", + "provider": "Microsoft" + }, + { + "workbookKey": "AzureDDoSStandardProtection", + "logoFileName": "AzDDoS.svg", + "description": "This workbook visualizes security-relevant Azure DDoS events across several filterable panels. Offering a summary tab, metrics and a investigate tabs across multiple workspaces.", + "dataTypesDependencies": [ + "AzureDiagnostics" + ], + "dataConnectorsDependencies": [ + "DDOS" + ], + "previewImagesFileNames": [ + "AzureDDoSWhite1.PNG", + "AzureDDoSBlack1.PNG", + "AzureDDoSWhite2.PNG", + "AzureDDoSBlack2.PNG", + "AzureDDoSWhite2.PNG", + "AzureDDoSBlack2.PNG" + ], + "version": "1.0.2", + "title": "Azure DDoS Protection Workbook", + "templateRelativePath": "AzDDoSStandardWorkbook.json", + "subtitle": "", + "provider": "Microsoft" + }, + { + "workbookKey": "MicrosoftCloudAppSecurityWorkbook", + "logoFileName": "Microsoft_logo.svg", + "description": "Using this workbook, you can identify which cloud apps are being used in your organization, gain insights from usage trends and drill down to a specific user and application.", + "dataTypesDependencies": [ + "McasShadowItReporting" + ], + "dataConnectorsDependencies": [ + "MicrosoftCloudAppSecurity" + ], + "previewImagesFileNames": [ + "McasDiscoveryBlack.png", + "McasDiscoveryWhite.png" + ], + "version": "1.2.0", + "title": "Microsoft Cloud App Security - discovery logs", + "templateRelativePath": "MicrosoftCloudAppSecurity.json", + "subtitle": "", + "provider": "Microsoft" + }, + { + "workbookKey": "F5BIGIPSytemMetricsWorkbook", + "logoFileName": "f5_logo.svg", + "description": "Gain insight into F5 BIG-IP health and performance. This workbook provides visibility of various metrics including CPU, memory, connectivity, throughput and disk utilization.", + "dataTypesDependencies": [ + "F5Telemetry_system_CL", + "F5Telemetry_AVR_CL" + ], + "dataConnectorsDependencies": [ + "F5BigIp" + ], + "previewImagesFileNames": [ + "F5SMBlack.png", + "F5SMWhite.png" + ], + "version": "1.1.0", + "title": "F5 BIG-IP System Metrics", + "templateRelativePath": "F5BIGIPSystemMetrics.json", + "subtitle": "", + "provider": "F5 Networks" + }, + { + "workbookKey": "F5NetworksWorkbook", + "logoFileName": "f5_logo.svg", + "description": "Gain insights into F5 BIG-IP Application Security Manager (ASM), by analyzing traffic and activities.\nThis workbook provides insight into F5's web application firewall events and identifies attack traffic patterns across multiple ASM instances as well as overall BIG-IP health.", + "dataTypesDependencies": [ + "F5Telemetry_LTM_CL", + "F5Telemetry_system_CL", + "F5Telemetry_ASM_CL" + ], + "dataConnectorsDependencies": [ + "F5BigIp" + ], + "previewImagesFileNames": [ + "F5White.png", + "F5Black.png" + ], + "version": "1.1.0", + "title": "F5 BIG-IP ASM", + "templateRelativePath": "F5Networks.json", + "subtitle": "", + "provider": "F5 Networks" + }, + { + "workbookKey": "AzureNetworkWatcherWorkbook", + "logoFileName": "networkwatcher_logo.svg", + "description": "Gain deeper understanding of your organization's Azure network traffic by analyzing, and correlating Network Security Group flow logs. \nYou can trace malicious traffic flows, and drill down into their protocols, source and destination IP addresses, machines, countries, and subnets. \nThis workbook also helps you protect your network by identifying weak NSG rules.", + "dataTypesDependencies": [ + "AzureNetworkAnalytics_CL" + ], + "dataConnectorsDependencies": [], + "previewImagesFileNames": [ + "AzureNetworkWatcherWhite.png", + "AzureNetworkWatcherBlack.png" + ], + "version": "1.1.0", + "title": "Azure Network Watcher", + "templateRelativePath": "AzureNetworkWatcher.json", + "subtitle": "", + "provider": "Microsoft" + }, + { + "workbookKey": "ZscalerFirewallWorkbook", + "logoFileName": "zscaler_logo.svg", + "description": "Gain insights into your ZIA cloud firewall logs by connecting to Microsoft Sentinel.\nThe Zscaler firewall overview workbook provides an overview and ability to drill down into all cloud firewall activity in your Zscaler instance including non-web related networking events, security events, firewall rules, and bandwidth consumption", + "dataTypesDependencies": [ + "CommonSecurityLog" + ], + "dataConnectorsDependencies": [ + "Zscaler" + ], + "previewImagesFileNames": [ + "ZscalerFirewallWhite1.png", + "ZscalerFirewallBlack1.png", + "ZscalerFirewallWhite2.png", + "ZscalerFirewallBlack2.png" + ], + "version": "1.1.0", + "title": "Zscaler Firewall", + "templateRelativePath": "ZscalerFirewall.json", + "subtitle": "", + "provider": "Zscaler" + }, + { + "workbookKey": "ZscalerWebOverviewWorkbook", + "logoFileName": "zscaler_logo.svg", + "description": "Gain insights into your ZIA web logs by connecting to Microsoft Sentinel.\nThe Zscaler web overview workbook provides a bird's eye view and ability to drill down into all the security and networking events related to web transactions, types of devices, and bandwidth consumption.", + "dataTypesDependencies": [ + "CommonSecurityLog" + ], + "dataConnectorsDependencies": [ + "Zscaler" + ], + "previewImagesFileNames": [ + "ZscalerWebOverviewWhite.png", + "ZscalerWebOverviewBlack.png" + ], + "version": "1.1.0", + "title": "Zscaler Web Overview", + "templateRelativePath": "ZscalerWebOverview.json", + "subtitle": "", + "provider": "Zscaler" + }, + { + "workbookKey": "ZscalerThreatsOverviewWorkbook", + "logoFileName": "zscaler_logo.svg", + "description": "Gain insights into threats blocked by Zscaler Internet access on your network.\nThe Zscaler threat overview workbook shows your entire threat landscape including blocked malware, IPS/AV rules, and blocked cloud apps. Threats are displayed by threat categories, filetypes, inbound vs outbound threats, usernames, user location, and more.", + "dataTypesDependencies": [ + "CommonSecurityLog" + ], + "dataConnectorsDependencies": [ + "Zscaler" + ], + "previewImagesFileNames": [ + "ZscalerThreatsWhite.png", + "ZscalerThreatsBlack.png" + ], + "version": "1.2.0", + "title": "Zscaler Threats", + "templateRelativePath": "ZscalerThreats.json", + "subtitle": "", + "provider": "Zscaler" + }, + { + "workbookKey": "ZscalerOffice365AppsWorkbook", + "logoFileName": "zscaler_logo.svg", + "description": "Gain insights into Office 365 use on your network.\nThe Zscaler Office 365 overview workbook shows you the Microsoft apps running on your network and their individual bandwidth consumption. It also helps identify phishing attempts in which attackers disguised themselves as Microsoft services.", + "dataTypesDependencies": [ + "CommonSecurityLog" + ], + "dataConnectorsDependencies": [ + "Zscaler" + ], + "previewImagesFileNames": [ + "ZscalerOffice365White.png", + "ZscalerOffice365Black.png" + ], + "version": "1.1.0", + "title": "Zscaler Office365 Apps", + "templateRelativePath": "ZscalerOffice365Apps.json", + "subtitle": "", + "provider": "Zscaler" + }, + { + "workbookKey": "InsecureProtocolsWorkbook", + "logoFileName": "Microsoft_logo.svg", + "description": "Gain insights into insecure protocol traffic by collecting and analyzing security events from Microsoft products.\nYou can view analytics and quickly identify use of weak authentication as well as sources of legacy protocol traffic, like NTLM and SMBv1.\nYou will also have the ability to monitor use of weak ciphers, allowing you to find weak spots in your organization's security.", + "dataTypesDependencies": [ + "SecurityEvent", + "Event", + "SigninLogs" + ], + "dataConnectorsDependencies": [ + "SecurityEvents", + "AzureActiveDirectory", + "WindowsSecurityEvents" + ], + "previewImagesFileNames": [ + "InsecureProtocolsWhite1.png", + "InsecureProtocolsBlack1.png", + "InsecureProtocolsWhite2.png", + "InsecureProtocolsBlack2.png" + ], + "version": "2.1.0", + "title": "Insecure Protocols", + "templateRelativePath": "InsecureProtocols.json", + "subtitle": "", + "provider": "Microsoft" + }, + { + "workbookKey": "AmazonWebServicesNetworkActivitiesWorkbook", + "logoFileName": "amazon_web_services_Logo.svg", + "description": "Gain insights into AWS network related resource activities, including the creation, update, and deletions of security groups, network ACLs and routes, gateways, elastic load balancers, VPCs, subnets, and network interfaces.", + "dataTypesDependencies": [ + "AWSCloudTrail" + ], + "dataConnectorsDependencies": [ + "AWS" + ], + "previewImagesFileNames": [ + "AwsNetworkActivitiesWhite.png", + "AwsNetworkActivitiesBlack.png" + ], + "version": "1.0.0", + "title": "AWS Network Activities", + "templateRelativePath": "AmazonWebServicesNetworkActivities.json", + "subtitle": "", + "provider": "Microsoft" + }, + { + "workbookKey": "AmazonWebServicesUserActivitiesWorkbook", + "logoFileName": "amazon_web_services_Logo.svg", + "description": "Gain insights into AWS user activities, including failed sign-in attempts, IP addresses, regions, user agents, and identity types, as well as potential malicious user activities with assumed roles.", + "dataTypesDependencies": [ + "AWSCloudTrail" + ], + "dataConnectorsDependencies": [ + "AWS" + ], + "previewImagesFileNames": [ + "AwsUserActivitiesWhite.png", + "AwsUserActivitiesBlack.png" + ], + "version": "1.0.0", + "title": "AWS User Activities", + "templateRelativePath": "AmazonWebServicesUserActivities.json", + "subtitle": "", + "provider": "Microsoft" + }, + { + "workbookKey": "TrendMicroDeepSecurityAttackActivityWorkbook", + "logoFileName": "trendmicro_logo.svg", + "description": "Visualize and gain insights into the MITRE ATT&CK related activity detected by Trend Micro Deep Security.", + "dataTypesDependencies": [ + "CommonSecurityLog" + ], + "dataConnectorsDependencies": [ + "TrendMicro" + ], + "previewImagesFileNames": [ + "TrendMicroDeepSecurityAttackActivityWhite.png", + "TrendMicroDeepSecurityAttackActivityBlack.png" + ], + "version": "1.0.0", + "title": "Trend Micro Deep Security ATT&CK Related Activity", + "templateRelativePath": "TrendMicroDeepSecurityAttackActivity.json", + "subtitle": "", + "provider": "Trend Micro" + }, + { + "workbookKey": "TrendMicroDeepSecurityOverviewWorkbook", + "logoFileName": "trendmicro_logo.svg", + "description": "Gain insights into your Trend Micro Deep Security security event data by visualizing your Deep Security Anti-Malware, Firewall, Integrity Monitoring, Intrusion Prevention, Log Inspection, and Web Reputation event data.", + "dataTypesDependencies": [ + "CommonSecurityLog" + ], + "dataConnectorsDependencies": [ + "TrendMicro" + ], + "previewImagesFileNames": [ + "TrendMicroDeepSecurityOverviewWhite1.png", + "TrendMicroDeepSecurityOverviewBlack1.png", + "TrendMicroDeepSecurityOverviewWhite2.png", + "TrendMicroDeepSecurityOverviewBlack2.png" + ], + "version": "1.0.0", + "title": "Trend Micro Deep Security Events", + "templateRelativePath": "TrendMicroDeepSecurityOverview.json", + "subtitle": "", + "provider": "Trend Micro" + }, + { + "workbookKey": "ExtraHopDetectionSummaryWorkbook", + "logoFileName": "extrahop_logo.svg", + "description": "Gain insights into ExtraHop Reveal(x) detections by analyzing traffic and activities.\nThis workbook provides an overview of security detections in your organization's network, including high-risk detections and top participants.", + "dataTypesDependencies": [ + "CommonSecurityLog" + ], + "dataConnectorsDependencies": [ + "ExtraHopNetworks" + ], + "previewImagesFileNames": [ + "ExtrahopWhite.png", + "ExtrahopBlack.png" + ], + "version": "1.0.0", + "title": "ExtraHop", + "templateRelativePath": "ExtraHopDetectionSummary.json", + "subtitle": "", + "provider": "ExtraHop Networks" + }, + { + "workbookKey": "BarracudaCloudFirewallWorkbook", + "logoFileName": "barracuda_logo.svg", + "description": "Gain insights into your Barracuda CloudGen Firewall by analyzing firewall operations and events.\nThis workbook provides insights into rule enforcement, network activities, including number of connections, top users, and helps you identify applications that are popular on your network.", + "dataTypesDependencies": [ + "CommonSecurityLog", + "Syslog" + ], + "dataConnectorsDependencies": [ + "BarracudaCloudFirewall" + ], + "previewImagesFileNames": [ + "BarracudaWhite1.png", + "BarracudaBlack1.png", + "BarracudaWhite2.png", + "BarracudaBlack2.png" + ], + "version": "1.0.0", + "title": "Barracuda CloudGen FW", + "templateRelativePath": "Barracuda.json", + "subtitle": "", + "provider": "Barracuda" + }, + { + "workbookKey": "CitrixWorkbook", + "logoFileName": "citrix_logo.svg", + "description": "Citrix Analytics for Security aggregates and correlates information across network traffic, users, files and endpoints in Citrix environments. This generates actionable insights that enable Citrix administrators and security teams to remediate user security threats through automation while optimizing IT operations. Machine learning and artificial intelligence empowers Citrix Analytics for Security to identify and take automated action to prevent data exfiltration. While delivered as a cloud service, Citrix Analytics for Security can generate insights from resources located on-premises, in the cloud, or in hybrid architectures. The Citrix Analytics Workbook further enhances the value of both your Citrix Analytics for Security and Microsoft Sentinel. The Workbook enables you to integrate data sources together, helping you gain even richer insights. It also gives Security Operations (SOC) teams the ability to correlate data from disparate logs, helping you identify and proactively remediate security risk quickly. Additionally, valuable dashboards that were unique to the Citrix Analytics for Security can now be implemented in Sentinel. You can also create new custom Workbooks that were not previously available, helping extend the value of both investments.", + "dataTypesDependencies": [ + "CitrixAnalytics_userProfile_CL", + "CitrixAnalytics_riskScoreChange_CL", + "CitrixAnalytics_indicatorSummary_CL", + "CitrixAnalytics_indicatorEventDetails_CL" + ], + "dataConnectorsDependencies": [ + "Citrix" + ], + "previewImagesFileNames": [ + "CitrixWhite.png", + "CitrixBlack.png" + ], + "version": "2.1.0", + "title": "Citrix Analytics", + "templateRelativePath": "Citrix.json", + "subtitle": "", + "provider": "Citrix Systems Inc." + }, + { + "workbookKey": "OneIdentityWorkbook", + "logoFileName": "oneIdentity_logo.svg", + "description": "This simple workbook gives an overview of sessions going through your SafeGuard for Privileged Sessions device.", + "dataTypesDependencies": [ + "CommonSecurityLog" + ], + "dataConnectorsDependencies": [ + "OneIdentity" + ], + "previewImagesFileNames": [ + "OneIdentityWhite.png", + "OneIdentityBlack.png" + ], + "version": "1.0.0", + "title": "One Identity", + "templateRelativePath": "OneIdentity.json", + "subtitle": "", + "provider": "One Identity LLC." + }, + { + "workbookKey": "SecurityStatusWorkbook", + "logoFileName": "", + "description": "This workbook gives an overview of Security Settings for VMs and Azure Arc.", + "dataTypesDependencies": [ + "CommonSecurityLog", + "SecurityEvent", + "Syslog" + ], + "dataConnectorsDependencies": [], + "previewImagesFileNames": [ + "AzureSentinelSecurityStatusBlack.png", + "AzureSentinelSecurityStatusWhite.png" + ], + "version": "1.3.0", + "title": "Security Status", + "templateRelativePath": "SecurityStatus.json", + "subtitle": "", + "provider": "Microsoft" + }, + { + "workbookKey": "AzureSentinelSecurityAlertsWorkbook", + "logoFileName": "Azure_Sentinel.svg", + "description": "Security Alerts dashboard for alerts in your Microsoft Sentinel environment.", + "dataTypesDependencies": [ + "SecurityAlert" + ], + "dataConnectorsDependencies": [], + "previewImagesFileNames": [ + "AzureSentinelSecurityAlertsWhite.png", + "AzureSentinelSecurityAlertsBlack.png" + ], + "version": "1.1.0", + "title": "Security Alerts", + "templateRelativePath": "AzureSentinelSecurityAlerts.json", + "subtitle": "", + "provider": "Microsoft" + }, + { + "workbookKey": "SquadraTechnologiesSecRMMWorkbook", + "logoFileName": "SquadraTechnologiesLogo.svg", + "description": "This workbook gives an overview of security data for removable storage activity such as USB thumb drives and USB connected mobile devices.", + "dataTypesDependencies": [ + "secRMM_CL" + ], + "dataConnectorsDependencies": [ + "SquadraTechnologiesSecRmm" + ], + "previewImagesFileNames": [ + "SquadraTechnologiesSecRMMWhite.PNG", + "SquadraTechnologiesSecRMMBlack.PNG" + ], + "version": "1.0.0", + "title": "Squadra Technologies SecRMM - USB removable storage security", + "templateRelativePath": "SquadraTechnologiesSecRMM.json", + "subtitle": "", + "provider": "Squadra Technologies" + }, + { + "workbookKey": "IoT-Alerts", + "logoFileName": "IoTIcon.svg", + "description": "Gain insights into your IoT data workloads from Azure IoT Hub managed deployments, monitor alerts across all your IoT Hub deployments, detect devices at risk and act upon potential threats.", + "dataTypesDependencies": [ + "SecurityAlert" + ], + "dataConnectorsDependencies": [ + "IoT" + ], + "previewImagesFileNames": [ + "IOTBlack1.png", + "IOTWhite1.png" + ], + "version": "1.2.0", + "title": "Azure Defender for IoT Alerts", + "templateRelativePath": "IOT_Alerts.json", + "subtitle": "", + "provider": "Microsoft" + }, + { + "workbookKey": "IoTAssetDiscovery", + "logoFileName": "IoTIcon.svg", + "description": "IoT Devices asset discovery from Firewall logs By Azure Defender for IoT", + "dataTypesDependencies": [ + "CommonSecurityLog" + ], + "dataConnectorsDependencies": [ + "Fortinet" + ], + "previewImagesFileNames": [ + "workbook-iotassetdiscovery-screenshot-Black.PNG", + "workbook-iotassetdiscovery-screenshot-White.PNG" + ], + "version": "1.0.0", + "title": "IoT Asset Discovery", + "templateRelativePath": "IoTAssetDiscovery.json", + "subtitle": "", + "provider": "Microsoft" + }, + { + "workbookKey": "ForcepointCASBWorkbook", + "logoFileName": "FP_Green_Emblem_RGB-01.svg", + "description": "Get insights on user risk with the Forcepoint CASB (Cloud Access Security Broker) workbook.", + "dataTypesDependencies": [ + "CommonSecurityLog" + ], + "dataConnectorsDependencies": [ + "ForcepointCasb" + ], + "previewImagesFileNames": [ + "ForcepointCASBWhite.png", + "ForcepointCASBBlack.png" + ], + "version": "1.0.0", + "title": "Forcepoint Cloud Access Security Broker (CASB)", + "templateRelativePath": "ForcepointCASB.json", + "subtitle": "", + "provider": "Forcepoint" + }, + { + "workbookKey": "ForcepointNGFWWorkbook", + "logoFileName": "FP_Green_Emblem_RGB-01.svg", + "description": "Get insights on firewall activities with the Forcepoint NGFW (Next Generation Firewall) workbook.", + "dataTypesDependencies": [ + "CommonSecurityLog" + ], + "dataConnectorsDependencies": [ + "ForcepointNgfw" + ], + "previewImagesFileNames": [ + "ForcepointNGFWWhite.png", + "ForcepointNGFWBlack.png" + ], + "version": "1.0.0", + "title": "Forcepoint Next Generation Firewall (NGFW)", + "templateRelativePath": "ForcepointNGFW.json", + "subtitle": "", + "provider": "Forcepoint" + }, + { + "workbookKey": "ForcepointDLPWorkbook", + "logoFileName": "FP_Green_Emblem_RGB-01.svg", + "description": "Get insights on DLP incidents with the Forcepoint DLP (Data Loss Prevention) workbook.", + "dataTypesDependencies": [ + "ForcepointDLPEvents_CL" + ], + "dataConnectorsDependencies": [ + "ForcepointDlp" + ], + "previewImagesFileNames": [ + "ForcepointDLPWhite.png", + "ForcepointDLPBlack.png" + ], + "version": "1.0.0", + "title": "Forcepoint Data Loss Prevention (DLP)", + "templateRelativePath": "ForcepointDLP.json", + "subtitle": "", + "provider": "Forcepoint" + }, + { + "workbookKey": "ZimperiumMTDWorkbook", + "logoFileName": "ZIMPERIUM-logo_square2.svg", + "description": "This workbook provides insights on Zimperium Mobile Threat Defense (MTD) threats and mitigations.", + "dataTypesDependencies": [ + "ZimperiumThreatLog_CL", + "ZimperiumMitigationLog_CL" + ], + "dataConnectorsDependencies": [ + "ZimperiumMtdAlerts" + ], + "previewImagesFileNames": [ + "ZimperiumWhite.png", + "ZimperiumBlack.png" + ], + "version": "1.0.0", + "title": "Zimperium Mobile Threat Defense (MTD)", + "templateRelativePath": "ZimperiumWorkbooks.json", + "subtitle": "", + "provider": "Zimperium" + }, + { + "workbookKey": "AzureAuditActivityAndSigninWorkbook", + "logoFileName": "azureactivedirectory_logo.svg", + "description": "Gain insights into Azure Active Directory Audit, Activity and Signins with one workbook. This workbook can be used by Security and Azure administrators.", + "dataTypesDependencies": [ + "AzureActivity", + "AuditLogs", + "SigninLogs" + ], + "dataConnectorsDependencies": [ + "AzureActiveDirectory" + ], + "previewImagesFileNames": [ + "AzureAuditActivityAndSigninWhite1.png", + "AzureAuditActivityAndSigninWhite2.png", + "AzureAuditActivityAndSigninBlack1.png", + "AzureAuditActivityAndSigninBlack2.png" + ], + "version": "1.2.0", + "title": "Azure AD Audit, Activity and Sign-in logs", + "templateRelativePath": "AzureAuditActivityAndSignin.json", + "subtitle": "", + "provider": "Microsoft Sentinel community" + }, + { + "workbookKey": "WindowsFirewall", + "logoFileName": "Microsoft_logo.svg", + "description": "Gain insights into Windows Firewall logs in combination with security and Azure signin logs", + "dataTypesDependencies": [ + "WindowsFirewall", + "SecurityEvent", + "SigninLogs" + ], + "dataConnectorsDependencies": [ + "SecurityEvents", + "WindowsFirewall", + "WindowsSecurityEvents" + ], + "previewImagesFileNames": [ + "WindowsFirewallWhite1.png", + "WindowsFirewallWhite2.png", + "WindowsFirewallBlack1.png", + "WindowsFirewallBlack2.png" + ], + "version": "1.0.0", + "title": "Windows Firewall", + "templateRelativePath": "WindowsFirewall.json", + "subtitle": "", + "provider": "Microsoft Sentinel community" + }, + { + "workbookKey": "EventAnalyzerwWorkbook", + "logoFileName": "", + "description": "The Event Analyzer workbook allows to explore, audit and speed up analysis of Windows Event Logs, including all event details and attributes, such as security, application, system, setup, directory service, DNS and others.", + "dataTypesDependencies": [ + "SecurityEvent" + ], + "dataConnectorsDependencies": [ + "SecurityEvents", + "WindowsSecurityEvents" + ], + "previewImagesFileNames": [ + "EventAnalyzer-Workbook-White.png", + "EventAnalyzer-Workbook-Black.png" + ], + "version": "1.0.0", + "title": "Event Analyzer", + "templateRelativePath": "EventAnalyzer.json", + "subtitle": "", + "provider": "Microsoft Sentinel community" + }, + { + "workbookKey": "ASC-ComplianceandProtection", + "logoFileName": "", + "description": "Gain insight into regulatory compliance, alert trends, security posture, and more with this workbook based on Azure Security Center data.", + "dataTypesDependencies": [ + "SecurityAlert", + "ProtectionStatus", + "SecurityRecommendation", + "SecurityBaseline", + "SecurityBaselineSummary", + "Update", + "ConfigurationChange" + ], + "dataConnectorsDependencies": [ + "AzureSecurityCenter" + ], + "previewImagesFileNames": [ + "ASCCaPBlack.png", + "ASCCaPWhite.png" + ], + "version": "1.2.0", + "title": "ASC Compliance and Protection", + "templateRelativePath": "ASC-ComplianceandProtection.json", + "subtitle": "", + "provider": "Microsoft Sentinel community" + }, + { + "workbookKey": "AIVectraDetectWorkbook", + "logoFileName": "AIVectraDetect.svg", + "description": "Start investigating network attacks surfaced by Vectra Detect directly from Sentinel. View critical hosts, accounts, campaigns and detections. Also monitor Vectra system health and audit logs.", + "dataTypesDependencies": [ + "CommonSecurityLog" + ], + "dataConnectorsDependencies": [ + "AIVectraDetect" + ], + "previewImagesFileNames": [ + "AIVectraDetectWhite1.png", + "AIVectraDetectBlack1.png" + ], + "version": "1.1.1", + "title": "Vectra AI Detect", + "templateRelativePath": "AIVectraDetectWorkbook.json", + "subtitle": "", + "provider": "Vectra AI" + }, + { + "workbookKey": "Perimeter81OverviewWorkbook", + "logoFileName": "Perimeter81_Logo.svg", + "description": "Gain insights and comprehensive monitoring into your Perimeter 81 account by analyzing activities.", + "dataTypesDependencies": [ + "Perimeter81_CL" + ], + "dataConnectorsDependencies": [ + "Perimeter81ActivityLogs" + ], + "previewImagesFileNames": [ + "Perimeter81OverviewWhite1.png", + "Perimeter81OverviewBlack1.png", + "Perimeter81OverviewWhite2.png", + "Perimeter81OverviewBlack2.png" + ], + "version": "1.0.0", + "title": "Perimeter 81 Overview", + "templateRelativePath": "Perimeter81OverviewWorkbook.json", + "subtitle": "", + "provider": "Perimeter 81" + }, + { + "workbookKey": "SymantecProxySGWorkbook", + "logoFileName": "symantec_logo.svg", + "description": "Gain insight into Symantec ProxySG by analyzing, collecting and correlating proxy data.\nThis workbook provides visibility into ProxySG Access logs", + "dataTypesDependencies": [ + "Syslog" + ], + "dataConnectorsDependencies": [ + "SymantecProxySG" + ], + "previewImagesFileNames": [ + "SymantecProxySGWhite.png", + "SymantecProxySGBlack.png" + ], + "version": "1.0.0", + "title": "Symantec ProxySG", + "templateRelativePath": "SymantecProxySG.json", + "subtitle": "", + "provider": "Symantec" + }, + { + "workbookKey": "IllusiveASMWorkbook", + "logoFileName": "illusive_logo_workbook.svg", + "description": "Gain insights into your organization's Cyber Hygiene and Attack Surface risk.\nIllusive ASM automates discovery and clean-up of credential violations, allows drill-down inspection of pathways to critical assets, and provides risk insights that inform intelligent decision-making to reduce attacker mobility.", + "dataTypesDependencies": [ + "CommonSecurityLog" + ], + "dataConnectorsDependencies": [ + "illusiveAttackManagementSystem" + ], + "previewImagesFileNames": [ + "IllusiveASMWhite.png", + "IllusiveASMBlack.png" + ], + "version": "1.0.0", + "title": "Illusive ASM Dashboard", + "templateRelativePath": "IllusiveASM.json", + "subtitle": "", + "provider": "Illusive" + }, + { + "workbookKey": "IllusiveADSWorkbook", + "logoFileName": "illusive_logo_workbook.svg", + "description": "Gain insights into unauthorized lateral movement in your organization's network.\nIllusive ADS is designed to paralyzes attackers and eradicates in-network threats by creating a hostile environment for the attackers across all the layers of the attack surface.", + "dataTypesDependencies": [ + "CommonSecurityLog" + ], + "dataConnectorsDependencies": [ + "illusiveAttackManagementSystem" + ], + "previewImagesFileNames": [ + "IllusiveADSWhite.png", + "IllusiveADSBlack.png" + ], + "version": "1.0.0", + "title": "Illusive ADS Dashboard", + "templateRelativePath": "IllusiveADS.json", + "subtitle": "", + "provider": "Illusive" + }, + { + "workbookKey": "PulseConnectSecureWorkbook", + "logoFileName": "", + "description": "Gain insight into Pulse Secure VPN by analyzing, collecting and correlating vulnerability data.\nThis workbook provides visibility into user VPN activities", + "dataTypesDependencies": [ + "Syslog" + ], + "dataConnectorsDependencies": [ + "PulseConnectSecure" + ], + "previewImagesFileNames": [ + "PulseConnectSecureWhite.png", + "PulseConnectSecureBlack.png" + ], + "version": "1.0.0", + "title": "Pulse Connect Secure", + "templateRelativePath": "PulseConnectSecure.json", + "subtitle": "", + "provider": "Pulse Secure" + }, + { + "workbookKey": "InfobloxNIOSWorkbook", + "logoFileName": "infoblox_logo.svg", + "description": "Gain insight into Infoblox NIOS by analyzing, collecting and correlating DHCP and DNS data.\nThis workbook provides visibility into DHCP and DNS traffic", + "dataTypesDependencies": [ + "Syslog" + ], + "dataConnectorsDependencies": [ + "InfobloxNIOS" + ], + "previewImagesFileNames": [], + "version": "1.1.0", + "title": "Infoblox NIOS", + "templateRelativePath": "Infoblox-Workbook-V2.json", + "subtitle": "", + "provider": "Infoblox" + }, + { + "workbookKey": "SymantecVIPWorkbook", + "logoFileName": "symantec_logo.svg", + "description": "Gain insight into Symantec VIP by analyzing, collecting and correlating strong authentication data.\nThis workbook provides visibility into user authentications", + "dataTypesDependencies": [ + "Syslog" + ], + "dataConnectorsDependencies": [ + "SymantecVIP" + ], + "previewImagesFileNames": [ + "SymantecVIPWhite.png", + "SymantecVIPBlack.png" + ], + "version": "1.0.0", + "title": "Symantec VIP", + "templateRelativePath": "SymantecVIP.json", + "subtitle": "", + "provider": "Symantec" + }, + { + "workbookKey": "ProofPointTAPWorkbook", + "logoFileName": "proofpointlogo.svg", + "description": "Gain extensive insight into Proofpoint Targeted Attack Protection (TAP) by analyzing, collecting and correlating TAP log events.\nThis workbook provides visibility into message and click events that were permitted, delivered, or blocked", + "dataTypesDependencies": [ + "ProofPointTAPMessagesBlocked_CL", + "ProofPointTAPMessagesDelivered_CL", + "ProofPointTAPClicksPermitted_CL", + "ProofPointTAPClicksBlocked_CL" + ], + "dataConnectorsDependencies": [ + "ProofpointTAP" + ], + "previewImagesFileNames": [ + "ProofpointTAPWhite.png", + "ProofpointTAPBlack.png" + ], + "version": "1.0.0", + "title": "Proofpoint TAP", + "templateRelativePath": "ProofpointTAP.json", + "subtitle": "", + "provider": "Proofpoint" + }, + { + "workbookKey": "QualysVMWorkbook", + "logoFileName": "qualys_logo.svg", + "description": "Gain insight into Qualys Vulnerability Management by analyzing, collecting and correlating vulnerability data.\nThis workbook provides visibility into vulnerabilities detected from vulnerability scans", + "dataTypesDependencies": [ + "QualysHostDetection_CL" + ], + "dataConnectorsDependencies": [ + "QualysVulnerabilityManagement" + ], + "previewImagesFileNames": [ + "QualysVMWhite.png", + "QualysVMBlack.png" + ], + "version": "1.0.0", + "title": "Qualys Vulnerability Management", + "templateRelativePath": "QualysVM.json", + "subtitle": "", + "provider": "Qualys" + }, + { + "workbookKey": "QualysVMV2Workbook", + "logoFileName": "qualys_logo.svg", + "description": "Gain insight into Qualys Vulnerability Management by analyzing, collecting and correlating vulnerability data.\nThis workbook provides visibility into vulnerabilities detected from vulnerability scans", + "dataTypesDependencies": [ + "QualysHostDetectionV2_CL" + ], + "dataConnectorsDependencies": [ + "QualysVulnerabilityManagement" + ], + "previewImagesFileNames": [ + "QualysVMWhite.png", + "QualysVMBlack.png" + ], + "version": "1.0.0", + "title": "Qualys Vulnerability Management", + "templateRelativePath": "QualysVMv2.json", + "subtitle": "", + "provider": "Qualys" + }, + { + "workbookKey": "GitHubSecurityWorkbook", + "logoFileName": "GitHub.svg", + "description": "Gain insights to GitHub activities that may be interesting for security.", + "dataTypesDependencies": [ + "Github_CL", + "GitHubRepoLogs_CL" + ], + "dataConnectorsDependencies": [], + "previewImagesFileNames": [ + "GitHubSecurityWhite.png", + "GitHubSecurityBlack.png" + ], + "version": "1.0.0", + "title": "GitHub Security", + "templateRelativePath": "GitHubSecurityWorkbook.json", + "subtitle": "", + "provider": "Microsoft Sentinel community" + }, + { + "workbookKey": "VisualizationDemo", + "logoFileName": "", + "description": "Learn and explore the many ways of displaying information within Microsoft Sentinel workbooks", + "dataTypesDependencies": [ + "SecurityAlert" + ], + "dataConnectorsDependencies": [], + "previewImagesFileNames": [ + "VisualizationDemoBlack.png", + "VisualizationDemoWhite.png" + ], + "version": "1.0.0", + "title": "Visualizations Demo", + "templateRelativePath": "VisualizationDemo.json", + "subtitle": "", + "provider": "Microsoft Sentinel Community" + }, + { + "workbookKey": "SophosXGFirewallWorkbook", + "logoFileName": "sophos_logo.svg", + "description": "Gain insight into Sophos XG Firewall by analyzing, collecting and correlating firewall data.\nThis workbook provides visibility into network traffic", + "dataTypesDependencies": [ + "Syslog" + ], + "dataConnectorsDependencies": [ + "SophosXGFirewall" + ], + "previewImagesFileNames": [ + "SophosXGFirewallWhite.png", + "SophosXGFirewallBlack.png" + ], + "version": "1.0.0", + "title": "Sophos XG Firewall", + "templateRelativePath": "SophosXGFirewall.json", + "subtitle": "", + "provider": "Sophos" + }, + { + "workbookKey": "SysmonThreatHuntingWorkbook", + "logoFileName": "", + "description": "Simplify your threat hunts using Sysmon data mapped to MITRE ATT&CK data. This workbook gives you the ability to drilldown into system activity based on known ATT&CK techniques as well as other threat hunting entry points such as user activity, network connections or virtual machine Sysmon events.\nPlease note that for this workbook to work you must have deployed Sysmon on your virtual machines in line with the instructions at https://github.com/BlueTeamLabs/sentinel-attack/wiki/Onboarding-sysmon-data-to-Azure-Sentinel", + "dataTypesDependencies": [ + "Event" + ], + "dataConnectorsDependencies": [], + "previewImagesFileNames": [ + "SysmonThreatHuntingWhite1.png", + "SysmonThreatHuntingBlack1.png" + ], + "version": "1.4.0", + "title": "Sysmon Threat Hunting", + "templateRelativePath": "SysmonThreatHunting.json", + "subtitle": "", + "provider": "Microsoft Sentinel community" + }, + { + "workbookKey": "WebApplicationFirewallWAFTypeEventsWorkbook", + "logoFileName": "webapplicationfirewall(WAF)_logo.svg", + "description": "Gain insights into your organization's Azure web application firewall (WAF) across various services such as Azure Front Door Service and Application Gateway. You can view event triggers, full messages, attacks over time, among other data. Several aspects of the workbook are interactable to allow users to further understand their data", + "dataTypesDependencies": [ + "AzureDiagnostics" + ], + "dataConnectorsDependencies": [ + "WAF" + ], + "previewImagesFileNames": [ + "WAFFirewallWAFTypeEventsBlack1.PNG", + "WAFFirewallWAFTypeEventsBlack2.PNG", + "WAFFirewallWAFTypeEventsBlack3.PNG", + "WAFFirewallWAFTypeEventsBlack4.PNG", + "WAFFirewallWAFTypeEventsWhite1.png", + "WAFFirewallWAFTypeEventsWhite2.PNG", + "WAFFirewallWAFTypeEventsWhite3.PNG", + "WAFFirewallWAFTypeEventsWhite4.PNG" + ], + "version": "1.1.0", + "title": "Microsoft Web Application Firewall (WAF) - Azure WAF", + "templateRelativePath": "WebApplicationFirewallWAFTypeEvents.json", + "subtitle": "", + "provider": "Microsoft" + }, + { + "workbookKey": "OrcaAlertsOverviewWorkbook", + "logoFileName": "Orca_logo.svg", + "description": "A visualized overview of Orca security alerts.\nExplore, analize and learn about your security posture using Orca alerts Overview", + "dataTypesDependencies": [ + "OrcaAlerts_CL" + ], + "dataConnectorsDependencies": [ + "OrcaSecurityAlerts" + ], + "previewImagesFileNames": [ + "OrcaAlertsWhite.png", + "OrcaAlertsBlack.png" + ], + "version": "1.1.0", + "title": "Orca alerts overview", + "templateRelativePath": "OrcaAlerts.json", + "subtitle": "", + "provider": "Orca Security" + }, + { + "workbookKey": "CyberArkWorkbook", + "logoFileName": "CyberArk_Logo.svg", + "description": "The CyberArk Syslog connector allows you to easily connect all your CyberArk security solution logs with your Microsoft Sentinel, to view dashboards, create custom alerts, and improve investigation. Integration between CyberArk and Microsoft Sentinel makes use of the CEF Data Connector to properly parse and display CyberArk Syslog messages.", + "dataTypesDependencies": [ + "CommonSecurityLog" + ], + "dataConnectorsDependencies": [ + "CyberArk" + ], + "previewImagesFileNames": [ + "CyberArkActivitiesWhite.PNG", + "CyberArkActivitiesBlack.PNG" + ], + "version": "1.1.0", + "title": "CyberArk EPV Events", + "templateRelativePath": "CyberArkEPV.json", + "subtitle": "", + "provider": "CyberArk" + }, + { + "workbookKey": "UserEntityBehaviorAnalyticsWorkbook", + "logoFileName": "Azure_Sentinel.svg", + "description": "Identify compromised users and insider threats using User and Entity Behavior Analytics. Gain insights into anomalous user behavior from baselines learned from behavior patterns", + "dataTypesDependencies": [ + "BehaviorAnalytics" + ], + "dataConnectorsDependencies": [], + "previewImagesFileNames": [ + "UserEntityBehaviorAnalyticsBlack1.png", + "UserEntityBehaviorAnalyticsWhite1.png" + ], + "version": "1.2.0", + "title": "User And Entity Behavior Analytics", + "templateRelativePath": "UserEntityBehaviorAnalytics.json", + "subtitle": "", + "provider": "Microsoft" + }, + { + "workbookKey": "CitrixWAF", + "logoFileName": "citrix_logo.svg", + "description": "Gain insight into the Citrix WAF logs", + "dataTypesDependencies": [ + "CommonSecurityLog" + ], + "dataConnectorsDependencies": [ + "CitrixWAF" + ], + "previewImagesFileNames": [ + "CitrixWAFBlack.png", + "CitrixWAFWhite.png" + ], + "version": "1.0.0", + "title": "Citrix WAF (Web App Firewall)", + "templateRelativePath": "CitrixWAF.json", + "subtitle": "", + "provider": "Citrix Systems Inc." + }, + { + "workbookKey": "UnifiSGWorkbook", + "logoFileName": "", + "description": "Gain insights into Unifi Security Gateways analyzing traffic and activities.", + "dataTypesDependencies": [ + "CommonSecurityLog" + ], + "dataConnectorsDependencies": [], + "previewImagesFileNames": [ + "UnifiSGBlack.png", + "UnifiSGWhite.png" + ], + "version": "1.0.0", + "title": "Unifi Security Gateway", + "templateRelativePath": "UnfiSG.json", + "subtitle": "", + "provider": "Microsoft Sentinel community" + }, + { + "workbookKey": "UnifiSGNetflowWorkbook", + "logoFileName": "", + "description": "Gain insights into Unifi Security Gateways analyzing traffic and activities using Netflow.", + "dataTypesDependencies": [ + "netflow_CL" + ], + "dataConnectorsDependencies": [], + "previewImagesFileNames": [ + "UnifiSGNetflowBlack.png", + "UnifiSGNetflowWhite.png" + ], + "version": "1.0.0", + "title": "Unifi Security Gateway - NetFlow", + "templateRelativePath": "UnfiSGNetflow.json", + "subtitle": "", + "provider": "Microsoft Sentinel community" + }, + { + "workbookKey": "NormalizedNetworkEventsWorkbook", + "logoFileName": "Azure_Sentinel.svg", + "description": "See insights on multiple networking appliances and other network sessions, that have been parsed or mapped to the normalized networking sessions table. Note this requires enabling parsers for the different products - to learn more, visit https://aka.ms/sentinelnormalizationdocs", + "dataTypesDependencies": [], + "dataConnectorsDependencies": [], + "previewImagesFileNames": [ + "NormalizedNetworkEventsWhite.png", + "NormalizedNetworkEventsBlack.png" + ], + "version": "1.0.0", + "title": "Normalized network events", + "templateRelativePath": "NormalizedNetworkEvents.json", + "subtitle": "", + "provider": "Microsoft" + }, + { + "workbookKey": "WorkspaceAuditingWorkbook", + "logoFileName": "Azure_Sentinel.svg", + "description": "Workspace auditing report\r\nUse this report to understand query runs across your workspace.", + "dataTypesDependencies": [ + "LAQueryLogs" + ], + "dataConnectorsDependencies": [], + "previewImagesFileNames": [ + "WorkspaceAuditingWhite.png", + "WorkspaceAuditingBlack.png" + ], + "version": "1.0.0", + "title": "Workspace audit", + "templateRelativePath": "WorkspaceAuditing.json", + "subtitle": "", + "provider": "Microsoft Sentinel community" + }, + { + "workbookKey": "MITREATTACKWorkbook", + "logoFileName": "Azure_Sentinel.svg", + "description": "Workbook to showcase MITRE ATT&CK Coverage for Microsoft Sentinel", + "dataTypesDependencies": [], + "dataConnectorsDependencies": [], + "previewImagesFileNames": [ + "MITREATTACKWhite1.PNG", + "MITREATTACKWhite2.PNG", + "MITREATTACKBlack1.PNG", + "MITREATTACKBlack2.PNG" + ], + "version": "1.0.0", + "title": "MITRE ATT&CK Workbook", + "templateRelativePath": "MITREAttack.json", + "subtitle": "", + "provider": "Microsoft Sentinel community" + }, + { + "workbookKey": "BETTERMTDWorkbook", + "logoFileName": "BETTER_MTD_logo.svg", + "description": "Workbook using the BETTER Mobile Threat Defense (MTD) connector, to give insights into your mobile devices, installed application and overall device security posture.", + "dataTypesDependencies": [ + "BetterMTDDeviceLog_CL", + "BetterMTDAppLog_CL", + "BetterMTDIncidentLog_CL", + "BetterMTDNetflowLog_CL" + ], + "dataConnectorsDependencies": [ + "BetterMTD" + ], + "previewImagesFileNames": [ + "BetterMTDWorkbookPreviewWhite1.png", + "BetterMTDWorkbookPreviewWhite2.png", + "BetterMTDWorkbookPreviewWhite3.png", + "BetterMTDWorkbookPreviewBlack1.png", + "BetterMTDWorkbookPreviewBlack2.png", + "BetterMTDWorkbookPreviewBlack3.png" + ], + "version": "1.1.0", + "title": "BETTER Mobile Threat Defense (MTD)", + "templateRelativePath": "BETTER_MTD_Workbook.json", + "subtitle": "", + "provider": "BETTER Mobile" + }, + { + "workbookKey": "AlsidIoEWorkbook", + "logoFileName": "Alsid.svg", + "description": "Workbook showcasing the state and evolution of your Alsid for AD Indicators of Exposures alerts.", + "dataTypesDependencies": [ + "AlsidForADLog_CL" + ], + "dataConnectorsDependencies": [ + "AlsidForAD" + ], + "previewImagesFileNames": [ + "AlsidIoEBlack1.png", + "AlsidIoEBlack2.png", + "AlsidIoEBlack3.png", + "AlsidIoEWhite1.png", + "AlsidIoEWhite2.png", + "AlsidIoEWhite3.png" + ], + "version": "1.0.0", + "title": "Alsid for AD | Indicators of Exposure", + "templateRelativePath": "AlsidIoE.json", + "subtitle": "", + "provider": "Alsid" + }, + { + "workbookKey": "AlsidIoAWorkbook", + "logoFileName": "Alsid.svg", + "description": "Workbook showcasing the state and evolution of your Alsid for AD Indicators of Attack alerts.", + "dataTypesDependencies": [ + "AlsidForADLog_CL" + ], + "dataConnectorsDependencies": [ + "AlsidForAD" + ], + "previewImagesFileNames": [ + "AlsidIoABlack1.png", + "AlsidIoABlack2.png", + "AlsidIoABlack3.png", + "AlsidIoAWhite1.png", + "AlsidIoAWhite2.png", + "AlsidIoAWhite3.png" + ], + "version": "1.0.0", + "title": "Alsid for AD | Indicators of Attack", + "templateRelativePath": "AlsidIoA.json", + "subtitle": "", + "provider": "Alsid" + }, + { + "workbookKey": "InvestigationInsightsWorkbook", + "logoFileName": "Microsoft_logo.svg", + "description": "Help analysts gain insight into incident, bookmark and entity data through the Investigation Insights Workbook. This workbook provides common queries and detailed visualizations to help an analyst investigate suspicious activities quickly with an easy to use interface. Analysts can start their investigation from a Sentinel incident, bookmark, or by simply entering the entity data into the workbook manually.", + "dataTypesDependencies": [ + "AuditLogs", + "AzureActivity", + "CommonSecurityLog", + "OfficeActivity", + "SecurityEvent", + "SigninLogs", + "ThreatIntelligenceIndicator" + ], + "dataConnectorsDependencies": [ + "AzureActivity", + "SecurityEvents", + "Office365", + "AzureActiveDirectory", + "ThreatIntelligence", + "ThreatIntelligenceTaxii", + "WindowsSecurityEvents" + ], + "previewImagesFileNames": [ + "InvestigationInsightsWhite1.png", + "InvestigationInsightsBlack1.png", + "InvestigationInsightsWhite2.png", + "InvestigationInsightsBlack2.png" + ], + "version": "1.4.0", + "title": "Investigation Insights", + "templateRelativePath": "InvestigationInsights.json", + "subtitle": "", + "provider": "Microsoft Sentinel community" + }, + { + "workbookKey": "AksSecurityWorkbook", + "logoFileName": "Kubernetes_services.svg", + "description": "See insights about the security of your AKS clusters. The workbook helps to identify sensitive operations in the clusters and get insights based on Azure Defender alerts.", + "dataTypesDependencies": [ + "SecurityAlert", + "AzureDiagnostics" + ], + "dataConnectorsDependencies": [ + "AzureSecurityCenter", + "AzureKubernetes" + ], + "previewImagesFileNames": [ + "AksSecurityWhite.png", + "AksSecurityBlack.png" + ], + "version": "1.5.0", + "title": "Azure Kubernetes Service (AKS) Security", + "templateRelativePath": "AksSecurity.json", + "subtitle": "", + "provider": "Microsoft" + }, + { + "workbookKey": "AzureKeyVaultWorkbook", + "logoFileName": "KeyVault.svg", + "description": "See insights about the security of your Azure key vaults. The workbook helps to identify sensitive operations in the key vaults and get insights based on Azure Defender alerts.", + "dataTypesDependencies": [ + "SecurityAlert", + "AzureDiagnostics" + ], + "dataConnectorsDependencies": [ + "AzureSecurityCenter", + "AzureKeyVault" + ], + "previewImagesFileNames": [ + "AkvSecurityWhite.png", + "AkvSecurityBlack.png" + ], + "version": "1.1.0", + "title": "Azure Key Vault Security", + "templateRelativePath": "AzureKeyVaultWorkbook.json", + "subtitle": "", + "provider": "Microsoft" + }, + { + "workbookKey": "IncidentOverview", + "logoFileName": "Azure_Sentinel.svg", + "description": "The Incident Overview workbook is designed to assist in triaging and investigation by providing in-depth information about the incident, including:\r\n* General information\r\n* Entity data\r\n* Triage time (time between incident creation and first response)\r\n* Mitigation time (time between incident creation and closing)\r\n* Comments\r\n\r\nCustomize this workbook by saving and editing it. \r\nYou can reach this workbook template from the incidents panel as well. Once you have customized it, the link from the incident panel will open the customized workbook instead of the template.\r\n", + "dataTypesDependencies": [ + "SecurityAlert", + "SecurityIncident" + ], + "dataConnectorsDependencies": [], + "previewImagesFileNames": [ + "IncidentOverviewBlack1.png", + "IncidentOverviewWhite1.png", + "IncidentOverviewBlack2.png", + "IncidentOverviewWhite2.png" + ], + "version": "2.1.0", + "title": "Incident overview", + "templateRelativePath": "IncidentOverview.json", + "subtitle": "", + "provider": "Microsoft" + }, + { + "workbookKey": "SecurityOperationsEfficiency", + "logoFileName": "Azure_Sentinel.svg", + "description": "Security operations center managers can view overall efficiency metrics and measures regarding the performance of their team. They can find operations by multiple indicators over time including severity, MITRE tactics, mean time to triage, mean time to resolve and more. The SOC manager can develop a picture of the performance in both general and specific areas over time and use it to improve efficiency.", + "dataTypesDependencies": [ + "SecurityAlert", + "SecurityIncident" + ], + "dataConnectorsDependencies": [], + "previewImagesFileNames": [ + "SecurityEfficiencyWhite1.png", + "SecurityEfficiencyWhite2.png", + "SecurityEfficiencyBlack1.png", + "SecurityEfficiencyBlack2.png" + ], + "version": "1.5.0", + "title": "Security Operations Efficiency", + "templateRelativePath": "SecurityOperationsEfficiency.json", + "subtitle": "", + "provider": "Microsoft" + }, + { + "workbookKey": "DataCollectionHealthMonitoring", + "logoFileName": "Azure_Sentinel.svg", + "description": "Gain insights into your workspace's data ingestion status. In this workbook, you can view additional monitors and detect anomalies that will help you determine your workspace\u2019s data collection health.", + "dataTypesDependencies": [], + "dataConnectorsDependencies": [], + "previewImagesFileNames": [ + "HealthMonitoringWhite1.png", + "HealthMonitoringWhite2.png", + "HealthMonitoringWhite3.png", + "HealthMonitoringBlack1.png", + "HealthMonitoringBlack2.png", + "HealthMonitoringBlack3.png" + ], + "version": "1.0.0", + "title": "Data collection health monitoring", + "templateRelativePath": "DataCollectionHealthMonitoring.json", + "subtitle": "", + "provider": "Microsoft" + }, + { + "workbookKey": "OnapsisAlarmsWorkbook", + "logoFileName": "onapsis_logo.svg", + "description": "Gain insights into what is going on in your SAP Systems with this overview of the alarms triggered in the Onapsis Platform. Incidents are enriched with context and next steps to help your Security team respond effectively.", + "dataTypesDependencies": [ + "CommonSecurityLog" + ], + "dataConnectorsDependencies": [ + "OnapsisPlatform" + ], + "previewImagesFileNames": [ + "OnapsisWhite1.PNG", + "OnapsisBlack1.PNG", + "OnapsisWhite2.PNG", + "OnapsisBlack2.PNG" + ], + "version": "1.0.0", + "title": "Onapsis Alarms Overview", + "templateRelativePath": "OnapsisAlarmsOverview.json", + "subtitle": "", + "provider": "Onapsis" + }, + { + "workbookKey": "DelineaWorkbook", + "logoFileName": "DelineaLogo.svg", + "description": "The Delinea Secret Server Syslog connector", + "dataTypesDependencies": [ + "CommonSecurityLog" + ], + "dataConnectorsDependencies": [ + "DelineaSecretServer_CEF" + ], + "previewImagesFileNames": [ + "DelineaWorkbookWhite.PNG", + "DelineaWorkbookBlack.PNG" + ], + "version": "1.0.0", + "title": "Delinea Secret Server Workbook", + "templateRelativePath": "DelineaWorkbook.json", + "subtitle": "", + "provider": "Delinea" + }, + { + "workbookKey": "ForcepointCloudSecurityGatewayWorkbook", + "logoFileName": "Forcepoint_new_logo.svg", + "description": "Use this report to understand query runs across your workspace.", + "dataTypesDependencies": [ + "CommonSecurityLog" + ], + "dataConnectorsDependencies": [ + "ForcepointCSG" + ], + "previewImagesFileNames": [ + "ForcepointCloudSecurityGatewayWhite.png", + "ForcepointCloudSecurityGatewayBlack.png" + ], + "version": "1.0.0", + "title": "Forcepoint Cloud Security Gateway Workbook", + "templateRelativePath": "ForcepointCloudSecuirtyGatewayworkbook.json", + "subtitle": "", + "provider": "Forcepoint" + }, + { + "workbookKey": "IntsightsIOCWorkbook", + "logoFileName": "IntSights_logo.svg", + "description": "", + "dataTypesDependencies": [ + "ThreatIntelligenceIndicator", + "SecurityAlert" + ], + "dataConnectorsDependencies": [ + "ThreatIntelligenceTaxii" + ], + "previewImagesFileNames": [ + "IntsightsIOCWhite.png", + "IntsightsMatchedWhite.png", + "IntsightsMatchedBlack.png", + "IntsightsIOCBlack.png" + ], + "version": "2.0.0", + "title": "IntSights IOC Workbook", + "templateRelativePath": "IntsightsIOCWorkbook.json", + "subtitle": "", + "provider": "IntSights Cyber Intelligence" + }, + { + "workbookKey": "DarktraceSummaryWorkbook", + "logoFileName": "Darktrace.svg", + "description": "A workbook containing relevant KQL queries to help you visualise the data in model breaches from the Darktrace Connector", + "dataTypesDependencies": [ + "CommonSecurityLog" + ], + "dataConnectorsDependencies": [ + "Darktrace" + ], + "previewImagesFileNames": [ + "AIA-DarktraceSummaryWhite.png", + "AIA-DarktraceSummaryBlack.png" + ], + "version": "1.1.0", + "title": "AI Analyst Darktrace Model Breach Summary", + "templateRelativePath": "AIA-Darktrace.json", + "subtitle": "", + "provider": "Darktrace" + }, + { + "workbookKey": "TrendMicroXDR", + "logoFileName": "trendmicro_logo.svg", + "description": "Gain insights from Trend Vision One with this overview of the Alerts triggered.", + "dataTypesDependencies": [ + "TrendMicro_XDR_WORKBENCH_CL" + ], + "dataConnectorsDependencies": [ + "TrendMicroXDR" + ], + "previewImagesFileNames": [ + "TrendMicroXDROverviewWhite.png", + "TrendMicroXDROverviewBlack.png" + ], + "version": "1.3.0", + "title": "Trend Vision One Alert Overview", + "templateRelativePath": "TrendMicroXDROverview.json", + "subtitle": "", + "provider": "Trend Micro" + }, + { + "workbookKey": "CyberpionOverviewWorkbook", + "logoFileName": "cyberpion_logo.svg", + "description": "Use Cyberpion's Security Logs and this workbook, to get an overview of your online assets, gain insights into their current state, and find ways to better secure your ecosystem.", + "dataTypesDependencies": [ + "CyberpionActionItems_CL" + ], + "dataConnectorsDependencies": [ + "CyberpionSecurityLogs" + ], + "previewImagesFileNames": [ + "CyberpionActionItemsBlack.png", + "CyberpionActionItemsWhite.png" + ], + "version": "1.0.0", + "title": "Cyberpion Overview", + "templateRelativePath": "CyberpionOverviewWorkbook.json", + "subtitle": "", + "provider": "Cyberpion" + }, + { + "workbookKey": "SolarWindsPostCompromiseHuntingWorkbook", + "logoFileName": "MSTIC-Logo.svg", + "description": "This hunting workbook is intended to help identify activity related to the Solorigate compromise and subsequent attacks discovered in December 2020", + "dataTypesDependencies": [ + "CommonSecurityLog", + "SigninLogs", + "AuditLogs", + "AADServicePrincipalSignInLogs", + "OfficeActivity", + "BehaviorAnalytics", + "SecurityEvent", + "DeviceProcessEvents", + "SecurityAlert", + "DnsEvents" + ], + "dataConnectorsDependencies": [ + "AzureActiveDirectory", + "SecurityEvents", + "Office365", + "MicrosoftThreatProtection", + "DNS", + "WindowsSecurityEvents" + ], + "previewImagesFileNames": [ + "SolarWindsPostCompromiseHuntingWhite.png", + "SolarWindsPostCompromiseHuntingBlack.png" + ], + "version": "1.5.0", + "title": "SolarWinds Post Compromise Hunting", + "templateRelativePath": "SolarWindsPostCompromiseHunting.json", + "subtitle": "", + "provider": "Microsoft" + }, + { + "workbookKey": "ProofpointPODWorkbook", + "logoFileName": "proofpointlogo.svg", + "description": "Gain insights into your Proofpoint on Demand Email Security activities, including maillog and messages data. The Workbook provides users with an executive dashboard showing the reporting capabilities, message traceability and monitoring.", + "dataTypesDependencies": [ + "ProofpointPOD_maillog_CL", + "ProofpointPOD_message_CL" + ], + "dataConnectorsDependencies": [ + "ProofpointPOD" + ], + "previewImagesFileNames": [ + "ProofpointPODMainBlack1.png", + "ProofpointPODMainBlack2.png", + "ProofpointPODMainWhite1.png", + "ProofpointPODMainWhite2.png", + "ProofpointPODMessageSummaryBlack.png", + "ProofpointPODMessageSummaryWhite.png", + "ProofpointPODTLSBlack.png", + "ProofpointPODTLSWhite.png" + ], + "version": "1.0.0", + "title": "Proofpoint On-Demand Email Security", + "templateRelativePath": "ProofpointPOD.json", + "subtitle": "", + "provider": "Proofpoint" + }, + { + "workbookKey": "CiscoUmbrellaWorkbook", + "logoFileName": "cisco_logo.svg", + "description": "Gain insights into Cisco Umbrella activities, including the DNS, Proxy and Cloud Firewall data. Workbook shows general information along with threat landscape including categories, blocked destinations and URLs.", + "dataTypesDependencies": [ + "Cisco_Umbrella_dns_CL", + "Cisco_Umbrella_proxy_CL", + "Cisco_Umbrella_ip_CL", + "Cisco_Umbrella_cloudfirewall_CL" + ], + "dataConnectorsDependencies": [ + "CiscoUmbrellaDataConnector" + ], + "previewImagesFileNames": [ + "CiscoUmbrellaDNSBlack1.png", + "CiscoUmbrellaDNSBlack2.png", + "CiscoUmbrellaDNSWhite1.png", + "CiscoUmbrellaDNSWhite2.png", + "CiscoUmbrellaFirewallBlack.png", + "CiscoUmbrellaFirewallWhite.png", + "CiscoUmbrellaMainBlack1.png", + "CiscoUmbrellaMainBlack2.png", + "CiscoUmbrellaMainWhite1.png", + "CiscoUmbrellaMainWhite2.png", + "CiscoUmbrellaProxyBlack1.png", + "CiscoUmbrellaProxyBlack2.png", + "CiscoUmbrellaProxyWhite1.png", + "CiscoUmbrellaProxyWhite2.png" + ], + "version": "1.0.0", + "title": "Cisco Umbrella", + "templateRelativePath": "CiscoUmbrella.json", + "subtitle": "", + "provider": "Cisco" + }, + { + "workbookKey": "AnalyticsEfficiencyWorkbook", + "logoFileName": "Azure_Sentinel.svg", + "description": "Gain insights into the efficacy of your analytics rules. In this workbook you can analyze and monitor the analytics rules found in your workspace to achieve better performance by your SOC.", + "dataTypesDependencies": [ + "SecurityAlert", + "SecurityIncident" + ], + "dataConnectorsDependencies": [], + "previewImagesFileNames": [ + "AnalyticsEfficiencyBlack.png", + "AnalyticsEfficiencyWhite.png" + ], + "version": "1.2.0", + "title": "Analytics Efficiency", + "templateRelativePath": "AnalyticsEfficiency.json", + "subtitle": "", + "provider": "Microsoft" + }, + { + "workbookKey": "WorkspaceUsage", + "logoFileName": "Azure_Sentinel.svg", + "description": "Gain insights into your workspace's usage. In this workbook, you can view your workspace\u2019s data consumption, latency, recommended tasks and Cost and Usage statistics.", + "dataTypesDependencies": [], + "dataConnectorsDependencies": [], + "previewImagesFileNames": [ + "WorkspaceUsageBlack.png", + "WorkspaceUsageWhite.png" + ], + "version": "1.6.0", + "title": "Workspace Usage Report", + "templateRelativePath": "WorkspaceUsage.json", + "subtitle": "", + "provider": "Microsoft Sentinel community" + }, + { + "workbookKey": "SentinelCentral", + "logoFileName": "Azure_Sentinel.svg", + "description": "Use this report to view Incident (and Alert data) across many workspaces, this works with Azure Lighthouse and across any subscription you have access to.", + "dataTypesDependencies": [], + "dataConnectorsDependencies": [], + "previewImagesFileNames": [ + "SentinelCentralBlack.png", + "SentinelCentralWhite.png" + ], + "version": "2.1.0", + "title": "Sentinel Central", + "templateRelativePath": "SentinelCentral.json", + "subtitle": "", + "provider": "Microsoft Sentinel community" + }, + { + "workbookKey": "CognniIncidentsWorkbook", + "logoFileName": "cognni-logo.svg", + "description": "Gain intelligent insights into the risks to your important financial, legal, HR, and governance information. This workbook lets you monitor your at-risk information to determine when and why incidents occurred, as well as who was involved. These incidents are broken into high, medium, and low risk incidents for each information category.", + "dataTypesDependencies": [ + "CognniIncidents_CL" + ], + "dataConnectorsDependencies": [ + "CognniSentinelDataConnector" + ], + "previewImagesFileNames": [ + "CognniBlack.PNG", + "CognniWhite.PNG" + ], + "version": "1.0.0", + "title": "Cognni Important Information Incidents", + "templateRelativePath": "CognniIncidentsWorkbook.json", + "subtitle": "", + "provider": "Cognni" + }, + { + "workbookKey": "pfsense", + "logoFileName": "pfsense_logo.svg", + "description": "Gain insights into pfsense logs from both filterlog and nginx.", + "dataTypesDependencies": [ + "CommonSecurityLog" + ], + "dataConnectorsDependencies": [], + "previewImagesFileNames": [ + "pfsenseBlack.png", + "pfsenseWhite.png" + ], + "version": "1.0.0", + "title": "pfsense", + "templateRelativePath": "pfsense.json", + "subtitle": "", + "provider": "Microsoft Sentinel community" + }, + { + "workbookKey": "ExchangeCompromiseHunting", + "logoFileName": "MSTIC-Logo.svg", + "description": "This workbook is intended to help defenders in responding to the Exchange Server vulnerabilities disclosed in March 2021, as well as hunting for potential compromise activity. More details on these vulnearbilities can be found at: https://aka.ms/exchangevulns", + "dataTypesDependencies": [ + "SecurityEvent", + "W3CIISLog" + ], + "dataConnectorsDependencies": [ + "SecurityEvents", + "AzureMonitor(IIS)", + "WindowsSecurityEvents" + ], + "previewImagesFileNames": [ + "ExchangeBlack.png", + "ExchangeWhite.png" + ], + "version": "1.0.0", + "title": "Exchange Compromise Hunting", + "templateRelativePath": "ExchangeCompromiseHunting.json", + "subtitle": "", + "provider": "Microsoft" + }, + { + "workbookKey": "SOCProcessFrameworkWorkbook", + "logoFileName": "Azure_Sentinel.svg", + "description": "Built by Microsoft's Sentinel GBB's - This workbook contains years of SOC Best Practices and is intended to help SOCs mature and leverage industry standards in Operationalizing their SOC in using Microsoft Sentinel. It contains Processes and Procedures every SOC should consider and builds a high level of operational excellence.", + "dataTypesDependencies": [], + "dataConnectorsDependencies": [], + "previewImagesFileNames": [ + "SOCProcessFrameworkCoverImage1White.png", + "SOCProcessFrameworkCoverImage1Black.png", + "SOCProcessFrameworkCoverImage2White.png", + "SOCProcessFrameworkCoverImage2Black.png" + ], + "version": "1.1.0", + "title": "SOC Process Framework", + "templateRelativePath": "SOCProcessFramework.json", + "subtitle": "", + "provider": "Microsoft Sentinel Community" + }, + { + "workbookKey": "Building_a_SOCLargeStaffWorkbook", + "logoFileName": "Azure_Sentinel.svg", + "description": "Built by Microsoft's Sentinel GBB's - This workbook contains years of SOC Best Practices and is intended to help SOCs mature and leverage industry standards in Operationalizing their SOC in using Microsoft Sentinel. It contains Processes and Procedures every SOC should consider and builds a high level of operational excellence.", + "dataTypesDependencies": [], + "dataConnectorsDependencies": [], + "previewImagesFileNames": [ + "SOCProcessFrameworkCoverImage1White.png", + "SOCProcessFrameworkCoverImage1Black.png", + "SOCProcessFrameworkCoverImage2White.png", + "SOCProcessFrameworkCoverImage2Black.png" + ], + "version": "1.1.0", + "title": "SOC Large Staff", + "templateRelativePath": "Building_a_SOCLargeStaff.json", + "subtitle": "", + "provider": "Microsoft Sentinel Community" + }, + { + "workbookKey": "Building_a_SOCMediumStaffWorkbook", + "logoFileName": "Azure_Sentinel.svg", + "description": "Built by Microsoft's Sentinel GBB's - This workbook contains years of SOC Best Practices and is intended to help SOCs mature and leverage industry standards in Operationalizing their SOC in using Microsoft Sentinel. It contains Processes and Procedures every SOC should consider and builds a high level of operational excellence.", + "dataTypesDependencies": [], + "dataConnectorsDependencies": [], + "previewImagesFileNames": [ + "SOCProcessFrameworkCoverImage1White.png", + "SOCProcessFrameworkCoverImage1Black.png", + "SOCProcessFrameworkCoverImage2White.png", + "SOCProcessFrameworkCoverImage2Black.png" + ], + "version": "1.1.0", + "title": "SOC Medium Staff", + "templateRelativePath": "Building_a_SOCMediumStaff.json", + "subtitle": "", + "provider": "Microsoft Sentinel Community" + }, + { + "workbookKey": "Building_a_SOCPartTimeStaffWorkbook", + "logoFileName": "Azure_Sentinel.svg", + "description": "Built by Microsoft's Sentinel GBB's - This workbook contains years of SOC Best Practices and is intended to help SOCs mature and leverage industry standards in Operationalizing their SOC in using Microsoft Sentinel. It contains Processes and Procedures every SOC should consider and builds a high level of operational excellence.", + "dataTypesDependencies": [], + "dataConnectorsDependencies": [], + "previewImagesFileNames": [ + "SOCProcessFrameworkCoverImage1White.png", + "SOCProcessFrameworkCoverImage1Black.png", + "SOCProcessFrameworkCoverImage2White.png", + "SOCProcessFrameworkCoverImage2Black.png" + ], + "version": "1.1.0", + "title": "SOC Part Time Staff", + "templateRelativePath": "Building_a_SOCPartTimeStaff.json", + "subtitle": "", + "provider": "Microsoft Sentinel Community" + }, + { + "workbookKey": "Building_a_SOCSmallStaffWorkbook", + "logoFileName": "Azure_Sentinel.svg", + "description": "Built by Microsoft's Sentinel GBB's - This workbook contains years of SOC Best Practices and is intended to help SOCs mature and leverage industry standards in Operationalizing their SOC in using Microsoft Sentinel. It contains Processes and Procedures every SOC should consider and builds a high level of operational excellence.", + "dataTypesDependencies": [], + "dataConnectorsDependencies": [], + "previewImagesFileNames": [ + "SOCProcessFrameworkCoverImage1White.png", + "SOCProcessFrameworkCoverImage1Black.png", + "SOCProcessFrameworkCoverImage2White.png", + "SOCProcessFrameworkCoverImage2Black.png" + ], + "version": "1.1.0", + "title": "SOC Small Staff", + "templateRelativePath": "Building_a_SOCSmallStaff.json", + "subtitle": "", + "provider": "Microsoft Sentinel Community" + }, + { + "workbookKey": "SOCIRPlanningWorkbook", + "logoFileName": "Azure_Sentinel.svg", + "description": "Built by Microsoft's Sentinel GBB's - This workbook contains years of SOC Best Practices and is intended to help SOCs mature and leverage industry standards in Operationalizing their SOC in using Microsoft Sentinel. It contains Processes and Procedures every SOC should consider and builds a high level of operational excellence.", + "dataTypesDependencies": [], + "dataConnectorsDependencies": [], + "previewImagesFileNames": [ + "SOCProcessFrameworkCoverImage1White.png", + "SOCProcessFrameworkCoverImage1Black.png", + "SOCProcessFrameworkCoverImage2White.png", + "SOCProcessFrameworkCoverImage2Black.png" + ], + "version": "1.1.0", + "title": "SOC IR Planning", + "templateRelativePath": "SOCIRPlanning.json", + "subtitle": "", + "provider": "Microsoft Sentinel Community" + }, + { + "workbookKey": "UpdateSOCMaturityScoreWorkbook", + "logoFileName": "Azure_Sentinel.svg", + "description": "Built by Microsoft's Sentinel GBB's - This workbook contains years of SOC Best Practices and is intended to help SOCs mature and leverage industry standards in Operationalizing their SOC in using Microsoft Sentinel. It contains Processes and Procedures every SOC should consider and builds a high level of operational excellence.", + "dataTypesDependencies": [], + "dataConnectorsDependencies": [], + "previewImagesFileNames": [ + "SOCProcessFrameworkCoverImage1White.png", + "SOCProcessFrameworkCoverImage1Black.png", + "SOCProcessFrameworkCoverImage2White.png", + "SOCProcessFrameworkCoverImage2Black.png" + ], + "version": "1.1.0", + "title": "Update SOC Maturity Score", + "templateRelativePath": "UpdateSOCMaturityScore.json", + "subtitle": "", + "provider": "Microsoft Sentinel Community" + }, + { + "workbookKey": "Microsoft365SecurityPosture", + "logoFileName": "M365securityposturelogo.svg", + "description": "This workbook presents security posture data collected from Azure Security Center, M365 Defender, Defender for Endpoint, and Microsoft Cloud App Security. This workbook relies on the M365 Security Posture Playbook in order to bring the data in.", + "dataTypesDependencies": [ + "M365SecureScore_CL", + "MDfESecureScore_CL", + "MDfEExposureScore_CL", + "MDfERecommendations_CL", + "MDfEVulnerabilitiesList_CL", + "McasShadowItReporting" + ], + "dataConnectorsDependencies": [], + "previewImagesFileNames": [ + "M365securitypostureblack.png", + "M365securityposturewhite.png" + ], + "version": "1.0.0", + "title": "Microsoft 365 Security Posture", + "templateRelativePath": "M365SecurityPosture.json", + "subtitle": "", + "provider": "Microsoft Sentinel Community" + }, + { + "workbookKey": "AzureSentinelCost", + "logoFileName": "Azure_Sentinel.svg", + "description": "This workbook provides an estimated cost across the main billed items in Microsoft Sentinel: ingestion, retention and automation. It also provides insight about the possible impact of the Microsoft 365 E5 offer.", + "dataTypesDependencies": [], + "dataConnectorsDependencies": [], + "previewImagesFileNames": [ + "AzureSentinelCostWhite.png", + "AzureSentinelCostBlack.png" + ], + "version": "1.5.0", + "title": "Microsoft Sentinel Cost", + "templateRelativePath": "AzureSentinelCost.json", + "subtitle": "", + "provider": "Microsoft Sentinel Community" + }, + { + "workbookKey": "ADXvsLA", + "logoFileName": "Azure_Sentinel.svg", + "description": "This workbook shows the tables from Microsoft Sentinel which are backed up in ADX. It also provides a comparison between the entries in the Microsoft Sentinel tables and the ADX tables. Lastly some general information about the queries and ingestion on ADX is shown.", + "dataTypesDependencies": [], + "dataConnectorsDependencies": [], + "previewImagesFileNames": [ + "ADXvsLABlack.PNG", + "ADXvsLAWhite.PNG" + ], + "version": "1.0.0", + "title": "ADXvsLA", + "templateRelativePath": "ADXvsLA.json", + "subtitle": "", + "provider": "Microsoft Sentinel Community" + }, + { + "workbookKey": "MicrosoftDefenderForOffice365", + "logoFileName": "office365_logo.svg", + "description": "Gain insights into your Microsoft Defender for Office 365 raw data logs. This workbook lets you look at trends in email senders, attachments and embedded URL data to find anomalies. You can also search by, sender, recipient, subject, attachment or embedded URL to find where the related messages have been sent.", + "dataTypesDependencies": [ + "EmailEvents", + "EmailUrlInfo", + "EmailAttachmentInfo" + ], + "dataConnectorsDependencies": [], + "previewImagesFileNames": [ + "MDOWhite1.png", + "MDOBlack1.png", + "MDOWhite2.png", + "MDOBlack2.png" + ], + "version": "1.0.0", + "title": "Microsoft Defender For Office 365", + "templateRelativePath": "MicrosoftDefenderForOffice365.json", + "subtitle": "", + "provider": "Microsoft Sentinel Community" + }, + { + "workbookKey": "ProofPointThreatDashboard", + "logoFileName": "", + "description": "Provides an overview of email threat activity based on log data provided by ProofPoint", + "dataTypesDependencies": [ + "ProofpointPOD_message_CL", + "ProofpointPOD_maillog_CL", + "ProofPointTAPClicksBlocked_CL", + "ProofPointTAPClicksPermitted_CL", + "ProofPointTAPMessagesBlocked_CL", + "ProofPointTAPMessagesDelivered_CL" + ], + "dataConnectorsDependencies": [ + "ProofpointTAP", + "ProofpointPOD" + ], + "previewImagesFileNames": [ + "ProofPointThreatDashboardBlack1.png", + "ProofPointThreatDashboardWhite1.png" + ], + "version": "1.0.0", + "title": "ProofPoint Threat Dashboard", + "templateRelativePath": "ProofPointThreatDashboard.json", + "subtitle": "", + "provider": "Microsoft Sentinel Community" + }, + { + "workbookKey": "AMAmigrationTracker", + "logoFileName": "Azure_Sentinel.svg", + "description": "See what Azure and Azure Arc servers have Log Analytics agent or Azure Monitor agent installed. Review what DCR (data collection rules) apply to your machines and whether you are collecting logs from those machines into your selected workspaces.", + "dataTypesDependencies": [], + "dataConnectorsDependencies": [], + "previewImagesFileNames": [ + "AMAtrackingWhite1.png", + "AMAtrackingWhite2.png", + "AMAtrackingWhite3.png", + "AMAtrackingBlack1.png", + "AMAtrackingBlack2.png", + "AMAtrackingBlack3.png" + ], + "version": "1.1.0", + "title": "AMA migration tracker", + "templateRelativePath": "AMAmigrationTracker.json", + "subtitle": "", + "provider": "Microsoft Sentinel Community" + }, + { + "workbookKey": "AdvancedKQL", + "logoFileName": "Azure_Sentinel.svg", + "description": "This interactive Workbook is designed to improve your KQL proficiency by using a use-case driven approach.", + "dataTypesDependencies": [], + "dataConnectorsDependencies": [], + "previewImagesFileNames": [ + "AdvancedKQLWhite.png", + "AdvancedKQLBlack.png" + ], + "version": "1.3.0", + "title": "Advanced KQL for Microsoft Sentinel", + "templateRelativePath": "AdvancedKQL.json", + "subtitle": "", + "provider": "Microsoft Sentinel Community" + }, + { + "workbookKey": "DSTIMWorkbook", + "logoFileName": "DSTIM.svg", + "description": "Identify sensitive data blast radius (i.e., who accessed sensitive data, what kinds of sensitive data, from where and when) in a given data security incident investigation or as part of Threat Hunting. Prioritize your investigation based on insights provided with integrations with Watchlists(VIPUsers, TerminatedEmployees and HighValueAssets), Threat Intelligence feed, UEBA baselines and much more.", + "dataTypesDependencies": [ + "DSMAzureBlobStorageLogs", + "DSMDataClassificationLogs", + "DSMDataLabelingLogs", + "Anomalies", + "ThreatIntelligenceIndicator", + "AADManagedIdentitySignInLogs", + "SecurityAlert", + "SigninLogs" + ], + "dataConnectorsDependencies": [], + "previewImagesFileNames": [ + "DSTIMWorkbookBlack.png", + "DSTIMWorkbookWhite.png" + ], + "version": "1.9.0", + "title": "Data Security - Sensitive Data Impact Assessment", + "templateRelativePath": "DSTIMWorkbook.json", + "subtitle": "", + "provider": "Microsoft", + "featureFlag": "DSTIMWorkbook" + }, + { + "workbookKey": "IntrotoKQLWorkbook", + "logoFileName": "", + "description": "Learn and practice the Kusto Query Language. This workbook introduces and provides 100 to 200 level content for new and existing users looking to learn KQL. This workbook will be updated with content over time.", + "dataTypesDependencies": [], + "dataConnectorsDependencies": [], + "previewImagesFileNames": [ + "IntrotoKQL-black.png", + "IntrotoKQL-white.png" + ], + "version": "1.0.0", + "title": "Intro to KQL", + "templateRelativePath": "IntrotoKQL.json", + "subtitle": "", + "provider": "Microsoft Sentinel Community" + }, + { + "workbookKey": "Log4jPostCompromiseHuntingWorkbook", + "logoFileName": "", + "description": "This hunting workbook is intended to help identify activity related to the Log4j compromise discovered in December 2021.", + "dataTypesDependencies": [ + "SecurityNestedRecommendation", + "AzureDiagnostics", + "OfficeActivity", + "W3CIISLog", + "AWSCloudTrail", + "SigninLogs", + "AADNonInteractiveUserSignInLogs", + "imWebSessions", + "imNetworkSession" + ], + "dataConnectorsDependencies": [], + "previewImagesFileNames": [ + "Log4jPostCompromiseHuntingBlack.png", + "Log4jPostCompromiseHuntingWhite.png" + ], + "version": "1.0.0", + "title": "Log4j Post Compromise Hunting", + "templateRelativePath": "Log4jPostCompromiseHunting.json", + "subtitle": "", + "provider": "Microsoft Sentinel Community" + }, + { + "workbookKey": "Log4jImpactAssessmentWorkbook", + "logoFileName": "", + "description": "This hunting workbook is intended to help identify activity related to the Log4j compromise discovered in December 2021.", + "dataTypesDependencies": [ + "SecurityIncident", + "SecurityAlert", + "AzureSecurityCenter", + "MDfESecureScore_CL", + "MDfEExposureScore_CL", + "MDfERecommendations_CL", + "MDfEVulnerabilitiesList_CL" + ], + "dataConnectorsDependencies": [], + "previewImagesFileNames": [], + "version": "1.0.0", + "title": "Log4j Impact Assessment", + "templateRelativePath": "Log4jImpactAssessment.json", + "subtitle": "", + "provider": "Microsoft Sentinel Community" + }, + { + "workbookKey": "UserMap", + "logoFileName": "", + "description": "This Workbook shows MaliciousIP, User SigninLog Data (this shows user Signin Locations and distance between as well as order visited) and WAF information.", + "dataTypesDependencies": [ + "SigninLogs", + "AzureDiagnostics", + "WireData", + "VMconnection", + "CommonSecurityLog", + "WindowsFirewall", + "W3CIISLog", + "DnsEvents" + ], + "dataConnectorsDependencies": [ + "AzureActiveDirectory" + ], + "previewImagesFileNames": [ + "UserMapBlack.png", + "UserMapWhite.png" + ], + "version": "1.0.0", + "title": "User Map information", + "templateRelativePath": "UserMap.json", + "subtitle": "", + "provider": "Microsoft Sentinel Community" + }, + { + "workbookKey": "AWSS3", + "logoFileName": "", + "description": ".", + "dataTypesDependencies": [ + "AWSCloudTrail", + "AWSGuardDuty", + "AWSVPCFlow" + ], + "dataConnectorsDependencies": [ + "AWSS3" + ], + "previewImagesFileNames": [ + "AWSS3Black.png", + "AWSS3White.png", + "AWSS3White1.png" + ], + "version": "1.0.0", + "title": "AWS S3 Workbook", + "templateRelativePath": "AWSS3.json", + "subtitle": "", + "provider": "Microsoft Sentinel Community" + }, + { + "workbookKey": "LogSourcesAndAnalyticRulesCoverageWorkbook", + "logoFileName": "", + "description": "This workbook is intended to show how the different tables in a Log Analytics workspace are being used by the different Microsoft Sentinel features, like analytics, hunting queries, playbooks and queries in general.", + "dataTypesDependencies": [], + "dataConnectorsDependencies": [], + "previewImagesFileNames": [ + "LogSourcesAndAnalyticRulesCoverageBlack.png", + "LogSourcesAndAnalyticRulesCoverageWhite.png" + ], + "version": "1.1.0", + "title": "Log Sources & Analytic Rules Coverage", + "templateRelativePath": "LogSourcesAndAnalyticRulesCoverage.json", + "subtitle": "", + "provider": "Microsoft Sentinel Community" + }, + { + "workbookKey": "CiscoFirepower", + "logoFileName": "", + "description": "Gain insights into your Cisco Firepower firewalls. This workbook analyzes Cisco Firepower device logs.", + "dataTypesDependencies": [ + "CommonSecurityLog" + ], + "dataConnectorsDependencies": [], + "previewImagesFileNames": [ + "CiscoFirepowerBlack.png", + "CiscoFirepowerWhite.png" + ], + "version": "1.0.0", + "title": "Cisco Firepower", + "templateRelativePath": "CiscoFirepower.json", + "subtitle": "", + "provider": "Microsoft Sentinel Community" + }, + { + "workbookKey": "MicrorosftTeams", + "logoFileName": "microsoftteams.svg", + "description": "This workbook is intended to identify the activities on Microrsoft Teams.", + "dataTypesDependencies": [ + "OfficeActivity" + ], + "dataConnectorsDependencies": [], + "previewImagesFileNames": [ + "MicrosoftTeamsBlack.png", + "MicrosoftTeamsWhite.png" + ], + "version": "1.0.0", + "title": "Microsoft Teams", + "templateRelativePath": "MicrosoftTeams.json", + "subtitle": "", + "provider": "Microsoft Sentinel Community" + }, + { + "workbookKey": "ArchivingBasicLogsRetention", + "logoFileName": "ArchivingBasicLogsRetention.svg", + "description": "This workbooks shows workspace and table retention periods, basic logs, and search & restore tables. It also allows you to update table retention periods, plans, and delete search or restore tables.", + "dataTypesDependencies": [], + "dataConnectorsDependencies": [], + "previewImagesFileNames": [ + "ArchivingBasicLogsRetentionBlack1.png", + "ArchivingBasicLogsRetentionWhite1.png" + ], + "version": "1.1.0", + "title": "Archiving, Basic Logs, and Retention", + "templateRelativePath": "ArchivingBasicLogsRetention.json", + "subtitle": "", + "provider": "Microsoft Sentinel Community" + }, + { + "workbookKey": "OktaSingleSignOnWorkbook", + "logoFileName": "okta_logo.svg", + "description": "Gain extensive insight into Okta Single Sign-On (SSO) by analyzing, collecting and correlating Audit and Event events.\nThis workbook provides visibility into message and click events that were permitted, delivered, or blocked", + "dataTypesDependencies": [ + "Okta_CL" + ], + "dataConnectorsDependencies": [ + "OktaSSO" + ], + "previewImagesFileNames": [ + "OktaSingleSignOnWhite.png", + "OktaSingleSignOnBlack.png" + ], + "version": "1.2", + "title": "Okta Single Sign-On", + "templateRelativePath": "OktaSingleSignOn.json", + "subtitle": "", + "provider": "Okta" + }, + { + "workbookKey": "MicrosoftDefenderForEndPoint", + "logoFileName": "", + "description": "A wokbook to provide details about Microsoft Defender for Endpoint Advance Hunting to Overview & Analyse data brought through M365 Defender Connector.", + "dataTypesDependencies": [], + "dataConnectorsDependencies": [], + "previewImagesFileNames": [ + "microsoftdefenderforendpointwhite.png", + "microsoftdefenderforendpointblack.png" + ], + "version": "1.0.0", + "title": "MicrosoftDefenderForEndPoint", + "templateRelativePath": "MicrosoftDefenderForEndPoint.json", + "subtitle": "", + "provider": "Microsoft Sentinel Community" + }, + { + "workbookKey": "Dynamics365Workbooks", + "logoFileName": "DynamicsLogo.svg", + "description": "This workbook brings together queries and visualizations to assist you in identifying potential threats in your Dynamics 365 audit data.", + "dataTypesDependencies": [ + "Dynamics365Activity" + ], + "dataConnectorsDependencies": [ + "Dynamics365" + ], + "previewImagesFileNames": [ + "Dynamics365WorkbookBlack.png", + "Dynamics365WorkbookWhite.png" + ], + "version": "1.0.3", + "title": "Dynamics365Workbooks", + "templateRelativePath": "Dynamics365Workbooks.json", + "subtitle": "", + "provider": "Microsoft Sentinel Community" + }, + { + "workbookKey": "CiscoMerakiWorkbook", + "logoFileName": "", + "description": "Gain insights into the Events from Cisco Meraki Solution and analyzing all the different types of Security Events. This workbook also helps in identifying the Events from affected devices, IPs and the nodes where malware was successfully detected.\nIP data received in Events is correlated with Threat Intelligence to identify if the reported IP address is known bad based on threat intelligence data.", + "dataTypesDependencies": [ + "meraki_CL", + "CiscoMerakiNativePoller", + "ThreatIntelligenceIndicator" + ], + "dataConnectorsDependencies": [ + "CiscoMeraki", + "CiscoMerakiNativePolling", + "ThreatIntelligence" + ], + "previewImagesFileNames": [ + "CiscoMerakiWorkbookWhite.png", + "CiscoMerakiWorkbookBlack.png" + ], + "version": "1.0.0", + "title": "CiscoMerakiWorkbook", + "templateRelativePath": "CiscoMerakiWorkbook.json", + "subtitle": "", + "provider": "Microsoft" + }, + { + "workbookKey": "SentinelOneWorkbook", + "logoFileName": "", + "description": "Sets the time name for analysis.", + "dataTypesDependencies": [ + "SentinelOne_CL" + ], + "dataConnectorsDependencies": [ + "SentinelOne" + ], + "previewImagesFileNames": [ + "SentinelOneBlack.png", + "SentinelOneWhite.png" + ], + "version": "1.0.0", + "title": "SentinelOneWorkbook", + "templateRelativePath": "SentinelOne.json", + "subtitle": "", + "provider": "Microsoft" + }, + { + "workbookKey": "TrendMicroApexOneWorkbook", + "logoFileName": "trendmicro_logo.svg", + "description": "Sets the time name for analysis.", + "dataTypesDependencies": [ + "CommonSecurityLog" + ], + "dataConnectorsDependencies": [ + "TrendMicroApexOne" + ], + "previewImagesFileNames": [ + "TrendMicroApexOneBlack.png", + "TrendMicroApexOneWhite.png" + ], + "version": "1.0.0", + "title": "Trend Micro Apex One", + "templateRelativePath": "TrendMicroApexOne.json", + "subtitle": "", + "provider": "TrendMicro" + }, + { + "workbookKey": "ContrastProtect", + "logoFileName": "contrastsecurity_logo.svg", + "description": "Select the time range for this Overview.", + "dataTypesDependencies": [ + "CommonSecurityLog" + ], + "dataConnectorsDependencies": [ + "ContrastProtect" + ], + "previewImagesFileNames": [ + "ContrastProtectAllBlack.png", + "ContrastProtectAllWhite.png", + "ContrastProtectEffectiveBlack.png", + "ContrastProtectEffectiveWhite.png", + "ContrastProtectSummaryBlack.png", + "ContrastProtectSummaryWhite.png" + ], + "version": "1.0.0", + "title": "Contrast Protect", + "templateRelativePath": "ContrastProtect.json", + "subtitle": "", + "provider": "contrast security" + }, + { + "workbookKey": "ArmorbloxOverview", + "logoFileName": "armorblox.svg", + "description": "INCIDENTS FROM SELECTED TIME RANGE", + "dataTypesDependencies": [ + "Armorblox_CL" + ], + "dataConnectorsDependencies": [ + "Armorblox" + ], + "previewImagesFileNames": [ + "ArmorbloxOverviewBlack01.png", + "ArmorbloxOverviewBlack02.png", + "ArmorbloxOverviewWhite01.png", + "ArmorbloxOverviewWhite02.png" + ], + "version": "1.0.0", + "title": "Armorblox", + "templateRelativePath": "ArmorbloxOverview.json", + "subtitle": "", + "provider": "Armorblox" + }, + { + "workbookKey": "PaloAltoCDL", + "logoFileName": "paloalto_logo.svg", + "description": "Sets the time name for analysis", + "dataTypesDependencies": [ + "CommonSecurityLog" + ], + "dataConnectorsDependencies": [ + "PaloAltoCDL" + ], + "previewImagesFileNames": [ + "PaloAltoBlack.png", + "PaloAltoWhite.png" + ], + "version": "1.0.0", + "title": "Palo Alto Networks Cortex Data Lake", + "templateRelativePath": "PaloAltoCDL.json", + "subtitle": "", + "provider": "Palo Alto Networks" + }, + { + "workbookKey": "VMwareCarbonBlack", + "logoFileName": "Azure_Sentinel.svg", + "description": "Sets the time name for analysis", + "dataTypesDependencies": [ + "CarbonBlackEvents_CL", + "CarbonBlackAuditLogs_CL", + "CarbonBlackNotifications_CL" + ], + "dataConnectorsDependencies": [ + "VMwareCarbonBlack" + ], + "previewImagesFileNames": [ + "VMwareCarbonBlack.png", + "VMwareCarbonWhite.png" + ], + "version": "1.0.0", + "title": "VMware Carbon Black Cloud", + "templateRelativePath": "VMwareCarbonBlack.json", + "subtitle": "", + "provider": "Microsoft" + }, + { + "workbookKey": "arista-networks", + "logoFileName": "AristaAwakeSecurity.svg", + "description": "Sets the time name for analysis", + "dataTypesDependencies": [ + "CommonSecurityLog" + ], + "dataConnectorsDependencies": [ + "AristaAwakeSecurity" + ], + "previewImagesFileNames": [ + "AristaAwakeSecurityDevicesBlack.png", + "AristaAwakeSecurityDevicesWhite.png", + "AristaAwakeSecurityModelsBlack.png", + "AristaAwakeSecurityModelsWhite.png", + "AristaAwakeSecurityOverviewBlack.png", + "AristaAwakeSecurityOverviewWhite.png" + ], + "version": "1.0.0", + "title": "Arista Awake", + "templateRelativePath": "AristaAwakeSecurityWorkbook.json", + "subtitle": "", + "provider": "Arista Networks" + }, + { + "workbookKey": "TomcatWorkbook", + "logoFileName": "Azure_Sentinel.svg", + "description": "Sets the time name for analysis", + "dataTypesDependencies": [ + "Tomcat_CL" + ], + "dataConnectorsDependencies": [ + "ApacheTomcat" + ], + "previewImagesFileNames": [ + "TomcatBlack.png", + "TomcatWhite.png" + ], + "version": "1.0.0", + "title": "ApacheTomcat", + "templateRelativePath": "Tomcat.json", + "subtitle": "", + "provider": "Apache" + }, + { + "workbookKey": "ClarotyWorkbook", + "logoFileName": "Azure_Sentinel.svg", + "description": "Sets the time name for analysis", + "dataTypesDependencies": [ + "CommonSecurityLog" + ], + "dataConnectorsDependencies": [ + "Claroty" + ], + "previewImagesFileNames": [ + "ClarotyBlack.png", + "ClarotyWhite.png" + ], + "version": "1.0.0", + "title": "Claroty", + "templateRelativePath": "ClarotyOverview.json", + "subtitle": "", + "provider": "Claroty" + }, + { + "workbookKey": "ApacheHTTPServerWorkbook", + "logoFileName": "apache.svg", + "description": "Sets the time name for analysis", + "dataTypesDependencies": [ + "ApacheHTTPServer_CL" + ], + "dataConnectorsDependencies": [ + "ApacheHTTPServer" + ], + "previewImagesFileNames": [ + "ApacheHTTPServerOverviewBlack01.png", + "ApacheHTTPServerOverviewBlack02.png", + "ApacheHTTPServerOverviewWhite01.png", + "ApacheHTTPServerOverviewWhite02.png" + ], + "version": "1.0.0", + "title": "Apache HTTP Server", + "templateRelativePath": "ApacheHTTPServer.json", + "subtitle": "", + "provider": "Apache Software Foundation" + }, + { + "workbookKey": "OCIWorkbook", + "logoFileName": "Azure_Sentinel.svg", + "description": "Sets the time name for analysis", + "dataTypesDependencies": [ + "OCI_Logs_CL" + ], + "dataConnectorsDependencies": [ + "OracleCloudInfrastructureLogsConnector" + ], + "previewImagesFileNames": [ + "OCIBlack.png", + "OCIWhite.png" + ], + "version": "1.0.0", + "title": "Oracle Cloud Infrastructure", + "templateRelativePath": "OracleCloudInfrastructureOCI.json", + "subtitle": "", + "provider": "Microsoft" + }, + { + "workbookKey": "OracleWeblogicServerWorkbook", + "logoFileName": "Azure_Sentinel.svg", + "description": "Sets the time name for analysis", + "dataTypesDependencies": [ + "OracleWebLogicServer_CL" + ], + "dataConnectorsDependencies": [ + "OracleWebLogicServer" + ], + "previewImagesFileNames": [ + "OracleWeblogicServerBlack.png", + "OracleWeblogicServerWhite.png" + ], + "version": "1.0.0", + "title": "Oracle WebLogic Server", + "templateRelativePath": "OracleWorkbook.json", + "subtitle": "", + "provider": "Oracle" + }, + { + "workbookKey": "BitglassWorkbook", + "logoFileName": "Azure_Sentinel.svg", + "description": "Sets the time name for analysis", + "dataTypesDependencies": [ + "BitglassLogs_CL" + ], + "dataConnectorsDependencies": [ + "Bitglass" + ], + "previewImagesFileNames": [ + "BitglassBlack.png", + "BitglassWhite.png" + ], + "version": "1.0.0", + "title": "Bitglass", + "templateRelativePath": "Bitglass.json", + "subtitle": "", + "provider": "Bitglass" + }, + { + "workbookKey": "NGINXWorkbook", + "logoFileName": "Azure_Sentinel.svg", + "description": "Sets the time name for analysis", + "dataTypesDependencies": [ + "NGINX_CL" + ], + "dataConnectorsDependencies": [ + "NGINXHTTPServer" + ], + "previewImagesFileNames": [ + "NGINXOverviewBlack01.png", + "NGINXOverviewBlack02.png", + "NGINXOverviewWhite01.png", + "NGINXOverviewWhite02.png" + ], + "version": "1.0.0", + "title": "NGINX HTTP Server", + "templateRelativePath": "NGINX.json", + "subtitle": "", + "provider": "Microsoft" + }, + { + "workbookKey": "vArmourAppContollerWorkbook", + "logoFileName": "varmour-logo.svg", + "description": "Sets the time name for analysis", + "dataTypesDependencies": [ + "CommonSecurityLog" + ], + "dataConnectorsDependencies": [ + "vArmourAC" + ], + "previewImagesFileNames": [ + "vArmourAppControllerAppBlack.png", + "vArmourAppControllerAppBlack-1.png", + "vArmourAppControllerAppBlack-2.png", + "vArmourAppControllerAppBlack-3.png", + "vArmourAppControllerAppBlack-4.png", + "vArmourAppControllerAppBlack-5.png", + "vArmourAppControllerAppBlack-6.png", + "vArmourAppControllerAppBlack-7.png", + "vArmourAppControllerAppWhite.png", + "vArmourAppControllerAppWhite-1.png", + "vArmourAppControllerAppWhite-2.png", + "vArmourAppControllerAppWhite-3.png", + "vArmourAppControllerAppWhite-4.png", + "vArmourAppControllerAppWhite-5.png", + "vArmourAppControllerAppWhite-6.png", + "vArmourAppControllerAppWhite-7.png" + ], + "version": "1.0.0", + "title": "vArmour Application Controller", + "templateRelativePath": "vArmour_AppContoller_Workbook.json", + "subtitle": "", + "provider": "vArmour" + }, + { + "workbookKey": "CorelightWorkbook", + "logoFileName": "corelight.svg", + "description": "Sets the time name for analysis", + "dataTypesDependencies": [ + "Corelight_CL" + ], + "dataConnectorsDependencies": [ + "Corelight" + ], + "previewImagesFileNames": [ + "CorelightConnectionsBlack1.png", + "CorelightConnectionsBlack2.png", + "CorelightConnectionsWhite1.png", + "CorelightConnectionsWhite2.png", + "CorelightDNSBlack1.png", + "CorelightDNSWhite1.png", + "CorelightFileBlack1.png", + "CorelightFileBlack2.png", + "CorelightFileWhite1.png", + "CorelightFileWhite2.png", + "CorelightMainBlack1.png", + "CorelightMainWhite1.png", + "CorelightSoftwareBlack1.png", + "CorelightSoftwareWhite1.png" + ], + "version": "1.0.0", + "title": "Corelight", + "templateRelativePath": "Corelight.json", + "subtitle": "", + "provider": "Corelight" + }, + { + "workbookKey": "LookoutEvents", + "logoFileName": "lookout.svg", + "description": "Sets the time name for analysis", + "dataTypesDependencies": [ + "Lookout_CL" + ], + "dataConnectorsDependencies": [ + "LookoutAPI" + ], + "previewImagesFileNames": [ + "SampleLookoutWorkBookBlack.png", + "SampleLookoutWorkBookWhite.png" + ], + "version": "1.0.0", + "title": "Lookout", + "templateRelativePath": "LookoutEvents.json", + "subtitle": "", + "provider": "Lookout" + }, + { + "workbookKey": "sentinel-MicrosoftPurview", + "logoFileName": "MicrosoftPurview.svg", + "description": "Sets the time name for analysis", + "dataTypesDependencies": [ + "AzureDiagnostics" + ], + "dataConnectorsDependencies": [ + "MicrosoftAzurePurview" + ], + "previewImagesFileNames": [ + "" + ], + "version": "1.0.0", + "title": "Microsoft Purview", + "templateRelativePath": "MicrosoftPurview.json", + "subtitle": "", + "provider": "Microsoft" + }, + { + "workbookKey": "InfobloxCDCB1TDWorkbook", + "logoFileName": "infoblox_logo.svg", + "description": "Sets the time name for analysis", + "dataTypesDependencies": [ + "CommonSecurityLog" + ], + "dataConnectorsDependencies": [ + "InfobloxCloudDataConnector" + ], + "previewImagesFileNames": [ + "InfobloxCDCB1TDBlack.png", + "InfobloxCDCB1TDWhite.png" + ], + "version": "1.0.0", + "title": "Infoblox Cloud Data Connector", + "templateRelativePath": "InfobloxCDCB1TDWorkbook.json", + "subtitle": "", + "provider": "InfoBlox" + }, + { + "workbookKey": "UbiquitiUniFiWorkbook", + "logoFileName": "ubiquiti.svg", + "description": "Sets the time name for analysis", + "dataTypesDependencies": [ + "Ubiquiti_CL" + ], + "dataConnectorsDependencies": [ + "UbiquitiUnifi" + ], + "previewImagesFileNames": [ + "UbiquitiOverviewBlack01.png", + "UbiquitiOverviewBlack02.png", + "UbiquitiOverviewWhite01.png", + "UbiquitiOverviewWhite02.png" + ], + "version": "1.0.0", + "title": "Ubiquiti UniFi", + "templateRelativePath": "Ubiquiti.json", + "subtitle": "", + "provider": "Microsoft" + }, + { + "workbookKey": "VMwareESXiWorkbook", + "logoFileName": "Azure_Sentinel.svg", + "description": "Sets the time name for analysis", + "dataTypesDependencies": [ + "Syslog" + ], + "dataConnectorsDependencies": [ + "VMwareESXi" + ], + "previewImagesFileNames": [ + "VMWareESXiBlack.png", + "VMWareESXiWhite.png" + ], + "version": "1.0.0", + "title": "VMware ESXi", + "templateRelativePath": "VMWareESXi.json", + "subtitle": "", + "provider": "Microsoft" + }, + { + "workbookKey": "SnowflakeWorkbook", + "logoFileName": "Azure_Sentinel.svg", + "description": "Sets the time name for analysis", + "dataTypesDependencies": [ + "Snowflake_CL" + ], + "dataConnectorsDependencies": [ + "SnowflakeDataConnector" + ], + "previewImagesFileNames": [ + "SnowflakeBlack.png", + "SnowflakeWhite.png" + ], + "version": "1.0.0", + "title": "Snowflake", + "templateRelativePath": "Snowflake.json", + "subtitle": "", + "provider": "Snowflake" + }, + { + "workbookKey": "LastPassWorkbook", + "logoFileName": "LastPass.svg", + "description": "Sets the time name for analysis", + "dataTypesDependencies": [ + "LastPassNativePoller_CL" + ], + "dataConnectorsDependencies": [ + "LastPassAPIConnector" + ], + "previewImagesFileNames": [ + "LastPassBlack.png", + "LastPassWhite.png" + ], + "version": "1.0.0", + "title": "Lastpass Enterprise Activity Monitoring", + "templateRelativePath": "LastPassWorkbook.json", + "subtitle": "", + "provider": "LastPass" + }, + { + "workbookKey": "SecurityBridgeWorkbook", + "logoFileName": "SecurityBridgeLogo-Vector-TM_75x75.svg", + "description": "Sets the time name for analysis", + "dataTypesDependencies": [ + "SecurityBridgeLogs" + ], + "dataConnectorsDependencies": [ + "SecurityBridgeSAP" + ], + "previewImagesFileNames": [ + "SecurityBridgeThreatDetectionWhite.png", + "SecurityBridgeThreatDetectionWhite1.png" + ], + "version": "1.0.0", + "title": "SecurityBridge App", + "templateRelativePath": "SecurityBridgeThreatDetectionforSAP.json", + "subtitle": "", + "provider": "SecurityBridge" + }, + { + "workbookKey": "PaloAltoPrismaCloudWorkbook", + "logoFileName": "paloalto_logo.svg", + "description": "Sets the time name for analysis.", + "dataTypesDependencies": [ + "PaloAltoPrismaCloudAlert_CL", + "PaloAltoPrismaCloudAudit_CL" + ], + "dataConnectorsDependencies": [ + "PaloAltoPrismaCloud" + ], + "previewImagesFileNames": [ + "PaloAltoPrismaCloudBlack01.png", + "PaloAltoPrismaCloudBlack02.png", + "PaloAltoPrismaCloudWhite01.png", + "PaloAltoPrismaCloudWhite02.png" + ], + "version": "1.0.0", + "title": "Palo Alto Prisma", + "templateRelativePath": "PaloAltoPrismaCloudOverview.json", + "subtitle": "", + "provider": "Microsoft" + }, + { + "workbookKey": "PingFederateWorkbook", + "logoFileName": "PingIdentity.svg", + "description": "Sets the time name for analysis", + "dataTypesDependencies": [ + "PingFederateEvent" + ], + "dataConnectorsDependencies": [ + "PingFederate" + ], + "previewImagesFileNames": [ + "PingFederateBlack1.png", + "PingFederateWhite1.png" + ], + "version": "1.0.0", + "title": "PingFederate", + "templateRelativePath": "PingFederate.json", + "subtitle": "", + "provider": "Microsoft" + }, + { + "workbookKey": "McAfeeePOWorkbook", + "logoFileName": "mcafee_logo.svg", + "description": "Sets the time name for analysis", + "dataTypesDependencies": [ + "McAfeeEPOEvent" + ], + "dataConnectorsDependencies": [ + "McAfeeePO" + ], + "previewImagesFileNames": [ + "McAfeeePOBlack1.png", + "McAfeeePOBlack2.png", + "McAfeeePOWhite1.png", + "McAfeeePOWhite2.png" + ], + "version": "1.0.0", + "title": "McAfee ePolicy Orchestrator", + "templateRelativePath": "McAfeeePOOverview.json", + "subtitle": "", + "provider": "Microsoft" + }, + { + "workbookKey": "OracleDatabaseAudit", + "logoFileName": "oracle_logo.svg", + "description": "Sets the time name for analysis", + "dataTypesDependencies": [ + "Syslog" + ], + "dataConnectorsDependencies": [ + "OracleDatabaseAudit" + ], + "previewImagesFileNames": [ + "OracleDatabaseAuditBlack1.png", + "OracleDatabaseAuditBlack2.png", + "OracleDatabaseAuditWhite1.png", + "OracleDatabaseAuditWhite2.png" + ], + "version": "1.0.0", + "title": "Oracle Database Audit", + "templateRelativePath": "OracleDatabaseAudit.json", + "subtitle": "", + "provider": "Oracle" + }, + { + "workbookKey": "SenservaProAnalyticsWorkbook", + "logoFileName": "SenservaPro_logo.svg", + "description": "Sets the time name for analysis", + "dataTypesDependencies": [ + "SenservaPro_CL" + ], + "dataConnectorsDependencies": [ + "SenservaPro" + ], + "previewImagesFileNames": [ + "SenservaProAnalyticsBlack.png", + "SenservaProAnalyticsWhite.png" + ], + "version": "1.0.0", + "title": "SenservaProAnalytics", + "templateRelativePath": "SenservaProAnalyticsWorkbook.json", + "subtitle": "", + "provider": "Senserva Pro" + }, + { + "workbookKey": "SenservaProMultipleWorkspaceWorkbook", + "logoFileName": "SenservaPro_logo.svg", + "description": "Sets the time name for analysis", + "dataTypesDependencies": [ + "SenservaPro_CL" + ], + "dataConnectorsDependencies": [ + "SenservaPro" + ], + "previewImagesFileNames": [ + "SenservaProMultipleWorkspaceWorkbookBlack.png", + "SenservaProMultipleWorkspaceWorkbookWhite.png" + ], + "version": "1.0.0", + "title": "SenservaProMultipleWorkspace", + "templateRelativePath": "SenservaProMultipleWorkspaceWorkbook.json", + "subtitle": "", + "provider": "Senserva Pro" + }, + { + "workbookKey": "SenservaProSecureScoreMultiTenantWorkbook", + "logoFileName": "SenservaPro_logo.svg", + "description": "Sets the time name for analysis", + "dataTypesDependencies": [ + "SenservaPro_CL" + ], + "dataConnectorsDependencies": [ + "SenservaPro" + ], + "previewImagesFileNames": [ + "SenservaProSecureScoreMultiTenantBlack.png", + "SenservaProSecureScoreMultiTenantWhite.png" + ], + "version": "1.0.0", + "title": "SenservaProSecureScoreMultiTenant", + "templateRelativePath": "SenservaProSecureScoreMultiTenantWorkbook.json", + "subtitle": "", + "provider": "Senserva Pro" + }, + { + "workbookKey": "CiscoSecureEndpointOverviewWorkbook", + "logoFileName": "cisco-logo-72px.svg", + "description": "Sets the time name for analysis", + "dataTypesDependencies": [ + "CiscoSecureEndpoint" + ], + "dataConnectorsDependencies": [ + "CiscoSecureEndpoint" + ], + "previewImagesFileNames": [ + "CiscoSecureEndpointBlack.png", + "CiscoSecureEndpointWhite.png" + ], + "version": "1.0.0", + "title": "Cisco Secure Endpoint", + "templateRelativePath": "Cisco Secure Endpoint Overview.json", + "subtitle": "", + "provider": "Cisco" + }, + { + "workbookKey": "InfoSecGlobalWorkbook", + "logoFileName": "infosecglobal.svg", + "description": "Sets the time name for analysis.", + "dataTypesDependencies": [ + "InfoSecAnalytics_CL" + ], + "dataConnectorsDependencies": [ + "InfoSecDataConnector" + ], + "previewImagesFileNames": [ + "InfoSecGlobalWorkbookBlack.png", + "InfoSecGlobalWorkbookWhite.png" + ], + "version": "1.0.0", + "title": "AgileSec Analytics Connector", + "templateRelativePath": "InfoSecGlobal.json", + "subtitle": "", + "provider": "InfoSecGlobal" + }, + { + "workbookKey": "CrowdStrikeFalconEndpointProtectionWorkbook", + "logoFileName": "crowdstrike.svg", + "description": "Sets the time name for analysis", + "dataTypesDependencies": [ + "CrowdstrikeReplicatorLogs_CL" + ], + "dataConnectorsDependencies": [ + "CrowdstrikeReplicator" + ], + "previewImagesFileNames": [ + "CrowdStrikeFalconEndpointProtectionBlack.png", + "CrowdStrikeFalconEndpointProtectionWhite.png" + ], + "version": "1.0.0", + "title": "CrowdStrike Falcon Endpoint Protection", + "templateRelativePath": "CrowdStrikeFalconEndpointProtection.json", + "subtitle": "", + "provider": "Microsoft" + }, + { + "workbookKey": "IronDefenseAlertDashboard", + "logoFileName": "IronNet.svg", + "description": "Sets the time name for analysis", + "dataTypesDependencies": [ + "CommonSecurityLog" + ], + "dataConnectorsDependencies": [ + "IronNetIronDefense" + ], + "previewImagesFileNames": [ + "IronDefenseDashboardBlack.png", + "IronDefenseDashboardWhit.png" + ], + "version": "1.0.0", + "title": "IronDefenseAlertDashboard", + "templateRelativePath": "IronDefenseAlertDashboard.json", + "subtitle": "", + "provider": "Microsoft" + }, + { + "workbookKey": "IronDefenseAlertDetails", + "logoFileName": "IronNet.svg", + "description": "Sets the time name for analysis", + "dataTypesDependencies": [ + "CommonSecurityLog" + ], + "dataConnectorsDependencies": [ + "IronNetIronDefense" + ], + "previewImagesFileNames": [ + "IronDefenseAlertsBlack.png", + "IronDefenseAlertsWhite.png" + ], + "version": "1.0.0", + "title": "IronDefenseAlertDetails", + "templateRelativePath": "IronDefenseAlertDetails.json", + "subtitle": "", + "provider": "Microsoft" + }, + { + "workbookKey": "CiscoSEGWorkbook", + "logoFileName": "cisco-logo-72px.svg", + "description": "Sets the time name for analysis", + "dataTypesDependencies": [ + "CommonSecurityLog" + ], + "dataConnectorsDependencies": [ + "CiscoSEG" + ], + "previewImagesFileNames": [ + "CiscoSEGBlack.png", + "CiscoSEGWhite.png" + ], + "version": "1.0.0", + "title": "Cisco Secure Email Gateway", + "templateRelativePath": "CiscoSEG.json", + "subtitle": "", + "provider": "Cisco" + }, + { + "workbookKey": "EatonForeseerHealthAndAccess", + "logoFileName": "Azure_Sentinel.svg", + "description": "This workbook gives an insight into the health of all the Windows VMs in this subscription running Eaton Foreseer and the unauthorized access into the Eaton Foreseer application running on these VMs.", + "dataTypesDependencies": [ + "SecurityEvent" + ], + "dataConnectorsDependencies": [], + "previewImagesFileNames": [ + "EatonForeseerHealthAndAccessBlack.png", + "EatonForeseerHealthAndAccessWhite.png" + ], + "version": "1.0.0", + "title": "EatonForeseerHealthAndAccess", + "templateRelativePath": "EatonForeseerHealthAndAccess.json", + "subtitle": "", + "provider": "Eaton" + }, + { + "workbookKey": "PCIDSSComplianceWorkbook", + "logoFileName": "Azure_Sentinel.svg", + "description": "Choose your subscription and workspace in which PCI assets are deployed", + "dataTypesDependencies": [ + "AzureDaignostics", + "SecurityEvent", + "SecurityAlert", + "OracleDatabaseAuditEvent", + "Syslog", + "Anomalies" + ], + "dataConnectorsDependencies": [], + "previewImagesFileNames": [ + "PCIDSSComplianceBlack01.PNG", + "PCIDSSComplianceBlack02.PNG", + "PCIDSSComplianceWhite01.PNG", + "PCIDSSComplianceWhite02.PNG" + ], + "version": "1.0.0", + "title": "PCI DSS Compliance", + "templateRelativePath": "PCIDSSCompliance.json", + "subtitle": "", + "provider": "Microsoft" + }, + { + "workbookKey": "SonraiSecurityWorkbook", + "logoFileName": "Sonrai.svg", + "description": "Sets the time name for analysis", + "dataTypesDependencies": [ + "Sonrai_Tickets_CL" + ], + "dataConnectorsDependencies": [ + "SonraiDataConnector" + ], + "previewImagesFileNames": [ + "SonraiWorkbookBlack.png", + "SonraiWorkbookWhite.png" + ], + "version": "1.0.0", + "title": "Sonrai", + "templateRelativePath": "Sonrai.json", + "subtitle": "", + "provider": "Sonrai" + }, + { + "workbookKey": "CloudflareWorkbook", + "logoFileName": "cloudflare.svg", + "description": "Sets the time name for analysis", + "dataTypesDependencies": [ + "Cloudflare_CL" + ], + "dataConnectorsDependencies": [ + "CloudflareDataConnector" + ], + "previewImagesFileNames": [ + "CloudflareOverviewBlack01.png", + "CloudflareOverviewBlack02.png", + "CloudflareOverviewWhite01.png", + "CloudflareOverviewWhite02.png" + ], + "version": "1.0.0", + "title": "Cloudflare", + "templateRelativePath": "Cloudflare.json", + "subtitle": "", + "provider": "Cloudflare" + }, + { + "workbookKey": "SemperisDSPWorkbook", + "logoFileName": "Semperis.svg", + "description": "Specify the time range on which to query the data", + "dataTypesDependencies": [ + "dsp_parser" + ], + "dataConnectorsDependencies": [ + "SemperisDSP" + ], + "previewImagesFileNames": [ + "SemperisDSPOverview1Black.png", + "SemperisDSPOverview1White.png", + "SemperisDSPOverview2Black.png", + "SemperisDSPOverview2White.png", + "SemperisDSPOverview3Black.png", + "SemperisDSPOverview3White.png" + ], + "version": "1.0.0", + "title": "Semperis Directory Services Protector", + "templateRelativePath": "SemperisDSPWorkbook.json", + "subtitle": "", + "provider": "Semperis" + }, + { + "workbookKey": "BoxWorkbook", + "logoFileName": "box.svg", + "description": "Sets the time name for analysis", + "dataTypesDependencies": [ + "BoxEvents_CL" + ], + "dataConnectorsDependencies": [ + "BoxDataConnector" + ], + "previewImagesFileNames": [ + "BoxBlack1.png", + "BoxWhite1.png", + "BoxBlack2.png", + "BoxWhite2.png" + ], + "version": "1.0.0", + "title": "Box", + "templateRelativePath": "Box.json", + "subtitle": "", + "provider": "Box" + }, + { + "workbookKey": "SymantecEndpointProtection", + "logoFileName": "symantec_logo.svg", + "description": "Sets the time name for analysis", + "dataTypesDependencies": [ + "SymantecEndpointProtection" + ], + "dataConnectorsDependencies": [ + "SymantecEndpointProtection" + ], + "previewImagesFileNames": [ + "SymantecEndpointProtectionBlack.png", + "SymantecEndpointProtectionWhite.png" + ], + "version": "1.0.0", + "title": "Symantec Endpoint Protection", + "templateRelativePath": "SymantecEndpointProtection.json", + "subtitle": "", + "provider": "Symantec" + }, + { + "workbookKey": "DynamicThreatModeling&Response", + "logoFileName": "", + "description": "Sets the time name for analysis", + "dataTypesDependencies": [ + "SecurityAlert" + ], + "dataConnectorsDependencies": [], + "previewImagesFileNames": [ + "ThreatAnalysis&ResponseWhite1.png", + "ThreatAnalysis&ResponseWhite2.png" + ], + "version": "1.0.0", + "title": "Dynamic Threat Modeling Response", + "templateRelativePath": "DynamicThreatModeling&Response.json", + "subtitle": "", + "provider": "Microsoft" + }, + { + "workbookKey": "ThreatAnalysis&Response", + "logoFileName": "", + "description": "The Defenders for IoT workbook provide guided investigations for OT entities based on open incidents, alert notifications, and activities for OT assets. They also provide a hunting experience across the MITRE ATT&CK® framework for ICS, and are designed to enable analysts, security engineers, and MSSPs to gain situational awareness of OT security posture.", + "dataTypesDependencies": [ + "SecurityAlert" + ], + "dataConnectorsDependencies": [], + "previewImagesFileNames": [ + "ThreatAnalysis&ResponseWhite.png" + ], + "version": "1.0.1", + "title": "Threat Analysis Response", + "templateRelativePath": "ThreatAnalysis&Response.json", + "subtitle": "", + "provider": "Microsoft" + }, + { + "workbookKey": "TrendMicroCAS", + "logoFileName": "Trend_Micro_Logo.svg", + "description": "Sets the time name for analysis", + "dataTypesDependencies": [ + "TrendMicroCAS_CL" + ], + "dataConnectorsDependencies": [ + "TrendMicroCAS" + ], + "previewImagesFileNames": [ + "TrendMicroCASBlack.png", + "TrendMicroCASWhite.png" + ], + "version": "1.0.0", + "title": "TrendMicroCAS", + "templateRelativePath": "TrendMicroCAS.json", + "subtitle": "", + "provider": "TrendMicro" + }, + { + "workbookKey": "GitHubSecurityWorkbook", + "logoFileName": "GitHub.svg", + "description": "Gain insights to GitHub activities that may be interesting for security.", + "dataTypesDependencies": [ + "GitHubAuditLogPolling_CL" + ], + "dataConnectorsDependencies": [ + "GitHubEcAuditLogPolling" + ], + "previewImagesFileNames": [], + "version": "1.0.0", + "title": "GithubWorkbook", + "templateRelativePath": "GitHubWorkbook.json", + "subtitle": "", + "provider": "Microsoft" + }, + { + "workbookKey": "GCPDNSWorkbook", + "logoFileName": "google_logo.svg", + "description": "Sets the time name for analysis", + "dataTypesDependencies": [ + "GCPCloudDNS" + ], + "dataConnectorsDependencies": [ + "GCPDNSDataConnector" + ], + "previewImagesFileNames": [ + "GCPDNSBlack.png", + "GCPDNSWhite.png" + ], + "version": "1.0.0", + "title": "Google Cloud Platform DNS", + "templateRelativePath": "GCPDNS.json", + "subtitle": "", + "provider": "Microsoft" + }, + { + "workbookKey": "AtlassianJiraAuditWorkbook", + "logoFileName": "", + "description": "Sets the time name for analysis", + "dataTypesDependencies": [ + "AtlassianJiraNativePoller_CL" + ], + "dataConnectorsDependencies": [ + "AtlassianJira" + ], + "previewImagesFileNames": [ + "AtlassianJiraAuditWhite.png", + "AtlassianJiraAuditBlack.png" + ], + "version": "1.0.0", + "title": "AtlassianJiraAudit", + "templateRelativePath": "AtlassianJiraAudit.json", + "subtitle": "", + "provider": "Atlassian" + }, + { + "workbookKey": "DigitalGuardianWorkbook", + "logoFileName": "Azure_Sentinel.svg", + "description": "Sets the time name for analysis", + "dataTypesDependencies": [ + "DigitalGuardianDLPEvent" + ], + "dataConnectorsDependencies": [ + "DigitalGuardianDLP" + ], + "previewImagesFileNames": [ + "DigitalGuardianBlack.png", + "DigitalGuardianWhite.png" + ], + "version": "1.0.0", + "title": "DigitalGuardianDLP", + "templateRelativePath": "DigitalGuardian.json", + "subtitle": "", + "provider": "Digital Guardian" + }, + { + "workbookKey": "CiscoDuoWorkbook", + "logoFileName": "cisco-logo-72px.svg", + "description": "Sets the time name for analysis", + "dataTypesDependencies": [ + "CiscoDuo_CL" + ], + "dataConnectorsDependencies": [ + "CiscoDuoSecurity" + ], + "previewImagesFileNames": [ + "CiscoDuoWhite.png", + "CiscoDuoBlack.png" + ], + "version": "1.0.0", + "title": "CiscoDuoSecurity", + "templateRelativePath": "CiscoDuo.json", + "subtitle": "", + "provider": "Cisco" + }, + { + "workbookKey": "SlackAudit", + "logoFileName": "slacklogo.svg", + "description": "Sets the time name for analysis", + "dataTypesDependencies": [ + "SlackAudit_CL" + ], + "dataConnectorsDependencies": [ + "SlackAuditAPI" + ], + "previewImagesFileNames": [ + "SlackAuditApplicationActivityBlack1.png", + "SlackAuditApplicationActivityWhite1.png" + ], + "version": "1.0.0", + "title": "SlackAudit", + "templateRelativePath": "SlackAudit.json", + "subtitle": "", + "provider": "Slack" + }, + { + "workbookKey": "CiscoWSAWorkbook", + "logoFileName": "cisco-logo-72px.svg", + "description": "Sets the time name for analysis", + "dataTypesDependencies": [ + "Syslog" + ], + "dataConnectorsDependencies": [ + "CiscoWSA" + ], + "previewImagesFileNames": [ + "CiscoWSAWhite.png", + "CiscoWSABlack.png" + ], + "version": "1.0.0", + "title": "CiscoWSA", + "templateRelativePath": "CiscoWSA.json", + "subtitle": "", + "provider": "Cisco" + }, + { + "workbookKey": "GCP-IAM-Workbook", + "logoFileName": "google_logo.svg", + "description": "Sets the time name for analysis", + "dataTypesDependencies": [ + "GCP_IAM_CL" + ], + "dataConnectorsDependencies": [ + "GCPIAMDataConnector" + ], + "previewImagesFileNames": [ + "GCPIAMBlack01.png", + "GCPIAMBlack02.png", + "GCPIAMWhite01.png", + "GCPIAMWhite02.png" + ], + "version": "1.0.0", + "title": "Google Cloud Platform IAM", + "templateRelativePath": "GCP_IAM.json", + "subtitle": "", + "provider": "Google" + }, + { + "workbookKey": "ImpervaWAFCloudWorkbook", + "logoFileName": "Imperva_DarkGrey_final_75x75.svg", + "description": "Sets the time name for analysis.", + "dataTypesDependencies": [ + "ImpervaWAFCloud_CL" + ], + "dataConnectorsDependencies": [ + "ImpervaWAFCloudAPI" + ], + "previewImagesFileNames": [ + "ImpervaWAFCloudBlack01.png", + "ImpervaWAFCloudBlack02.png", + "ImpervaWAFCloudWhite01.png", + "ImpervaWAFCloudWhite02.png" + ], + "version": "1.0.0", + "title": "Imperva WAF Cloud Overview", + "templateRelativePath": "Imperva WAF Cloud Overview.json", + "subtitle": "", + "provider": "Microsoft" + }, + { + "workbookKey": "ZscalerZPAWorkbook", + "logoFileName": "ZscalerLogo.svg", + "description": "Select the time range for this Overview.", + "dataTypesDependencies": [ + "ZPA_CL" + ], + "dataConnectorsDependencies": [ + "ZscalerPrivateAccess" + ], + "previewImagesFileNames": [ + "ZscalerZPABlack.png", + "ZscalerZPAWhite.png" + ], + "version": "1.0.0", + "title": "Zscaler Private Access (ZPA)", + "templateRelativePath": "ZscalerZPA.json", + "subtitle": "", + "provider": "Zscaler" + }, + { + "workbookKey": "GoogleWorkspaceWorkbook", + "logoFileName": "google_logo.svg", + "description": "Sets the time name for analysis", + "dataTypesDependencies": [ + "GWorkspace_ReportsAPI_admin_CL", + "GWorkspace_ReportsAPI_calendar_CL", + "GWorkspace_ReportsAPI_drive_CL", + "GWorkspace_ReportsAPI_login_CL", + "GWorkspace_ReportsAPI_login_CL", + "GWorkspace_ReportsAPI_mobile_CL" + ], + "dataConnectorsDependencies": [ + "GoogleWorkspaceReportsAPI" + ], + "previewImagesFileNames": [ + "GoogleWorkspaceBlack.png", + "GoogleWorkspaceWhite.png" + ], + "version": "1.0.0", + "title": "GoogleWorkspaceReports", + "templateRelativePath": "GoogleWorkspace.json", + "subtitle": "", + "provider": "Microsoft" + }, + { + "workbookKey": "NCProtectWorkbook", + "logoFileName": "NCProtectIcon.svg", + "description": "Sets the time name for analysis", + "dataTypesDependencies": [ + "NCProtectUAL_CL" + ], + "dataConnectorsDependencies": [ + "NucleusCyberNCProtect" + ], + "previewImagesFileNames": [ + "", + "" + ], + "version": "1.0.0", + "title": "NucleusCyberProtect", + "templateRelativePath": "NucleusCyber_NCProtect_Workbook.json", + "subtitle": "", + "provider": "archTIS" + }, + { + "workbookKey": "CiscoISEWorkbook", + "logoFileName": "cisco-logo-72px.svg", + "description": "Sets the time name for analysis", + "dataTypesDependencies": [ + "Syslog" + ], + "dataConnectorsDependencies": [ + "CiscoISE" + ], + "previewImagesFileNames": [], + "version": "1.0.0", + "title": "Cisco ISE", + "templateRelativePath": "CiscoISE.json", + "subtitle": "", + "provider": "Cisco" + }, + { + "workbookKey": "IoTOTThreatMonitoringwithDefenderforIoTWorkbook", + "logoFileName": "", + "description": "The OT Threat Monitoring with Defender for IoT Workbook features OT filtering for Security Alerts, Incidents, Vulnerabilities and Asset Inventory. The workbook features a dynamic assessment of the MITRE ATT&CK for ICS matrix across your environment to analyze and respond to OT-based threats. This workbook is designed to enable SecOps Analysts, Security Engineers, and MSSPs to gain situational awareness for IT/OT security posture.", + "dataTypesDependencies": [ + "SecurityAlert", + "SecurityIncident" + ], + "dataConnectorsDependencies": [], + "previewImagesFileNames": [], + "version": "1.0.0", + "title": "Microsoft Defender for IoT", + "templateRelativePath": "IoTOTThreatMonitoringwithDefenderforIoT.json", + "subtitle": "", + "provider": "Microsoft" + }, + { + "workbookKey": "ZeroTrust(TIC3.0)Workbook", + "logoFileName": "Azure_Sentinel.svg", + "description": "Sets the time name for analysis", + "dataTypesDependencies": [ + "SecurityRecommendation" + ], + "dataConnectorsDependencies": [], + "previewImagesFileNames": [ + "ZeroTrust(TIC3.0)Black1.PNG", + "ZeroTrust(TIC3.0)White1.PNG" + ], + "version": "1.0.0", + "title": "ZeroTrust(TIC3.0)", + "templateRelativePath": "ZeroTrustTIC3.json", + "subtitle": "", + "provider": "Microsoft" + }, + { + "workbookKey": "InsiderRiskManagementWorkbook", + "logoFileName": "Azure_Sentinel.svg", + "description": "The Microsoft Insider Risk Management Workbook integrates telemetry from 25+ Microsoft security products to provide actionable insights into insider risk management. Reporting tools provide \u201cGo to Alert\u201d links to provide deeper integration between products and a simplified user experience for exploring alerts. ", + "dataTypesDependencies": [ + "SigninLogsSigninLogs", + "AuditLogs", + "AzureActivity", + "OfficeActivity", + "InformationProtectionLogs_CL", + "SecurityIncident" + ], + "dataConnectorsDependencies": [], + "previewImagesFileNames": [ + "InsiderRiskManagementBlack1.png" + ], + "version": "1.0.0", + "title": "Insider Risk Management", + "templateRelativePath": "InsiderRiskManagement.json", + "subtitle": "", + "provider": "Microsoft" + }, + { + "workbookKey": "CybersecurityMaturityModelCertification(CMMC)2.0Workbook", + "logoFileName": "", + "description": "Sets the time name for analysis.", + "dataTypesDependencies": [ + "InformationProtectionLogs_CL", + "AuditLogs", + "SecurityIncident", + "SigninLogs", + "AzureActivity" + ], + "dataConnectorsDependencies": [], + "previewImagesFileNames": [], + "version": "1.0.0", + "title": "CybersecurityMaturityModelCertification(CMMC)2.0", + "templateRelativePath": "CybersecurityMaturityModelCertification_CMMCV2.json", + "subtitle": "", + "provider": "Microsoft" + }, + { + "workbookKey": "NISTSP80053Workbook", + "logoFileName": "", + "description": "Sets the time name for analysis.", + "dataTypesDependencies": [ + "SigninLogs", + "AuditLogs", + "AzureActivity", + "OfficeActivity", + "SecurityEvents", + "CommonSecurityLog", + "SecurityIncident", + "SecurityRecommendation" + ], + "dataConnectorsDependencies": [ + "SecurityEvents" + ], + "previewImagesFileNames": [], + "version": "1.0.0", + "title": "NISTSP80053workbook", + "templateRelativePath": "NISTSP80053.json", + "subtitle": "", + "provider": "Microsoft" + }, + { + "workbookKey": "DarktraceWorkbook", + "logoFileName": "Darktrace.svg", + "description": "The Darktrace Workbook visualises Model Breach and AI Analyst data received by the Darktrace Data Connector and visualises events across the network, SaaS, IaaS and Email.", + "dataTypesDependencies": [ + "darktrace_model_alerts_CL" + ], + "dataConnectorsDependencies": [ + "DarktraceRESTConnector" + ], + "previewImagesFileNames": [ + "DarktraceWorkbookBlack01.png", + "DarktraceWorkbookBlack02.png", + "DarktraceWorkbookWhite01.png", + "DarktraceWorkbookWhite02.png" + ], + "version": "1.0.1", + "title": "Darktrace", + "templateRelativePath": "DarktraceWorkbook.json", + "subtitle": "", + "provider": "Darktrace" + }, + { + "workbookKey": "RecordedFutureDomainC2DNSWorkbook", + "logoFileName": "RecordedFuture.svg", + "description": "Sets the time name for DNS Events and Threat Intelligence Time Range", + "dataTypesDependencies": [ + "ThreatIntelligenceIndicator" + ], + "dataConnectorsDependencies": [], + "previewImagesFileNames": [], + "version": "1.0.0", + "title": "Recorded Future - C&C DNS Name to DNS Events - Correlation&Threat Hunting", + "templateRelativePath": "Recorded Future - C&C DNS Name to DNS Events - Correlation&Threat Hunting.json", + "subtitle": "", + "provider": "Recorded Future" + }, + { + "workbookKey": "RecordedFutureIPActiveC2Workbook", + "logoFileName": "RecordedFuture.svg", + "description": "Sets the time name for DNS Events and Threat Intelligence Time Range", + "dataTypesDependencies": [ + "ThreatIntelligenceIndicator" + ], + "dataConnectorsDependencies": [], + "previewImagesFileNames": [], + "version": "1.0.0", + "title": "Recorded Future - Actively Communicating C&C IPs to DNS Events - Correlation&Threat Hunting", + "templateRelativePath": "Recorded Future - Actively Communicating C&C IPs to DNS Events - Correlation&Threat Hunting.json", + "subtitle": "", + "provider": "Recorded Future" + }, + { + "workbookKey": "MaturityModelForEventLogManagement_M2131", + "logoFileName": "contrastsecurity_logo.svg", + "description": "Select the time range for this Overview.", + "dataTypesDependencies": [], + "dataConnectorsDependencies": [], + "previewImagesFileNames": [ + "MaturityModelForEventLogManagement_M2131Black.png" + ], + "version": "1.0.0", + "title": "MaturityModelForEventLogManagementM2131", + "templateRelativePath": "MaturityModelForEventLogManagement_M2131.json", + "subtitle": "", + "provider": "Microsoft" + }, + { + "workbookKey": "AzureSQLSecurityWorkbook", + "logoFileName": "AzureSQL.svg", + "description": "Sets the time window in days to search around the alert", + "dataTypesDependencies": [ + "AzureDiagnostics", + "SecurityAlert", + "SecurityIncident" + ], + "dataConnectorsDependencies": [ + "AzureSql" + ], + "previewImagesFileNames": [], + "version": "1.0.0", + "title": "Azure SQL Database Workbook", + "templateRelativePath": "Workbook-AzureSQLSecurity.json", + "subtitle": "", + "provider": "Microsoft" + }, + { + "workbookKey": "ContinuousDiagnostics&Mitigation", + "logoFileName": "", + "description": "Select the time range for this Overview.", + "dataTypesDependencies": [], + "dataConnectorsDependencies": [], + "previewImagesFileNames": [ + "ContinuousDiagnostics&MitigationBlack.png" + ], + "version": "1.0.0", + "title": "ContinuousDiagnostics&Mitigation", + "templateRelativePath": "ContinuousDiagnostics&Mitigation.json", + "subtitle": "", + "provider": "Microsoft" + }, + { + "workbookKey": "UserWorkbook-alexdemichieli-github-update-1", + "logoFileName": "GitHub.svg", + "description": "Repository selector.", + "dataTypesDependencies": [ + "githubscanaudit_CL" + ], + "dataConnectorsDependencies": [ + "GitHubWebhook" + ], + "previewImagesFileNames": [], + "version": "1.0.0", + "title": "GithubWorkbook-update-to-workbook-1", + "templateRelativePath": "update-to-workbook-1.json", + "subtitle": "", + "provider": "Microsoft" + }, + { + "workbookKey": "AtlasianJiraAuditWorkbook", + "logoFileName": "", + "description": "Select the time range for this Overview.", + "dataTypesDependencies": [ + "AtlassianJiraNativePoller_CL" + ], + "dataConnectorsDependencies": [ + "AtlassianJira" + ], + "previewImagesFileNames": [ + "AtlassianJiraAuditBlack.png", + "AtlassianJiraAuditWhite.png" + ], + "version": "1.0.0", + "title": "AtlasianJiraAuditWorkbook", + "templateRelativePath": "AtlasianJiraAuditWorkbook.json", + "subtitle": "", + "provider": "Microsoft" + }, + { + "workbookKey": "AzureSecurityBenchmark", + "logoFileName": "", + "description": "Azure Security Benchmark v3 Workbook provides a mechanism for viewing log queries, azure resource graph, and policies aligned to ASB controls across Microsoft security offerings, Azure, Microsoft 365, 3rd Party, On-Premises, and Multi-cloud workloads. This workbook enables Security Architects, Engineers, SecOps Analysts, Managers, and IT Pros to gain situational awareness visibility for the security posture of cloud workloads. There are also recommendations for selecting, designing, deploying, and configuring Microsoft offerings for alignment with respective ASB requirements and practices.", + "dataTypesDependencies": [ + "SecurityRegulatoryCompliance", + "AzureDiagnostics", + "SecurityIncident", + "SigninLogs", + "SecurityAlert" + ], + "dataConnectorsDependencies": [], + "previewImagesFileNames": [ + "AzureSecurityBenchmark1.png", + "AzureSecurityBenchmark2.png", + "AzureSecurityBenchmark3.png" + ], + "version": "1.0.0", + "title": "Azure Security Benchmark", + "templateRelativePath": "AzureSecurityBenchmark.json", + "subtitle": "", + "provider": "Microsoft" + }, + { + "workbookKey": "ZNAccessOchestratorAudit", + "logoFileName": "", + "description": "This workbook provides a summary of ZeroNetworks data.", + "dataTypesDependencies": [ + "ZNAccessOrchestratorAudit_CL", + "ZNAccessOrchestratorAuditNativePoller_CL" + ], + "dataConnectorsDependencies": [ + "ZeroNetworksAccessOrchestratorAuditFunction", + "ZeroNetworksAccessOrchestratorAuditNativePoller" + ], + "previewImagesFileNames": [], + "version": "1.0.0", + "title": "Zero NetWork", + "templateRelativePath": "ZNSegmentAudit.json", + "subtitle": "", + "provider": "Zero Networks" + }, + { + "workbookKey": "FireworkWorkbook", + "logoFileName": "FlareSystems.svg", + "description": "Select the time range for this Overview.", + "dataTypesDependencies": [ + "Firework_CL" + ], + "dataConnectorsDependencies": [ + "FlareSystemsFirework" + ], + "previewImagesFileNames": [ + "FireworkOverviewBlack01.png", + "FireworkOverviewBlack02.png", + "FireworkOverviewWhite01.png", + "FireworkOverviewWhite02.png" + ], + "version": "1.0.0", + "title": "FlareSystemsFirework", + "templateRelativePath": "FlareSystemsFireworkOverview.json", + "subtitle": "", + "provider": "Flare Systems" + }, + { + "workbookKey": "UserWorkbook-alexdemichieli-github-update-1", + "logoFileName": "GitHub.svg", + "description": "Gain insights to GitHub activities that may be interesting for security.", + "dataTypesDependencies": [ + "GitHubAuditLogPolling_CL" + ], + "dataConnectorsDependencies": [ + "GitHubEcAuditLogPolling" + ], + "previewImagesFileNames": [], + "version": "1.0.0", + "title": "GitHub Security", + "templateRelativePath": "GitHubAdvancedSecurity.json", + "subtitle": "", + "provider": "Microsoft" + }, + { + "workbookKey": "TaniumWorkbook", + "logoFileName": "Tanium.svg", + "description": "Visualize Tanium endpoint and module data", + "dataTypesDependencies": [ + "TaniumComplyCompliance_CL", + "TaniumComplyVulnerabilities_CL", + "TaniumDefenderHealth_CL", + "TaniumDiscoverUnmanagedAssets_CL", + "TaniumHighUptime_CL", + "TaniumMainAsset_CL", + "TaniumPatchListApplicability_CL", + "TaniumPatchListCompliance_CL", + "TaniumSCCMClientHealth_CL", + "TaniumThreatResponse_CL" + ], + "dataConnectorsDependencies": [], + "previewImagesFileNames": [ + "TaniumComplyDark.png", + "TaniumComplyLight.png", + "TaniumDiscoverDark.png", + "TaniumDiscoverLight.png", + "TaniumMSToolingHealthDark.png", + "TaniumMSToolingHealthLight.png", + "TaniumPatchDark.png", + "TaniumPatchLight.png", + "TaniumThreatResponseAlertsDark.png", + "TaniumThreatResponseAlertsLight.png", + "TaniumThreatResponseDark.png", + "TaniumThreatResponseLight.png" + ], + "version": "1.0", + "title": "Tanium Workbook", + "templateRelativePath": "TaniumWorkbook.json", + "subtitle": "", + "provider": "Tanium" + }, + { + "workbookKey": "ActionableAlertsDashboard", + "logoFileName": "", + "description": "None.", + "dataTypesDependencies": [ + "CyberSixgill_Alerts_CL" + ], + "dataConnectorsDependencies": [ + "CybersixgillActionableAlerts" + ], + "previewImagesFileNames": [], + "version": "1.0.0", + "title": "Cybersixgill Actionable Alerts Dashboard", + "templateRelativePath": "ActionableAlertsDashboard.json", + "subtitle": "", + "provider": "Cybersixgill" + }, + { + "workbookKey": "ActionableAlertsList", + "logoFileName": "", + "description": "None.", + "dataTypesDependencies": [ + "CyberSixgill_Alerts_CL" + ], + "dataConnectorsDependencies": [ + "CybersixgillActionableAlerts" + ], + "previewImagesFileNames": [], + "version": "1.0.0", + "title": "Cybersixgill Actionable Alerts List", + "templateRelativePath": "ActionableAlertsList.json", + "subtitle": "", + "provider": "Cybersixgill" + }, + { + "workbookKey": "ArgosCloudSecurityWorkbook", + "logoFileName": "argos-logo.svg", + "description": "The ARGOS Cloud Security integration for Microsoft Sentinel allows you to have all your important cloud security events in one place.", + "dataTypesDependencies": [ + "ARGOS_CL" + ], + "dataConnectorsDependencies": [ + "ARGOSCloudSecurity" + ], + "previewImagesFileNames": [ + "ARGOSCloudSecurityWorkbookBlack.png", + "ARGOSCloudSecurityWorkbookWhite.png" + ], + "version": "1.0.0", + "title": "ARGOS Cloud Security", + "templateRelativePath": "ARGOSCloudSecurityWorkbook.json", + "subtitle": "", + "provider": "ARGOS Cloud Security" + }, + { + "workbookKey": "JamfProtectWorkbook", + "logoFileName": "jamf_logo.svg", + "description": "This Jamf Protect Workbook for Microsoft Sentinel enables you to ingest Jamf Protect events forwarded into Microsoft Sentinel.\n Providing reports into all alerts, device controls and Unfied Logs.", + "dataTypesDependencies": [ + "jamfprotect_CL" + ], + "dataConnectorsDependencies": [], + "previewImagesFileNames": [ + "JamfProtectDashboardBlack.png", + "JamfProtectDashboardWhite.png" + ], + "version": "2.0.0", + "title": "Jamf Protect Workbook", + "templateRelativePath": "JamfProtectDashboard.json", + "subtitle": "", + "provider": "Jamf Software, LLC" + }, + { + "workbookKey": "AIVectraStream", + "logoFileName": "", + "description": "", + "dataTypesDependencies": [ + "VectraStream_CL" + ], + "dataConnectorsDependencies": [ "AIVectraStream" ], + "previewImagesFileNames": [], + "version": "1.0.0", + "title": "AIVectraStreamWorkbook", + "templateRelativePath": "AIVectraStreamWorkbook.json", + "subtitle": "", + "provider": "Vectra AI" + }, + { + "workbookKey": "SecurityScorecardWorkbook", + "logoFileName": "", + "description": "This Workbook provides immediate insight into the data coming from SecurityScorecard’s three Sentinel data connectors: SecurityScorecard Cybersecurity Ratings, SecurityScorecard Cybersecurity Ratings - Factors, and SecurityScorecard Cybersecurity Ratings - Issues.", + "dataTypesDependencies": [ + "SecurityScorecardFactor_CL", + "SecurityScorecardIssues_CL", + "SecurityScorecardRatings_CL" + ], + "dataConnectorsDependencies": [ + "SecurityScorecardFactorAzureFunctions", + "SecurityScorecardIssueAzureFunctions", + "SecurityScorecardRatingsAzureFunctions" + ], + "previewImagesFileNames": [ + "SecurityScorecardBlack1.png", + "SecurityScorecardBlack2.png", + "SecurityScorecardBlack3.png", + "SecurityScorecardBlack4.png", + "SecurityScorecardBlack5.png", + "SecurityScorecardBlack6.png", + "SecurityScorecardWhite1.png", + "SecurityScorecardWhite2.png", + "SecurityScorecardWhite3.png", + "SecurityScorecardWhite4.png", + "SecurityScorecardWhite5.png", + "SecurityScorecardWhite6.png" + ], + "version": "1.0.0", + "title": "SecurityScorecard", + "templateRelativePath": "SecurityScorecardWorkbook.json", + "subtitle": "", + "provider": "SecurityScorecard" + }, + { + "workbookKey": "DigitalShadowsWorkbook", + "logoFileName": "DigitalShadowsLogo.svg", + "description": "test", + "dataTypesDependencies": [ + "DigitalShadows_CL" + ], + "dataConnectorsDependencies": [ + "DigitalShadowsSearchlightAzureFunctions" + ], + "previewImagesFileNames": [ + "DigitalShadowsBlack1.png", + "DigitalShadowsBlack2.png", + "DigitalShadowsBlack3.png", + "DigitalShadowsWhite1.png", + "DigitalShadowsWhite2.png", + "DigitalShadowsWhite3.png" + ], + "version": "1.0.0", + "title": "Digital Shadows", + "templateRelativePath": "DigitalShadows.json", + "subtitle": "", + "provider": "Digital Shadows" + }, + { + "workbookKey": "SalesforceServiceCloudWorkbook", + "logoFileName": "salesforce_logo.svg", + "description": "Sets the time name for analysis.", + "dataTypesDependencies": [ + "SalesforceServiceCloud" + ], + "dataConnectorsDependencies": [ + "SalesforceServiceCloud_CL" + ], + "previewImagesFileNames": [], + "version": "1.0.0", + "title": "Salesforce Service Cloud", + "templateRelativePath": "SalesforceServiceCloud.json", + "subtitle": "", + "provider": "Salesforce" + }, + { + "workbookKey": "NetworkSessionSolution", + "logoFileName": "Azure_Sentinel.svg", + "description": "This workbook is included as part of Network Session Essentials solution and gives a summary of analyzed traffic, helps with threat analysis and investigating suspicious IP’s and traffic analysis. Network Session Essentials Solution also includes playbooks to periodically summarize the logs thus enhancing user experience and improving data search. For the effective usage of workbook, we highly recommend to enable the summarization playbooks that are provided with this solution.", + "dataTypesDependencies": [ + "AWSVPCFlow", + "DeviceNetworkEvents", + "SecurityEvent", + "WindowsEvent", + "CommonSecurityLog", + "Syslog", + "CommonSecurityLog", + "VMConnection", + "AzureDiagnostics", + "AzureDiagnostics", + "CommonSecurityLog", + "Corelight_CL", + "VectraStream", + "CommonSecurityLog", + "CommonSecurityLog", + "Syslog", + "CiscoMerakiNativePoller" + ], + "dataConnectorsDependencies": [ "AWSS3", "MicrosoftThreatProtection", "SecurityEvents", "WindowsForwardedEvents", "Zscaler", "MicrosoftSysmonForLinux", "PaloAltoNetworks", "AzureMonitor(VMInsights)", "AzureFirewall", "AzureNSG", "CiscoASA", "Corelight", "AIVectraStream", "CheckPoint", "Fortinet", "CiscoMeraki" ], + "previewImagesFileNames": [], + "version": "1.0.0", + "title": "Network Session Essentials", + "templateRelativePath": "NetworkSessionEssentials.json", + "subtitle": "", + "provider": "Microsoft" + }, + { + "workbookKey": "SAPSODAnalysis", + "logoFileName": "AliterConsulting.svg", + "description": "SAP SOD Analysis", + "dataTypesDependencies": [ + "SAPAuditLog" + ], + "dataConnectorsDependencies": [ + "SAP" + ], + "previewImagesFileNames": [], + "version": "2.0.0", + "title": "SAP SOD Analysis", + "templateRelativePath": "SAP - Segregation of Duties v2.0 (by Aliter Consulting).json", + "subtitle": "", + "provider": "Aliter Consulting" + }, + { + "workbookKey": "TheomWorkbook", + "logoFileName": "theom-logo.svg", + "description": "Theom Alert Statistics", + "dataTypesDependencies": [ + "TheomAlerts_CL" + ], + "dataConnectorsDependencies": [ + "Theom" + ], + "previewImagesFileNames": [ + "TheomWorkbook-black.png", + "TheomWorkbook-white.png" + ], + "version": "1.0.0", + "title": "Theom", + "templateRelativePath": "Theom.json", + "subtitle": "", + "provider": "Theom" + }, + { + "workbookKey": "DynatraceWorkbooks", + "logoFileName": "dynatrace.svg", + "description": "This workbook brings together queries and visualizations to assist you in identifying potential threats surfaced by Dynatrace.", + "dataTypesDependencies": [ + "DynatraceAttacks_CL", + "DynatraceAuditLogs_CL", + "DynatraceProblems_CL", + "DynatraceSecurityProblems_CL" + ], + "dataConnectorsDependencies": [ + "DynatraceAttacks", + "DynatraceAuditLogs", + "DynatraceProblems", + "DynatraceRuntimeVulnerabilities" + ], + "previewImagesFileNames": [ + "DynatraceWorkbookBlack.png", + "DynatraceWorkbookWhite.png" + ], + "version": "2.0.0", + "title": "Dynatrace", + "templateRelativePath": "Dynatrace.json", + "subtitle": "", + "provider": "Dynatrace" + }, + { + "workbookKey": "MDOWorkbook", + "logoFileName": "", + "description": "Gain extensive insight into your organization's Microsoft Defender for Office Activity by analyzing, and correlating events.\nYou can track malware and phishing detection over time.", + "dataTypesDependencies": [ + "SecurityAlert" + ], + "dataConnectorsDependencies": [ + "MicrosoftThreatProtection" + ], + "previewImagesFileNames": [], + "version": "1.0.0", + "title": "Microsoft 365 Defender MDOWorkbook", + "templateRelativePath": "MDO Insights.json", + "subtitle": "", + "provider": "Microsoft" + }, + { + "workbookKey": "AnomaliesVisualizationWorkbook", "logoFileName": "", - "description": "Select the time range for this Overview.", + "description": "A workbook that provides contextual information to a user for better insight on Anomalies and their impact. The workbook will help with investigation of anomalies as well as identify patterns that can lead to a threat.", "dataTypesDependencies": [ - "AtlassianJiraNativePoller_CL" - ], - "dataConnectorsDependencies": [ - "AtlassianJira" + "Anomalies" ], + "dataConnectorsDependencies": [], "previewImagesFileNames": [ - "AtlassianJiraAuditBlack.png", - "AtlassianJiraAuditWhite.png" + "AnomaliesVisualizationWorkbookWhite.png", + "AnomaliesVisualizationWorkbookBlack.png" ], "version": "1.0.0", - "title": "AtlasianJiraAuditWorkbook", - "templateRelativePath": "AtlasianJiraAuditWorkbook.json", + "title": "AnomaliesVisulization", + "templateRelativePath": "AnomaliesVisualization.json", "subtitle": "", - "provider": "Microsoft" -}, -{ - "workbookKey": "AzureSecurityBenchmark", + "provider": "Microsoft Sentinel Community" + }, + { + "workbookKey": "AnomalyDataWorkbook", "logoFileName": "", - "description": "Azure Security Benchmark v3 Workbook provides a mechanism for viewing log queries, azure resource graph, and policies aligned to ASB controls across Microsoft security offerings, Azure, Microsoft 365, 3rd Party, On-Premises, and Multi-cloud workloads. This workbook enables Security Architects, Engineers, SecOps Analysts, Managers, and IT Pros to gain situational awareness visibility for the security posture of cloud workloads. There are also recommendations for selecting, designing, deploying, and configuring Microsoft offerings for alignment with respective ASB requirements and practices.", + "description": "A workbook providing details, related Incident, and related Hunting Workbook for a specific Anomaly.", "dataTypesDependencies": [ - "SecurityRegulatoryCompliance", - "AzureDiagnostics", - "SecurityIncident", - "SigninLogs", - "SecurityAlert" + "Anomalies" ], "dataConnectorsDependencies": [], "previewImagesFileNames": [ - "AzureSecurityBenchmark1.png", - "AzureSecurityBenchmark2.png", - "AzureSecurityBenchmark3.png" + "AnomalyDataWorkbookWhite.png", + "AnomalyDataWorkbookBlack.png" ], "version": "1.0.0", - "title": "Azure Security Benchmark", - "templateRelativePath": "AzureSecurityBenchmark.json", + "title": "AnomalyData", + "templateRelativePath": "AnomalyData.json", "subtitle": "", - "provider": "Microsoft" -}, -{ - "workbookKey": "ZNAccessOchestratorAudit", - "logoFileName": "", - "description": "This workbook provides a summary of ZeroNetworks data.", + "provider": "Microsoft Sentinel Community" + }, + { + "workbookKey": "MicrosoftExchangeLeastPrivilegewithRBAC-Online", + "logoFileName": "Azure_Sentinel.svg", + "description": "This Workbook, dedicated to Exchange Online environments is built to have a simple view of non-standard RBAC delegations on an Exchange Online tenant. This Workbook allow you to go deep dive on custom delegation and roles and also members of each delegation, including the nested level and the group imbrication on your environment.", "dataTypesDependencies": [ - "ZNAccessOrchestratorAudit_CL", - "ZNAccessOrchestratorAuditNativePoller_CL" + "ESIExchangeOnlineConfig_CL" ], "dataConnectorsDependencies": [ - "ZeroNetworksAccessOrchestratorAuditFunction", - "ZeroNetworksAccessOrchestratorAuditNativePoller" + "ESI-ExchangeOnPremisesCollector", + "ESI-ExchangeAdminAuditLogEvents", + "ESI-ExchangeOnlineCollector" ], "previewImagesFileNames": [], "version": "1.0.0", - "title": "Zero NetWork", - "templateRelativePath": "ZNSegmentAudit.json", + "title": "Microsoft Exchange Least Privilege with RBAC - Online", + "templateRelativePath": "Microsoft Exchange Least Privilege with RBAC - Online.json", "subtitle": "", - "provider": "Zero Networks" -}, -{ - "workbookKey": "FireworkWorkbook", - "logoFileName": "FlareSystems.svg", - "description": "Select the time range for this Overview.", + "provider": "Microsoft" + }, + { + "workbookKey": "MicrosoftExchangeLeastPrivilegewithRBAC", + "logoFileName": "Azure_Sentinel.svg", + "description": "This Workbook, dedicated to On-Premises environments is built to have a simple view of non-standard RBAC delegations on an On-Premises Exchange environment. This Workbook allow you to go deep dive on custom delegation and roles and also members of each delegation, including the nested level and the group imbrication on your environment.", "dataTypesDependencies": [ - "Firework_CL" + "ESIExchangeOnlineConfig_CL" ], "dataConnectorsDependencies": [ - "FlareSystemsFirework" - ], - "previewImagesFileNames": [ - "FireworkOverviewBlack01.png", - "FireworkOverviewBlack02.png", - "FireworkOverviewWhite01.png", - "FireworkOverviewWhite02.png" + "ESI-ExchangeOnPremisesCollector", + "ESI-ExchangeAdminAuditLogEvents", + "ESI-ExchangeOnlineCollector" ], + "previewImagesFileNames": [], "version": "1.0.0", - "title": "FlareSystemsFirework", - "templateRelativePath": "FlareSystemsFireworkOverview.json", + "title": "Microsoft Exchange Least Privilege with RBAC", + "templateRelativePath": "Microsoft Exchange Least Privilege with RBAC.json", "subtitle": "", - "provider": "Flare Systems" -}, -{ - "workbookKey": "UserWorkbook-alexdemichieli-github-update-1", - "logoFileName": "GitHub.svg", - "description": "Gain insights to GitHub activities that may be interesting for security.", + "provider": "Microsoft" + }, + { + "workbookKey": "MicrosoftExchangeSearchAdminAuditLog", + "logoFileName": "Azure_Sentinel.svg", + "description": "This workbook is dedicated to On-Premises Exchange organizations. It uses the MSExchange Management event logs to give you a simple way to view administrators’ activities in your Exchange environment with Cmdlets usage statistics and multiple pivots to understand who and/or what is affected to modifications on your environment.", "dataTypesDependencies": [ - "GitHubAuditLogPolling_CL" + "ESIExchangeOnlineConfig_CL" ], "dataConnectorsDependencies": [ - "GitHubEcAuditLogPolling" + "ESI-ExchangeOnPremisesCollector", + "ESI-ExchangeAdminAuditLogEvents", + "ESI-ExchangeOnlineCollector" ], "previewImagesFileNames": [], "version": "1.0.0", - "title": "GitHub Security", - "templateRelativePath": "GitHubAdvancedSecurity.json", + "title": "Microsoft Exchange Search AdminAuditLog", + "templateRelativePath": "Microsoft Exchange Search AdminAuditLog.json", "subtitle": "", "provider": "Microsoft" -}, -{ - "workbookKey": "TaniumWorkbook", - "logoFileName": "Tanium.svg", - "description": "Visualize Tanium endpoint and module data", - "dataTypesDependencies": [ - "TaniumComplyCompliance_CL", - "TaniumComplyVulnerabilities_CL", - "TaniumDefenderHealth_CL", - "TaniumDiscoverUnmanagedAssets_CL", - "TaniumHighUptime_CL", - "TaniumMainAsset_CL", - "TaniumPatchListApplicability_CL", - "TaniumPatchListCompliance_CL", - "TaniumSCCMClientHealth_CL", - "TaniumThreatResponse_CL" - ], - "dataConnectorsDependencies": [], - "previewImagesFileNames": [ - "TaniumComplyDark.png", - "TaniumComplyLight.png", - "TaniumDiscoverDark.png", - "TaniumDiscoverLight.png", - "TaniumMSToolingHealthDark.png", - "TaniumMSToolingHealthLight.png", - "TaniumPatchDark.png", - "TaniumPatchLight.png", - "TaniumThreatResponseAlertsDark.png", - "TaniumThreatResponseAlertsLight.png", - "TaniumThreatResponseDark.png", - "TaniumThreatResponseLight.png" - ], - "version": "1.0", - "title": "Tanium Workbook", - "templateRelativePath": "TaniumWorkbook.json", - "subtitle": "", - "provider": "Tanium" -}, -{ - "workbookKey": "ActionableAlertsDashboard", - "logoFileName": "", - "description": "None.", + }, + { + "workbookKey": "MicrosoftExchangeSecurityMonitoring", + "logoFileName": "Azure_Sentinel.svg", + "description": "This Workbook is dedicated to On-Premises Exchange organizations. It uses the MSExchange Management event logs and Microsoft Exchange Security configuration collected by data connectors. It helps to track admin actions, especially on VIP Users and/or on Sensitive Cmdlets. This workbook allows also to list Exchange Services changes, local account activities and local logon on Exchange Servers.", "dataTypesDependencies": [ - "CyberSixgill_Alerts_CL" + "ESIExchangeOnlineConfig_CL" ], "dataConnectorsDependencies": [ - "CybersixgillActionableAlerts" + "ESI-ExchangeOnPremisesCollector", + "ESI-ExchangeAdminAuditLogEvents", + "ESI-ExchangeOnlineCollector" ], "previewImagesFileNames": [], "version": "1.0.0", - "title": "Cybersixgill Actionable Alerts Dashboard", - "templateRelativePath": "ActionableAlertsDashboard.json", + "title": "Microsoft Exchange Admin Activity", + "templateRelativePath": "Microsoft Exchange Admin Activity.json", "subtitle": "", - "provider": "Cybersixgill" -}, -{ - "workbookKey": "ActionableAlertsList", - "logoFileName": "", - "description": "None.", + "provider": "Microsoft" + }, + { + "workbookKey": "MicrosoftExchangeSecurityReview-Online", + "logoFileName": "Azure_Sentinel.svg", + "description": "This Workbook is dedicated to Exchange Online tenants. It displays and highlights current Security configuration on various Exchange components specific to Online including delegations, the transport configuration and the linked security risks, and risky protocols.", "dataTypesDependencies": [ - "CyberSixgill_Alerts_CL" + "ESIExchangeOnlineConfig_CL" ], "dataConnectorsDependencies": [ - "CybersixgillActionableAlerts" + "ESI-ExchangeOnPremisesCollector", + "ESI-ExchangeAdminAuditLogEvents", + "ESI-ExchangeOnlineCollector" ], "previewImagesFileNames": [], "version": "1.0.0", - "title": "Cybersixgill Actionable Alerts List", - "templateRelativePath": "ActionableAlertsList.json", + "title": "Microsoft Exchange Security Review - Online", + "templateRelativePath": "Microsoft Exchange Security Review - Online.json", "subtitle": "", - "provider": "Cybersixgill" -}, -{ - "workbookKey": "ArgosCloudSecurityWorkbook", - "logoFileName": "argos-logo.svg", - "description": "The ARGOS Cloud Security integration for Microsoft Sentinel allows you to have all your important cloud security events in one place.", + "provider": "Microsoft" + }, + { + "workbookKey": "MicrosoftExchangeSecurityReview", + "logoFileName": "Azure_Sentinel.svg", + "description": "This Workbook is dedicated to On-Premises Exchange organizations. It displays and highlights current Security configuration on various Exchange components including delegations, rights on databases, Exchange and most important AD Groups with members including nested groups, local administrators of servers. This workbook helps also to understand the transport configuration and the linked security risks.", "dataTypesDependencies": [ - "ARGOS_CL" + "ESIExchangeOnlineConfig_CL" ], "dataConnectorsDependencies": [ - "ARGOSCloudSecurity" - ], - "previewImagesFileNames": [ - "ARGOSCloudSecurityWorkbookBlack.png", - "ARGOSCloudSecurityWorkbookWhite.png" - ], - "version": "1.0.0", - "title": "ARGOS Cloud Security", - "templateRelativePath": "ARGOSCloudSecurityWorkbook.json", - "subtitle": "", - "provider": "ARGOS Cloud Security" -}, -{ - "workbookKey": "JamfProtectWorkbook", - "logoFileName": "jamf_logo.svg", - "description": "This Jamf Protect Workbook for Microsoft Sentinel enables you to ingest Jamf Protect events forwarded into Microsoft Sentinel.\n Providing reports into all alerts, device controls and Unfied Logs.", - "dataTypesDependencies": [ - "jamfprotect_CL" - ], - "dataConnectorsDependencies": [], - "previewImagesFileNames": [ - "JamfProtectDashboardBlack.png", - "JamfProtectDashboardWhite.png" + "ESI-ExchangeOnPremisesCollector", + "ESI-ExchangeAdminAuditLogEvents", + "ESI-ExchangeOnlineCollector" ], - "version": "2.0.0", - "title": "Jamf Protect Workbook", - "templateRelativePath": "JamfProtectDashboard.json", - "subtitle": "", - "provider": "Jamf Software, LLC" -}, -{ - "workbookKey": "AIVectraStream", - "logoFileName": "", - "description": "", - "dataTypesDependencies": [ - "VectraStream_CL" - ], - "dataConnectorsDependencies": [ "AIVectraStream" ], "previewImagesFileNames": [], "version": "1.0.0", - "title": "AIVectraStreamWorkbook", - "templateRelativePath": "AIVectraStreamWorkbook.json", + "title": "Microsoft Exchange Security Review", + "templateRelativePath": "Microsoft Exchange Security Review.json", "subtitle": "", - "provider": "Vectra AI" -}, -{ - "workbookKey": "SecurityScorecardWorkbook", + "provider": "Microsoft" + }, + { + "workbookKey": "ibossMalwareAndC2Workbook", "logoFileName": "", - "description": "This Workbook provides immediate insight into the data coming from SecurityScorecard’s three Sentinel data connectors: SecurityScorecard Cybersecurity Ratings, SecurityScorecard Cybersecurity Ratings - Factors, and SecurityScorecard Cybersecurity Ratings - Issues.", + "description": "A workbook providing insights into malware and C2 activity detected by iboss.", "dataTypesDependencies": [ - "SecurityScorecardFactor_CL", - "SecurityScorecardIssues_CL", - "SecurityScorecardRatings_CL" ], "dataConnectorsDependencies": [ - "SecurityScorecardFactorAzureFunctions", - "SecurityScorecardIssueAzureFunctions", - "SecurityScorecardRatingsAzureFunctions" ], "previewImagesFileNames": [ - "SecurityScorecardBlack1.png", - "SecurityScorecardBlack2.png", - "SecurityScorecardBlack3.png", - "SecurityScorecardBlack4.png", - "SecurityScorecardBlack5.png", - "SecurityScorecardBlack6.png", - "SecurityScorecardWhite1.png", - "SecurityScorecardWhite2.png", - "SecurityScorecardWhite3.png", - "SecurityScorecardWhite4.png", - "SecurityScorecardWhite5.png", - "SecurityScorecardWhite6.png" ], "version": "1.0.0", - "title": "SecurityScorecard", - "templateRelativePath": "SecurityScorecardWorkbook.json", + "title": "iboss Malware and C2", + "templateRelativePath": "ibossMalwareAndC2.json", "subtitle": "", - "provider": "SecurityScorecard" -}, -{ - "workbookKey": "DigitalShadowsWorkbook", - "logoFileName": "DigitalShadowsLogo.svg", - "description": "test", + "provider": "iboss" + }, + { + "workbookKey": "ibossWebUsageWorkbook", + "logoFileName": "", + "description": "A workbook providing insights into web usage activity detected by iboss.", "dataTypesDependencies": [ - "DigitalShadows_CL" ], "dataConnectorsDependencies": [ - "DigitalShadowsSearchlightAzureFunctions" ], "previewImagesFileNames": [ - "DigitalShadowsBlack1.png", - "DigitalShadowsBlack2.png", - "DigitalShadowsBlack3.png", - "DigitalShadowsWhite1.png", - "DigitalShadowsWhite2.png", - "DigitalShadowsWhite3.png" ], "version": "1.0.0", - "title": "Digital Shadows", - "templateRelativePath": "DigitalShadows.json", + "title": "iboss Web Usage", + "templateRelativePath": "ibossWebUsage.json", "subtitle": "", - "provider": "Digital Shadows" -}, -{ - "workbookKey": "SalesforceServiceCloudWorkbook", - "logoFileName": "salesforce_logo.svg", - "description": "Sets the time name for analysis.", + "provider": "iboss" + }, + { + "workbookKey": "Fortiweb-workbook", + "logoFileName": "Azure_Sentinel.svg", + "description": "This workbook depends on a parser based on a Kusto Function to work as expected [**Fortiweb**](https://aka.ms/sentinel-FortiwebDataConnector-parser) which is deployed with the Microsoft Sentinel Solution.", "dataTypesDependencies": [ - "SalesforceServiceCloud" + "CommonSecurityLog" ], "dataConnectorsDependencies": [ - "SalesforceServiceCloud_CL" - ], - "previewImagesFileNames": [], - "version": "1.0.0", - "title": "Salesforce Service Cloud", - "templateRelativePath": "SalesforceServiceCloud.json", - "subtitle": "", - "provider": "Salesforce" -}, -{ - "workbookKey": "NetworkSessionSolution", - "logoFileName": "Azure_Sentinel.svg", - "description": "This workbook is included as part of Network Session Essentials solution and gives a summary of analyzed traffic, helps with threat analysis and investigating suspicious IP’s and traffic analysis. Network Session Essentials Solution also includes playbooks to periodically summarize the logs thus enhancing user experience and improving data search. For the effective usage of workbook, we highly recommend to enable the summarization playbooks that are provided with this solution.", - "dataTypesDependencies": [ - "AWSVPCFlow", - "DeviceNetworkEvents", - "SecurityEvent", - "WindowsEvent", - "CommonSecurityLog", - "Syslog", - "CommonSecurityLog", - "VMConnection", - "AzureDiagnostics", - "AzureDiagnostics", - "CommonSecurityLog", - "Corelight_CL", - "VectraStream", - "CommonSecurityLog", - "CommonSecurityLog", - "Syslog", - "CiscoMerakiNativePoller" + "FortinetFortiWeb" ], - "dataConnectorsDependencies": [ "AWSS3", "MicrosoftThreatProtection", "SecurityEvents", "WindowsForwardedEvents", "Zscaler", "MicrosoftSysmonForLinux", "PaloAltoNetworks", "AzureMonitor(VMInsights)", "AzureFirewall", "AzureNSG", "CiscoASA", "Corelight", "AIVectraStream", "CheckPoint", "Fortinet", "CiscoMeraki" ], "previewImagesFileNames": [], "version": "1.0.0", - "title": "Network Session Essentials", - "templateRelativePath": "NetworkSessionEssentials.json", + "title": "Fortiweb-workbook", + "templateRelativePath": "Fortiweb-workbook.json", "subtitle": "", "provider": "Microsoft" -}, -{ - "workbookKey": "SAPSODAnalysis", - "logoFileName": "AliterConsulting.svg", - "description": "SAP SOD Analysis", - "dataTypesDependencies": [ - "SAPAuditLog" - ], - "dataConnectorsDependencies": [ - "SAP" - ], - "previewImagesFileNames": [], - "version": "2.0.0", - "title": "SAP SOD Analysis", - "templateRelativePath": "SAP - Segregation of Duties v2.0 (by Aliter Consulting).json", - "subtitle": "", - "provider": "Aliter Consulting" - }, - { - "workbookKey": "TheomWorkbook", - "logoFileName": "theom-logo.svg", - "description": "Theom Alert Statistics", + }, + { + "workbookKey": "ReversingLabs-CapabilitiesOverview", + "logoFileName": "reversinglabs.svg", + "description": "The ReversingLabs-CapabilitiesOverview workbook provides a high level look at your threat intelligence capabilities and how they relate to your operations.", "dataTypesDependencies": [ - "TheomAlerts_CL" ], "dataConnectorsDependencies": [ - "Theom" ], "previewImagesFileNames": [ - "TheomWorkbook-black.png", - "TheomWorkbook-white.png" + "ReversingLabsTiSummary-White.png", + "ReversingLabsTiSummary-Black.png", + "ReversingLabsOpsSummary-White.png", + "ReversingLabsOpsSummary-Black.png" ], - "version": "1.0.0", - "title": "Theom", - "templateRelativePath": "Theom.json", + "version": "1.1.1", + "title": "ReversingLabs-CapabilitiesOverview", + "templateRelativePath": "ReversingLabs-CapabilitiesOverview.json", "subtitle": "", - "provider": "Theom" -}, -{ - "workbookKey": "DynatraceWorkbooks", - "logoFileName": "dynatrace.svg", - "description": "This workbook brings together queries and visualizations to assist you in identifying potential threats surfaced by Dynatrace.", - "dataTypesDependencies": [ - "DynatraceAttacks_CL", - "DynatraceAuditLogs_CL", - "DynatraceProblems_CL", - "DynatraceSecurityProblems_CL" - ], - "dataConnectorsDependencies": [ - "DynatraceAttacks", - "DynatraceAuditLogs", - "DynatraceProblems", - "DynatraceRuntimeVulnerabilities" - ], - "previewImagesFileNames": [ - "DynatraceWorkbookBlack.png", - "DynatraceWorkbookWhite.png" - ], + "provider": "ReversingLabs" + }, + { + "workbookKey": "TalonInsights", + "logoFileName": "Talon.svg", + "description": "This workbook provides Talon Security Insights on Log Analytics Query Logs", + "dataTypesDependencies": [], + "dataConnectorsDependencies": [], + "previewImagesFileNames": [ "TalonInsightsBlack.png", "TalonInsightsWhite.png"], "version": "2.0.0", - "title": "Dynatrace", - "templateRelativePath": "Dynatrace.json", + "title": "Talon Insights", + "templateRelativePath": "TalonInsights.json", "subtitle": "", - "provider": "Dynatrace" -}, -{ - "workbookKey": "MDOWorkbook", - "logoFileName": "", - "description": "Gain extensive insight into your organization's Microsoft Defender for Office Activity by analyzing, and correlating events.\nYou can track malware and phishing detection over time.", - "dataTypesDependencies": [ - "SecurityAlert" - ], - "dataConnectorsDependencies": [ - "MicrosoftThreatProtection" - ], - "previewImagesFileNames": [], + "provider": "Talon Security" + }, + { + "workbookKey": "vCenter", + "logoFileName": [], + "description": "This data connector depends on a parser based on Kusto Function **vCenter** to work as expected. [Follow steps to get this Kusto Function](https://aka.ms/sentinel-vCenter-parser)", + "dataTypesDependencies": ["vCenter_CL"], + "dataConnectorsDependencies": ["VMwarevCenter"], + "previewImagesFileNames": [ ], "version": "1.0.0", - "title": "Microsoft 365 Defender MDOWorkbook", - "templateRelativePath": "MDO Insights.json", + "title": "vCenter", + "templateRelativePath": "vCenter.json", + "subtitle": "", + "provider": "VMware" + }, + + { + "workbookKey": "SAP-Monitors-AlertsandPerformance", + "logoFileName": "SAPVMIcon.svg", + "description": "SAP -Monitors- Alerts and Performance", + "dataTypesDependencies": ["SAPAuditLog"], + "dataConnectorsDependencies": [ "SAP"], + "previewImagesFileNames": ["SAPVMIcon.svg"], + "version": "2.0.1", + "title": "SAP -Monitors- Alerts and Performance", + "templateRelativePath": "SAP -Monitors- Alerts and Performance.json", "subtitle": "", "provider": "Microsoft" -}, -{ -"workbookKey": "AnomaliesVisualizationWorkbook", -"logoFileName": "", -"description": "A workbook that provides contextual information to a user for better insight on Anomalies and their impact. The workbook will help with investigation of anomalies as well as identify patterns that can lead to a threat.", -"dataTypesDependencies": [ - "Anomalies" -], -"dataConnectorsDependencies": [], -"previewImagesFileNames": [ - "AnomaliesVisualizationWorkbookWhite.png", - "AnomaliesVisualizationWorkbookBlack.png" -], -"version": "1.0.0", -"title": "AnomaliesVisulization", -"templateRelativePath": "AnomaliesVisualization.json", -"subtitle": "", -"provider": "Microsoft Sentinel Community" -}, -{ -"workbookKey": "AnomalyDataWorkbook", -"logoFileName": "", -"description": "A workbook providing details, related Incident, and related Hunting Workbook for a specific Anomaly.", -"dataTypesDependencies": [ - "Anomalies" -], -"dataConnectorsDependencies": [], -"previewImagesFileNames": [ - "AnomalyDataWorkbookWhite.png", - "AnomalyDataWorkbookBlack.png" -], -"version": "1.0.0", -"title": "AnomalyData", -"templateRelativePath": "AnomalyData.json", -"subtitle": "", -"provider": "Microsoft Sentinel Community" -}, -{ -"workbookKey": "MicrosoftExchangeLeastPrivilegewithRBAC-Online", -"logoFileName": "Azure_Sentinel.svg", -"description": "This Workbook, dedicated to Exchange Online environments is built to have a simple view of non-standard RBAC delegations on an Exchange Online tenant. This Workbook allow you to go deep dive on custom delegation and roles and also members of each delegation, including the nested level and the group imbrication on your environment.", -"dataTypesDependencies": [ - "ESIExchangeOnlineConfig_CL" -], -"dataConnectorsDependencies": [ -"ESI-ExchangeOnPremisesCollector", -"ESI-ExchangeAdminAuditLogEvents", -"ESI-ExchangeOnlineCollector" -], -"previewImagesFileNames": [], -"version": "1.0.0", -"title": "Microsoft Exchange Least Privilege with RBAC - Online", -"templateRelativePath": "Microsoft Exchange Least Privilege with RBAC - Online.json", -"subtitle": "", -"provider": "Microsoft" -}, -{ -"workbookKey": "MicrosoftExchangeLeastPrivilegewithRBAC", -"logoFileName": "Azure_Sentinel.svg", -"description": "This Workbook, dedicated to On-Premises environments is built to have a simple view of non-standard RBAC delegations on an On-Premises Exchange environment. This Workbook allow you to go deep dive on custom delegation and roles and also members of each delegation, including the nested level and the group imbrication on your environment.", -"dataTypesDependencies": [ - "ESIExchangeOnlineConfig_CL" -], -"dataConnectorsDependencies": [ -"ESI-ExchangeOnPremisesCollector", -"ESI-ExchangeAdminAuditLogEvents", -"ESI-ExchangeOnlineCollector" -], -"previewImagesFileNames": [], -"version": "1.0.0", -"title": "Microsoft Exchange Least Privilege with RBAC", -"templateRelativePath": "Microsoft Exchange Least Privilege with RBAC.json", -"subtitle": "", -"provider": "Microsoft" -}, -{ -"workbookKey": "MicrosoftExchangeSearchAdminAuditLog", -"logoFileName": "Azure_Sentinel.svg", -"description": "This workbook is dedicated to On-Premises Exchange organizations. It uses the MSExchange Management event logs to give you a simple way to view administrators’ activities in your Exchange environment with Cmdlets usage statistics and multiple pivots to understand who and/or what is affected to modifications on your environment.", -"dataTypesDependencies": [ - "ESIExchangeOnlineConfig_CL" -], -"dataConnectorsDependencies": [ -"ESI-ExchangeOnPremisesCollector", -"ESI-ExchangeAdminAuditLogEvents", -"ESI-ExchangeOnlineCollector" -], -"previewImagesFileNames": [], -"version": "1.0.0", -"title": "Microsoft Exchange Search AdminAuditLog", -"templateRelativePath": "Microsoft Exchange Search AdminAuditLog.json", -"subtitle": "", -"provider": "Microsoft" -}, -{ -"workbookKey": "MicrosoftExchangeSecurityMonitoring", -"logoFileName": "Azure_Sentinel.svg", -"description": "This Workbook is dedicated to On-Premises Exchange organizations. It uses the MSExchange Management event logs and Microsoft Exchange Security configuration collected by data connectors. It helps to track admin actions, especially on VIP Users and/or on Sensitive Cmdlets. This workbook allows also to list Exchange Services changes, local account activities and local logon on Exchange Servers.", -"dataTypesDependencies": [ - "ESIExchangeOnlineConfig_CL" -], -"dataConnectorsDependencies": [ -"ESI-ExchangeOnPremisesCollector", -"ESI-ExchangeAdminAuditLogEvents", -"ESI-ExchangeOnlineCollector" -], -"previewImagesFileNames": [], -"version": "1.0.0", -"title": "Microsoft Exchange Admin Activity", -"templateRelativePath": "Microsoft Exchange Admin Activity.json", -"subtitle": "", -"provider": "Microsoft" -}, -{ -"workbookKey": "MicrosoftExchangeSecurityReview-Online", -"logoFileName": "Azure_Sentinel.svg", -"description": "This Workbook is dedicated to Exchange Online tenants. It displays and highlights current Security configuration on various Exchange components specific to Online including delegations, the transport configuration and the linked security risks, and risky protocols.", -"dataTypesDependencies": [ - "ESIExchangeOnlineConfig_CL" -], -"dataConnectorsDependencies": [ -"ESI-ExchangeOnPremisesCollector", -"ESI-ExchangeAdminAuditLogEvents", -"ESI-ExchangeOnlineCollector" -], -"previewImagesFileNames": [], -"version": "1.0.0", -"title": "Microsoft Exchange Security Review - Online", -"templateRelativePath": "Microsoft Exchange Security Review - Online.json", -"subtitle": "", -"provider": "Microsoft" -}, -{ -"workbookKey": "MicrosoftExchangeSecurityReview", -"logoFileName": "Azure_Sentinel.svg", -"description": "This Workbook is dedicated to On-Premises Exchange organizations. It displays and highlights current Security configuration on various Exchange components including delegations, rights on databases, Exchange and most important AD Groups with members including nested groups, local administrators of servers. This workbook helps also to understand the transport configuration and the linked security risks.", -"dataTypesDependencies": [ - "ESIExchangeOnlineConfig_CL" -], -"dataConnectorsDependencies": [ -"ESI-ExchangeOnPremisesCollector", -"ESI-ExchangeAdminAuditLogEvents", -"ESI-ExchangeOnlineCollector" -], -"previewImagesFileNames": [], -"version": "1.0.0", -"title": "Microsoft Exchange Security Review", -"templateRelativePath": "Microsoft Exchange Security Review.json", -"subtitle": "", -"provider": "Microsoft" -}, -{ -"workbookKey": "ibossMalwareAndC2Workbook", -"logoFileName": "", -"description": "A workbook providing insights into malware and C2 activity detected by iboss.", -"dataTypesDependencies": [ -], -"dataConnectorsDependencies": [ -], -"previewImagesFileNames": [ -], -"version": "1.0.0", -"title": "iboss Malware and C2", -"templateRelativePath": "ibossMalwareAndC2.json", -"subtitle": "", -"provider": "iboss" -}, -{ -"workbookKey": "ibossWebUsageWorkbook", -"logoFileName": "", -"description": "A workbook providing insights into web usage activity detected by iboss.", -"dataTypesDependencies": [ -], -"dataConnectorsDependencies": [ -], -"previewImagesFileNames": [ -], -"version": "1.0.0", -"title": "iboss Web Usage", -"templateRelativePath": "ibossWebUsage.json", -"subtitle": "", -"provider": "iboss" -}, -{ -"workbookKey": "Fortiweb-workbook", -"logoFileName": "Azure_Sentinel.svg", -"description": "This workbook depends on a parser based on a Kusto Function to work as expected [**Fortiweb**](https://aka.ms/sentinel-FortiwebDataConnector-parser) which is deployed with the Microsoft Sentinel Solution.", -"dataTypesDependencies": [ - "CommonSecurityLog" -], -"dataConnectorsDependencies": [ -"FortinetFortiWeb" -], -"previewImagesFileNames": [], -"version": "1.0.0", -"title": "Fortiweb-workbook", -"templateRelativePath": "Fortiweb-workbook.json", -"subtitle": "", -"provider": "Microsoft" -}, -{ -"workbookKey": "ReversingLabs-CapabilitiesOverview", -"logoFileName": "reversinglabs.svg", -"description": "The ReversingLabs-CapabilitiesOverview workbook provides a high level look at your threat intelligence capabilities and how they relate to your operations.", -"dataTypesDependencies": [ -], -"dataConnectorsDependencies": [ -], -"previewImagesFileNames": [ -"ReversingLabsTiSummary-White.png", -"ReversingLabsTiSummary-Black.png", -"ReversingLabsOpsSummary-White.png", -"ReversingLabsOpsSummary-Black.png" -], -"version": "1.1.1", -"title": "ReversingLabs-CapabilitiesOverview", -"templateRelativePath": "ReversingLabs-CapabilitiesOverview.json", -"subtitle": "", -"provider": "ReversingLabs" -}, -{ -"workbookKey": "TalonInsights", -"logoFileName": "Talon.svg", -"description": "This workbook provides Talon Security Insights on Log Analytics Query Logs", -"dataTypesDependencies": [], -"dataConnectorsDependencies": [], -"previewImagesFileNames": [ "TalonInsightsBlack.png", "TalonInsightsWhite.png"], -"version": "2.0.0", -"title": "Talon Insights", -"templateRelativePath": "TalonInsights.json", -"subtitle": "", -"provider": "Talon Security" -}, -{ -"workbookKey": "vCenter", -"logoFileName": [], -"description": "This data connector depends on a parser based on Kusto Function **vCenter** to work as expected. [Follow steps to get this Kusto Function](https://aka.ms/sentinel-vCenter-parser)", -"dataTypesDependencies": ["vCenter_CL"], -"dataConnectorsDependencies": ["VMwarevCenter"], -"previewImagesFileNames": [ ], -"version": "1.0.0", -"title": "vCenter", -"templateRelativePath": "vCenter.json", -"subtitle": "", -"provider": "VMware" -}, - -{ -"workbookKey": "SAP-Monitors-AlertsandPerformance", -"logoFileName": "SAPVMIcon.svg", -"description": "SAP -Monitors- Alerts and Performance", -"dataTypesDependencies": ["SAPAuditLog"], -"dataConnectorsDependencies": [ "SAP"], -"previewImagesFileNames": ["SAPVMIcon.svg"], -"version": "2.0.1", -"title": "SAP -Monitors- Alerts and Performance", -"templateRelativePath": "SAP -Monitors- Alerts and Performance.json", -"subtitle": "", -"provider": "Microsoft" -}, -{ -"workbookKey": "SAP-SecurityAuditlogandInitialAccess", -"logoFileName": "SAPVMIcon.svg", -"description": "SAP -Security Audit log and Initial Access", -"dataTypesDependencies": [ "SAPAuditLog"], -"dataConnectorsDependencies": [ "SAP" ], -"previewImagesFileNames": ["SAPVMIcon.svg"], -"version": "2.0.1", -"title": "SAP -Security Audit log and Initial Access", -"templateRelativePath": "SAP -Security Audit log and Initial Access.json", -"subtitle": "", -"provider": "Microsoft" -}, -{ -"workbookKey": "DNSSolutionWorkbook", -"logoFileName": "", -"description": "This workbook is included as part of the DNS Essentials solution and gives a summary of analyzed DNS traffic. It also helps with threat analysis and investigating suspicious Domains, IPs and DNS traffic. DNS Essentials Solution also includes a playbook to periodically summarize the logs, thus enhancing the user experience and improving data search. For effective usage of workbook, we highly recommend enabling the summarization playbook that is provided with this solution.", -"dataTypesDependencies": [], -"dataConnectorsDependencies": [], -"previewImagesFileNames": [ - "DNSDomainWorkbookWhite.png", - "DNSDomainWorkbookBlack.png" -], -"version": "1.0.0", -"title": "DNS Solution Workbook", -"templateRelativePath": "DNSSolutionWorkbook.json", -"subtitle": "", -"provider": "Microsoft" -}, -{ -"workbookKey": "MicrosoftPowerBIActivityWorkbook", -"logoFileName": "", -"description": "This workbook provides details on Microsoft PowerBI Activity", -"dataTypesDependencies": ["PowerBIActivity"], -"dataConnectorsDependencies": ["Microsoft PowerBI (Preview)"], -"previewImagesFileNames": [ "MicrosoftPowerBIActivityWorkbookBlack.png", "MicrosoftPowerBIActivityWhite.png"], -"version": "1.0.0", -"title": "Microsoft PowerBI Activity Workbook", -"templateRelativePath": "MicrosoftPowerBIActivityWorkbook.json", -"subtitle": "", -"provider": "Microsoft" -}, -{ - "workbookKey": "MicrosoftThreatIntelligenceWorkbook", - "logoFileName": "", - "description": "Gain insights into threat indicators ingestion and search for indicators at scale across Microsoft 1st Party, 3rd Party, On-Premises, Hybrid, and Multi-Cloud Workloads. Indicators Search facilitates a simple interface for finding IP, File, Hash, Sender and more across your data. Seamless pivots to correlate indicators with Microsoft Sentinel: Incidents to make your threat intelligence actionable.", - "dataTypesDependencies": [ "ThreatIntelligenceIndicator", "SecurityIncident" ], - "dataConnectorsDependencies": [ "ThreatIntelligence", "ThreatIntelligenceTaxii" ], - "previewImagesFileNames": [ "ThreatIntelligenceWhite.png", "ThreatIntelligenceBlack.png" ], - "version": "1.0.0", - "title": "Threat Intelligence", - "templateRelativePath": "MicrosoftThreatIntelligence.json", + }, + { + "workbookKey": "SAP-SecurityAuditlogandInitialAccess", + "logoFileName": "SAPVMIcon.svg", + "description": "SAP -Security Audit log and Initial Access", + "dataTypesDependencies": [ "SAPAuditLog"], + "dataConnectorsDependencies": [ "SAP" ], + "previewImagesFileNames": ["SAPVMIcon.svg"], + "version": "2.0.1", + "title": "SAP -Security Audit log and Initial Access", + "templateRelativePath": "SAP -Security Audit log and Initial Access.json", "subtitle": "", "provider": "Microsoft" -}, -{ - "workbookKey": "MicrosoftDefenderForEndPoint", + }, + { + "workbookKey": "DNSSolutionWorkbook", "logoFileName": "", - "description": "A wokbook to provide details about Microsoft Defender for Endpoint Advance Hunting to Overview & Analyse data brought through M365 Defender Connector.", + "description": "This workbook is included as part of the DNS Essentials solution and gives a summary of analyzed DNS traffic. It also helps with threat analysis and investigating suspicious Domains, IPs and DNS traffic. DNS Essentials Solution also includes a playbook to periodically summarize the logs, thus enhancing the user experience and improving data search. For effective usage of workbook, we highly recommend enabling the summarization playbook that is provided with this solution.", "dataTypesDependencies": [], "dataConnectorsDependencies": [], - "previewImagesFileNames": [ "microsoftdefenderforendpointwhite.png", "microsoftdefenderforendpointblack.png" ], - "version": "1.0.0", - "title": "Microsoft Defender For EndPoint", - "templateRelativePath": "MicrosoftDefenderForEndPoint.json", - "subtitle": "", - "provider": "Microsoft Sentinel Community" -}, -{ - "workbookKey": "MicrosoftDefenderForIdentity", - "logoFileName": "", - "description": "Use this workbook to analyse the advance hunting data ingested for Defender For Identity.", - "dataTypesDependencies": [ "IdentityLogonEvents", "IdentityQueryEvents", "IdentityDirectoryEvents", "SecurityAlert" ], - "dataConnectorsDependencies": [], - "previewImagesFileNames": [ "microsoftdefenderforidentityblack.png", "microsoftdefenderforidentitywhite.png" ], - "version": "1.0.0", - "title": "Microsoft Defender For Identity", - "templateRelativePath": "MicrosoftDefenderForIdentity.json", - "subtitle": "", - "provider": "Microsoft Sentinel Community" -}, -{ - "workbookKey": "EsetProtect", - "logoFileName": "", - "description": "Visualize events and threats from Eset protect.", - "dataTypesDependencies": [ "ESETPROTECT" ], - "dataConnectorsDependencies": ["ESETPROTECT"], - "previewImagesFileNames": [ "ESETPROTECTBlack.png", "ESETPROTECTWhite.png" ], - "version": "1.0.0", - "title": "EsetProtect", - "templateRelativePath": "ESETPROTECT.json", - "subtitle": "", - "provider": "Community" -}, -{ - "workbookKey": "CyberArkEPMWorkbook", - "logoFileName": "CyberArk_Logo.svg", - "description": "Sets the time name for analysis", - "dataTypesDependencies": [ - "CyberArkEPM_CL" - ], - "dataConnectorsDependencies": [ - "CyberArkEPM" - ], "previewImagesFileNames": [ - "CyberArkEPMBlack.png", - "CyberArkEPMWhite.png" + "DNSDomainWorkbookWhite.png", + "DNSDomainWorkbookBlack.png" ], "version": "1.0.0", - "title": "CyberArk EPM", - "templateRelativePath": "CyberArkEPM.json", + "title": "DNS Solution Workbook", + "templateRelativePath": "DNSSolutionWorkbook.json", "subtitle": "", - "provider": "CyberArk" -}, -{ - "workbookKey": "WebSessionEssentialsWorkbook", + "provider": "Microsoft" + }, + { + "workbookKey": "MicrosoftPowerBIActivityWorkbook", "logoFileName": "", - "description": "The 'Web Session Essentials' workbook provides real-time insights into activity and potential threats in your network. This workbook is designed for network teams, security architects, analysts, and consultants to monitor, identify and investigate threats on Web servers, Web Proxies and Web Security Gateways assets. This Workbook gives a summary of analysed web traffic and helps with threat analysis and investigating suspicious http traffic.", - "dataTypesDependencies": [], - "dataConnectorsDependencies": [], - "previewImagesFileNames": [ - "WebSessionEssentialsWorkbookWhite.png", - "WebSessionEssentialsWorkbookBlack.png" - ], + "description": "This workbook provides details on Microsoft PowerBI Activity", + "dataTypesDependencies": ["PowerBIActivity"], + "dataConnectorsDependencies": ["Microsoft PowerBI (Preview)"], + "previewImagesFileNames": [ "MicrosoftPowerBIActivityWorkbookBlack.png", "MicrosoftPowerBIActivityWhite.png"], "version": "1.0.0", - "title": "Web Session Essentials Workbook", - "templateRelativePath": "WebSessionEssentials.json", + "title": "Microsoft PowerBI Activity Workbook", + "templateRelativePath": "MicrosoftPowerBIActivityWorkbook.json", "subtitle": "", "provider": "Microsoft" -}, -{ - "workbookKey": "SalemDashboard", - "logoFileName": "salem_logo.svg", - "description": "Monitor Salem Performance", - "dataTypesDependencies": [ "SalemAlerts_CL" ], - "dataConnectorsDependencies": [], - "previewImagesFileNames": [], - "version": "1.0.0", - "title": "Salem Alerts Workbook", - "templateRelativePath": "SalemDashboard.json", - "subtitle": "", - "provider": "SalemCyber" -} -] \ No newline at end of file + }, + { + "workbookKey": "MicrosoftThreatIntelligenceWorkbook", + "logoFileName": "", + "description": "Gain insights into threat indicators ingestion and search for indicators at scale across Microsoft 1st Party, 3rd Party, On-Premises, Hybrid, and Multi-Cloud Workloads. Indicators Search facilitates a simple interface for finding IP, File, Hash, Sender and more across your data. Seamless pivots to correlate indicators with Microsoft Sentinel: Incidents to make your threat intelligence actionable.", + "dataTypesDependencies": [ "ThreatIntelligenceIndicator", "SecurityIncident" ], + "dataConnectorsDependencies": [ "ThreatIntelligence", "ThreatIntelligenceTaxii" ], + "previewImagesFileNames": [ "ThreatIntelligenceWhite.png", "ThreatIntelligenceBlack.png" ], + "version": "1.0.0", + "title": "Threat Intelligence", + "templateRelativePath": "MicrosoftThreatIntelligence.json", + "subtitle": "", + "provider": "Microsoft" + }, + { + "workbookKey": "MicrosoftDefenderForEndPoint", + "logoFileName": "", + "description": "A wokbook to provide details about Microsoft Defender for Endpoint Advance Hunting to Overview & Analyse data brought through M365 Defender Connector.", + "dataTypesDependencies": [], + "dataConnectorsDependencies": [], + "previewImagesFileNames": [ "microsoftdefenderforendpointwhite.png", "microsoftdefenderforendpointblack.png" ], + "version": "1.0.0", + "title": "Microsoft Defender For EndPoint", + "templateRelativePath": "MicrosoftDefenderForEndPoint.json", + "subtitle": "", + "provider": "Microsoft Sentinel Community" + }, + { + "workbookKey": "MicrosoftDefenderForIdentity", + "logoFileName": "", + "description": "Use this workbook to analyse the advance hunting data ingested for Defender For Identity.", + "dataTypesDependencies": [ "IdentityLogonEvents", "IdentityQueryEvents", "IdentityDirectoryEvents", "SecurityAlert" ], + "dataConnectorsDependencies": [], + "previewImagesFileNames": [ "microsoftdefenderforidentityblack.png", "microsoftdefenderforidentitywhite.png" ], + "version": "1.0.0", + "title": "Microsoft Defender For Identity", + "templateRelativePath": "MicrosoftDefenderForIdentity.json", + "subtitle": "", + "provider": "Microsoft Sentinel Community" + }, + { + "workbookKey": "EsetProtect", + "logoFileName": "", + "description": "Visualize events and threats from Eset protect.", + "dataTypesDependencies": [ "ESETPROTECT" ], + "dataConnectorsDependencies": ["ESETPROTECT"], + "previewImagesFileNames": [ "ESETPROTECTBlack.png", "ESETPROTECTWhite.png" ], + "version": "1.0.0", + "title": "EsetProtect", + "templateRelativePath": "ESETPROTECT.json", + "subtitle": "", + "provider": "Community" + }, + { + "workbookKey": "CyberArkEPMWorkbook", + "logoFileName": "CyberArk_Logo.svg", + "description": "Sets the time name for analysis", + "dataTypesDependencies": [ + "CyberArkEPM_CL" + ], + "dataConnectorsDependencies": [ + "CyberArkEPM" + ], + "previewImagesFileNames": [ + "CyberArkEPMBlack.png", + "CyberArkEPMWhite.png" + ], + "version": "1.0.0", + "title": "CyberArk EPM", + "templateRelativePath": "CyberArkEPM.json", + "subtitle": "", + "provider": "CyberArk" + }, + { + "workbookKey": "WebSessionEssentialsWorkbook", + "logoFileName": "", + "description": "The 'Web Session Essentials' workbook provides real-time insights into activity and potential threats in your network. This workbook is designed for network teams, security architects, analysts, and consultants to monitor, identify and investigate threats on Web servers, Web Proxies and Web Security Gateways assets. This Workbook gives a summary of analysed web traffic and helps with threat analysis and investigating suspicious http traffic.", + "dataTypesDependencies": [], + "dataConnectorsDependencies": [], + "previewImagesFileNames": [ + "WebSessionEssentialsWorkbookWhite.png", + "WebSessionEssentialsWorkbookBlack.png" + ], + "version": "1.0.0", + "title": "Web Session Essentials Workbook", + "templateRelativePath": "WebSessionEssentials.json", + "subtitle": "", + "provider": "Microsoft" + }, + { + "workbookKey": "MicrosoftThreatIntelligenceWorkbook", + "logoFileName": "", + "description": "Gain insights into threat indicators ingestion and search for indicators at scale across Microsoft 1st Party, 3rd Party, On-Premises, Hybrid, and Multi-Cloud Workloads. Indicators Search facilitates a simple interface for finding IP, File, Hash, Sender and more across your data. Seamless pivots to correlate indicators with Microsoft Sentinel: Incidents to make your threat intelligence actionable.", + "dataTypesDependencies": [ "ThreatIntelligenceIndicator", "SecurityIncident" ], + "dataConnectorsDependencies": [ "ThreatIntelligence", "ThreatIntelligenceTaxii" ], + "previewImagesFileNames": [ "ThreatIntelligenceWhite.png", "ThreatIntelligenceBlack.png" ], + "version": "1.0.0", + "title": "Threat Intelligence", + "templateRelativePath": "MicrosoftThreatIntelligence.json", + "subtitle": "", + "provider": "Microsoft" + }, + { + "workbookKey": "MicrosoftDefenderForEndPoint", + "logoFileName": "", + "description": "A wokbook to provide details about Microsoft Defender for Endpoint Advance Hunting to Overview & Analyse data brought through M365 Defender Connector.", + "dataTypesDependencies": [], + "dataConnectorsDependencies": [], + "previewImagesFileNames": [ "microsoftdefenderforendpointwhite.png", "microsoftdefenderforendpointblack.png" ], + "version": "1.0.0", + "title": "Microsoft Defender For EndPoint", + "templateRelativePath": "MicrosoftDefenderForEndPoint.json", + "subtitle": "", + "provider": "Microsoft Sentinel Community" + }, + { + "workbookKey": "MicrosoftDefenderForIdentity", + "logoFileName": "", + "description": "Use this workbook to analyse the advance hunting data ingested for Defender For Identity.", + "dataTypesDependencies": [ "IdentityLogonEvents", "IdentityQueryEvents", "IdentityDirectoryEvents", "SecurityAlert" ], + "dataConnectorsDependencies": [], + "previewImagesFileNames": [ "microsoftdefenderforidentityblack.png", "microsoftdefenderforidentitywhite.png" ], + "version": "1.0.0", + "title": "Microsoft Defender For Identity", + "templateRelativePath": "MicrosoftDefenderForIdentity.json", + "subtitle": "", + "provider": "Microsoft Sentinel Community" + }, + { + "workbookKey": "EsetProtect", + "logoFileName": "", + "description": "Visualize events and threats from Eset protect.", + "dataTypesDependencies": [ "ESETPROTECT" ], + "dataConnectorsDependencies": ["ESETPROTECT"], + "previewImagesFileNames": [ "ESETPROTECTBlack.png", "ESETPROTECTWhite.png" ], + "version": "1.0.0", + "title": "EsetProtect", + "templateRelativePath": "ESETPROTECT.json", + "subtitle": "", + "provider": "Community" + }, + { + "workbookKey": "CyberArkEPMWorkbook", + "logoFileName": "CyberArk_Logo.svg", + "description": "Sets the time name for analysis", + "dataTypesDependencies": [ + "CyberArkEPM_CL" + ], + "dataConnectorsDependencies": [ + "CyberArkEPM" + ], + "previewImagesFileNames": [ + "CyberArkEPMBlack.png", + "CyberArkEPMWhite.png" + ], + "version": "1.0.0", + "title": "CyberArk EPM", + "templateRelativePath": "CyberArkEPM.json", + "subtitle": "", + "provider": "CyberArk" + }, + { + "workbookKey": "WebSessionEssentialsWorkbook", + "logoFileName": "", + "description": "The 'Web Session Essentials' workbook provides real-time insights into activity and potential threats in your network. This workbook is designed for network teams, security architects, analysts, and consultants to monitor, identify and investigate threats on Web servers, Web Proxies and Web Security Gateways assets. This Workbook gives a summary of analysed web traffic and helps with threat analysis and investigating suspicious http traffic.", + "dataTypesDependencies": [], + "dataConnectorsDependencies": [], + "previewImagesFileNames": [ + "WebSessionEssentialsWorkbookWhite.png", + "WebSessionEssentialsWorkbookBlack.png" + ], + "version": "1.0.0", + "title": "Web Session Essentials Workbook", + "templateRelativePath": "WebSessionEssentials.json", + "subtitle": "", + "provider": "Microsoft" + }, + { + "workbookKey": "SalemDashboard", + "logoFileName": "salem_logo.svg", + "description": "Monitor Salem Performance", + "dataTypesDependencies": [ "SalemAlerts_CL" ], + "dataConnectorsDependencies": [], + "previewImagesFileNames": [], + "version": "1.0.0", + "title": "Salem Alerts Workbook", + "templateRelativePath": "SalemDashboard.json", + "subtitle": "", + "provider": "SalemCyber" + } + ] + \ No newline at end of file From ad7ff753012450a5208236b6b131ddde828911ee Mon Sep 17 00:00:00 2001 From: jonbagg Date: Tue, 11 Jul 2023 10:00:10 -0400 Subject: [PATCH 09/26] Remove xlink from logo file --- Logos/salem_logo.svg | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Logos/salem_logo.svg b/Logos/salem_logo.svg index 307b2f7d296..3692a2c9e2f 100644 --- a/Logos/salem_logo.svg +++ b/Logos/salem_logo.svg @@ -1,6 +1,6 @@ - ", + "Description": "Salem, [AI Cyber analyst](https://salemcyber.com), **automatically investigates** Sentinel alerts and escalates validated threats that require your attention. \n\nThis Microsoft Sentinel integration allows you to send new Sentinel alerts to Salem for analysis and reporting.\n\n**Why Salem?** \n\nMost alerts are false positives. Salem automatically triages noisy cyber alerts to find a small number of threats that require your attention. \n\nSalem scales the impact of your cyber team by helping you respond well 24/7 to a wide range of security threats. \n\nSalem's AI learns from your team and customizes its analysis to your cyber relevant business context. \n\n**Get Started with Salem** \n\nYou can find and install Salem, AI cyber analyst in the [Azure Marketplace](https%3A%2F%2Fazuremarketplace.microsoft.com%2Fen-us%2Fmarketplace%2Fapps%2Fsaleminc1627928803559.salemcyber%3Ftab%3DOverview)", + "Workbooks": ["Workbooks/SalemDashboard.json"], + "WorkbookDescription": ["Salem Alert Analysis Summary"], + "WorkbookBladeDescription": "This Microsoft Sentinel Integration installs workbooks to help visualize Salem alert analysis", + "Analytic Rules": [], + "Playbooks": ["Playbooks/SendAlertToSalem/azuredeploy.json"], + "PlaybookDescription": ["Send Sentinel Alerts to Salem"], + "PlaybooksBladeDescription": "This Microsoft Sentinel Integration installs a playbook that allows Sentinel alerts to be sent to Salem for investigation", + "Parsers": [], + "SavedSearches": [], + "Hunting Queries": [], + "HuntingQueryBladeDescription": "", + "Data Connectors": [], + "Watchlists": [], + "WatchlistDescription": [], + "BasePath": "C:\\Users\\jonwb\\github\\Azure-Sentinel\\Solutions\\Salem Virtual Cyber Analyst", + "Version": "3.0.0", + "Metadata": "SolutionMetadata.json", + "TemplateSpec": true, + "Is1PConnector": false +} \ No newline at end of file diff --git a/Solutions/Salem Virtual Cyber Analyst/SolutionMetadata.json b/Solutions/Salem Virtual Cyber Analyst/SolutionMetadata.json index 7e75ee4ff9b..13482b80bb6 100644 --- a/Solutions/Salem Virtual Cyber Analyst/SolutionMetadata.json +++ b/Solutions/Salem Virtual Cyber Analyst/SolutionMetadata.json @@ -1,8 +1,8 @@ { "publisherId": "saleminc1627928803559", "offerId": "salem-cyber-ai-analyst", - "firstPublishDate": "2023-04-14", - "lastPublishDate": "2023-04-14", + "firstPublishDate": "2023-07-21", + "lastPublishDate": "2023-07-21", "providers": ["Salem Cyber"], "categories": { "domains" : ["Security - Automation (SOAR)", "Security - Insider Threat"], diff --git a/Tools/Create-Azure-Sentinel-Solution/V2/input/Solution_MicrosoftExchangeSecurity.json b/Tools/Create-Azure-Sentinel-Solution/V2/input/Solution_MicrosoftExchangeSecurity.json deleted file mode 100644 index 81fbe66e8f6..00000000000 --- a/Tools/Create-Azure-Sentinel-Solution/V2/input/Solution_MicrosoftExchangeSecurity.json +++ /dev/null @@ -1,30 +0,0 @@ -{ - "Name": "Microsoft Exchange Security - Exchange On-Premises", - "Author": "Microsoft - support@microsoft.com", - "Logo": "", - "Description": "The Exchange Security Audit and Configuration Insight solution analyze Exchange On-Premises configuration and logs from a security lens to provide insights and alerts.\n\n**Underlying Microsoft Technologies used:**\n\nThis solution takes a dependency on the following technologies, and some of these dependencies either may be in [Preview](https://azure.microsoft.com/support/legal/preview-supplemental-terms/) state or might result in additional ingestion or operational costs:\n\na. [Windows Event logs collection, including MS Exchange Management Event logs](https://learn.microsoft.com/azure/azure-monitor/agents/data-sources-windows-events)\n\nb. [Custom logs ingestion via Data Collector REST API](https://learn.microsoft.com/en-us/azure/azure-monitor/logs/data-collector-api?tabs=powershell)", - "Data Connectors": [ - "Data Connectors/ESI-ExchangeAdminAuditLogEvents.json", - "Data Connectors/ESI-ExchangeOnPremisesCollector.json" - ], - "Parsers": [ - "Parsers/ExchangeAdminAuditLogs.txt", - "Parsers/ExchangeConfiguration.txt", - "Parsers/ExchangeEnvironmentList.txt" - ], - "Workbooks": [ - "Workbooks/Microsoft Exchange Least Privilege with RBAC.json", - "Workbooks/Microsoft Exchange Search AdminAuditLog.json", - "Workbooks/Microsoft Exchange Admin Activity.json", - "Workbooks/Microsoft Exchange Security Review.json" - ], - "Analytic Rules": [ - "Analytic Rules/CriticalCmdletsUsageDetection.yaml", - "Analytic Rules/ServerOrientedWithUserOrientedAdministration.yaml" - ], - "BasePath": "C:\\Git Repositories\\Azure-Sentinel\\Solutions\\Microsoft Exchange Security - Exchange On-Premises\\", - "Version": "2.0.0", - "Metadata": "SolutionMetadata.json", - "TemplateSpec": true, - "Is1Pconnector": false -} \ No newline at end of file diff --git a/Tools/Create-Azure-Sentinel-Solution/V2/input/Solution_MicrosoftExchangeSecurityExchangeOnline.json b/Tools/Create-Azure-Sentinel-Solution/V2/input/Solution_MicrosoftExchangeSecurityExchangeOnline.json deleted file mode 100644 index 82a299b1fbd..00000000000 --- a/Tools/Create-Azure-Sentinel-Solution/V2/input/Solution_MicrosoftExchangeSecurityExchangeOnline.json +++ /dev/null @@ -1,23 +0,0 @@ -{ - "Name": "Microsoft Exchange Security - Exchange Online", - "Author": "Microsoft - support@microsoft.com", - "Logo": "", - "Description": "The Exchange Security Audit and Configuration Insight solution analyze Exchange Online configuration and logs from a security lens to provide insights and alerts.\n\n**Underlying Microsoft Technologies used:**\n\nThis solution takes a dependency on the following technologies, and some of these dependencies either may be in [Preview](https://azure.microsoft.com/support/legal/preview-supplemental-terms/) state or might result in additional ingestion or operational costs:\n\na. [Custom logs ingestion via Data Collector REST API](https://learn.microsoft.com/en-us/azure/azure-monitor/logs/data-collector-api?tabs=powershell)", - "Data Connectors": [ - "Data Connectors/ESI-ExchangeOnlineCollector.json" - ], - "Parsers": [ - "Parsers/ExchangeConfiguration.txt", - "Parsers/ExchangeEnvironmentList.txt" - ], - "Workbooks": [ - "Workbooks/Microsoft Exchange Least Privilege with RBAC - Online.json", - "Workbooks/Microsoft Exchange Security Review - Online.json" - ], - "Analytic Rules": [], - "BasePath": "C:\\Git Repositories\\Azure-Sentinel\\Solutions\\Microsoft Exchange Security - Exchange Online", - "Version": "2.0.0", - "Metadata": "SolutionMetadata.json", - "TemplateSpec": true, - "Is1Pconnector": false -} \ No newline at end of file diff --git a/Tools/Create-Azure-Sentinel-Solution/V2/input/Solution_Salem.json b/Tools/Create-Azure-Sentinel-Solution/V2/input/Solution_Salem.json deleted file mode 100644 index 9426153c194..00000000000 --- a/Tools/Create-Azure-Sentinel-Solution/V2/input/Solution_Salem.json +++ /dev/null @@ -1,16 +0,0 @@ -{ - "Name": "Salem Virtual Cyber Analyst", - "Author": "Salem Cyber - support@salemcyber.com", - "Logo": "", - "Description": "Salem, AI Cyber analyst, **automatically investigates** Sentinel alerts and escalates validated threats that require your attention. \n\nThis integration allows you to send new Sentinel alerts to Salem for analysis and reporting.\n\n**Why Salem?** \n\nMost alerts are false positives. Salem automatically triages noisy cyber alerts to find a small number of threats that require your attention. \n\nSalem scales the impact of your cyber team by helping you respond well 24/7 to a wide range of security threats. \n\nSalem's AI learns from your team and customizes its analysis to your cyber relevant business context. \n\n**Get Started with Salem** \n\nYou can find and install Salem, AI cyber analyst in the [Azure Marketplace](https%3A%2F%2Fazuremarketplace.microsoft.com%2Fen-us%2Fmarketplace%2Fapps%2Fsaleminc1627928803559.salemcyber%3Ftab%3DOverview)", - "Workbooks": ["Workbooks/SalemDashboard.json"], - "Analytic Rules": [], - "Playbooks": ["Playbooks/SendAlertToSalem/azuredeploy.json"], - "Hunting Queries": [], - "Watchlists": [], - "BasePath": "C:\\Users\\jonwb\\github\\Azure-Sentinel\\Solutions\\Salem Virtual Cyber Analyst", - "Version": "2.0.0", - "Metadata": "SolutionMetadata.json", - "TemplateSpec": true, - "Is1PConnector": false -} \ No newline at end of file diff --git a/Tools/Create-Azure-Sentinel-Solution/input/Solution_Salem.json b/Tools/Create-Azure-Sentinel-Solution/input/Solution_Salem.json deleted file mode 100644 index 8e662538741..00000000000 --- a/Tools/Create-Azure-Sentinel-Solution/input/Solution_Salem.json +++ /dev/null @@ -1,16 +0,0 @@ -{ - "Name": "Salem Virtual Cyber Analyst", - "Author": "Salem Cyber - support@salemcyber.com", - "Logo": "", - "Description": "Salem, AI Cyber analyst, **automatically investigates** Sentinel alerts and escalates validated threats that require your attention. \n\nThis integration allows you to send new Sentinel alerts to Salem for analysis and reporting.\n\n**Why Salem?** \n\nMost alerts are false positives. Salem automatically triages noisy cyber alerts to find a small number of threats that require your attention. \n\nSalem scales the impact of your cyber team by helping you respond well 24/7 to a wide range of security threats. \n\nSalem's AI learns from your team and customizes its analysis to your cyber relevant business context. \n\n**Get Started with Salem** \n\nYou can find and install Salem, AI cyber analyst in the [Azure Marketplace](https%3A%2F%2Fazuremarketplace.microsoft.com%2Fen-us%2Fmarketplace%2Fapps%2Fsaleminc1627928803559.salemcyber%3Ftab%3DOverview)", - "Workbooks": ["Workbooks/SalemDashboard.json"], - "Analytic Rules": [], - "Playbooks": ["Playbooks/SendAlertToSalem/azuredeploy.json"], - "Hunting Queries": [], - "Watchlists": [], - "BasePath": "C:\\Users\\jonwb\\github\\Azure-Sentinel\\Solutions\\Salem Virtual Cyber Analyst", - "Version": "1.0.0", - "Metadata": "SolutionMetadata.json", - "TemplateSpec": true, - "Is1PConnector": false -} \ No newline at end of file From 4d8073da7a48e14d61b2dcc7d4fbe3c4b7b4c05c Mon Sep 17 00:00:00 2001 From: jonbagg Date: Sun, 23 Jul 2023 16:16:04 -0400 Subject: [PATCH 14/26] Create Solution Package --- .../Data/Solution_Salem.json | 12 +- Solutions/SalemCyber/Package/3.0.0.zip | Bin 0 -> 8303 bytes .../Package/createUiDefinition.json | 131 +++++ .../SalemCyber/Package/mainTemplate.json | 489 ++++++++++++++++++ .../SendAlertToSalem/azuredeploy.json | 0 .../SolutionMetadata.json | 0 .../Workbooks/SalemDashboard.json | 0 7 files changed, 626 insertions(+), 6 deletions(-) rename Solutions/{Salem Virtual Cyber Analyst => SalemCyber}/Data/Solution_Salem.json (82%) create mode 100644 Solutions/SalemCyber/Package/3.0.0.zip create mode 100644 Solutions/SalemCyber/Package/createUiDefinition.json create mode 100644 Solutions/SalemCyber/Package/mainTemplate.json rename Solutions/{Salem Virtual Cyber Analyst => SalemCyber}/Playbooks/SendAlertToSalem/azuredeploy.json (100%) rename Solutions/{Salem Virtual Cyber Analyst => SalemCyber}/SolutionMetadata.json (100%) rename Solutions/{Salem Virtual Cyber Analyst => SalemCyber}/Workbooks/SalemDashboard.json (100%) diff --git a/Solutions/Salem Virtual Cyber Analyst/Data/Solution_Salem.json b/Solutions/SalemCyber/Data/Solution_Salem.json similarity index 82% rename from Solutions/Salem Virtual Cyber Analyst/Data/Solution_Salem.json rename to Solutions/SalemCyber/Data/Solution_Salem.json index 1a99b5b7adb..213cdc20865 100644 --- a/Solutions/Salem Virtual Cyber Analyst/Data/Solution_Salem.json +++ b/Solutions/SalemCyber/Data/Solution_Salem.json @@ -1,14 +1,14 @@ { - "Name": "Salem Virtual Cyber Analyst", + "Name": "SalemCyber", "Author": "Salem Cyber - support@salemcyber.com", "Logo": "", "Description": "Salem, [AI Cyber analyst](https://salemcyber.com), **automatically investigates** Sentinel alerts and escalates validated threats that require your attention. \n\nThis Microsoft Sentinel integration allows you to send new Sentinel alerts to Salem for analysis and reporting.\n\n**Why Salem?** \n\nMost alerts are false positives. Salem automatically triages noisy cyber alerts to find a small number of threats that require your attention. \n\nSalem scales the impact of your cyber team by helping you respond well 24/7 to a wide range of security threats. \n\nSalem's AI learns from your team and customizes its analysis to your cyber relevant business context. \n\n**Get Started with Salem** \n\nYou can find and install Salem, AI cyber analyst in the [Azure Marketplace](https%3A%2F%2Fazuremarketplace.microsoft.com%2Fen-us%2Fmarketplace%2Fapps%2Fsaleminc1627928803559.salemcyber%3Ftab%3DOverview)", - "Workbooks": ["Workbooks/SalemDashboard.json"], - "WorkbookDescription": ["Salem Alert Analysis Summary"], + "Workbooks": ["Solutions/SalemCyber/Workbooks/SalemDashboard.json"], + "WorkbookBladeDescription": "This Microsoft Sentinel Integration installs workbooks to help visualize Salem alert analysis", "Analytic Rules": [], - "Playbooks": ["Playbooks/SendAlertToSalem/azuredeploy.json"], - "PlaybookDescription": ["Send Sentinel Alerts to Salem"], + "Playbooks": ["Solutions/SalemCyber/Playbooks/SendAlertToSalem/azuredeploy.json"], + "PlaybooksBladeDescription": "This Microsoft Sentinel Integration installs a playbook that allows Sentinel alerts to be sent to Salem for investigation", "Parsers": [], "SavedSearches": [], @@ -17,7 +17,7 @@ "Data Connectors": [], "Watchlists": [], "WatchlistDescription": [], - "BasePath": "C:\\Users\\jonwb\\github\\Azure-Sentinel\\Solutions\\Salem Virtual Cyber Analyst", + "BasePath": "C:\\Users\\jonwb\\github\\Azure-Sentinel", "Version": "3.0.0", "Metadata": "SolutionMetadata.json", "TemplateSpec": true, diff --git a/Solutions/SalemCyber/Package/3.0.0.zip b/Solutions/SalemCyber/Package/3.0.0.zip new file mode 100644 index 0000000000000000000000000000000000000000..7d02fd527332fc6bf1132cb5f25489e07d7d659f GIT binary patch literal 8303 zcmZ{qRZtuNv!!u&9Uyq{3GOa~y962B-QC>>ch>;HHArwLc!IlofWbZc-+kHLyLJ0? zRaaMao!9g5wVEP40s#yR3<}JjkVow_NmgDRWEdE8Vi=hJG>o~MrKyMIS6h&!m93Ml zhpn>{tDU>E)26Pi^Exl!L)7G7=(Y9=mV>O_N&jh_jb^b?y*1FjP#UHlCJfofgNRn%(DW{ZNw}H zh(~;VJ{3c?;M!y@yFQ@OD5R9ok!r@V#up|8eT|3b$cXjOU>H!Z$PXY#4h9zlER*=? zxfg;I0I8mzrON6GyG&+p>s=XR8X}rZK*N}(BVNBSlOo}98Mo%~h@=XX4jtM;=xn#g z?VV_VDxJ+{YJZhFGED!r8bcy56O;_8pBYGIvw3#+T@T5JhzFFqe0e8o*^^Jkr4GoP z@g|41)*{cD$F3k&ul~8&}(k+k58*Yh_%`zdgdaYDjU|{ z*%N8CCLjXS8wOx64IC`pYJ~PM5)MN8Z6Xc?6&{PpVZnL=EF|Lc4OBgD6Kj9A715lL zWNtg#O$AD4cPGyL13*T^(0CinvcgzI2HrT(waj6HZ-YNN_{?A~+-%DTVB{Yj5z(t}%xYzJ7*FQWn za_PmEv6)^I-T3y^#Y;4!ISCSzslW! zbcp^uj*@4GVvHiU^=|4>w6L2#B}Y~`g#c}&nSyvsYLw*8)mzE|%5&s_d8FjWa6ODS zR@r(T5=K&Nr<%pr+~o`0T#~UYh5S(pp!8bHUefI@gWpR_?x8M1PK<^`jH?@C(&8T> z=F7od%geDvU?4CuX?ov zPMj*$)C$@sBQ>URy%KnIE=|8Xll1eE@>0~NG4OG#Cwibd?s6mW=;>f)Gd$}gc>(8D zdeqikVE*N|M&(Kgr;v6)Cz!grMaoSe{(I^($h!U;E3aTIU!?;>-~-?KfyM*Y>+aB3 zwm6TK*;k)=FGt?*kDFlGQF;K?NeMsi3mVCh(1%_@*y8bo;vKK?!b26QNtuG1;h8dW zr(cTh*^pOjh~}3#$rW|50_8JWKt_q3Xn)sM>a?46vtZecIkd#0oAmgr-NLaST%)+x(CAPP zUj~zB-3I6V=bA<>Tk?w>AGVBF8#bAmBc{5=@1I!&gXWaJ(Wpt1yJradvJqKmuF4n@ zikfVp+GHw3oM>Wh*;uE@Y7W0U98ss9GNnvybT7M@HBcr;z7Kf)>mCSu5v#D*Po3fk zEuFcotel=gXmxXE!@WtN=<#!vOokwBf_XN6gcM$DVWF!%`gr?$`**yXboBg*9CVx~ z4`7Uo*GFek&s4u5P zAnm%0isa|nm5KX+uQ@0Pe{$sDzZ-MHql40kZ8G)8s4%&wTi9>Y3fAKl7UwHHQf={h z%b3_J2O92=<2!2pTr=zxz_U*1}`j9a-=@-(l1}{s^rrbAfk1CMnIVjhqu? z@&2@FH;Ov6E}_ZGoTM=9g;*(nGJ$sOF*5-&vzh{Ft_PdE#gjtVs0>7FyWZbqd@UgO)fOp)v zI*Q0~oyVyzZdNHQiB7UiGV!K^05u4R;q={SSWn8K4tGtrs$^z#>-jH|2iQntO~}%d z>zTQr`RfX?*Do(ju{KTZ+;?vwx`vG`snk8X^20-TRh0$w+$5@+F)}wOan}1U(|@n5 z;O-KP_~jH++m|%HN{LTK<0nuKqjYgy68~Le3f42#Z$%3}>(xG(NV}XxR?0S=aO*>B z87=O-8KYfW)-+0mpa^s^VoR)$HLdDEFE1O{*%c6JB9y> z*lTXcrEasC{gX1>R^|rXJJ7f%&kf&%8H>GM^V9`^Uo z85Ec+;g3^(y5)YBmX=okQKr+s2g-=nkGxeb!FKShygktvwg1*tJYP@ep}wYIWza^; zhXJV78rfZM^rdXTrCn&{0xK#oI?AYV*ss!q!cSYtzpthLUxRiuwh3|&hGpOHn9k6o zeGGs2w<2KCpB1-S0CmR*@%1n8a0}I7HAANC@xi^DB<*iH2izzLf^iySoY90dTkdU~&Vb?<1d(=wfIw*%dIfS$hxl3T~zu z!zx~N7LgRy*n0t1WQO;o`p8T;^GSG&NKRH5A|5#(SRJi#?Q!nSjrT-Rvz3|5)KLCS zD~BCp{n&^VLnt-H8)41crf7pUcrkp-ZTrFO+|XdWFe}1!7?+cwsb9tvthJ9z33GTCOrSK;>+CzZ(neBC zm%u3C^_S6Pz*0#i#Mhw6ucI3>8sF%~oJQ3_>eY1q`lZC=Z(x!P2Q8&#^gVDfS!e;0 z!b#W~d1}MCvleGyzo%}95K`?* zR6dAjSA`ah6^-%JCD6Y^WNnpP#GiL%Wo_**wA~QPX4&m0)mRT*e0+F}s7LW1JaV^4 zanuEN+`UNBhR8-SkEjU*Y#?tQ0+l^lhGiXykwVb^Zv?4-w5WS!OZNR&&!tNo%!R$= z{MVcCDv{IA<-9aORf_Nh(fAJz4c=?-1c~@|Y&3jE^w+II&7Ot~n|bo>n|e=|l<3SW zrpn>L4*C6lW9-tA-oWLP35Z9afU=Z@`f%ubGEm%95tt>j_fFk}Hv}l3q{;YxZN)c3Wxf4VwlhfCdNn%IG+g$81Y0Sf!88 zp)lQS(}KWp=F;Rv>VmYBpB$W3JglW}JQ&c~8zR1<2yaaE%iTZ^ExxlCOSvfuwa{)f zN_o6ZK*!i`Ksm8S86F_>#L_8vSKYD3ABv%Ktn+1TvHFR_=kwj=H0>1~K$?PMy0M?O zLO%Cl@C|syA@B81o|&bDe?rnQ(Cyg}tfHdHfM{YY|yr!3{ww!!#}O9Evgec_&lDoWZ-Vt-b?H7-+FlKc5<>jkPLrL|Nk< zCx4hx6ok>e zIO{5tXPCB=vcp!;GIrY^ZCNnrA+nd}Tq~Lj`Le82lTHpr&%T`ymu}etDKov=w^B7` za&%oaN0K-S>sXn5xlfajMy(-S`~@^=!!X-;Y5nndm|PytvP|6dJ{4DGUZu8kXX<^8 zkvXHb=

&{ls8?K2HkUrN0w?HNNUu(14Tct!ER{6n^rR-+||i(eF`| zj|C89CwJsiLFWKnXg%O@2(^<+w+fYRIxG)A>D_gbOuxtgCJJh}## z>E^CeW-LbRHctAG`cP~PZVNGrp*#`5K{wB^G5N>wDX>%nTb0zi28rbGhU9PC~1i&?wInW2EkOS{6~XH`_4wx+7nf3_aaeu>u(_ zV0rQ8h{3pkAR?S_g$a1A)2g(pmb!WVydS+3=#yF|ZW?+IyW?v}cAnvRFeHI_byBA& z!hjrpaVX*f{uG~BLX1X4xDa6oixjaqP0g8Nh3|dlUIIK{3y6L>5ris@_iYgM>+~^Z zQb-FQbb!?R_8=O$Sz{<~4)6;@-L=7P5h4i&3_mFv$tXJAiCx=yo(vRuUoaFOluOaU zZJr8rX>_naX((XXWQyO=y(yATm+-z6Qm$Gf#pk!K@(Za^Wd(uU{D4<|EqL|L?AI}E2XsHx`H|N{D;7D)3yYYy-TBFm=5Vb{tF^>b z;;RlMmJ$pe3G^nkP^~R~+1|rNX%QE>J>wyAM$9{`qa_CK-s~b6vY%NdX)n-FbY2!d zTS0l~`uJY8ng(xII3=q{t&7!$x{LB2RRB)2gN=OIYw`Ic^=`vf<+#r98{7#)KePr& z%Gbq7pW;+-UBEsG(}<&~1Ki8>DCNf@uy^JhjLh3M9>{){sSx-kV{#D zb1h-z1^iiPi3wIAkJA38^j2L{3Nc~qPhddMt-Bt6Tq5Kn^ed{YHex>H&)EhnEUe~! z&dBJ_(Qpg?Vk7b-x?+U6={kxUk2c`2bxU3@S=#F*WcsGHI-z=6Df&>%u&CCwz1|s6 zGo-kpDxP-|!PW>?xCR%UFVgEpt)NfiNfOtgts6;hon2s`>Yq#h_8JPjs-gCLy7I(f zMc3c>gd>o6UohA>|1SL#V9o4C3i~W}Lou2a$-k5uYcjb$XeNT(Njc(u0^}ut19>AP zI!bbSa4tj|dR;&AU-!_dWvXe9xlqY8B2T56D>7xxSuqR@#}|ejYJN@V$b1|Oc-~wRpC$kPih$w2sb*JODoGWQGtkGnJmsK zjXqh~SKcypFxfMtKWK1r98M4{E~6$5EZPy^Xf~ziL`m(JGAo_I-%5OKN7|FuNfFA) z!AaWt;=!-Rvn2o9zPCBxi(O50t;a#DGZPPt9>&(bmIFWB%*AOq1N8|c=vyu0WPCgW z{W!n{=0ddk&YkH1oBtvvMQxO#C(6e`UcEay%VKUF_wF6PHc_q2cLJSpHDsSPz!M=# zqtt|QhPWI<1pFn)ySr=$0eCL-{;o@Nv)P$az7k5)*E`_N&_NlxLtA& zQjj8r80{aDxB-?`;%D7VdUa3&{6i{CK9Z?0Eo6xc@q%zam4fa!Pi*+;wG1|m@zM^} z*7UHFUCB%Lx&z=?VP0%itxTuA+P-+b$H8XfaTvW~K;H$cET?&_g=F-pdaS;38^5ly z=XVTU6_T#3wk5LgO>$Uqsl$~8YVKb5qf=Pw(S@WI{J_qTInLrj2D&@{7{3H!QAuI> zy+|P~RAkqGwvb~R5zR7r6B(^fLZP>PPY;Vy`0d1hZiK#+0Rc3(Y?LeMw)}^~VGomv zh@xGaXhoZ7J`?GcaGezXXgaW}@rPM;lAb~>feK?DI@F{>920@?!TwBYzu7D((Ul)w zyV;g|*m_#K%KP8{)+bXv@@yu(2IZ$fGLOA)O0=9Qg zXXmLU@(ymVOWd5tQ6fEpLM7XefRt}t|B}M-c0#Bn1b=FCXn%bN__J{uYBz8vWtKqU znLaSmj_~<fY>|Wg?7rKK%j+5D5rf`kPk*QY`f#U0g<$?0_XZWhsjLJGMnOaa? zdBRQ$-qM@QkGkJXajRO3rv!Q=n;QHnVWk`W6AX^qTuCNHF^opn3$gjN-0Owj&=q}~R4-H>Imci`lP8&fY z-Eo)B0UwJEHbkee{yxi|b;IEIXdc}c=(pM61HZB~LTWV=f4YNdRcbrPPFNrj)_ zSlXwne|4G^trFeZR=~K~E&5yDxFqAztk(%H4_*G?BAWF)Txx1;f!L}s8N5%kkPDed zSFUTjNvPzuWDU${sB~H*`}${#y^Yn%(bJI9ArV4ZVd&L_K2`eHSnDy55sPjsKki58 z@cXOPWnO@zhU3&~d{SO~)+B=S4(*Vm=Vbm_W-&*&Y~Z>x#VY?=Az*4a|Q@ zn3dtI^$a6_4v09zRs8kAbsd|m(Vw-1+CM*JjqB_8u?!dsbXjb3p=eYgQ{{LWeob&U zKAo!6l=gqGEg-xlw$9x_Vi`PG{C(s;`#owWUb=q)iI3^FA|0y*lz||t%RRjo2al)HQ+of) zK`ZQKiP{M)Oczj_4xla?^K@$_{POm$NYzGa$F|#v=UngL(cI`5L~D%rl{CL@F>Ucl zpx~jwZ3)}bZgZtNUtiN`NxLM>nX?6LxYtOh!1`!Ok&r-An9BJg1bXiG1|HYptimrg z=lz0nMn*v*QScb+wA>rAOk%YM_ z@Xz=dKD5HnkE}n-RGXw2h^gv!Wt}B1X3dT2s`5(F*MEBlr48)!03`{5(Rvo&Ia5wH zZNx7<4M}93siLHZ)b1Gxg~Tm)N3657lBmn=Mt1mI7v&7TJJ6TaJy=>~mc}lzOf#!4 zH*bQ@%9}J~O#20%sYHbA=m{c#RjX@c9_jh>S;!~C97`iyQ5=u8f!apzldE^?brCXN z)xsZI?a$p^1>)Dc4;2)l>E=o+UVXfiJoghpwq;}h+Vf}8;oPoY^X@${W?2Z z*_QXhoVylVfIi83b5!F!A<)mT<!oSIq{7H zJ~aPRuK>}mJ5dhMfGsKpxj9%)S3GkdY=sC3Db$(Jox#~kTWJ`R9b)ov^A1=b@PqPW zypXKyZqq)?O3S1({Igkp7Gr;|1m1t<8m#`#kg-j}?$(=o!~C70tt6}YxqShDc(8pT z?dUs$XR3Vg)Y&cJZa&R?j=gy?4;^!$PI;ooesSLOk?d;FHTplK?8z9Ke;{l{Q9L@$ z{oNk5)gaF@A5-5ObH_LO(LE=a(lD93q{vAFj8;Bf(;dplex?`!!XEn2*4GnasxfU3 zX>%Af;c;n!J100~57CAh)1FerI(XPCGTS&aI3Lntbb69}i1~sY4q>VG?I=M+k1xTe zjO+-f{2@oj4|{o}i+7?VzLB5$3fRsWfAk^;$i|_iQJ>J|`bGA$aM(=xr8>Ap%qoS} z_{p8bC>_MMeU{b%mv7FzVeElVnY4F}?_Y{&E!MWsc)=56!MT=*89{j!6549}KUf@w zjj34V0*MZS0iX;-d=8SQWp9oum2M)Bo&E-dRN>#*bmnpFb&{K{}OV(!Y>e z_X>(T7S@JJKiwe4m-QF*f?!|Yq>V*Wh&?{=3=kSIr|Rf()NTf8T4IbYzflG?)>APP zNj4nxGsh+wJ`W^ZagK@!U#E)ULZ3>Vdp^h5tq8EY!#{BKLYWA{;?vOmS7=zF+C;#p z?@ElHq&sKU|n(mc~ZfDlI`oxOC1rv`Ih4eaoJl{8gpn{89 z;Vfl0A@mlG1R;x55V<~8?u_gIBmV>}ads^uIf6&Om~dSj7MsZ|UEEHKrT2VFh_h>E zM-Ea4q8^IS)-ps-?qLPckB<#w8~pejfXEF){YDa?6fv!SkCT;c#yhFNh+jstX9_4h z;YP+vYNFf%K}a;w$F1e97SL06aQusd`g8K6oERaZYZq5kazraTSaalk6zDG|zcV$( z50RX>TIWNxX^oA_N01MPpm|unIQXB0xc1y=QqEy$ZRbkt+#N%&9GguVqabvAzX`Qb z;6g$9c*#VML@w-cHTPn_tozlc*b3*lyRjr4&oPR*TRvR{v^V|RJo)mr&j7mB!oB#G zgVnFD25Yd2j`Xi#alnfDj>AtMI--O%;!WmkZhx~mIv|wX$~c`OecQ!wW0PXGSZTqX z!lNXh_je{|uQiQRJyQT1UN_Mtbl?vhj9!`vE}2hyd~0xul_5RNZ&U}(M+Gc538wzK z-xAecg>F5i7xpfg3vr{$C2-qD8_(&D<4bdRdVC_#kz&NMl#3XB=YZXjD-fB^Hi{rx z1?&a)n;RbW?CSkpccc>8Z1H13-8H`O4C5JK;&w6$b?@->*s?c0j^1h;H0=p!TQ;c; zdY6{jZbzp->bac*38k)6~dJ9rLdp&50`iK>HL2{PL7gHoi?IU@MN*8&; zs1^XKFLTpDo+rg9`X@!5sonrtBH0RObjq8g zQXA7XgRA)QhgRU%xfuKeGBLnz!03DF-VV>(tC*T1EF1yM|BUtjLlge5`X3eH> hJmUX2K>qVF@c+>XHAO_E|2l#Dk0Smv7b*X1`(I|zvHk!6 literal 0 HcmV?d00001 diff --git a/Solutions/SalemCyber/Package/createUiDefinition.json b/Solutions/SalemCyber/Package/createUiDefinition.json new file mode 100644 index 00000000000..6ad52ce6d25 --- /dev/null +++ b/Solutions/SalemCyber/Package/createUiDefinition.json @@ -0,0 +1,131 @@ +{ + "$schema": "https://schema.management.azure.com/schemas/0.1.2-preview/CreateUIDefinition.MultiVm.json#", + "handler": "Microsoft.Azure.CreateUIDef", + "version": "0.1.2-preview", + "parameters": { + "config": { + "isWizard": false, + "basics": { + "description": "\n\n**Note:** _There may be [known issues](https://aka.ms/sentinelsolutionsknownissues) pertaining to this Solution, please refer to them before installing._\n\nSalem, [AI Cyber analyst](https://salemcyber.com), **automatically investigates** Sentinel alerts and escalates validated threats that require your attention. \n\nThis Microsoft Sentinel integration allows you to send new Sentinel alerts to Salem for analysis and reporting.\n\n**Why Salem?** \n\nMost alerts are false positives. Salem automatically triages noisy cyber alerts to find a small number of threats that require your attention. \n\nSalem scales the impact of your cyber team by helping you respond well 24/7 to a wide range of security threats. \n\nSalem's AI learns from your team and customizes its analysis to your cyber relevant business context. \n\n**Get Started with Salem** \n\nYou can find and install Salem, AI cyber analyst in the [Azure Marketplace](https%3A%2F%2Fazuremarketplace.microsoft.com%2Fen-us%2Fmarketplace%2Fapps%2Fsaleminc1627928803559.salemcyber%3Ftab%3DOverview)\n\n**Workbooks:** 1, **Playbooks:** 1\n\n[Learn more about Microsoft Sentinel](https://aka.ms/azuresentinel) | [Learn more about Solutions](https://aka.ms/azuresentinelsolutionsdoc)", + "subscription": { + "resourceProviders": [ + "Microsoft.OperationsManagement/solutions", + "Microsoft.OperationalInsights/workspaces/providers/alertRules", + "Microsoft.Insights/workbooks", + "Microsoft.Logic/workflows" + ] + }, + "location": { + "metadata": { + "hidden": "Hiding location, we get it from the log analytics workspace" + }, + "visible": false + }, + "resourceGroup": { + "allowExisting": true + } + } + }, + "basics": [ + { + "name": "getLAWorkspace", + "type": "Microsoft.Solutions.ArmApiControl", + "toolTip": "This filters by workspaces that exist in the Resource Group selected", + "condition": "[greater(length(resourceGroup().name),0)]", + "request": { + "method": "GET", + "path": "[concat(subscription().id,'/providers/Microsoft.OperationalInsights/workspaces?api-version=2020-08-01')]" + } + }, + { + "name": "workspace", + "type": "Microsoft.Common.DropDown", + "label": "Workspace", + "placeholder": "Select a workspace", + "toolTip": "This dropdown will list only workspace that exists in the Resource Group selected", + "constraints": { + "allowedValues": "[map(filter(basics('getLAWorkspace').value, (filter) => contains(toLower(filter.id), toLower(resourceGroup().name))), (item) => parse(concat('{\"label\":\"', item.name, '\",\"value\":\"', item.name, '\"}')))]", + "required": true + }, + "visible": true + } + ], + "steps": [ + { + "name": "workbooks", + "label": "Workbooks", + "subLabel": { + "preValidation": "Configure the workbooks", + "postValidation": "Done" + }, + "bladeTitle": "Workbooks", + "elements": [ + { + "name": "workbooks-text", + "type": "Microsoft.Common.TextBlock", + "options": { + "text": "This Microsoft Sentinel Integration installs workbooks to help visualize Salem alert analysis" + } + }, + { + "name": "workbooks-link", + "type": "Microsoft.Common.TextBlock", + "options": { + "link": { + "label": "Learn more", + "uri": "https://docs.microsoft.com/azure/sentinel/tutorial-monitor-your-data" + } + } + }, + { + "name": "workbook1", + "type": "Microsoft.Common.Section", + "label": "Salem Alerts Workbook", + "elements": [ + { + "name": "workbook1-text", + "type": "Microsoft.Common.TextBlock", + "options": { + "text": "Monitor Salem Performance" + } + } + ] + } + ] + }, + { + "name": "playbooks", + "label": "Playbooks", + "subLabel": { + "preValidation": "Configure the playbooks", + "postValidation": "Done" + }, + "bladeTitle": "Playbooks", + "elements": [ + { + "name": "playbooks-text", + "type": "Microsoft.Common.TextBlock", + "options": { + "text": "This Microsoft Sentinel Integration installs a playbook that allows Sentinel alerts to be sent to Salem for investigation" + } + }, + { + "name": "playbooks-link", + "type": "Microsoft.Common.TextBlock", + "options": { + "link": { + "label": "Learn more", + "uri": "https://docs.microsoft.com/azure/sentinel/tutorial-respond-threats-playbook?WT.mc_id=Portal-Microsoft_Azure_CreateUIDef" + } + } + } + ] + } + ], + "outputs": { + "workspace-location": "[first(map(filter(basics('getLAWorkspace').value, (filter) => and(contains(toLower(filter.id), toLower(resourceGroup().name)),equals(filter.name,basics('workspace')))), (item) => item.location))]", + "location": "[location()]", + "workspace": "[basics('workspace')]" + } + } +} diff --git a/Solutions/SalemCyber/Package/mainTemplate.json b/Solutions/SalemCyber/Package/mainTemplate.json new file mode 100644 index 00000000000..8255ad063db --- /dev/null +++ b/Solutions/SalemCyber/Package/mainTemplate.json @@ -0,0 +1,489 @@ +{ + "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", + "contentVersion": "1.0.0.0", + "metadata": { + "author": "Salem Cyber - support@salemcyber.com", + "comments": "Solution template for SalemCyber" + }, + "parameters": { + "location": { + "type": "string", + "minLength": 1, + "defaultValue": "[resourceGroup().location]", + "metadata": { + "description": "Not used, but needed to pass arm-ttk test `Location-Should-Not-Be-Hardcoded`. We instead use the `workspace-location` which is derived from the LA workspace" + } + }, + "workspace-location": { + "type": "string", + "defaultValue": "", + "metadata": { + "description": "[concat('Region to deploy solution resources -- separate from location selection',parameters('location'))]" + } + }, + "workspace": { + "defaultValue": "", + "type": "string", + "metadata": { + "description": "Workspace name for Log Analytics where Microsoft Sentinel is setup" + } + }, + "workbook1-name": { + "type": "string", + "defaultValue": "Salem Alerts Workbook", + "minLength": 1, + "metadata": { + "description": "Name for the workbook" + } + } + }, + "variables": { + "email": "support@salemcyber.com", + "_email": "[variables('email')]", + "_solutionName": "SalemCyber", + "_solutionVersion": "3.0.0", + "solutionId": "saleminc1627928803559.salem-cyber-ai-analyst", + "_solutionId": "[variables('solutionId')]", + "workbookVersion1": "1.0.0", + "workbookContentId1": "SalemDashboard", + "workbookId1": "[resourceId('Microsoft.Insights/workbooks', variables('workbookContentId1'))]", + "workbookTemplateSpecName1": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat(concat(parameters('workspace'),'-wb-',uniquestring(variables('_workbookContentId1'))),variables('workbookVersion1')))]", + "_workbookContentId1": "[variables('workbookContentId1')]", + "workspaceResourceId": "[resourceId('microsoft.OperationalInsights/Workspaces', parameters('workspace'))]", + "_workbookcontentProductId1": "[concat(take(variables('_solutionId'),50),'-','wb','-', uniqueString(concat(variables('_solutionId'),'-','Workbook','-',variables('_workbookContentId1'),'-', variables('workbookVersion1'))))]", + "SendAlertToSalem": "SendAlertToSalem", + "_SendAlertToSalem": "[variables('SendAlertToSalem')]", + "playbookVersion1": "1.0", + "playbookContentId1": "SendAlertToSalem", + "_playbookContentId1": "[variables('playbookContentId1')]", + "playbookId1": "[resourceId('Microsoft.Logic/workflows', variables('playbookContentId1'))]", + "playbookTemplateSpecName1": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat(concat(parameters('workspace'),'-pl-',uniquestring(variables('_playbookContentId1'))),variables('playbookVersion1')))]", + "_playbookcontentProductId1": "[concat(take(variables('_solutionId'),50),'-','pl','-', uniqueString(concat(variables('_solutionId'),'-','Playbook','-',variables('_playbookContentId1'),'-', variables('playbookVersion1'))))]", + "_solutioncontentProductId": "[concat(take(variables('_solutionId'),50),'-','sl','-', uniqueString(concat(variables('_solutionId'),'-','Solution','-',variables('_solutionId'),'-', variables('_solutionVersion'))))]" + }, + "resources": [ + { + "type": "Microsoft.OperationalInsights/workspaces/providers/contentTemplates", + "apiVersion": "2023-04-01-preview", + "name": "[variables('workbookTemplateSpecName1')]", + "location": "[parameters('workspace-location')]", + "dependsOn": [ + "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]" + ], + "properties": { + "description": "SalemDashboardWorkbook Workbook with template version 3.0.0", + "mainTemplate": { + "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", + "contentVersion": "[variables('workbookVersion1')]", + "parameters": {}, + "variables": {}, + "resources": [ + { + "type": "Microsoft.Insights/workbooks", + "name": "[variables('workbookContentId1')]", + "location": "[parameters('workspace-location')]", + "kind": "shared", + "apiVersion": "2021-08-01", + "metadata": { + "description": "Monitor Salem Performance" + }, + "properties": { + "displayName": "[parameters('workbook1-name')]", + "serializedData": "{\"$schema\":\"https://github.com/Microsoft/Application-Insights-Workbooks/blob/master/schema/workbook.json\",\"version\":\"Notebook/1.0\",\"items\":[{\"type\":9,\"content\":{\"version\":\"KqlParameterItem/1.0\",\"parameters\":[{\"id\":\"ea0c0933-39f4-4220-9afc-d2aca2b7afc7\",\"version\":\"KqlParameterItem/1.0\",\"name\":\"time_range_picker\",\"label\":\"Time Range Picker\",\"type\":4,\"isGlobal\":true,\"typeSettings\":{\"selectableValues\":[{\"durationMs\":300000},{\"durationMs\":1800000},{\"durationMs\":3600000},{\"durationMs\":43200000},{\"durationMs\":86400000},{\"durationMs\":172800000},{\"durationMs\":604800000},{\"durationMs\":2592000000},{\"durationMs\":7776000000}],\"allowCustom\":true},\"timeContext\":{\"durationMs\":86400000},\"value\":{\"durationMs\":86400000}},{\"id\":\"78694e68-cdb6-4156-9847-b19b75c2b04f\",\"version\":\"KqlParameterItem/1.0\",\"name\":\"row_count\",\"label\":\"Row Count\",\"type\":2,\"description\":\"Number of rows to display\",\"isGlobal\":true,\"typeSettings\":{\"showDefault\":false},\"jsonData\":\"[\\n 1, 5, 25\\n]\",\"timeContext\":{\"durationMs\":86400000},\"value\":\"5\"}],\"style\":\"pills\",\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\"},\"name\":\"parameters - 3\"},{\"type\":12,\"content\":{\"version\":\"NotebookGroup/1.0\",\"groupType\":\"editable\",\"title\":\"Top Row\",\"items\":[{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"SalemAlerts_CL \\n| extend pred = parse_json(prediction_s)[-1]\\n| extend investigation_status = case(incident_s == \\\"1\\\", \\\"Threat\\\", incident_s == \\\"0\\\", \\\"False Positive\\\", \\\"Not Escalated\\\")\\n| where investigation_status == \\\"Threat\\\"\\n| summarize escalated_threats = count()\\n| project Count = escalated_threats\",\"size\":3,\"title\":\"Escalated Threats\",\"noDataMessageStyle\":4,\"timeContextFromParameter\":\"time_range_picker\",\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"visualization\":\"card\",\"tileSettings\":{\"showBorder\":false},\"mapSettings\":{\"locInfo\":\"LatLong\",\"sizeSettings\":\"Count\",\"sizeAggregation\":\"Sum\",\"legendMetric\":\"Count\",\"legendAggregation\":\"Sum\",\"itemColorSettings\":{\"type\":\"heatmap\",\"colorAggregation\":\"Sum\",\"nodeColorField\":\"Count\",\"heatmapPalette\":\"greenRed\"}},\"textSettings\":{\"style\":\"bignumber\"}},\"customWidth\":\"50\",\"name\":\"query - 3\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"SalemAlerts_CL\\n| summarize Count = count()\",\"size\":3,\"title\":\"Alerts Analyzed\",\"timeContextFromParameter\":\"time_range_picker\",\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"visualization\":\"card\",\"gridSettings\":{\"rowLimit\":50},\"textSettings\":{\"style\":\"bignumber\"}},\"customWidth\":\"50\",\"name\":\"query - 2\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"SalemAlerts_CL \\n| extend pred = parse_json(prediction_s)[-1]\\n| extend investigation_status = case(incident_s == \\\"1\\\", \\\"Threat\\\", incident_s == \\\"0\\\", \\\"False Positive\\\", \\\"Not Escalated\\\")\\n| where investigation_status == \\\"Threat\\\"\\n| summarize cnt = count() by alert_name_s\\n| order by cnt desc\\n| project alert_name = alert_name_s, Count = cnt\\n| take {row_count}\",\"size\":3,\"title\":\"Common Escalated Threats\",\"timeContextFromParameter\":\"time_range_picker\",\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"tileSettings\":{\"showBorder\":false,\"titleContent\":{\"columnMatch\":\"alert_name\",\"formatter\":1},\"leftContent\":{\"columnMatch\":\"Count\",\"formatter\":12,\"formatOptions\":{\"palette\":\"auto\"},\"numberFormat\":{\"unit\":17,\"options\":{\"maximumSignificantDigits\":3,\"maximumFractionDigits\":2}}}},\"graphSettings\":{\"type\":0,\"topContent\":{\"columnMatch\":\"alert_name\",\"formatter\":1},\"centerContent\":{\"columnMatch\":\"Count\",\"formatter\":1,\"numberFormat\":{\"unit\":17,\"options\":{\"maximumSignificantDigits\":3,\"maximumFractionDigits\":2}}}}},\"customWidth\":\"50\",\"name\":\"query - 3\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"SalemAlerts_CL \\n| summarize cnt = count() by alert_name_s\\n| order by cnt desc\\n| project alert_name = alert_name_s, Count = cnt\\n| take {row_count}\",\"size\":3,\"title\":\"Common Alerts\",\"timeContextFromParameter\":\"time_range_picker\",\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\"},\"customWidth\":\"50\",\"name\":\"query - 5\"}]},\"name\":\"Top Row\",\"styleSettings\":{\"margin\":\"5\",\"padding\":\"5\",\"showBorder\":true}},{\"type\":12,\"content\":{\"version\":\"NotebookGroup/1.0\",\"groupType\":\"editable\",\"title\":\"Most Targeted\",\"items\":[{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"SalemAlerts_CL \\n| extend pred = parse_json(prediction_s)[-1]\\n| extend investigation_status = case(incident_s == \\\"1\\\", \\\"Threat\\\", incident_s == \\\"0\\\", \\\"False Positive\\\", \\\"Not Escalated\\\")\\n| where investigation_status == \\\"Threat\\\"\\n| extend context = parse_json(context_s)\\n| mv-expand context.account\\n| where isnotempty( context_account) \\n| summarize cnt = count() by tostring(context_account)\\n| order by cnt desc \\n| take 5\\n| project Targeted_Accounts = context_account, Count = cnt\",\"size\":3,\"timeContextFromParameter\":\"time_range_picker\",\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\"},\"customWidth\":\"50\",\"name\":\"query - 4\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"SalemAlerts_CL\\n| where incident_s == \\\"1\\\"\\n| extend context = parse_json(context_s)\\n| extend res_context = case(set_has_element(context.dest, \\\"external_resource\\\"), context.src, context.dest)\\n| mv-expand res_context\\n| where res_context !in (\\\"internal_resource\\\",\\\"isHostName\\\")\\n| where isnotempty(res_context)\\n| summarize Count = count() by tostring(res_context)\\n| order by Count desc\\n| project Targeted_Resources = res_context, Count\\n| take {row_count}\",\"size\":3,\"timeContextFromParameter\":\"time_range_picker\",\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\"},\"customWidth\":\"50\",\"name\":\"query - 4 - Copy\"}]},\"name\":\"most_targeted\",\"styleSettings\":{\"showBorder\":true}},{\"type\":12,\"content\":{\"version\":\"NotebookGroup/1.0\",\"groupType\":\"editable\",\"title\":\"Alert Trend\",\"items\":[{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"range days from {time_range_picker:start} to {time_range_picker:end} step 1d\\n| project days, day_only = format_datetime(days, \\\"MM/dd/yyyy\\\")\\n| join kind=leftouter (\\n SalemAlerts_CL\\n | summarize alerts = count() by bin(report_time_t, 1d)\\n | project report_time_t, alerts\\n | join kind=leftouter (\\n SalemAlerts_CL\\n | where incident_s == \\\"1\\\"\\n | summarize threats = count() by bin(report_time_t, 1d)\\n | project report_time_t, threats\\n ) on report_time_t\\n | project day_only = format_datetime(report_time_t1, \\\"MM/dd/yyyy\\\"), alerts, threats\\n) on day_only\\n| project days, alerts = case(isempty(alerts), 0, alerts) , threats = case(isempty(threats), 0, threats)\\n| order by days asc \\n| render timechart\",\"size\":0,\"timeContextFromParameter\":\"time_range_picker\",\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\"},\"name\":\"query - 2\"}]},\"name\":\"Alert Trend\",\"styleSettings\":{\"showBorder\":true}},{\"type\":12,\"content\":{\"version\":\"NotebookGroup/1.0\",\"groupType\":\"editable\",\"title\":\"Alerts in Table\",\"items\":[{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"SalemAlerts_CL\\n| extend pred = parse_json(prediction_s)[-1]\\n| extend treat_level = case(pred > 0.7, \\\"High\\\", pred < 0.35, \\\"Low\\\", \\\"Medium\\\")\\n| extend investigation_status = case(incident_s == \\\"1\\\", \\\"Threat\\\", incident_s == \\\"0\\\", \\\"False Positive\\\", \\\"Not Escalated\\\")\\n| project report_time_t, id_s, alert_name_s, treat_level, investigation_status\",\"size\":3,\"timeContextFromParameter\":\"time_range_picker\",\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"gridSettings\":{\"sortBy\":[{\"itemKey\":\"report_time_t\",\"sortOrder\":2}]},\"sortBy\":[{\"itemKey\":\"report_time_t\",\"sortOrder\":2}]},\"name\":\"query - 2\"}]},\"name\":\"group - 5\",\"styleSettings\":{\"showBorder\":true}}]}\r\n", + "version": "1.0", + "sourceId": "[variables('workspaceResourceId')]", + "category": "sentinel" + } + }, + { + "type": "Microsoft.OperationalInsights/workspaces/providers/metadata", + "apiVersion": "2022-01-01-preview", + "name": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat('Workbook-', last(split(variables('workbookId1'),'/'))))]", + "properties": { + "description": "@{workbookKey=SalemDashboard; logoFileName=salem_logo.svg; description=Monitor Salem Performance; dataTypesDependencies=System.Object[]; dataConnectorsDependencies=System.Object[]; previewImagesFileNames=System.Object[]; version=1.0.0; title=Salem Alerts Workbook; templateRelativePath=SalemDashboard.json; subtitle=; provider=SalemCyber}.description", + "parentId": "[variables('workbookId1')]", + "contentId": "[variables('_workbookContentId1')]", + "kind": "Workbook", + "version": "[variables('workbookVersion1')]", + "source": { + "kind": "Solution", + "name": "SalemCyber", + "sourceId": "[variables('_solutionId')]" + }, + "author": { + "name": "Salem Cyber", + "email": "[variables('_email')]" + }, + "support": { + "name": "Salem Cyber", + "email": "support@salemcyber.com", + "tier": "Microsoft", + "link": "https://www.salemcyber.com/contact" + }, + "dependencies": { + "operator": "AND", + "criteria": [ + { + "contentId": "SalemAlerts_CL", + "kind": "DataType" + } + ] + } + } + } + ] + }, + "packageKind": "Solution", + "packageVersion": "[variables('_solutionVersion')]", + "packageName": "[variables('_solutionName')]", + "packageId": "[variables('_solutionId')]", + "contentSchemaVersion": "3.0.0", + "contentId": "[variables('_workbookContentId1')]", + "contentKind": "Workbook", + "displayName": "[parameters('workbook1-name')]", + "contentProductId": "[variables('_workbookcontentProductId1')]", + "id": "[variables('_workbookcontentProductId1')]", + "version": "[variables('workbookVersion1')]" + } + }, + { + "type": "Microsoft.OperationalInsights/workspaces/providers/contentTemplates", + "apiVersion": "2023-04-01-preview", + "name": "[variables('playbookTemplateSpecName1')]", + "location": "[parameters('workspace-location')]", + "dependsOn": [ + "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]" + ], + "properties": { + "description": "SendAlertToSalem Playbook with template version 3.0.0", + "mainTemplate": { + "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", + "contentVersion": "[variables('playbookVersion1')]", + "parameters": { + "PlaybookName": { + "type": "string", + "metadata": { + "description": "A Globally unique name for the integration logic app" + } + }, + "SalemEventHubConnectionString": { + "type": "securestring", + "metadata": { + "description": "The Connection String from the Salem 'alerts' Event Hub" + } + }, + "location": { + "type": "string", + "metadata": { + "description": "Location for all resources. Leave blank to use location of resource group" + } + } + }, + "variables": { + "SalemEventHubConnectionName": "Salem-EventHub", + "SentinelConnectionName": "Salem-MicrosoftSentinel", + "connection-2": "[[concat('/subscriptions/', subscription().subscriptionId, '/providers/Microsoft.Web/locations/', parameters('location'), '/managedApis/eventhubs')]", + "_connection-2": "[[variables('connection-2')]", + "connection-3": "[[concat('/subscriptions/', subscription().subscriptionId, '/providers/Microsoft.Web/locations/', parameters('location'), '/managedApis/azuresentinel')]", + "_connection-3": "[[variables('connection-3')]", + "workspace-location-inline": "[concat('[resourceGroup().locatio', 'n]')]", + "workspace-name": "[parameters('workspace')]", + "workspaceResourceId": "[[resourceId('microsoft.OperationalInsights/Workspaces', variables('workspace-name'))]" + }, + "resources": [ + { + "type": "Microsoft.Logic/workflows", + "apiVersion": "2019-05-01", + "name": "[[parameters('PlaybookName')]", + "location": "[[parameters('location')]", + "properties": { + "state": "Enabled", + "definition": { + "$schema": "https://schema.management.azure.com/providers/Microsoft.Logic/schemas/2016-06-01/workflowdefinition.json#", + "contentVersion": "1.0.0.0", + "parameters": { + "$connections": { + "type": "Object" + } + }, + "triggers": { + "Microsoft_Sentinel_alert": { + "type": "ApiConnectionWebhook", + "inputs": { + "body": { + "callback_url": "@{listCallbackUrl()}" + }, + "host": { + "connection": { + "name": "@parameters('$connections')['azuresentinel']['connectionId']" + } + }, + "path": "/subscribe" + } + } + }, + "actions": { + "Alert_-_Get_incident": { + "type": "ApiConnection", + "inputs": { + "host": { + "connection": { + "name": "@parameters('$connections')['azuresentinel']['connectionId']" + } + }, + "method": "get", + "path": "/Incidents/subscriptions/@{encodeURIComponent(triggerBody()?['WorkspaceSubscriptionId'])}/resourceGroups/@{encodeURIComponent(triggerBody()?['WorkspaceResourceGroup'])}/workspaces/@{encodeURIComponent(triggerBody()?['WorkspaceId'])}/alerts/@{encodeURIComponent(triggerBody()?['SystemAlertId'])}" + } + }, + "Initialize_variable_alert_body": { + "runAfter": { + "Alert_-_Get_incident": [ + "Succeeded" + ] + }, + "type": "InitializeVariable", + "inputs": { + "variables": [ + { + "name": "alert_body", + "type": "object", + "value": { + "custom_details": "@json(coalesce(triggerBody()?['ExtendedProperties']?['Custom Details'],'{}'))", + "earliest": "@triggerBody()['ExtendedProperties']['Query Start Time UTC']", + "entities": "@triggerBody()?['Entities']", + "incident_id": "@body('Alert_-_Get_incident')?['properties']?['incidentNumber']", + "latest": "@triggerBody()['ExtendedProperties']['Query End Time UTC']" + } + } + ] + } + }, + "Initialize_variable_alert": { + "runAfter": { + "Initialize_variable_alert_body": [ + "Succeeded" + ] + }, + "type": "InitializeVariable", + "inputs": { + "variables": [ + { + "name": "alert_formatted", + "type": "object", + "value": { + "alert": "@variables('alert_body')", + "alert_name": "@triggerBody()?['AlertDisplayName']", + "id": "@triggerBody()?['SystemAlertId']", + "source": "sentinel" + } + } + ] + } + }, + "Send_event": { + "runAfter": { + "Initialize_variable_alert": [ + "Succeeded" + ] + }, + "type": "ApiConnection", + "inputs": { + "body": { + "ContentData": "@{base64(variables('alert_formatted'))}" + }, + "host": { + "connection": { + "name": "@parameters('$connections')['eventhubs']['connectionId']" + } + }, + "method": "post", + "path": "/@{encodeURIComponent('alerts')}/events" + } + } + } + }, + "parameters": { + "$connections": { + "value": { + "azuresentinel": { + "connectionId": "[[resourceId('Microsoft.Web/connections', variables('SentinelConnectionName'))]", + "connectionName": "[[variables('SentinelConnectionName')]", + "id": "[[concat('/subscriptions/', subscription().subscriptionId, '/providers/Microsoft.Web/locations/', parameters('location'), '/managedApis/azuresentinel')]" + }, + "eventhubs": { + "connectionId": "[[resourceId('Microsoft.Web/connections', variables('SalemEventHubConnectionname'))]", + "connectionName": "[[variables('SalemEventHubConnectionname')]", + "id": "[[concat('/subscriptions/', subscription().subscriptionId, '/providers/Microsoft.Web/locations/', parameters('location'), '/managedApis/eventhubs')]" + } + } + } + } + }, + "dependsOn": [ + "[[resourceId('Microsoft.Web/connections', variables('SentinelConnectionName'))]", + "[[resourceId('Microsoft.Web/connections', variables('SalemEventHubConnectionname'))]" + ], + "tags": { + "hidden-SentinelWorkspaceId": "[[variables('workspaceResourceId')]" + } + }, + { + "type": "Microsoft.Web/connections", + "apiVersion": "2016-06-01", + "name": "[[variables('SalemEventHubConnectionname')]", + "location": "[[parameters('location')]", + "kind": "V1", + "properties": { + "displayName": "Salem Event Hubs", + "api": { + "name": "[[variables('SalemEventHubConnectionname')]", + "displayName": "Salem Event Hubs", + "description": "Connect to The Salem Event Hub to send alerts.", + "id": "[[variables('_connection-2')]", + "type": "Microsoft.Web/locations/managedApis" + }, + "parameterValues": { + "connectionString": "[[parameters('SalemEventHubConnectionString')]" + } + } + }, + { + "type": "Microsoft.Web/connections", + "apiVersion": "2016-06-01", + "name": "[[variables('SentinelConnectionName')]", + "location": "[[parameters('location')]", + "kind": "V1", + "properties": { + "displayName": "Microsoft Sentinel", + "api": { + "name": "[[variables('SentinelConnectionName')]", + "displayName": "Microsoft Sentinel", + "description": "Cloud-native SIEM with a built-in AI so you can focus on what matters most", + "id": "[[variables('_connection-3')]", + "type": "Microsoft.Web/locations/managedApis" + } + } + }, + { + "type": "Microsoft.OperationalInsights/workspaces/providers/metadata", + "apiVersion": "2022-01-01-preview", + "name": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat('Playbook-', last(split(variables('playbookId1'),'/'))))]", + "properties": { + "parentId": "[variables('playbookId1')]", + "contentId": "[variables('_playbookContentId1')]", + "kind": "Playbook", + "version": "[variables('playbookVersion1')]", + "source": { + "kind": "Solution", + "name": "SalemCyber", + "sourceId": "[variables('_solutionId')]" + }, + "author": { + "name": "Salem Cyber", + "email": "[variables('_email')]" + }, + "support": { + "name": "Salem Cyber", + "email": "support@salemcyber.com", + "tier": "Microsoft", + "link": "https://www.salemcyber.com/contact" + } + } + } + ], + "metadata": { + "title": "Send-Sentinel-Alerts-to-Salem", + "description": "Use this playbook to send Sentinel alerts to Salem Virtual Cyber Analyst", + "prerequisites": [ + "Install Salem from the Azure Marketplace", + "Obtain the send key from the Alerts Eventhub in the Salem resrouce gorup" + ], + "releaseNotes": [ + { + "version": "1.0.0", + "title": "Send-Sentinel-Alerts-to-Salem", + "notes": [ + "Initial version" + ] + } + ], + "lastUpdateTime": "2023-07-23T16:06:38.317Z" + } + }, + "packageKind": "Solution", + "packageVersion": "[variables('_solutionVersion')]", + "packageName": "[variables('_solutionName')]", + "packageId": "[variables('_solutionId')]", + "contentSchemaVersion": "3.0.0", + "contentId": "[variables('_playbookContentId1')]", + "contentKind": "Playbook", + "displayName": "SendAlertToSalem", + "contentProductId": "[variables('_playbookcontentProductId1')]", + "id": "[variables('_playbookcontentProductId1')]", + "version": "[variables('playbookVersion1')]" + } + }, + { + "type": "Microsoft.OperationalInsights/workspaces/providers/contentPackages", + "apiVersion": "2023-04-01-preview", + "location": "[parameters('workspace-location')]", + "properties": { + "version": "3.0.0", + "kind": "Solution", + "contentSchemaVersion": "3.0.0", + "displayName": "SalemCyber", + "publisherDisplayName": "Microsoft Sentinel, Salem Cyber", + "descriptionHtml": "

Note: There may be known issues pertaining to this Solution, please refer to them before installing.

\n

Salem, AI Cyber analyst, automatically investigates Sentinel alerts and escalates validated threats that require your attention.

\n

This Microsoft Sentinel integration allows you to send new Sentinel alerts to Salem for analysis and reporting.

\n

Why Salem?

\n

Most alerts are false positives. Salem automatically triages noisy cyber alerts to find a small number of threats that require your attention.

\n

Salem scales the impact of your cyber team by helping you respond well 24/7 to a wide range of security threats.

\n

Salem's AI learns from your team and customizes its analysis to your cyber relevant business context.

\n

Get Started with Salem

\n

You can find and install Salem, AI cyber analyst in the Azure Marketplace

\n

Workbooks: 1, Playbooks: 1

\n

Learn more about Microsoft Sentinel | Learn more about Solutions

\n", + "contentKind": "Solution", + "contentProductId": "[variables('_solutioncontentProductId')]", + "id": "[variables('_solutioncontentProductId')]", + "icon": "", + "contentId": "[variables('_solutionId')]", + "parentId": "[variables('_solutionId')]", + "source": { + "kind": "Solution", + "name": "SalemCyber", + "sourceId": "[variables('_solutionId')]" + }, + "author": { + "name": "Salem Cyber", + "email": "[variables('_email')]" + }, + "support": { + "name": "Salem Cyber", + "email": "support@salemcyber.com", + "tier": "Microsoft", + "link": "https://www.salemcyber.com/contact" + }, + "dependencies": { + "operator": "AND", + "criteria": [ + { + "kind": "Workbook", + "contentId": "[variables('_workbookContentId1')]", + "version": "[variables('workbookVersion1')]" + }, + { + "kind": "Playbook", + "contentId": "[variables('_SendAlertToSalem')]", + "version": "[variables('playbookVersion1')]" + } + ] + }, + "firstPublishDate": "2023-07-21", + "lastPublishDate": "2023-07-21", + "providers": [ + "Salem Cyber" + ], + "categories": { + "domains": [ + "Security - Automation (SOAR)", + "Security - Insider Threat" + ] + } + }, + "name": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/', variables('_solutionId'))]" + } + ], + "outputs": {} +} diff --git a/Solutions/Salem Virtual Cyber Analyst/Playbooks/SendAlertToSalem/azuredeploy.json b/Solutions/SalemCyber/Playbooks/SendAlertToSalem/azuredeploy.json similarity index 100% rename from Solutions/Salem Virtual Cyber Analyst/Playbooks/SendAlertToSalem/azuredeploy.json rename to Solutions/SalemCyber/Playbooks/SendAlertToSalem/azuredeploy.json diff --git a/Solutions/Salem Virtual Cyber Analyst/SolutionMetadata.json b/Solutions/SalemCyber/SolutionMetadata.json similarity index 100% rename from Solutions/Salem Virtual Cyber Analyst/SolutionMetadata.json rename to Solutions/SalemCyber/SolutionMetadata.json diff --git a/Solutions/Salem Virtual Cyber Analyst/Workbooks/SalemDashboard.json b/Solutions/SalemCyber/Workbooks/SalemDashboard.json similarity index 100% rename from Solutions/Salem Virtual Cyber Analyst/Workbooks/SalemDashboard.json rename to Solutions/SalemCyber/Workbooks/SalemDashboard.json From ac0c198d16813cfd777f50c523ef8cc0f0127c8a Mon Sep 17 00:00:00 2001 From: jonbagg Date: Mon, 24 Jul 2023 09:38:21 -0400 Subject: [PATCH 15/26] correct branding issue and repackage --- Solutions/SalemCyber/Data/Solution_Salem.json | 4 ++-- Solutions/SalemCyber/Package/3.0.0.zip | Bin 8303 -> 8310 bytes .../Package/createUiDefinition.json | 4 ++-- .../SalemCyber/Package/mainTemplate.json | 4 ++-- 4 files changed, 6 insertions(+), 6 deletions(-) diff --git a/Solutions/SalemCyber/Data/Solution_Salem.json b/Solutions/SalemCyber/Data/Solution_Salem.json index 213cdc20865..03ec445ef68 100644 --- a/Solutions/SalemCyber/Data/Solution_Salem.json +++ b/Solutions/SalemCyber/Data/Solution_Salem.json @@ -2,14 +2,14 @@ "Name": "SalemCyber", "Author": "Salem Cyber - support@salemcyber.com", "Logo": "", - "Description": "Salem, [AI Cyber analyst](https://salemcyber.com), **automatically investigates** Sentinel alerts and escalates validated threats that require your attention. \n\nThis Microsoft Sentinel integration allows you to send new Sentinel alerts to Salem for analysis and reporting.\n\n**Why Salem?** \n\nMost alerts are false positives. Salem automatically triages noisy cyber alerts to find a small number of threats that require your attention. \n\nSalem scales the impact of your cyber team by helping you respond well 24/7 to a wide range of security threats. \n\nSalem's AI learns from your team and customizes its analysis to your cyber relevant business context. \n\n**Get Started with Salem** \n\nYou can find and install Salem, AI cyber analyst in the [Azure Marketplace](https%3A%2F%2Fazuremarketplace.microsoft.com%2Fen-us%2Fmarketplace%2Fapps%2Fsaleminc1627928803559.salemcyber%3Ftab%3DOverview)", + "Description": "Salem, [AI Cyber analyst](https://salemcyber.com), **automatically investigates** Microsoft Sentinel alerts and escalates validated threats that require your attention. \n\nThis Microsoft Sentinel integration allows you to send new Microsoft Sentinel alerts to Salem for analysis and reporting.\n\n**Why Salem?** \n\nMost alerts are false positives. Salem automatically triages noisy cyber alerts to find a small number of threats that require your attention. \n\nSalem scales the impact of your cyber team by helping you respond well 24/7 to a wide range of security threats. \n\nSalem's AI learns from your team and customizes its analysis to your cyber relevant business context. \n\n**Get Started with Salem** \n\nYou can find and install Salem, AI cyber analyst in the [Azure Marketplace](https%3A%2F%2Fazuremarketplace.microsoft.com%2Fen-us%2Fmarketplace%2Fapps%2Fsaleminc1627928803559.salemcyber%3Ftab%3DOverview)", "Workbooks": ["Solutions/SalemCyber/Workbooks/SalemDashboard.json"], "WorkbookBladeDescription": "This Microsoft Sentinel Integration installs workbooks to help visualize Salem alert analysis", "Analytic Rules": [], "Playbooks": ["Solutions/SalemCyber/Playbooks/SendAlertToSalem/azuredeploy.json"], - "PlaybooksBladeDescription": "This Microsoft Sentinel Integration installs a playbook that allows Sentinel alerts to be sent to Salem for investigation", + "PlaybooksBladeDescription": "This Microsoft Sentinel Integration installs a playbook that allows Microsoft Sentinel alerts to be sent to Salem for investigation", "Parsers": [], "SavedSearches": [], "Hunting Queries": [], diff --git a/Solutions/SalemCyber/Package/3.0.0.zip b/Solutions/SalemCyber/Package/3.0.0.zip index 7d02fd527332fc6bf1132cb5f25489e07d7d659f..6b94b9d7a52052394174da7fdd0d49b21599640e 100644 GIT binary patch delta 2949 zcmV;03wreLK=wczP)h>@6aWAK2mqQ)_*Ml5K9E@l004m(000+~AR3W15`V|K9#~go zN!t}j)}qN;3~><95^Zy#M2)24x?TVKo|if-*-Dxo1BL-PZ1UxM9}oHd+iw`_d~d_K zh&%@??ZeS1UkPHK@R^83;sX9IGa?9eTBTfvN&3X^Y(7y_pn zvSnf&R|*G%3sUZcEPooXv;F7nfXre@8nv`;rH{8cHyKXq57^cg&zz3AlOZ@Q!SYI2 zCufMig^^Weu+oPN9E`JI9WjK5E23mqT*(NZBIrlSWAUFmX#H0vq3BX)P{vVkC>fx zAHz&qI@Z=z#zAMFpe)rEB?O-Y1>>f>oRKI?%MvZ^l6lA0R6+ekj58a9mL*wCyLx(i z7v&Pk$q<3SGa08mbi~7x=klE3$cQDZ6ATdaP`oty z3K{07z<*htg4Jit3-mi*-uAc}YNJYWUFvlQxq6;h>dkhvfKx4sLfBDSN+0`@-Qm0OMzWVZ^?lPrA-s&z)N{(j9*EeV=%P10l*!?OaD&~^O z0Hw@kC>QDSdZbKOdX^_Y+L2|ID;nC>RiZ&It$&;-Q4Zj1R4)Vi%;+rL(BF6ECvPR@ zL_+i3nXJyJ{8)S_8Lvisl^XR~p8!CR-LUa!|4n5|T`RXtJ;^F8Rayu8Cf-lw0osev zs(DIlbt=h-9K-zp#G1E+m7w=JN@Je9)&=snuq-rXK<-yd%8bfIutbO$#@adFE49_Tp6v^z99Jp>|ZP%AzW zipblu!FT1kR}=x0AhA;R{YJ_1Km>>=`ibmdxW z{`Eo7lTO5*4{*B`y&{Xc@5i~%$DN1cPIrJ-BVvDQz`EnkVBGPVwC{fCf^{Rai+|h( zwuv@-MBQVnmQ*Jy679U~9sus?N1I1$D{m&!<~FM5sGw+u3wNB?Ij$`#{J`I62wYG$ zTr)R1fQ+tr?ocQ7rrfZ8qIe`urSlHBMnmKo4atqMx;{NN+%P1twK3MNEyGh#|AL8g zxp74M-m;O=IXjY3)>R8Me_jLh1%HIghm}{6AR{4HhBV0FwRfTf+BC!~WZ9T$wKlZw z&)YZ!7pBX9+bLc~%SJsNS14_rwWk9%uRjC;lG!Fu&9Pf`xg0rMO>iGkL#QqBaY#^n z=#j=c`ww5uojbSpfx~!4bz2p-~~n zd0dJFe<=)Zsd(6v$_6rjP2|Qm5IjgxS7<(mte$qr*wPBH z_5{VCunTX+r~8*00r_v+_$RuR*f90uW7$wDLyd zeTqN$`3F!-0|XQR000O8noRgs#`&l{9~b}tbF-rdZ4`ez9qc~e*nYk>>g^1-{x=&z zm_B^V5qjAEmd_C~ZEpn|t>oiB&9Z_@zfIF1E2weX6*l58kQJmp3v$1tpnHEVr8NIV z!%i`mr7FR7g}gPBU0+D>Y=w&nL>10xbWmr5bflCm_MvS%KgDw%tN0>(`GUn!;7?zo zfPMa=FQ0$N3p#%ZE&|vF=GKx-D0yL#Swt`Q(homaR}d8op;vNXmBh!c{NToS8RH)w zc*&oLczn^fUJ^t#>>QZ60s9%>_!J7k#mR*|Y!R1uD+?CGR3;RTq{KHfVY7mUy%&7| z??pd+dG5m$_=GzK2($VD00V}V*fQm3`Vb&!C?|i7*NcLAx;dPIKhbkhUOUNEH8EOmd_RV{fNcjrfFe zDERcI0ftd{FX&EZI}(eJeGv=?h)3L z!)1T*34RphZQ=(mTN1u18h{WI4SpxW=BSQ{i%l`ZWhLZ^QE>@i7@qtz2di{EZ(4l|2b8Ue?Zn9vohKwb*)D>0;f`dft5)c{p zAaF2>tMxz1kHAsPFQd`4z79fd>rA1vwH!Zvx3T}-=q>!?r$+NsIqap`55Q$m0o>aQ z2LG?s!Db=!F?w6^6-^GscN=eGYx3R3!8?$?DB+Q9^ZF?AZINQt=Vdf8HcYu&?bv^r z;Fw16Yo5fx-I%09lh@5gYi9i@AT1W?d#?(+O--_ewT$;VHna(o3p#qjFuN z>p#tA>-1(HS$kxyjSvNiL6`=*Ak?e?DbbR5(??gja-wiqnrUC3e{K66; z;<@$(0s$S6STe3X9B4s;;c4zN(_)ii)BywEhm4hhG(QpIZTn z7^#N8+!0s-f5n$r>!Gi*UQGU;l6AgxBNo3GiZ?_}WzFu)xdyk-o7GHgo;+#^WEdbV z&|LxQ#w`=wIiP95zFs7(mU2tO^uY|(UTq_-4dgbklIjUAczv98i~)90RR9gU@ZLHC{bNZ)|dnUu){&bQCd@{ ztqt5dv*oJQAl*sZ=r`dh&gm3L@53`uqOZ?)^4&9 z%sQyiulT{lY0un+Bku8~HuZ7j5L|>7a<@98(O|McB5m%RBD={mFRy@3p z1xh5x_&yV8GbsEN!bXBZW`s!IUvFTv=F$SP}i2bE2y z|4*t9Z-F#|izBp*unfey>z8o8m-wDn?%X1J_0_iezY%rGHot4Fu#r@82n()D0p_7p zndMclb+&d$8=@gdwzpI~ezOO*#_FMU7Z8ZnNF$X&*JQ74>JQbjnUrGxIO-D0YEW`&T=1zdQ2EME$)KAdf3kp)>Hxnm#y`mcMKu z^3i_s)uB!#IG3Eb)QH*C?vbC~yi>9Gd!FaLSowi@bEN+>YOqNO(Kj@+1Oq>wQG!TM z#=fsZp`0EJg5=MWnWChvor0m$%4wbP(k?F-v^hL{+$BGab5xdzX3Deq2*5m%==J1E zy+LXe1&_{<#3!jiv`q&!eYta%g%=-B2qv4M0NaV$%igg{i+rt(=z-b;XmmPkVUXRRH_RahCJ%h5P;r`H2!4z7z|I_-`?a!K zd65dElP~zy470Ez6O8MG*Kg2XV={x9N!boDDgM2UbgxRXC%L=Q;?(*QL<%h)H8t6J z$E+cvRpZmJhU^L}%e_89dY*7p%=mMmb&AU#(sUP6D^ktHTN~f3@#Um`P1ekQqQgq= zeynfbvz(8^sB#BQru;N5k#rWe4ZDGX9v@vzjieEmj^$5Kj+v} z4y+74Uu=5UR)X1^5B+tqHn{NSug&;z>T8Xzmp<|%SEJ90rgJ0}jY8^?TqQLyZ~55b zgiE+nd4ZU$LX2FIt3c?P+}zr;Gw}6t`wJ+>cY5eLaKztDw)lJj`J{`ViE}gOq3jho z^Do6aQ&a|eVxw2*MAmBj>~9w9JZ*1_ZC#T3*Eo~ycK_ONLs5+Sv;k6^Dp>L)$#5H%p|E_p-FMy4mjn*_{9T+u9?5Hk&n6Jb)4XUq`;7fNRfiv# zB$=LLp5M2FleE|}&Af4blJcV5+1c1QChBXgH!2q{@9Lr7M7imcSK|vq;bXI!lT*pa z2E3iB74nYk4s+}qSvFp{jBmUqtW@=H?`m(7OBV7go0mN0{apF{CEIRVAT;^f8T$D1 zFQKxDVqRf|uwg_2x4t@?PqI=Fl+oUB=CLJ%vh^aFbBcE4rXkg$vlH%#VaKiOFRp|w zAr!8EzH!Rawt^%6?QNU?pT;)yl}h0&vxI(`h}^;BqN0I*qFQesD9sU$z3H`=dOQ}i zfRvg48lHLZ9895q9vBcD5L|a_UDq`B_J`XDTZkYg)(qrn)h$uD5HYevF#Pll@-Rjp zzL-hXEIjlD9S8SaS%pcJTbv*n;qgo~Coi{*Wl&o zO&Md-`g_*>W0slmO^r&g7aR$EuL-DM@PkUTcWSy-t|iE6zHXdwJ^W~U4@VLrJcT^2 zxQEX4*#bbT@2B!Z&qE=ltZ5c&DA`Kg z+8Lg0cC#<}3I;gm4Tp1p=2MkfC8Sx96i)V=!J~J?8dBzULydzYt_I83cW3HL=<4OD z`Vj(q-vJ*Ig<`q&s8hO59pVtX5$|AEI59iipyIJg zZ~k8Fk6Te7vncDSuX#?b-()6ux-o2vgttaF`=i~rZEkt*x{piBxl#INE35I@7sEVp zerNkF9~A@K_j~DlbxNX7fyuC=*8TPKqH22C9*>eJMz=W`_cF{70{wxSPd!il{ZSn~ zS(pf=dvRb#VjoBn#h1Un4t%ONPVw;r=jU!#??cF6w?A$ET#F$ab0}k{a5gWm66K22 z?pyY39!gjyshThcFI%yTZ9gr@8V{T+38VroOJ+IhI@c4Z1d3a#(tynvwqMS7Fxn{KGICN=Ano7e~agd97K^aDwX_4J&074&r-9Yfe;2 z)nCS!rhoKw}mN7ME>t`;uKMN(TulG=~?t9!(LZL)pd}&RP9KF5s#H+ekaL#`(Zjbh??%cqST5vH*N>O z^Kv-H#m6mTALUkUT^WVtlN)6)A|;G~f1-_NJZJP2$9z6j`RUYZ&=1WVk!}R5yX{bB zOV`}r5BXO0XJJ$HW>o-w{G4XDAPwAVpif{vLjn3zG12D8bt3WF?64C7?hIh{uzPj1 z(AB0GUn@9((>QJrIC93>P88Wo<75!>roRW%R%#O^Q3fgU_kbqvJtNx22mz*v)-0TTQ67Y*ekpKhwJ@clVVi)i|b0H-`{!Ie(c{*)uszYby8X zurr%D54Rg_<`J^oxesSG#*-?L7ZU7B-+0q<4b7aMG`>Z!4rQNblpWA14GL~E^&a;{ zk*%zwwl*A^lQ8^_c=&)H)0Zjh(y&{N$IEh70S2ftxDN-+u`Xdp#E7|~_mshJ%4mMS z0n?8tDKGlFIVE>R0h5cbxob{&XGP(Y#R|YM6-TwqZy6JyI*pBYaw@8yBbqZ3{F;4v z7+WCPvT#iY-Q9j>(6`R?3B+!?5}7>{rzmQ8Ak6Q3O3dE<;aY1eD6NrBefIK$s?g&2 zi0wN6BlkZrt`vg`>?HHz8$tK diff --git a/Solutions/SalemCyber/Package/createUiDefinition.json b/Solutions/SalemCyber/Package/createUiDefinition.json index 6ad52ce6d25..716977b07b3 100644 --- a/Solutions/SalemCyber/Package/createUiDefinition.json +++ b/Solutions/SalemCyber/Package/createUiDefinition.json @@ -6,7 +6,7 @@ "config": { "isWizard": false, "basics": { - "description": "\n\n**Note:** _There may be [known issues](https://aka.ms/sentinelsolutionsknownissues) pertaining to this Solution, please refer to them before installing._\n\nSalem, [AI Cyber analyst](https://salemcyber.com), **automatically investigates** Sentinel alerts and escalates validated threats that require your attention. \n\nThis Microsoft Sentinel integration allows you to send new Sentinel alerts to Salem for analysis and reporting.\n\n**Why Salem?** \n\nMost alerts are false positives. Salem automatically triages noisy cyber alerts to find a small number of threats that require your attention. \n\nSalem scales the impact of your cyber team by helping you respond well 24/7 to a wide range of security threats. \n\nSalem's AI learns from your team and customizes its analysis to your cyber relevant business context. \n\n**Get Started with Salem** \n\nYou can find and install Salem, AI cyber analyst in the [Azure Marketplace](https%3A%2F%2Fazuremarketplace.microsoft.com%2Fen-us%2Fmarketplace%2Fapps%2Fsaleminc1627928803559.salemcyber%3Ftab%3DOverview)\n\n**Workbooks:** 1, **Playbooks:** 1\n\n[Learn more about Microsoft Sentinel](https://aka.ms/azuresentinel) | [Learn more about Solutions](https://aka.ms/azuresentinelsolutionsdoc)", + "description": "\n\n**Note:** _There may be [known issues](https://aka.ms/sentinelsolutionsknownissues) pertaining to this Solution, please refer to them before installing._\n\nSalem, [AI Cyber analyst](https://salemcyber.com), **automatically investigates** Microsoft Sentinel alerts and escalates validated threats that require your attention. \n\nThis Microsoft Sentinel integration allows you to send new Microsoft Sentinel alerts to Salem for analysis and reporting.\n\n**Why Salem?** \n\nMost alerts are false positives. Salem automatically triages noisy cyber alerts to find a small number of threats that require your attention. \n\nSalem scales the impact of your cyber team by helping you respond well 24/7 to a wide range of security threats. \n\nSalem's AI learns from your team and customizes its analysis to your cyber relevant business context. \n\n**Get Started with Salem** \n\nYou can find and install Salem, AI cyber analyst in the [Azure Marketplace](https%3A%2F%2Fazuremarketplace.microsoft.com%2Fen-us%2Fmarketplace%2Fapps%2Fsaleminc1627928803559.salemcyber%3Ftab%3DOverview)\n\n**Workbooks:** 1, **Playbooks:** 1\n\n[Learn more about Microsoft Sentinel](https://aka.ms/azuresentinel) | [Learn more about Solutions](https://aka.ms/azuresentinelsolutionsdoc)", "subscription": { "resourceProviders": [ "Microsoft.OperationsManagement/solutions", @@ -106,7 +106,7 @@ "name": "playbooks-text", "type": "Microsoft.Common.TextBlock", "options": { - "text": "This Microsoft Sentinel Integration installs a playbook that allows Sentinel alerts to be sent to Salem for investigation" + "text": "This Microsoft Sentinel Integration installs a playbook that allows Microsoft Sentinel alerts to be sent to Salem for investigation" } }, { diff --git a/Solutions/SalemCyber/Package/mainTemplate.json b/Solutions/SalemCyber/Package/mainTemplate.json index 8255ad063db..9c9875ae566 100644 --- a/Solutions/SalemCyber/Package/mainTemplate.json +++ b/Solutions/SalemCyber/Package/mainTemplate.json @@ -407,7 +407,7 @@ ] } ], - "lastUpdateTime": "2023-07-23T16:06:38.317Z" + "lastUpdateTime": "2023-07-24T09:36:52.715Z" } }, "packageKind": "Solution", @@ -433,7 +433,7 @@ "contentSchemaVersion": "3.0.0", "displayName": "SalemCyber", "publisherDisplayName": "Microsoft Sentinel, Salem Cyber", - "descriptionHtml": "

Note: There may be known issues pertaining to this Solution, please refer to them before installing.

\n

Salem, AI Cyber analyst, automatically investigates Sentinel alerts and escalates validated threats that require your attention.

\n

This Microsoft Sentinel integration allows you to send new Sentinel alerts to Salem for analysis and reporting.

\n

Why Salem?

\n

Most alerts are false positives. Salem automatically triages noisy cyber alerts to find a small number of threats that require your attention.

\n

Salem scales the impact of your cyber team by helping you respond well 24/7 to a wide range of security threats.

\n

Salem's AI learns from your team and customizes its analysis to your cyber relevant business context.

\n

Get Started with Salem

\n

You can find and install Salem, AI cyber analyst in the Azure Marketplace

\n

Workbooks: 1, Playbooks: 1

\n

Learn more about Microsoft Sentinel | Learn more about Solutions

\n", + "descriptionHtml": "

Note: There may be known issues pertaining to this Solution, please refer to them before installing.

\n

Salem, AI Cyber analyst, automatically investigates Microsoft Sentinel alerts and escalates validated threats that require your attention.

\n

This Microsoft Sentinel integration allows you to send new Microsoft Sentinel alerts to Salem for analysis and reporting.

\n

Why Salem?

\n

Most alerts are false positives. Salem automatically triages noisy cyber alerts to find a small number of threats that require your attention.

\n

Salem scales the impact of your cyber team by helping you respond well 24/7 to a wide range of security threats.

\n

Salem's AI learns from your team and customizes its analysis to your cyber relevant business context.

\n

Get Started with Salem

\n

You can find and install Salem, AI cyber analyst in the Azure Marketplace

\n

Workbooks: 1, Playbooks: 1

\n

Learn more about Microsoft Sentinel | Learn more about Solutions

\n", "contentKind": "Solution", "contentProductId": "[variables('_solutioncontentProductId')]", "id": "[variables('_solutioncontentProductId')]", From 03bf6ccb5e23bcae79cefbfb45bef928c605b1d7 Mon Sep 17 00:00:00 2001 From: jonbagg Date: Mon, 24 Jul 2023 09:59:42 -0400 Subject: [PATCH 16/26] fix branding validation error --- Solutions/SalemCyber/Package/3.0.0.zip | Bin 8310 -> 8307 bytes .../SalemCyber/Package/mainTemplate.json | 4 ++-- .../SendAlertToSalem/azuredeploy.json | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/Solutions/SalemCyber/Package/3.0.0.zip b/Solutions/SalemCyber/Package/3.0.0.zip index 6b94b9d7a52052394174da7fdd0d49b21599640e..fe48e5797b25af9b4bb228d74fcbcf77a080b18a 100644 GIT binary patch delta 6029 zcmV;87jo$KK=VKhP)h>@6aWAK2moqNu?&m{4QfyLR^0=KlN=ZT0DY6C2P%IXFverN zW{f>U46MC|8OI$EJ!+}w)}WR&DmA!=<-cEMJ*1LUdUS(5_MTY}i&U?ytjw&;tjyBg z-~NM;)_*g5M(0-R8EMVpIAqWIeetF@w|r|#=hTmT)}M=r_UvFT%UFLj818ik+ugyi z@6gZ-mRRqM&O^_NY43Ly`2T;^>hJ;Vz>lHqR~j)l@Nt}BZ-D=k<#QTajuj&WclZKc zS&MiUL|FCI^5~qrT25$0x`ZvlFo@!p4By)L5@8bk@R8;S1>+3^ZxO?IB$hCds~{r0 zJKkFh+uREXLMyTW3II@p!3%5)J4j!_%Xk@5?48At>rd6dI0@H3rv864oOXWNEb+rB2^&S;QSP@@Yr)Sxm(h3;R!(IS1lPkZcD>#b3f4aGXcRN@L3UWrQVqF7%@`?DL0g!PCIfD)$h9UO z)kOdZI@jZKsg^tAq~dwf%|@HQYy&+c)fA;6a0v#4G%D25#N}2hETM*~aO7~vunX6> zhfhYkd!wgM2U~wTJ9|C;w#xzST5cEQxVL0+aS+jm4s=?gL#_}gff^=4yintn5cWsT zFqzr0p~*B1~7duiayLV1oWOJOnB*P$uaFu_yJ*suw?Hs|UqFSyNd zwP^su2!AD4hh7y|8z+$A>inwZxLOrI29Jc^+C1`3f>GoV(+mqdVw$9BFU-$!jY+cg zC#kH2;v@@o^~vRTX*oGfok(;^n9sSGb5TV)sg!@M3DL2B7zH;jDBP?s(WS_rY5I~C zx|-538jQAtebx;ldgIbtt*TVoj9W#4vor?JnnkU1BabASeYPQJ+aPz?TR+7Je}7It z!i*5?bQjt%3yx|mRqQ|=(yriqMS_-n4fbwM9%TqYQ|>R*nZfD+V6m&~jwYQns|~3= zC{cfX$*mjDQgii2tR=~4e?kMcTwkqHcErzM&L;yE&3Y3xrR=ZKg1}nF=)TVuX0-8K znSr&`PX-kwtX5Pjvw+nyh;i%F+OEqXNe9=iFLe8v6;a1fp}^_G?%*jbouR7PS}LQ^ zlfZXl&osrBg?i%lU?|Gw*Y48D2QoZBX;L>99jO9jzibJ zrV%gptO@ma`5Bax_gGHerR8#l+cE-M=C?1`ZaWxKn( z0>HujB_PG}K;M0}U~w>)n7T()0d~1e`6x-G1YB5EL|j!J4uPbV-KS6Xw&|0nUE7&F z>242qo^W1b=^OB1Uk{ zVvf$-;EF(3jQin)To5eOgpy{#?V)fc!HX-)V;qmjqbL^mDCZX!K1hsVhwOC7Xa}Ay z1z;;9`=YgT(c;U;;-x3vgs$g7eRv1@X0$vLvmL;*+MML83-Ds8jVDO87q_Urz!*B3 zQwacW?=37$Wy)|=B~+AD;vRqIWc{Z2lmJB?mvf>-Ni3&z7K8-Wu}qe2)yT38!EnUz z626%TH{bZxF@dG{7vVaeLqIci$UdrVjE-^rHt>zh9js%vdEOmf>eXHU1}rXj%CR_R zu@x^EG`B5AH^2u58nPdc;mtk_a?u*%uMYq7Y!*=~7SF|sgS6rsBqo3IE?{m9&h7L) zI@@0}+d^%~!55nxF5y5mgSDR2L5H~k&trQj(j zE7a#$X3&*fnRFQwK*^a_)en$4PAFrb1)fS$-p;bb8}M}}{9my(JR;R2r@3r_yE?DN zo7P3WfiZui^Zwilv(-SuI`Xdq-rKPi9|!(4L6}zaqLs=lEIOD@BPteB z(C%U`0iIAWE$v)0QB>9t+2~c^1yL3}$x)!N!1@62ysnM)$~yAlpoVw!#-*N< zgF*K44md52MaR$!1&a!5!ma=V!s_M_nMkvVJN3CxmUV5uLw!4Nop>hXUv3NFt6vmL zk0Ks&T%xF7aYiZ4%VPw7wgKv4UerJ7jd^U_*6?a`UI1B5HJWX zQN`}d`QjCmun-u3Csu3=dQZ{C`{iaUNJ8vni2UKvtGKd*RF-Dij*=H|xdtnt3^hRu zu?m4y-Z)3T;nhVwa7f}`!(Av1^bY3MM|ZxMp8^}ZS74L+@u3SgD>rF6N%5P=;;K+m zHoAu&E#jH9BAPDCSzynN+-T#|$^(l-iX(jR{{1|8L zO8F9uN?vt-)1@CnE3MtLY~j_=MrJ;&`8-e=*4nIP{}|R>9YbYWnq>h=IeRA~ z7Zlly4@7$pVJ2p}%u0xYF!)*+e*06C)e%G&Y+$#pZy2k?OW039o9Kiuuv$v+TA!Pf zFcKkuRS+%-Iu&=L&-Y$lW65+wmQlLZqe0XCB@6CQsr zLeLrgN?B2s7Z+ccAY;G*u=}XePovY4{LwjfP*Im>c0;mHE<`mO-k}E} z=OS-%amr;8A`sp|r$Myj@iQ`=p%}c9eUXo4X%a=$IAAXcz-bW1Gs0*+Q@~y^F6mJs zU6VLy3~%%x@?`@K;@wQlq!y~ryUm7it`z-~4K;dsr@98Z-Oq-`eNVh#8oYl2=P;Tn z`#hUrjIVm^X8JwRdfG3ISb}PRb!1g`$RiIa2rA0nV z1bywNDJ1tj9m6Kx0Ak^BYh{0dZDkQ{X|P|htubKU+=mKlE2jFGrNm0%gtEC14`vF~ zKu}@7ram+-E9U1IhcjR$n?_S?TMVDmvmWp2p(0ga8PkzOlF|y`$fT#ogr_=>D%T2R z2~Pn{Bw0y4*m1A*aM#=0+g^469^nh82u)}1XhNWL`eMr$S*i#BI4pkw4j2-ovuhP& zRn?EN_af6}^-A+-85%#7;?FQ?K5^6QO9O)HHc$OgYp){~Bo7a*{<(tvRGpG|;$p=8 zrKxoiTWV^Gg(dB3Sy*o)*X5MQh?eE)JydL}wm(-$&GjQ{TgJ2t6M%&*lzdO_1KO@2 z?MpIIzwo4r(sZS7Nfm#Ol~j>SW+N(Z>E9}yqL@upolcRJ(Jh4&DJaSfoP5&unt22V zL`3m|r%vQ#r5Wg$kBx^D5W>I{>Ork{ZDNIKu6aW%P3(xTZvbgOEhbWfhaN@xSM@B> zBBGBp*E5(`tEbWQgq6leB0b5eg7M(`DbWlXO|=n-;E zts6=vp5`$Jq^<2l>E`u;PWlS1ychFz6WClxBIh7< zSsxr?KBm4fgN1+88W*9~WQ<;DYOR%TeMwX1(pUL<>ZZL_HSH}^>tfbc*Y&~X$oOH} zWf!}^EZY8Mb-#(?P~y$0Xq!viUpI5#MGm~?s*e1ZO4mMic`l1z$+y2m-p1yA z3I58_CHsG#L6AZ{0LirLs%o73QfEG$D%zXp?W~x;Jl6y_SP>?#mNuU?ry7DU76DTm z+@#E#QaZ#c)F|RytB8>sI^*v6M~F322XCtr;zKF${}BNIEVF>`tq_vaYD6kWa$Q(X zD|&ec4#mKszq~(!xZE)CF-S}bpdWyzH#Yx%&JTZN`0jg}(U{tooA>>UhOugY@AbyK zJIxcaT2~SrVbL^eD-K9F^@`Rjvr!4^TSvHQ@s#kfQeuRB9@ojqRe zO1!zU(dojr`Hg%PRB3RwR!>&r=XBb?%2_{@sdZzka&Ap|SzCn)zRAog5c_&vb)K19 zFI9g~2=Rctu>;1h>+x$LU&^3PfR5R;K&Y>IWCV5ICAwYv5?+g(ZE`63XXE}k)rxo7Q@^6FpCrjKeRG_q6W@u#}Y=jGi5f)Af;>k&vf#)NJ6YqMNapX`6< zHd;cQa3ib5sK%>P3()rY9N6PnzYU`>>U~EIJxBGzx0SIiYY1Ck!J^kS>(16GA>(E> zpFrqWUDk}9ocW(O=(W02d4m6?y7Si%XbH!CmZdZwMfs1ho>g6cO^cd2mikmeq`@6^ zC6`bp<)49@WT*t%*WnyaTkk|nX&1>8S8#5#wMCWk}v zRHO26=mG4t_EC|F$@|p=+N$>^iim zyMZI~ta>GVDsiWWq17B{R}x+-<1{hWG=4N83~|$8=|b4Wpp_h1RmQlK#PWZBovheg zbNMp3u=v%CN8-cPRJirPGBBYREF3uU#|#8=di454gwI)IvT(f^A|A-W5n%yY1`A?a z7#IY;Rm`2domnvvH^4B0`OE7us44W~aTxRyu*1Jc@{fv)C{O;;uJeCj@=sanNoIsq zQ%@?tMPTH7HRV-OPijLiW%GY;sV9hqZ>cBEQ%~w7lm3|1=PSZFMWQp;#z1RIRQj$+ z9qGnFH}lPpvi;x}{tYmf5k>xq9%lGlluVL`8bW#d)s5nX<;l;s@jDrd`vM3J8qq%% zE^{&D-e8Y`rxZe{Ao^7FnuOFIpof5*SkX0&0X*;}7bVi$2^`h=ygGk}`kF4a4g|cf zrBRBh;AyBX7-w)sj`6EORES^An^h11=TUH3Vmi8U4tKSguqC;$>n$U1inq9w9^)$a zvkHhe5awkKVHS{pyT>mfUd4dNacQE&Zg;eOHrRW%v-fPc*L(VO_kXjogz3Y#Y@vtk zbop!{(?(aY)=EAD)GU8LsPro}4f2B;w_RaN{tWp+>H{I`r3bD3;gr%$7!5nctd^=& z*A+6@Ocs72)w2~YCJ zQ{WTs7$D4Q3IGh4SYpeRAM8VbprM>JUNj1ZmW#2SOYP1J1YF^zd~?S8!_*z(3_OdT zi}Kn@F0F~tj^ls(G0X+5JOBc0I-f@bCsR2?beO&usU`IAj~p;=C@Ph~r?*Yi2A*uf zXAYx?`_3?1SYT8_ppfxlwiK=Yo=iTe!|z*E(}vmbYh+0%Zy{klIb0T>;88)|CVt?u zCE=^00SLj-;DI7+j_QcG;uLdTRzjW_6_)^p;b~BF;QD_U`{7N*m@&10q?Tkxy%32I z@dzpjoX9!kmcrmYyBw$2nvTg&m&cUuSFjo!dNettAhmBU_|2LW6L6~NKGVDSH19c>AEP%F z-_zt!e7E%`wkF?g9lizWixM8$Hm{E&-xeuWeP~7#W5blY)sCGhPCF?RZ<*6FfaMq$ z82m5*kTnSwv4QWnnEMxL)@33#oxnDAuVf<^o&tZ|D!rs?H!9aP%DxrXK-Fm66e{p7 z$DL0Ji);-ok#*Y>-xFFe8p)2hZO0d0{7y7<^#!5hU>d;g!>=w8GM?Q`FIvd7@eF$3 z-3dR!m_A;foL=T>sc2&MT-02aQF}?o>X&0=i~#dx811AJp9s_b?yf!Vx$`Wa+hEQ{1xA1 zt%ttKdNFx^O4j+xjad9nDBci1l{LFFCmh^9Z&ow0dGaKXVSuzicLk`sw@h^BfTjie zdXcbN%0UemjU7mZ43x-?)3*oj3z3d`WwbQd@Rmez7hMK{I>r*SFtw*1$&FtBkw`wc zz)%bJN)Z;0u%rg000080BTQ@>K{W5YESr9-2;b{92fuqeUmyMHU`-r H00000j+kKv delta 6007 zcmV--7l`QdK=wckP)h>@6aWAK2mqQ)u?&m{4Vp~&R>t|LJs%hV0CSV22P%J?m+=^{ z8Dq~718c8g#&HKkk6J3aHK-+xN)7H|`R|um52+-T9u3%o_sn`&qedaJM_y><)%~ zhlXCT#CoT69(qABR7;Vwf+&rWWlJ@A(KT+d`cba zkT@Wr#Tc=oc{h%)VDc;`za7azx+k+>;W=Gs+Wmocf3hOS4xrg@JwiTG;`%J6mV>>L zct*)@H$im8Ld&LI1?GQm-#OCVC{X6MlmBFWry`F)sQ>XjFB=Gw1w$tGT_>ZTx;S{ zT?Bxjb3HznYPmB`DxM|XthM>eHqb*-O;H*Gmta6hqe2}`TyCVo5^AUlhYp7fyKsGb zxINn09X)$C*w}yC+U@bTT@Gm1a=ReMy(No_gNQzKpwki^a)m$%)G!g^g&MDgus?K$ z$pjB9Hk$+>YYLTRtwbmuI&1BO8heL6bEmVI^;LD&?hp;s;*gyC@`I>7=_I5!B7Ue# z1D%Hx_H3_r+Wi!c6KXFaH(n<2v^%nOT_@d}Nw?iu`0jrn3o6)QO@n`IoWOd=FhzxT zEZ6ACjC6fDO+#c+#DV>gEI?sB<_R9&g%kuLfMIzFDiRTcYg2*;6U0&{cpnAM!cG8} z_>8S9nn9FKl%1^sVz%9B-%Q&44K4_$#?O^s2bpIDrgT=T|Mq)vEY0cqH`h%_Hw67)2g2&9J~Drb(Li!u%}nF-dm+ zNh&L$ILSg?eRBC-T24+=ClXx}=5r?ITvU;cD`kIcLUgPjM!~fU3ODOZbSd&@n!aR( zuBJ4M2BQsOpLN5CUc2;0t16W?<5p4NERDglW>M?R$RmknpKS=*Hpm_J&QCGI-=EP> zFe3yz-G$c7f}3WxX0SQ{SnTS$qe&;tYC~!d zN>qPea^uFc)Lgw5Ye_QNpU{9U*H^2Q9q|j8^T|L(v))8aDf?@*Ah4D(y6>`u8ErgQ zW?(J#lR-rZs}$VRj0)lYU!D%l_%%w>PLD=6!yfSc5yG~xwqAMiO?p8F?t4#b>V zx95uD&s)#W6Ox|-D=j9R!jqNn?}wr1N>7NQg0A8|)}MI6qz}9R072Y zl3d9L12+oA(mtqMywC;aWl(emP$A*LpS$o{atb`%W;^)#5AVIg!6CFwI!ZAkdvkvs z-hf&Id$7B)(cRd+-0W_SMuYCIb!m5$qxLzQvkDc6vQ;I5xa9bjx2vl$DwOq z(TEp&)`WVz{1nQ`2P`M=({ee(O`JIU5s+tL?KoOcS$INYa3@T04lo7bIYD0H9so5n zXCXxTF}~Os;Llwr|9<$aq+nyaq+ow@V^mV|Y(QFYiGsQE)T1g9VavhDJUFH{^BlUed-0{?va&jNqEZ z9G$trC4sIO_rnRfAXumgCC!4H1K~`97nhdDI3AHlQ7rIL&d$$$kQl=b+3Jwd7Cc=D zz*a`~d28#u#g~u8OHaHBUC)F1@DB9NXn87TJAh}kImuV&;KfoKPmpRaZc%%IF?2Mi z5&+!Z8(5gil;NmKs3@t#J`rhyfwsM9scL(ETUE{o{JR+X~nllOyqxkz}y&|+v$6B zw!dMvh1!sVFV;C+!hvcAYcDr4Z@?DwIcOArQbJX4h;+PP+;sH`Ef(d)nqqAYllqd;MS^#R~{T^s9_b>zcA4e#i!OFbtC zgY4x!a9SLTj-eL{78TTlT>%D!)y*L?k!BNj>T{ti>)L#W`sg}3@l43S+!nxBzbKX- zMLguVL{Y!uj8dAH#|Zpv1JuL3tbcNZJ&jx^yB@F`9=UTDakn-2TuV0k43l{fFbFnL z#qP@a;x&`85Ey^QR%{D;PtnEuJdBrXs@7Q6TCZjQ7}i`JLuFc;WdTV!dn+Rs z6xodTMSBlnCT6NmxVail8Io;+rnZ!2e}``cjzoO z6aqwd1deS&GITQ3g=_c-vqB~X@7R>yE4MzNbUQ33hj__*&l{U!XQT=9DV+=Pd5 zdy}{lCIYM{li(610oRiT6DI-IlP(h;e=jn9=(QmY)MhPhnHl~+Y$8r6ReI8 z5fiS1W^mRh*09qtPULB62S$%CgGv6dR44pEPCrw*A!dXip9nm^lbkXVoc6HRe+@X8 zGn25y8}skQ-FbBG8)G*l`{Y7Yv*8_j5OOZ^CKsn%79j%R9dsH*OCCQX(;14vE7=$M zSe7PHM2!RXk^r0rVLT&@)-wg{72}c~CDJvCgU0Yi4DSGTHbpxeD{Xx#V23#P$ae{c??nX<>T8OHdk$F8T}6RoGc(ugIf23SW{Wd}U+ zkb_Sun!QjJV5Y^O`3v)QfI6(!Up`N7mJ)R@+J>h%Lo-yAA z3T2Sp2MWJIO1`(^Sq>jO{OEho#U`RB1Vqr+UYbI3*V8d<;te1c9=BE&f7n(Q(Uu1L z726sE=FNSmu(o2Vk6B8r6iz6c3-Ms4Kn(;H_G{`x^{!2< zFwHe@Xr+lA@y#_L?We^=YVgpbNdKyyC0a!Ek>+{|6G}%XV)*n{1VNN-;U#Pn4le8&%WZFtsjbZFOBAY>tc{rd@Wi3(TVJUsU&-C=MmwoQk%&#Qpnb?wfpV zQf+wQIG>7PokH|G-@^Q&~ z>4FQZM6lmSe+MzKmO!+ooosgp@NbylJ_W<1og|>t+~riLU!|3#^GjKV)`E3jBXW007G@;Cm~CLKciu++TRDgG4D?Egsj$;1V>mj&Dx3s5>CCM^~!8ig8J4W zZdyDge5{lhA)m)}a()B4?W%h<@4^o%Zb=sK#}W;?ai{dC&_|OzTxjVvfV`L zq_I*)VZb^0AU!*3CKQA$sM*>Zbd;RYmj~!PG1kR1hB5c7eO6xm%h~i%t%OE)syzNw zxB0xfoj~y6_NE?zlw(ZTcE2{uHTB7Ue`%v7#0fXDT8wJEI<)|8pU;6kj`iCx3Zve4 z)X;NOFML}W+p>nR^%X37U9;|Nof0x`R`Usje${2o*vXmyS%Y4yJC!H+Pt~1&4}q3& z+!t9&^HG%l80%Tp_1CnhnPaKXB}5wBQCD&aWm5hHc=_`XS$>=}k|G&5wx(q#e-$&= z0gJ7xCZf4|3M5$)i(SC|!$Yid_-JxCBu_Oe4~HJWUiUsKQZaeInm}9i-b4{mkOUGK z5F=1ix@$fPF769iG1x#3hOq<~OOfjYU&C(T$ULiFNuNsG>0xL!2ilc{m&!Ozj5UoP zO$bBWbXd9&b}?urM^=?FE+w(Ne_tmnHrHI91{W5;n(;_{xS9%gKd=l;=miT0j{GqL zft(z^ITqn_7MUzuFNTN*vVTZeK$gLR*cJu`fo~OaCvRp}OvDW^j9~uq{TS2~dhs|6 z`We{a-y``)MMjh-|7h3wKQQ^HEcGNa!m6n!mER&Ta=x1KDyb*6p_j7xf49^V#KO1K zljf->b&^Sc%BkA=%z474{`Vc;Kyz$u716}={bwEO56Ajej8 zMPmR8Jjg{k^lkzNbUv@ne__3%ORWO|?;B}~Vgh&?pbI7$oQz}CY7iBoR`bRbguQtb z9F>@aZk)qyZT@RX2JHP7k2l4;TS^aamD5>;!5hf&qJ|s`NWeYgmk=*tz(cq+Jz}Rj z+B_ZXKHu1WzBTIY47dI_8$p;pe9IAf*#4H!5i)IW1skp8<3G)^e}YQCP17JNsBzmB zHsUXk6{J23a=)aYdw(vaH2+1zPBE9ID#3Myyfu?uUr6w5g^LM970zgMP-la5q?9f8 zp=~=q#d993_#%Ayg2hqbPhX;deg2{^pU4Y3e+e!E*aqg-l1wOhVUbxxFZa?9KUh}~ z6$_zPa$uFj$FBU~f5vwi;~yS)$)AXLe9^aF5=1rZ9GJNQ`x)Q(6biw`$%Q>^5tn!? z3l_svCKQgO#5Xfxvx0`b7kvQlML&Fb?!y%LggXWZv-$x51BR8@GUaFb5FltMCym#O zf_dd)MCVew=>h>)crkpzQEtw7YnZw@oPj^lb5UM9$yGHme_C&RKZd!0Z3jSrCFk=v z;AASNhz`?NBDFLg{%Hfo%|oRq`1Ga%vP5m*DJFd8Fp9Y440D79MkNFa86Rg$(dzHX zV`e4$&Q$XbgZZovofqo-jUarLl<-_sY4|!k{97QwYa&nRD03&J8p}KQzfj@4t zV6cXaCAZWSRtSQFMC=j}8TTM?Fp8`7Kgy55QOqx+f6=tQ4nl3~Orf;396x=xvH#uZ zE&SuBM)OoT?4{Wcz-3SY+}jHV|F6}-W+C)3dRy@oO%BC(8*gK4^4-S4JCMF8;gN0g z`Y7^kkz&>7Wi&B1Ou1X_*qP$AlQQv^IU@sDj&Om&`vL%2lVA}W_>POYf01TgCSubG zY*Y72e>QUADZs7LOR9FGa$TeB3vmrpjmAx(0^f4n`INB8*3c4JH$Cwcp#`In?1)=* zeBs6KL_=5K4LS;@0qj2f!V)3l+4c0ig-jdIp!c1v@Dn`FDC!-_^UH=wwFkgXDf7L{Dze8rYf08RMRvE9!l@@hZS={dmi_A=_uB@oO zs-ohGilQ&H{tlOiUlntoTLFp~sfNGY5m*6##g|y?p|7%DO#Ysdb-r{X7QYvYH$+Wk z&F;*(2Di_f)l6)jJPBkNAT7{c0qVvr6WuwWX~Di;B&?QlOT+bI`%)nTC35ZL-TsF{ zIDDgC87(%v8&TXqmqDP8vBWG)?Wsp{p4WdGk`FF0)PlWIMascz`1gNMO928D02BZK l00;n@Oq1syLk*ft_*TaGs68JT00487Hy}0!+#dh{001jUTIm1) diff --git a/Solutions/SalemCyber/Package/mainTemplate.json b/Solutions/SalemCyber/Package/mainTemplate.json index 9c9875ae566..e8e120b93ba 100644 --- a/Solutions/SalemCyber/Package/mainTemplate.json +++ b/Solutions/SalemCyber/Package/mainTemplate.json @@ -393,7 +393,7 @@ ], "metadata": { "title": "Send-Sentinel-Alerts-to-Salem", - "description": "Use this playbook to send Sentinel alerts to Salem Virtual Cyber Analyst", + "description": "Use this playbook to send Microsoft Sentinel alerts to Salem Virtual Cyber Analyst", "prerequisites": [ "Install Salem from the Azure Marketplace", "Obtain the send key from the Alerts Eventhub in the Salem resrouce gorup" @@ -407,7 +407,7 @@ ] } ], - "lastUpdateTime": "2023-07-24T09:36:52.715Z" + "lastUpdateTime": "2023-07-24T09:59:19.887Z" } }, "packageKind": "Solution", diff --git a/Solutions/SalemCyber/Playbooks/SendAlertToSalem/azuredeploy.json b/Solutions/SalemCyber/Playbooks/SendAlertToSalem/azuredeploy.json index def0d9cfc53..ea0f23d3628 100644 --- a/Solutions/SalemCyber/Playbooks/SendAlertToSalem/azuredeploy.json +++ b/Solutions/SalemCyber/Playbooks/SendAlertToSalem/azuredeploy.json @@ -3,7 +3,7 @@ "contentVersion": "1.0.0.0", "metadata": { "title": "Send-Sentinel-Alerts-to-Salem", - "description": "Use this playbook to send Sentinel alerts to Salem Virtual Cyber Analyst", + "description": "Use this playbook to send Microsoft Sentinel alerts to Salem Virtual Cyber Analyst", "prerequisites": [ "Install Salem from the Azure Marketplace", "Obtain the send key from the Alerts Eventhub in the Salem resrouce gorup" From 299b370dab1d147447da51dec5aa0e95c3a0b31d Mon Sep 17 00:00:00 2001 From: jonbagg Date: Mon, 31 Jul 2023 12:48:50 -0400 Subject: [PATCH 17/26] add sample data --- Solutions/SalemCyber/Sample Data/sample_data.csv | 6 ++++++ 1 file changed, 6 insertions(+) create mode 100644 Solutions/SalemCyber/Sample Data/sample_data.csv diff --git a/Solutions/SalemCyber/Sample Data/sample_data.csv b/Solutions/SalemCyber/Sample Data/sample_data.csv new file mode 100644 index 00000000000..3d699fb23e1 --- /dev/null +++ b/Solutions/SalemCyber/Sample Data/sample_data.csv @@ -0,0 +1,6 @@ +TenantId,SourceSystem,TimeGenerated [UTC],Computer,RawData,report_time_t [UTC],id_g,date_s,receive_time_s,alert_source_s,raw_s,alert_name_s,parsed_s,context_s,actions_s,prediction_s,updated_by_s,incident_s,source_s,Type +00000000-0000-0000-0000-000000000000,RestAPI,"7/30/2023, 7:19:16.731 PM",,,"7/30/2023, 7:19:15.361 PM",00000000-0000-0000-0000-000000000001,7/30/2023,1690744624,sentinel,"{'custom_details': {}, 'earliest': '2023-07-16 19:12:00Z', 'entities': [{'$id': '3', 'Name': 'Partner-Integration', 'Type': 'account'}], 'incident_id': 550, 'latest': '2023-07-30 19:12:01Z'}",Service Principal Authentication Attempt from New Country,"{'earliest': '2023-07-16 19:12:00Z', 'entities': [{'$id': '3', 'Name': 'Partner-Integration', 'Type': 'account'}], 'incident_id': 550, 'latest': '2023-07-30 19:12:01Z', 'account': ['Partner-Integration'], 'alert_name': 'Service Principal Authentication Attempt from New Country'}","{'action': ['authentication'], 'account': ['shared_access_key']}","['default_context_lookup', 'naming-convention-admin-users-ActionConf', 'naming-convention-service-accounts-ActionConf', 'naming-convention-domain-account-ActionConf', 'email-domains-ActionConf', 'default_account_match', 'demo_svc_account', 'system_account', 'default_anonymous', 'UserGen_account.regular_user_1676650826', 'UserGen_account.regular_user_1679064922']","[0.8330117799341679, 0.8330117799341679]",[],1,Salem,SalemAlerts_CL +00000000-0000-0000-0000-000000000002,RestAPI,"7/27/2023, 11:13:26.097 AM",,,"7/27/2023, 11:13:24.722 AM",00000000-0000-0000-0000-000000000003,7/27/2023,1690456295,sentinel,"{'custom_details': {'app': ['Miro'], 'account': ['jan.bragg@example.com'], 'result': ['50074'], 'description': ['Strong Authentication is required.']}, 'earliest': '2023-07-26 11:06:30Z', 'entities': [{'$id': '3', 'Name': 'jan.bragg', 'UPNSuffix': 'example.com', 'Type': 'account'}, {'$id': '4', 'Address': '2600:0000:0000:0000:0000:0000:0000:f0e1', 'Type': 'ip'}], 'incident_id': 543, 'latest': '2023-07-27 11:06:31Z'}",Successful logon from IP and failure from a different IP,"{'custom_details__app': ['Miro'], 'custom_details__account': ['jan.bragg@example.com'], 'custom_details__result': ['50074'], 'custom_details__description': ['Strong Authentication is required.'], 'earliest': '2023-07-26 11:06:30Z', 'entities': [{'$id': '3', 'Name': jan.bragg', 'UPNSuffix': 'example.com', 'Type': 'account'}, {'$id': '4', 'Address': '2600:0000:0000:0000:0000:0000:0000:f0e1', 'Type': 'ip'}], 'incident_id': 543, 'latest': '2023-07-27 11:06:31Z', 'account': ['jan.bragg'], 'alert_name': 'Successful logon from IP and failure from a different IP'}","{'action': ['authentication'], 'dest': ['cloud_service'], 'program':['approved_program']}","['default_context_lookup', 'naming-convention-admin-users-ActionConf', 'naming-convention-service-accounts-ActionConf', 'naming-convention-domain-account-ActionConf', 'email-domains-ActionConf', 'default_account_match', 'demo_svc_account', 'system_account', 'default_anonymous', 'UserGen_account.regular_user_1676650826', 'UserGen_account.regular_user_1679064922', 'UserGen_action.failure_1680017671', 'UserGen_action.failure_1680099173', 'UserGen_action.failure_1680532569', 'UserGen_action.failure_1688659161']","[0.4487365037202835, 0.2812345498983101]",[],0,Salem,SalemAlerts_CL +00000000-0000-0000-0000-000000000003,RestAPI,"7/27/2023, 7:35:38.856 PM",,,"7/27/2023, 7:35:37.094 PM",00000000-0000-0000-0000-000000000004,7/27/2023,1690486413,sentinel,"{'custom_details': {}, 'earliest': '2023-07-20 19:28:29Z', 'entities': [{'$id': '3', 'Name': 'jan.bragg', 'UPNSuffix': 'example.com', 'IsDomainJoined': True, 'DisplayName': 'jan.bragg@example.com', 'Type': 'account'}, {'$id': '4', 'Address': '123.123.123.123', 'Type': 'ip'}], 'incident_id': 544, 'latest': '2023-07-27 19:28:30Z'}",Failed login attempts to Azure Portal,"{'earliest': '2023-07-20 19:28:29Z', 'entities': [{'$id': '3', 'Name': 'jan.bragg', 'UPNSuffix': 'example.com', 'IsDomainJoined': True, 'DisplayName': 'jan.bragg@example.com', 'Type': 'account'}, {'$id': '4', 'Address': '123.123.123.123', 'Type': 'ip'}], 'incident_id': 544, 'latest': '2023-07-27 19:28:30Z', 'account': ['jan.bragg'], 'alert_name': 'Failed login attempts to Azure Portal'}","{'action': ['authentication', 'expected_aciton'], 'dest': ['cloud_service']}","['default_context_lookup', 'naming-convention-admin-users-ActionConf', 'naming-convention-service-accounts-ActionConf', 'naming-convention-domain-account-ActionConf', 'email-domains-ActionConf', 'default_account_match', 'demo_svc_account', 'system_account', 'default_anonymous', 'UserGen_account.regular_user_1676650826', 'UserGen_account.regular_user_1679064922']","[0.4976343959569931, 0.1197867461203676]",[],0,Salem,SalemAlerts_CL +00000000-0000-0000-0000-000000000004,RestAPI,"7/27/2023, 7:53:22.111 PM",,,"7/27/2023, 7:53:21.738 PM",00000000-0000-0000-0000-000000000005,7/27/2023,1690487481,sentinel,"{'custom_details': {'country': ['LV'], 'user_agent': ['[""Dalvik/2.1.0 (Linux; U; Android 13; Pixel 6 Build/TQ3A.230705.001) ;Pixel 6""]'], 'src_host': ['[""""]'], 'src_ip': ['[""123.123.123.123""]'], 'result': ['[""0 - ""]'], 'user': ['jan.bragg@example.com']}, 'earliest': '2023-07-13 19:46:17Z', 'entities': [{'$id': '3', 'Name': 'jan.bragg', 'UPNSuffix': 'example.com', 'IsDomainJoined': True, 'DisplayName': 'jan.bragg@example.com', 'Type': 'account'}], 'incident_id': 545, 'latest': '2023-07-27 19:46:18Z'}",Authentication Attempt from New Country,"{'custom_details__country': ['LV'], 'custom_details__user_agent': ['[""Dalvik/2.1.0 (Linux; U; Android 13; Pixel 6 Build/TQ3A.230705.001) ;Pixel 6""]'], 'custom_details__src_host': ['[""""]'], 'custom_details__src_ip': ['[""123.123.123.123""]'], 'custom_details__result': ['[""0 - ""]'], 'custom_details__user': ['jan.bragg@example.com'], 'earliest': '2023-07-13 19:46:17Z', 'entities': [{'$id': '3', 'Name': 'jan.bragg', 'UPNSuffix': 'example.com', 'IsDomainJoined': True, 'DisplayName': 'jan.bragg@example.com', 'Type': 'account'}], 'incident_id': 545, 'latest': '2023-07-27 19:46:18Z', 'account': ['jan.bragg'], 'alert_name': 'Authentication Attempt from New Country'}","{'action': ['authentication'] 'account': ['on_travel', 'domain_account']}","['default_context_lookup', 'naming-convention-admin-users-ActionConf', 'naming-convention-service-accounts-ActionConf', 'naming-convention-domain-account-ActionConf', 'email-domains-ActionConf', 'default_account_match', 'demo_svc_account', 'system_account', 'default_anonymous', 'UserGen_account.regular_user_1676650826', 'UserGen_account.regular_user_1679064922', 'UserGen_action.failure_1680017671', 'UserGen_action.unapproved_action_1680017995', 'UserGen_action.failure_1680099173', 'UserGen_action.failure_1680532569', 'UserGen_action.failure_1688659161']","[0.4487365037202835, 0.3422004755431098]",[],0,Salem,SalemAlerts_CL +00000000-0000-0000-0000-000000000006,RestAPI,"7/25/2023, 2:42:40.263 PM",,,"7/25/2023, 2:42:37.783 PM",00000000-0000-0000-0000-000000000007,7/25/2023,1690296007,sentinel,"{'custom_details': {'city': ['Mumbai'], 'src_os': ['Windows 10'], 'account': ['jan.bragg@example.com'], 'process': ['Edge 18.19045'], 'logon_type': ['AADNonInteractiveUserSignInLogs'], 'region': ['IN'], 'src': ['[""123.123.123.123"",""123.123.123.124""]'], 'app': ['Microsoft Office'], 'result': ['[""failure""]']}, 'earliest': '2023-07-24 14:35:02Z', 'entities': [{'$id': '3', 'Name': 'jan.bragg', 'UPNSuffix': 'example.com', 'IsDomainJoined': True, 'DisplayName': 'jan.bragg@example.com', 'Type': 'account'}], 'incident_id': 541, 'latest': '2023-07-25 14:35:03Z'}",Attempt to bypass conditional access rule in Azure AD,"{'custom_details__city': ['Mumbai'], 'custom_details__src_os': ['Windows 10'], 'custom_details__account': ['jan.bragg@example.com'], 'custom_details__process': ['Edge 18.19045'], 'custom_details__logon_type': ['AADNonInteractiveUserSignInLogs'], 'custom_details__region': ['IN'], 'custom_details__src': ['[""123.123.123.123"",""123.123.123.124""]'], 'custom_details__app': ['Microsoft Office'], 'custom_details__result': ['[""failure""]'], 'earliest': '2023-07-24 14:35:02Z', 'entities': [{'$id': '3', 'Name': 'jan.bragg', 'UPNSuffix': 'example.com', 'IsDomainJoined': True, 'DisplayName': 'jan.bragg@example.com', 'Type': 'account'}], 'incident_id': 541, 'latest': '2023-07-25 14:35:03Z', 'account': ['jan.bragg'], 'alert_name': 'Attempt to bypass conditional access rule in Azure AD'}","{'dest': ['cloud_service'], 'action': ['authentication', 'failure'], 'account':['mfa_enabled']}","['default_context_lookup', 'naming-convention-admin-users-ActionConf', 'naming-convention-service-accounts-ActionConf', 'naming-convention-domain-account-ActionConf', 'email-domains-ActionConf', 'default_account_match', 'demo_svc_account', 'system_account', 'default_anonymous', 'UserGen_account.regular_user_1676650826', 'UserGen_account.regular_user_1679064922', 'UserGen_action.failure_1680017671', 'UserGen_action.failure_1680099173', 'UserGen_action.failure_1680532569', 'UserGen_action.failure_1688659161']","[0.49763429164886475, 0.0329890876554427]",[],0,Salem,SalemAlerts_CL From b13f13495340fbf183c8e2607239e960093fa129 Mon Sep 17 00:00:00 2001 From: jonbagg Date: Wed, 9 Aug 2023 12:25:04 -0400 Subject: [PATCH 18/26] move sample data --- .../Sample Data/sample_data.csv => Sample Data/SalemCyber.csv | 0 1 file changed, 0 insertions(+), 0 deletions(-) rename Solutions/SalemCyber/Sample Data/sample_data.csv => Sample Data/SalemCyber.csv (100%) diff --git a/Solutions/SalemCyber/Sample Data/sample_data.csv b/Sample Data/SalemCyber.csv similarity index 100% rename from Solutions/SalemCyber/Sample Data/sample_data.csv rename to Sample Data/SalemCyber.csv From 7754ed90e1a34c1d1f5c46ed6570a52bbab859b3 Mon Sep 17 00:00:00 2001 From: PrasadBoke Date: Sun, 13 Aug 2023 11:24:00 +0530 Subject: [PATCH 19/26] Hyperlink corrected --- Solutions/SalemCyber/Data/Solution_Salem.json | 2 +- Solutions/SalemCyber/Package/createUiDefinition.json | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/Solutions/SalemCyber/Data/Solution_Salem.json b/Solutions/SalemCyber/Data/Solution_Salem.json index 03ec445ef68..8e4720bbb48 100644 --- a/Solutions/SalemCyber/Data/Solution_Salem.json +++ b/Solutions/SalemCyber/Data/Solution_Salem.json @@ -1,7 +1,7 @@ { "Name": "SalemCyber", "Author": "Salem Cyber - support@salemcyber.com", - "Logo": "", + "Logo": "", "Description": "Salem, [AI Cyber analyst](https://salemcyber.com), **automatically investigates** Microsoft Sentinel alerts and escalates validated threats that require your attention. \n\nThis Microsoft Sentinel integration allows you to send new Microsoft Sentinel alerts to Salem for analysis and reporting.\n\n**Why Salem?** \n\nMost alerts are false positives. Salem automatically triages noisy cyber alerts to find a small number of threats that require your attention. \n\nSalem scales the impact of your cyber team by helping you respond well 24/7 to a wide range of security threats. \n\nSalem's AI learns from your team and customizes its analysis to your cyber relevant business context. \n\n**Get Started with Salem** \n\nYou can find and install Salem, AI cyber analyst in the [Azure Marketplace](https%3A%2F%2Fazuremarketplace.microsoft.com%2Fen-us%2Fmarketplace%2Fapps%2Fsaleminc1627928803559.salemcyber%3Ftab%3DOverview)", "Workbooks": ["Solutions/SalemCyber/Workbooks/SalemDashboard.json"], diff --git a/Solutions/SalemCyber/Package/createUiDefinition.json b/Solutions/SalemCyber/Package/createUiDefinition.json index 716977b07b3..796b134f541 100644 --- a/Solutions/SalemCyber/Package/createUiDefinition.json +++ b/Solutions/SalemCyber/Package/createUiDefinition.json @@ -6,7 +6,7 @@ "config": { "isWizard": false, "basics": { - "description": "\n\n**Note:** _There may be [known issues](https://aka.ms/sentinelsolutionsknownissues) pertaining to this Solution, please refer to them before installing._\n\nSalem, [AI Cyber analyst](https://salemcyber.com), **automatically investigates** Microsoft Sentinel alerts and escalates validated threats that require your attention. \n\nThis Microsoft Sentinel integration allows you to send new Microsoft Sentinel alerts to Salem for analysis and reporting.\n\n**Why Salem?** \n\nMost alerts are false positives. Salem automatically triages noisy cyber alerts to find a small number of threats that require your attention. \n\nSalem scales the impact of your cyber team by helping you respond well 24/7 to a wide range of security threats. \n\nSalem's AI learns from your team and customizes its analysis to your cyber relevant business context. \n\n**Get Started with Salem** \n\nYou can find and install Salem, AI cyber analyst in the [Azure Marketplace](https%3A%2F%2Fazuremarketplace.microsoft.com%2Fen-us%2Fmarketplace%2Fapps%2Fsaleminc1627928803559.salemcyber%3Ftab%3DOverview)\n\n**Workbooks:** 1, **Playbooks:** 1\n\n[Learn more about Microsoft Sentinel](https://aka.ms/azuresentinel) | [Learn more about Solutions](https://aka.ms/azuresentinelsolutionsdoc)", + "description": "\n\n**Note:** _There may be [known issues](https://aka.ms/sentinelsolutionsknownissues) pertaining to this Solution, please refer to them before installing._\n\nSalem, [AI Cyber analyst](https://salemcyber.com), **automatically investigates** Microsoft Sentinel alerts and escalates validated threats that require your attention. \n\nThis Microsoft Sentinel integration allows you to send new Microsoft Sentinel alerts to Salem for analysis and reporting.\n\n**Why Salem?** \n\nMost alerts are false positives. Salem automatically triages noisy cyber alerts to find a small number of threats that require your attention. \n\nSalem scales the impact of your cyber team by helping you respond well 24/7 to a wide range of security threats. \n\nSalem's AI learns from your team and customizes its analysis to your cyber relevant business context. \n\n**Get Started with Salem** \n\nYou can find and install Salem, AI cyber analyst in the [Azure Marketplace](https%3A%2F%2Fazuremarketplace.microsoft.com%2Fen-us%2Fmarketplace%2Fapps%2Fsaleminc1627928803559.salemcyber%3Ftab%3DOverview)\n\n**Workbooks:** 1, **Playbooks:** 1\n\n[Learn more about Microsoft Sentinel](https://aka.ms/azuresentinel) | [Learn more about Solutions](https://aka.ms/azuresentinelsolutionsdoc)", "subscription": { "resourceProviders": [ "Microsoft.OperationsManagement/solutions", From 94c7c23f12036657e2c6d783d071a0b82b0fa06e Mon Sep 17 00:00:00 2001 From: PrasadBoke Date: Sun, 13 Aug 2023 12:42:05 +0530 Subject: [PATCH 20/26] Create ReleaseNotes.md --- Solutions/SalemCyber/ReleaseNotes.md | 3 +++ 1 file changed, 3 insertions(+) create mode 100644 Solutions/SalemCyber/ReleaseNotes.md diff --git a/Solutions/SalemCyber/ReleaseNotes.md b/Solutions/SalemCyber/ReleaseNotes.md new file mode 100644 index 00000000000..bf76b9043ea --- /dev/null +++ b/Solutions/SalemCyber/ReleaseNotes.md @@ -0,0 +1,3 @@ +| **Version** | **Date Modified (DD-MM-YYYY)** | **Change History** | +|-------------|--------------------------------|---------------------------------------------| +| 3.0.0 | 14-07-2023 | Initial Version Release | \ No newline at end of file From dca09d4e0dd422d783d2f1da3b1e94f10704934a Mon Sep 17 00:00:00 2001 From: jonbagg Date: Mon, 14 Aug 2023 20:14:24 -0400 Subject: [PATCH 21/26] Add playbook readme --- .../SendAlertToSalem/azuredeploy.json | 2 +- .../Playbooks/SendAlertToSalem/readme.md | 37 +++++++++++++++++++ 2 files changed, 38 insertions(+), 1 deletion(-) create mode 100644 Solutions/SalemCyber/Playbooks/SendAlertToSalem/readme.md diff --git a/Solutions/SalemCyber/Playbooks/SendAlertToSalem/azuredeploy.json b/Solutions/SalemCyber/Playbooks/SendAlertToSalem/azuredeploy.json index ea0f23d3628..4a2ed041fea 100644 --- a/Solutions/SalemCyber/Playbooks/SendAlertToSalem/azuredeploy.json +++ b/Solutions/SalemCyber/Playbooks/SendAlertToSalem/azuredeploy.json @@ -6,7 +6,7 @@ "description": "Use this playbook to send Microsoft Sentinel alerts to Salem Virtual Cyber Analyst", "prerequisites": [ "Install Salem from the Azure Marketplace", - "Obtain the send key from the Alerts Eventhub in the Salem resrouce gorup" + "Obtain the send key from the Alerts Eventhub in the Salem resource group" ], "author": { "name": "Salem Cyber" diff --git a/Solutions/SalemCyber/Playbooks/SendAlertToSalem/readme.md b/Solutions/SalemCyber/Playbooks/SendAlertToSalem/readme.md new file mode 100644 index 00000000000..f77c5c53e08 --- /dev/null +++ b/Solutions/SalemCyber/Playbooks/SendAlertToSalem/readme.md @@ -0,0 +1,37 @@ +# Send Alerts to Salem Playbook Guide + +## Overview + +This playbook is designed to make it simple to send new Microsoft Sentinel alerts to Salem for investigation. This playbook will forward alerts to the EventHub instance in the Salem managed resource group. + +## Prerequisites + +- Have an active Salem application installed in Azure. The Salem app can be found in the [Azure Marketplace](https://portal.azure.com/#view/Microsoft_Azure_Marketplace/GalleryItemDetailsBladeNopdl/id/saleminc1627928803559.salemcyber) + +## Pre-deployment + +### Update Event Hub network settings + +Collect the Salem Event Hub send key. This value will be required during playbook deployment and will enable the playbook to forward new Microsoft Sentinel Alerts to Salem. + +The key from the 'alerts' EventHub namespace in the Salem EventHub. You can find this key in the Azure portal for the event hub resource in the Salem managed resource group. The key will already exist, however, you can generate a new key if you wish. If you do create a new key, ensure the key has 'send' permissions. + +## Post Deployment + +### Authorize the API connection + +When deploying the playbook, a new API connection resource was created and needs to be authorized. + +1. Find the API connections created by deploying the Defender APT integration. The API connections will be called 'Salem-MicrosoftSentinel' and 'Salem-DefenderATP' + +## Update Event Hub network settings + +The Salem Event Hub has default network rules that may prevent this playbook from connecting. One way to allow network traffic to the Event Hub is to update the Event Hub network settings to allow inbound connections from the IP addresses associated with the region in which you deploy the playbook. You can find the IP ranges based on the region you deployed this playbook, [here](https://learn.microsoft.com/en-us/connectors/common/outbound-ip-addresses#azure-logic-apps) + +The Event Hub used by Salem is located in the Salem managed resource group. You can find this resource group in the overview page of the Salem application. + +It is also possible to use vNet integration or private endpoints to communicate between the playbook and the Salem Event Hub + +## Get Help + +For support, contact [support@salemcyber.com](mailto:support@salemcyber.com) From 9aaa47f856aeaa19167d941569ab04ded438723b Mon Sep 17 00:00:00 2001 From: jonbagg Date: Wed, 23 Aug 2023 12:54:22 -0400 Subject: [PATCH 22/26] Update Metadata and add screenshot --- .../Playbooks/SendAlertToSalem/azuredeploy.json | 11 +++++++++++ .../images/Playbook Logic App Designer View.png | Bin 0 -> 77186 bytes 2 files changed, 11 insertions(+) create mode 100644 Solutions/SalemCyber/Playbooks/images/Playbook Logic App Designer View.png diff --git a/Solutions/SalemCyber/Playbooks/SendAlertToSalem/azuredeploy.json b/Solutions/SalemCyber/Playbooks/SendAlertToSalem/azuredeploy.json index 4a2ed041fea..d6b9c58c8e3 100644 --- a/Solutions/SalemCyber/Playbooks/SendAlertToSalem/azuredeploy.json +++ b/Solutions/SalemCyber/Playbooks/SendAlertToSalem/azuredeploy.json @@ -8,6 +8,17 @@ "Install Salem from the Azure Marketplace", "Obtain the send key from the Alerts Eventhub in the Salem resource group" ], + "postDeployment": [ + "**Authorize Connection**", + "Once the Playbook is deployed, you must authorize the API connection to Microsoft Sentinel", + "1. Find the newly deployed logic app resource", + "2. Select 'API Connections' from the left side menu", + "3. Select the 'Salem-MicrosoftSentinel' API connection", + "4. Select 'Edit API Connection' from the left side menu", + "5. Select 'Authorize'", + "6. Once Authorized, save the api connection" + ], + "lastUpdateTime": "2023-08-23T00:00:00.000Z", "author": { "name": "Salem Cyber" }, diff --git a/Solutions/SalemCyber/Playbooks/images/Playbook Logic App Designer View.png b/Solutions/SalemCyber/Playbooks/images/Playbook Logic App Designer View.png new file mode 100644 index 0000000000000000000000000000000000000000..b11f579ba5b2098552cfafa818403503716e8436 GIT binary patch literal 77186 zcmc$_cUaP0_&;vDEVE&jnp&Bfm6^E*jx5c+HFsu;+e~qzO)Y0-?wtd1faV6l%+y>s zKu{5}Oh{4D5OE=2d!DDy_xsQ9x_*EB#$RFBkF&Fe28PRSD6sAip3CD+sJf<{szYvrEZ8?arHc%q|80HZ7|Q>;Lo1NA7ms zzdxL?J{7mfYcBIw(}(_cUSHk6yGH*uEvt+F*Hheq ziokcOLI%rdEO1<|Y^U4srY0X_OmM5ADn545?7Z#(8D=T!Qp}^qtL*mQ4KJwjsjk1X zZHG!dRysiU$p78DaJDYy>New0jIG6i0f`}3#7Mb(fYAR8H)nLX5nxUc-oH~-gUdY| z#Ep`k*GX1m$%87+<0*OH=`cWXnVeov4j2oykI<`1hCBBN{AE~cLu)ea~&B$eT>gpqh+?~C$Qq|5IYoXwY zwm{fkaOzqG%}{ghQz6$==*d84pHPDutp?y&X@3_L86*bsjj94HIAOw8Q(YDbjS!LI z@TT0dm4wjs?oJ%+Jq<;gZQI^3jU01=6*h>X*M9_ocg9cgpteM;E3B5YPfHA7DWpTc z!SwA$g7Mi=cE3Ght}SOFdS+DUAr4}_=(vS_ObDbow2gI?9egbt)OmxX7LenS?OqM? zo0v6h8)YZj?}R&gOqtPvnXCoIrpLg-=uph$?H(UuYe4{p7r7WMhHHH3HWKHg?uX(8 zg$uFV!Ldy40a&Dra%#DjA>i?8j@ zdhRaMbb-)cx4ec;LjVlVn%D)L-OdhF6HT=3uulUGPFAl)#Y!z}(0b&3qRwzOjoYM_ z6%Mo=aP^LH3^R{J9{kq+;!s}gJGpjl%Wn$@FWi0;9BHi0%B6>HQDt9ENxXJVS31B# z?u>pB0jkOY;8wO0=N{}8Evq5+`*4p9Y#P^exF=(UIa{4mbPo}RcPxr==Mvmcj_5z3 zDcc{0tri_Na`D@g`?#jvzca_27~JF4X>{TXbDN;X3?rm&WBaM{1sB)VgR+=eirz+_ zdvhH;1nT@xYsnJld;3)%9lFxx{N14`d=R2ZE|QZh^Lh)qkrU_QpWIl*v=|@^#`&trr%j;unzvUdoE25)6fYQ^iS|y3d^G%UE z@T+VY&zFvTg)RF`d`y)!;_M2SLMT%NX!LWE>sw6zIhSd!*WnMzJl8YXCo8_Q?llo` zTFV%@^^d0;BFPuQYglKXQF~_L)2$CNP3toYU_b7uB(v_G*6i;P4f4qoAEe^V3P`@# zN+tRF!JNn1+=O1~t*Rh;AwqsYB||r)ibnPba&BpmIL1(Mz`@Hle01Q1g@Dr!bs3&l)9G@e>L4}-Mie;na{%+U(s9gEyOIypz*VsK0aK|-pByghCcP4 zC7y@pBv2_1nLe4}M&B1#x?fH?T59>`M{8Vsb0whc!ok213QR}jDI1u<{og_F30Hx)$s6Z)sC0|XzQDP% zqj!BVO{zxe6|vo@Jt8pB$NpvIvnTSI_J<`7KlI+WAF_TmiRd%&>(}aJ?9;{Hjd#r* zZ=Y#JzFOOmeYIX@d{hn&4gbk=T|feqE7V2&Y2qYOCEf8!t2B(TvX9> zL65OS)}^8U&X+=Um51%Tmc`Q$GD}TIh1=np7@uX|mum2j#nvR)*_U4H+t|*8RnC$C ztT&Az^I0@~cvr2MjSfWbfwJQ>AZ;SNaR&VbH7@K(F?g>N}W@lJnZ*5~&} z#xfOe8J+mL|CSL^XbNY$5l9q2vUJJsDXKY(_GN#lk=7L%|7u|wIp41T6uVY9=+1Ld ziP87a4c7^;!yer2I;C1y4_lt_w{Xu|)o4G^{>nP{S;_HJ7);xc zX}4b_79XNZ&*OE7+;dHzKtK5RgQxp{FXkKbUimC@B`9|ZQDgFXjl6p_X?j|k6*Ue- zY1GLWnSBNGHYFwBvy9Ht{Yi2kXv_}k<6FxCJOV?|;;$f=}xlqCa8^)$%TXCn}Bu z=-{V~{f+fz@gi^LzR8Ij0PI=)ZNc|giS&Mlr#If8Nrs)d8(Ge6kbwzbMW z>Xo)UJ==zI3+|{g{vTthF!SU#SMn+EzowT~kMcvmza1{F^G9(1r@fW^|DYlEA0J%* zFWP$lx2AY)6Q?LO_YQ5aFzSNkf21sCm>_SARCJbhSVxFhj^wUfsaTaFv9}s#8!Xe7 z67|MY)vr?py;QD`3kX3UCDmjIdoa_)e1P6sKw3}%*%nJsoq2p`oet33K&Q5ZRYlal zv8DBOUs1sd9QlW!-qI(++u!W-s=QKGZRwcB(Fy5C@=iHx^CK-82aPhJxI9e1dw+Zn zTj9rOsewz&z0`v|*s5yGey(q+LdtIlufs9rw=RL(eWj;-nU8K*kL-P3F*`gG3b_V? zGg;snBk>qY;{Jc8nzh(C7X7HyGlGNh1}|PPjsU&0@x_>>%k?xW>EtNFhkl&x_T0?C zG~c2Sjs>)n{oR*95qmBebcUb}{Cw;I3Ph>epxl7Vy=fs%TUW|rt*XsM#T|eC@4Fw3 zK5sBwpM&t({$Y$ctT%v&_d4em3i45&F@RR(N!f2tSS6twa#Yn%s6vgukaa6{ioI=I z6dIbnUPp9qcIj24a_S$p2Pd@^XQ-}huItJ?{+5H*{dkI2hhmxX2wo67E&(K!`larF8J3i^t^tSao=~<@GygAFikfdhukreTU6F zU>?LnUr5{~Q0v)s$L68AfAs$Jx2r4D-I*yd)>}{^tM3JxFBf6q?!_VwncuIQzaL4X zK$%7S)N*Ta$e+E{N%{P2pPb9la9GL?Tf3O|NYYv3X?YH%-aIRcWq!RT!}wlscsACkNU$ z1IrOHa9S8zZl|BI2)bN)NWR@)AAcA)elaM|ylYZB9~45UZ@{dZ(PuNtya)*Fk5RXH zc;IT{AjIbmJa-Vg`NLUo<%fm)Pp3e=iJXrmN7$oV?-^{GFE|j$6j8M9Y0=ON?A#1ZFe&}A&Iy0(K`UqKgrsW{UCeFD-o*hJQ zRAB`7g%>nttd9H&#a2mmUciM%U(sTk&n^2@?#xE%Mh7}-b4 z3!3pw+WD#kvF+;33K5bkN}gK}wftcEN{M>@*o27>`A+aan#V=BG;OjO0oQG7zL#@J zdD$-KtXITm=EHP4T>og4pMp4V5MJ$i`9N`lrp&`m?rcX zf~xU;aLv7H=sF{Gq%Jp7CKnaaB$p}{R`Bx46+tp5#Re z7%m1i=m-H@LA<{Jz6f+bi{FnVL^W>UP&S*|?G;zaF?!1(i}LivDaa2n-iM3)F|vJhC`7{N4%J_9W!|C`DJMGN2Y35AN|KMzHY+lD z(_=CJVQKy`?Y?+*|AxAqz_kzZMetMp`67zUMlSB zw6oisS@qt1i^2l3%%D>W<=>yyP_Q;1f1CZsS0iF6s?(QS4>LgcfGcaHUp9VSA zm&O6dN31hgg!QMi&g*UWum?dlDN=WlHwHG5x%6C44uBOvo62!bCRKGFm|zLekJk}0 zXmUiF9N`718h!54=Q+@oyIB85O5~Mgds)_Wr_6E7hfP~)zTC46i}SR@Vze#jS|AS^ zxIRcA01Rpe47e(jZtOh5Z-t)&dWcgG|mJ&69QPD5%s?Nbm` zf)s_0P-flWtbD>Z{V=9Yg)wi6b0~>@aRJ2532H?fTbd?P^Kj`tlZJD`e#xWaYqQ<+ z&b|rN^x_OK170*#u~}_7Ocr%CYKcw>Bl}MgQKo4oM>RL@H24tkAMYmQ%KoGI&#UNN zUpI$7JkXhcU%@uC1awaRwy-)BHsT^wa{O#C;n%%vC5puom3u6081TF(Gmbs?*A_s~UW_tre5xLJ_*|+;E22&Kf_BS>4}Y z;tAc)(U^nU@Z_%W*A0*k&HC1X_UEz5mT%5>g=>VyqH~9wPz8NW_hd|SoQ13Qz-Oz( z%8WnKqXg9Kb^N(iDX{)yZ0~@AI=`mm)d4ap?cp{NnCF(-?Uf!RqFd3NZ09j@jwh>5 zf3%7rGn|X8&1VNJB1>G0<-H!d@MPs&9DQ9oSo!s+Tb1btF*i(VgjcDY*>y!PJc+Gv zjWiJia)7>2*~zH4APHg~8R9=lj&k0$9{nCNC|nuW0Vwh1J|8d-TS)-4Ut}TXrp&A7 zBQ#t$jd)ttqQwvCh22V3K%^+_Zn@`8N^VOR0Ou>ZEWA8OLR(X+*4L_nD($08Nu2q; z(xy(;eAw#sUPJ+p84-bx5-?;g`*qwt`&CAyc#8M3Pbx?ThA&HzK%qvOT1TZ_mJzX` zN#^rEi3+f{yzg=tEWMHOy~e=)zZptT<8*wwh^enLyL^!B6HgrCn|svoZ2P z_X+b~B^A_sOJpp2!~zHNl`D=-@CMbu-mi0N_}sc#83?J98&QPY-V$9Kl611rFQTrEufM`e@t;e zkP$8rhne{hk?QfjT$Vx~*dN83zSDW;m(R-`*Y%xTL=nrYkn&Yzd|pz ziA%b1PXF@pVKE8{Qm2Z3TNM>#K_W z4yuj^zjK}dz+`uCZZTdf3_c{EDk?!eZjYqAG6x zILXS-t3)B<75EoY;|SK)0*@L?&26u=Gbav!nvKD$x+OowNsTMzW7Uy&qs&4v4dWdy z>zB3&FECLpRekvra=@JgdR767nDxUTd~G6^*${Ij5-K;f)(%j?8ijT>jGMwHs7CT3 z?lOYlQeZygQ}^{J65;)A-F3%(gl=<(!6QHIqkhupb^*|85DD~fndKnPsznG{PMtBi z?Y#!aTqZ7UjI){sv!>YNqPa(4PWTY#4|UtpQ?vWXZCiD;+?7`u6cRlq?|mL6k@tZg zWBKTlsiwPw-E|oUqptM9T^^+{&d=}zC-d3(08IVfqv|e*B$uT`-c=eLnXA#AEj7*# zD0m-9OvJqzCz1T>5KGv-ET{afqH`%(sO=7yFboGgE|scIUkm|AdO*TVR!9lD?x74L z)5CS9m-wTMJ6%2i){_eI-Xw!HA8F13%2t#fwbl1zdDLMNo`UW>Z6QAaVH57)3avd` zgjPZoNSm?HXOaW5UF*yT9S~*B&Y%ckzZSuB{DXlvotkOt*I9B0T(;hQ8yD@+e5^a` z6TX&et4f>*G6*qfj{Frscjpa(wI^^;LjrU0kA$_Up3Bj-Fkvz?&~FW=fKeut*|J&n zW~`+z202W#HN!ouKwi$8{NNHtcL=lu2(4~AU}>4Rq8;MEXrW@K$Hi-s)faoCX*YoE zMLl;JZiei>ouyd>Cjx(RsX1bohebm~U(@6Pd}JIOdH!pg>63yjBv6f32Sa`reL2pH zXT4b3X#=+miqXmB$5e9+_=~;9uatK&LSIDSPUCbQz@XBgQ@}wOIY?s`)M}VuU5V~P zuf8`KkK+}^pch6AKUrE> z)%HqaneT}YHje<9%VYZw*w%XnZk=E%w+nm=GwlgiZyEot?IVO))o^z-6pm$C9s+(- zzlewe4SS2+x!hPFkz#D+6jQy|usB+9gisfQ)*pQWA&jkdC1fv_t$N8>q#kSxKIqu+ z;W4Y)d-m8IE_K(q)S?n1dk0dr z#3KeTc0xI9ozX8r@q~q&T7U`Ved)$?w0H%kb;7ejuMvHZozoeij*;WR2{XLszI&Jg^crx z``{CEeI}gsUN0`Pe!egWri;0^O9qT9_#1h*Urae}mhhDEdFJIEp0?4@%eSU#mQto5 z+h^OTRmEwsngag9c$Lj*Gx3)WF(NjtvW70%tV*KfPZYA|VZiz7=v@&@DHF!EdjaPO ziOX|YyOe0LJLJdB>S$)nAXwJV!4BJSsbtX4PvMOoGB*JYxS5MI^f`)K<2g@M6BKna zK1Mh^R|p?I3`f#c?>XNj$C!Q_v&#*QJBDJx;Cac}1i;5Yrx#1e8?>!<&q1b;^ED)y(rL+;-lZ#z>nayA4nxb012=yN2YcyM_>&&K` zj^Yde{;Q6n+V)OCY4*zOvZQA+Bqz?eh4gPxjym34PWwpyqV(c6tE&+o9m2iU@usCD zHGq8HzDh>3PH)^Ms^MEx^18|V*pSE>`vDVg8es6!`;T`E)|Wb^BUs15^cyGf%%8bS zP_OTM(*g~eFKxFx!Vj-pqP99SURZ#^+VO6}E$-21Tt>vo%gWy>q7G0Haj5-eqAC9d z{v`SCkzHx1wpX_8FEie;G6xNMi>sA=Vn`=NmYi4&3U|MOdnmbtUHOuX&cA8juyQb@ zLs>3`vHJ5|r%H^=2tE?M&)2D>GeosLeSSnGg=_Z-BAU=-RbYGD0VX_RISD zAEVK{YUFitT9Xvp@GjC0U*mouyxuD@L&m;jXIEG|rih$1A8@SPtoZS$3(IjC5$5Z0Yx6y0O1mW!M7S8er8B1$0M~QZ1=C)Zc)PWNipUC!KJcGRsq+>;X?X+-`{{yo;k)*mSg7xpohOj(i<}5 z`ZDS};;Lob#>X*lO&bM{pZ_P4`}&ri{CX|NECdFtFXt~Pmko$1Eje`R2{+y7Md=K% zH{${@<5uW6U?_U=_~`vWD1Y-ngLk^wo~WAjJ=rTi%s|VEzGx+#Yn0^CrxZ%>|}~5VL?TIbA*rEgYVk3nC=$vlbd3o6ZA6Q3Dmjy*BqdgtT@fxgDdVH)7wj$l({8As$%QnnSA?_pA{LY; z-w3hKJjb3g-uyi(J5Sp11+{o3zE|9&#D9x5HgTiZ#!El5ynd-|M=)?&Dxkrtl5a{q zf;nG0hXs1#tFjObj9PtU=!3;^atwzg!r7$3#~DsBD7ei%{Ys0{c;`=3aIE;V(TpVl zMWYu7d3Sf*4dlWt)bfvn3dfdDa(@sJTz@jS)7^7!gz^ctR14xb7Oxic;UGGS&Feyy zvR;pZrXyZq^T}UiNxI&XV@EbZbZ)$<`rJ?jrRWP`=P5%4fM(je)RiCQ%l<)VC?wu| zpmCo(vjZ;A86BPnyCy=CUSBUos~9;&7=yTHug6))FP1F{a(X0uDoQP+JDoGjMU;3( z*?5iIP0A?}c|5=FbMFt?YbHC-C%^nIGf=G`42_DvQ~+Ao5v!T5S*`H#^k02vD%0L0EN0>_ zg6%eSsmF(F^0~LpmYUHX2iQc0&gN{&Oa@j`(nnl=*Px9Qwl25%KR*>^s9e?7XRBE? z?oxfMInLi+(NYYyumsH$fL3h}7W`;N>p)$du7#NDC2d^A0S8G*jFJb}k7jpw)7m&- z9jKI)edB@d=vtqN7lomJsQFB+kb|a&|u$y5JnE+dPP0XCy=0m}-0_Ul! zfsico+=l?@Ek!BaH@1=#BItEWG7!11^J*8l@Yx4z1_jj z8Iz$*^L;qtM4T|Dsxl(q;PSg`3EfpsZQz#c%U#^n-@Ja`sZHYEX@BSj@G8f{hJLpS zF1zGV#?zG*)JX)YDd16+v9-b2sacYNp-evTt6@IKL=`EAouH^^zh{jjNcv)Diz9X{ z!e~45kBSXk^4^CA`K|C#WY=bG%PfX=Y)aMY z7>)v3VBQl1uLs`np8yhx}0 zv~La=K=9n;u)$4hdE>?Y$o$m?srLoV5+-VbP=kShJ+%FdLnR58i4JN5_Ay#IzlOzq zIMMFz?sLzN-l&h$WaC(emcAU78JR*wGN}bI6aOL{KGdJ$jh+mdI%0rk%Cn;a(rC1##yrN5{<ZJ;9V}=YiWUuijq^ZmFyRj3<*vOsO z7e01`Cl@EMo&_(`;Ut_5#`Y67TJPsXMVjTl znZ9uP8O!-1`O+J#yZ~v0V;Z(Gg-|rRN4se#eZFsyQJ(z7^BsT85{-v^B6K$t&@?7z zzeORn-cPWZD8AhnW!PhqD%}2%SkFAOPHjrwTh33^OI-qCT2_tUHT2-*CAk_s1Dy}K zH-R|34A=Opjd>H}EcSL|k*~vgkEANSm0?}`@GgnLS;7xp)LF2Vi;5;T+VkO-mH*jg z;-z0-h*q0IVHo3NOQXfBA+~iMXM}?s&j|aV5HmLdLUNNeC9HbPSBSoX#;Dc|k!ZhH ziU%~`n6lA@?6;Qd;hyhw$r?5;u~Dy;4d>`n@RKt9iz(Nn!*P7k{HRjNtM(n`T3UNKG)aXy@5BEYFFi`vvw|Y)+RgN zm@m8`nVByi*%qe(L#A!hCDYC?Wj3`qk`{zaooO}qS$RL>s+h_zItMqmNTg61)0mZ_ znz>K6sDKiE@esOC=}Uj~g(zp@gGblTSw1J4f8xJkU!E@QP!T}RNz2ND+QCu&ZQ0+~ z*TbYQ{|jhSzMbs(f?C=|IrAsz4Dvb+$Da+g$-vlz_H1~MSL_DnowF_P*+WZXkA-sg zCuRc_wx>ccPiMF0<_U9A;!~{#2z^+pk za*BBD7?V4x4N(zWp~UY}50BbjIeV7YW9%+W zyhw`hdReD=$T1QfVKfdys31`f48~=zMK@S6%s%P5L^mRo2_;}7H6F|NoR6@|DX}=p zelhOyj&eO5(Z#Ks4J;Jt{FTYrP3S2l zqpq)YLmAbYpeLc?$=T2|LV%)5l)#$e@n*M(m+fiF4W5fgeC4xxdb=jshohF;7EWoN zQrGRtf9j8?+|9uW8t)?yLPWf$QG@ICr5ftk8S z`XlkHBo&6kCmRRqmpYTok|4G4ovT!+4(B48t64u|6p|s5PX%~Tz8|7Z`8u^R5#oG0 z6&*wN><-m~9>B3(StuTOaZW|8Lv=7!!S8;k__1v0fcuijb@pxya+5-XE4Xz9gMJNZ zTS5R3%0Lbg?y=5s4!^sbok|1z3pNn1{??x2Tj>y~wHY1rhy?3E&#v8v7nQ}$*`o6?OX3yiE)nc)uKWOTqp$h_AIbG#;o1C-&jsQ(n`%mJ2}v^X++a>WI-ih z1JPobwxs^avATlZ&^)>@MGWtqc$f9D6CWuF-l?o2fxZTZO@ob5!b6}_}WwQ~qnS{z&opr3^k(yYP(u!{hjGcYGgOy|zp*mQBz){O}3?>gik{yg_5C2v9Mo~ULC{NC;`c+7p- zCq&d61pxy6oQp04V{SO-mGZwRz#gVkuNPW?`s1Ar@q`!d9kNcJoE$v3Jt*D=>^L_(G zJzt;xOV%~^;LB@<8qeR0dc%)r{2T`SkhgJzj)R_4jBaj``AphM;{xWZ@W8H0_oJ0Q zAaukeU=-$MT|K~M9OJL`P2OBs7XaCkStU&>4hU6FRnE4?+^>D2fbZ+&vi~?!bl@%EWP#KMLu#0ei zi`#d)Yx8u~HLawhpR8ro0jgydU?+p3v=hdJAYQtUYp!VR9?12XITBlR0lPjA?{5t% zTU8+HPIi4*!KneNFaJ)gc^#u8o3c$>EfB(}Mp3&`4L&Uej85d9924o;2^KdNDVri; z2D8Ym^agy(gG*MmySRX&{F9KCTYHv!Oqu3YDy%iwP!$r@-LJk~a}Pn08u%5X`MLU!Xtkhu9+2O6j3{zUge zxom;VP!&YC!lfxB-tWGx0^q=71=D2nO2bXhZ+}An-{qMBLaHS5gdC46;Y*f+BP4r0 zC)1PqrS=uXnl#l(RSQe9Gt{mr-K^)8)KhS1Y;34cDPqT>z`KGdZ^Luc`pW(L4Y=>m zTI{zsJ(3ufUc|BdLc62rk#myd=$<#`^s{F@Cyk$Vmr#1DaW&86reC)# zNe#HH@8T>PitX*FPh8HaH@mZgM=#d z>6p;#wjfg?` zYvCt2OCiaD-h0y&KuEwY03dH+;}{;8fU1Fj0`e+L;m55V)Y2>tr`g*RR`d)6iF$rH z5wL;mK<`Mb=fLKWql`+@YeJRv=fgpz=a`wzpEWp(V7f|(f@$MaF|vVE@ayb`B}ekI z=Oi*Hm;=i9=|QA?bsp23p+uJio)qc!E^A+Xg#nO)G%}f!oXu0>fFW7(-kl%!^*k|v zna+0x>O_VTHWyBDOj!=v!t zIk*shgz8o5GzUo~W@jYYyhj#nt9=bkQJ_*IQ!bZN{F|h!?JMk>^U|BvHL}s45u!Ye zON{oI7rBETI|rFQ^NBJ#w{{U`G2}2yKVoe1NY0AK=8{u*z4!#LEV^4Q=t#b}H7 zHlFzMrVsPSX5p_Q)JGsgJU$spuQb+h+lR#>e4>3L8sG@^Pq=v>$d+bS(Ujy?SB461 z`%2z%>5-1SO`mj-T1EJbJa|J(54iVVH`pg$VR018EQ#$rw>|b?AXKS6<%t;BAXMDM zBrx`O=p)Oi=2t!MKHmIvfg8MVB>Lsa()N^5%h6(LssZ5g=)&3uexrL=9;xw{aaMLKraRjoK4w{_b;7i%Dht&ZQg<-Qm=h7)BxCN~Y zWR3MYqUr;T=Wo-vo0_k0vw6|yjuR~iWG6L0bQhj#6cS6jOT zQk&faykZvJoe#7pIHAq{O&Q_BT2YIkC!jFtN!)|M^0TM+T048kS}a90n! z0gN&~#Hi~0`-FDiRk*DgGs~`(YMzLN8aSoEhw~k^IhO)wQj16xkHea-y3=j$R?2l~ z(w$%~b$FE^0}1}qHE5kF+sZoUx@y+{6tf&IHET~<=onWGUalE^6~p|hv1+%QqG|{% z%y$fenoI^lCl(M^Nij&ANHh~dtdF7+F}eIcEl-)k%V_&NX2e)T%wMXWnsEzk*Qi>a z?!bLH%$VniuIkzTI(O7>6voQcNO+Tz$yBDF{5?AVcRbf^si=Vz9rUWz9=Hwlc%;Lr zl|eVqQYA6V729G|kVVcHp``uqx|_q0dkUIHCoWGj-_jM7rPBlg_KJlRb{Or(2wlm_ znn;S?^yU-P`?WvCO#if(=H=7f`rYza{n4B)Z?~78jN;Cfj0%faS22_RLL%q~aasO{ z0NWktKp5&!2-LqpInr@CfMnhw{e^Hf~gK>@JM8=EJDFN%K zbkE;@GKSy+!gNBe`QI6)UtbGeF1{cU9oZ1FJ;xKB*;F-6Yp|-e(&4S&niROIEiU-K zk+G%PMI+8M=rPzNO*6FwEV17G6odH;|H|qz?Izcz2>cGEGjR zyQf>hGAi%*yr9yUfaUYw(2d%aq!@3bC$VyuM~%-_cf$gH9uq+0Y|y6WwoaS*#R0%( z8nIkSFKIaa8o&#_z{-&cO==-ff5QkCZ3()XPx2O2G;^wmQvrp;w*JGJ0+{ntb2}{I z>Vx!@;qAq>dwF*^rT^nkOXUw3y;N7Eo!4c$_?iEj=~4d%gqS={UAC zc|P}$2o@BwwP3hP5lRYn+I@7uR0X>iI&CROqB9G-vy^BX7cuF^2xFN(;gF_c7^0b; zMnnCFzvsH5nS5`eawMP_?U+?mw;A!`(jt@a5@F9AI7OZYlD)0jH#RGU3vUX}A@(>~ z5d^p!A7P@TTni=FhctqxJDR`oM4ej%VX{Wj2l5pyjEs3DmtE`W{wO+&+&g}YXa@#7 zOSXhtHp$7YE}s1^l=XK5U9dm7UE_yKUj&U_xS}{*?z+!wi{Gb0p_?LY!9HkG0o~4I z>hlQdDmKB_y8IA}iY~0*EX=RRCVm%u`hMfewVP}H#hLCd)^O5vT=hFa+~82U*%|TH zJ-m`9el!Ipv;k7IJiyuwN?&^QGnm^9^b$obPyhRN>s^Q3smF@`M^Ns6CFzdZbJ0d! z@5m6R>TKEZR0Hof5`*_k>oCmH9Pi+El?o&ny~D}^c#fAVkq1dnk(KNgpp;m6{M7ci zfNRsn$*bp1Ino}zLG!>iPHv+ujSZ^Xu1cOvub*ct1?`n9FvjpWPk!%qtUIT#m{^>jn0YVhPb8aP)a zXX|D7VmP9Izf8aCt_a;=Qhm@ud@J(N{)cq>xAIAM9o~}$DPG&>|6}awld`A-n(;ZO zcjN!xKqngySRCF!>%A^K`j_$9b6#-nfeil2rEx#Q8_R#m2X0#;`s$ zURH)e|Nch{sy*>PwSp(C%Qyb#U;jVU3jQVP{}YJ1#UJ>;o^PK_+ZB}!9X}#sRAAqQ ziQM4dJqGuh9eGStI{&9a&|RnKxhT9<-N|nv7b1sI$Nm|)z079q#_N69Y)Uld+<&BB z5#ml;>&2~KSl)9-DJaPj`QO9Qvb&S>e_;9ft}c$Q*QR)_fBSQueLO>mXus})b|g0X z1;uhx2Q@iX)%Fd+xq(WAiV;+#uAw_OG+NXFf^exA&IdZN2Ermlh2XZsTcd+i&2vxGmFTZnUHvJV|UKcpuLE(sb0*lw}tgitaVf(CD?TK1)wYHZxmWUr>0 zXtIMr3uCpP_nfF3w5_%;J#DIPZtDVWkmG+fy8WiXKDE|`z$s1dati!pqLwded__QF zePuTm@43GG9doWAPBc1m`jFXe{;DmV0(L!NN$HhpXcOFxrT1`+g=DfDuOm6Qi8N4O zi{u#l3dv}>7~f`*SM(((c(g|_%JnDpsDTNs$IHZJ_`2wM>S|Hd=5#k;ez)jvlP1s* z>{=|Sy7=11@-QbJ2k(}MoZ#P; ziOgxexZ}cB4c^w$_iMD2roxIVtSc!-JTlj=8NyL(*{4pOst+J*fH&tLv$xg**Oy(@ z4%de>D0>fSO@7wPQw8C6!JMz3n|yQFj=_(cCYCOa!9g}G&J9@cR<#Vf+h*3wlut%! zeFbM}s^V6n6L;Ke`t!5>n!Rraki5S(;2{&Q_E}#&b3H6cEMT{qXmviGT)h>gFsj!0 ze(D#vLQXt}7ra`jq0iAFuAQ$x`dmY3Xe{gbNIy@sukh%kfaT++R%XI(*!=pgvHkIj zX3WrPK15mPmE2q%`Ec}yKuvbE){1G>=<;z8)9f}F=$jl9-8=w0`F@j={maVx>HbWl zs^z|&rn{&?ShYsA4^2kWHni;L{ZFp&gKbTB1!B&RFi57gKF>cWi3Svu$b@be$nj-0 zf_BObX}p24Pm2>y9plo1n(c=Ck&Q;hx=Hn}9S7A8^XW%LcgCLynJ#ulMIe5}UppMd zSB!^P5h{v|7a-~`>k*J_qx+Q^=y5OMv%rH~k6V8)-WYJ%I`k~%)|bhy(=$HvsYH{( zGwbV&&#r3CD_}A$DuFVg0o@4Ie$kh=y!yM_=40)0xN*YDUu$n9 z*()gPf{D3i<;RCz@$pXaa9im|(;Z>;efp~Gmscaevp0ap5(WCA2@0Gh^V2YOeK)wW z)b0q+mgrsbAw0p zLy~w?pH!7>ug|1JFh^|{v!zO(L1kAlYIM)Jky1?N5BI&Mlz`B?v`E_1MoDi{O&MaR zYGR(V#^2DmlZ>3R=!GyNR=V)sL1aD5%?kqsnq;)ZK!ZSa$f6pb;<`#uCw(4U(MSrQ z$THIHdsxr`71o>^u%;OtRRD@#)Ty_Zs9k1~OOKmJUbHlW;8oh;~O}{!tct9O4U+8MK?zBV0F^IgXlfv`!n9#;C z1<{maRHbeecY0_X({N-?r+z2ox*<6<<=(Pb-)2Y7`fpSF7IDKtXRKD=!Ol5{N+fe~ zX7OrRigf>DN@D+e{ieCyT2#^_>A=G+6@^U2#Y zH@Rt(XzB$2Q&hi7UQ-L=d&k!Kw(*2Mrz@_8H8jX%F+=w&Cm+VH4L{wpZ<~}C%I}i= zAV@mLM|E9QrjONA-2U?`I&9)#lGBH+$Sq#tr}|C8b!5_oj(#_aLLc9No?sdcalNJR zZaDBs7jJYxW%_DBRcYu~?=NYRv{{C>RFsxJxtoG=)gdC^kGr^9A+mS*~1X9ghVgkUe za(wovnX5j1OZzZp7k>)W+>EL0v(Z{95cRiBk@K0O1U;cEF^FZ@AfbgP{SQ(=0DWrL zc{fP%^|!YVMroko$b3I_?LM><%ss`Kk|-_o$0xkEO**_mlT)mgz1&)DbDcO6h|J797wKr{F=6U8Q4ht#oN}&l zJ=`nm0%oQOD*AdhrCID&auW`mbv#kS+1*L%;*yd?ZE;%$WdMXVRvM?<kpQml;^YBH4{K|6l;P6A~-?v0g)4I7Ae%Fc9e39Cd=ZcgZ#ZS2eRZK zW8S7&7ZwxV^J&}2i|C6nqW(G#D9(46<+Avq@VdA4rCtz>q_kwkC~RA)^S^e@ z_O;AmhjeacC{TE$F2=7gad^c*Xv!+o>G4NI>w0Rs-wrmb_;v2{hO>f$Jt|#gb?ByQ zvRN1G=auGU<9#G%O5fJj2tkuGCzEiEuDBEZ8CI=Y5B}AdV6+vR_t0m|J-xkO`Lu6@ z`vyH^@!flOFuC>ygp%Zz_r3TE(Kh+?(&!S80;({1jGXkDiB>R+SlfJm?CJR=aFwAb4PV#XdocUEFDcx4_oe#k8U2>d>_@oSZ2Zt+Hg(8!I1%- z2{o~(30{G!&$3(wVvIw}?T2(}y9(Hvga9oDN-VD|MbhVEoly&}e2GUcWl5G18+@pV zD_&$Y%6s%T;F&|ZQ}FQJ_>`2UeHZ-q{4dttJRZvL{~H%cDpW|;X|mwgFE z2-(-Mr%(!I-^R|^m+Ui)B!ukDV2n|=EMqXnU>NsR@6Y>l-`_uf_wV+fhs$-Y>pJJW z&g(qS^Ywf#u1=KWzeGE6f2+S>YhceV%lccKz6jIg-ZW-)waLW-HO_KB^EVEK+Z56Y ztHaPiHp-#Gs2^ug9CKShDGb#fA1!_6+sUglgM~HaHtnHbniFg{GWj=K+_3V_fr}l5 zelL_=+scf~a>Y({uO?ZvoHetyLiX#H{*)x9K?Woprf6Z&kC1wbFlp4DyUkdoDjsWd z@M6PL5H5!!m_&E?to}$WTfx}uuGH7MtT$#?Wo;!!wYN{`W_nTf1ty(7yf?MO$}j24 z9B*9@;nC5vO7Y5Jd0DaEGbpH!u5dGUbV~9o0OTbshZI#^BtNgi&^lm6|9Swoo)w!L zTfG`m_!zBR&~100?STaj)2FLnerN_{s@7JuT4?o;v!x1q9(X=z@Duw6=kxH``1$p@ zo?1V1d%p9DJTz{Vv4CTh{IjUGx^qv5!Jf08L z&n21rX;x}z9hNqDO>b{b$oHCy2DGWJG^@2a-9GWf7s$_!)@)dWx5~=#w61o&u$=3exSQc|C4&N3F+kelyBTngmY5L?z7WU2~jcnQCsA!=#M=P+L^=GUnw>A)SM;Ei! za4%ut0R(Pao^Jyw>k3UXmBKP1PqybU((t-Y2%8SKL06~s*sW)G?lSG+#18rkeY?^u zI>_G=b0G3!=&=q}z2^tz$qdE)LOZOY8?3K(%Ns-~MQ1MN;gK7w&4F$H@Z2PvUOGY}D1gUvS zvPf9nwQtkCTb!@NJ8b6byijHD=**Bdr$&~dquT(Q`(Tc$=&TTtM3G3N49-fMcdS-F z^lDW}YhE>&ScGq6ZCQ7$F;bHJo5$I+U8dS}+wR$*e-dte4wglPZ$!j5tOWN=B+}uO2Yu)=IaArQRznubbYWSe*zBct^2r>#tApf(r|8X1l38_eqxx*;&8vHadxRhc%j(%R zR1b3YY`skd;c9GUNShLN)t>+c?H|YOkwcn^(_soBuS2Qc;Bj)B2TtPNz#3SOwtI?@ zPN`cK`Pn%0D%&Hc|I!Y5oG6E#|H;0WJ`?nO&=21Krky}}Gb^jMG0*z$qL{0+akt+> zBEjDu^$c+$FBlpKJ;gshQO5a``?Bn-cnOiAkr%SJQFK=IT^TqgqnE++mNEffG9_J- zt(lpPf{#BV716RswQJnw*R{Vq|FDE67h+a}QrxZ8)wVAmOAaZA)eTN7*%-b!$y>uK z@AIfY9ar5>B~{ACwRN|(rt@E2GC)uvf26D+Nu`iCY3&YLa^TpiF$)gQpEKA z0WW&{Gru#Xo$|$ydtX5nrya7L0ZpLyN2S)f3R@3cj>Bv@GN69bP6xpBpgr?Y_T}VL z4wc52Q=_6!r6QgAho7djZFO_wojT})Z{oAO2W!a_s7g!U8PA?68OykD5Ig6g=Ez!W zhp_Y`+flm~O4qt+>XfpBvL9g24ZihAai0 zs)B<3<+a$_Bi3yUC#cD5+|IU5i2x?B#6Z%*v4vnz%3(RAqT@411z+?oRH5q7VTJuO z&d7(MU%L(-ANJZKeIqNTU63D{#|~b}t$=2o4cLZGZAlSF1>k7K z_^cUZF*oL}zsx$Mb7$lxa^+Ku`^Y`kZpA7rV!PT2As}Tq-=pLP4cY?sC#1FNcHyzW zczq~iQl{v*^ccjD{}MxD{%V?C+!l_Gh*(Zj{U|LEde9&TsFc-)rR6hnjt1nSE3RCel?b z_oPCWS`61Zi)LKB(nb48KDng(x8lQf_SWFFqHWUF%AqfhPWvnwZ>#&Mmix~f=qZiH z4`|)NM>^GYDbTxcmEmf<+o7K)UznAD*7b?7CdE}I5eV>m=8pIJwqj(WXAVwKKglM? zL8;=0io@ijef7X+N6KC)wQ)JcJ}mN~C|qP}q53+cf>_vMIJs|7;XMQO%m!^iu<>{! z7F45#>D^^q0n*O>%=sTUP*@q`a@ILPp3?`Jwkez~vx(VXQzL3`(8~sd{;t`X7z#V} z;p|2XqJ#Lh3OrQ1dvseiG8~&6`riM^CeEM8JE!FIK`MSK2Nf7`_J!AiCv{TDjMmUr z$(G}QLfz<3rLq9-uvRx3mnJFVKvrdCY{^#X1QXHS|9hHpi`Lr)#MXDKOm| zU+BjKh8%7=%e3!&4j#*T;1$+r-s6xoVU(nu319@)>ElH+bKhPDnPmp#xh0s{v*pS?K+N%EV1Vg!CmKliQhoifT^vAdh6l4w> z62jKbtw!avnpKIvnX@L7i{&g2a(TMvU$1Pagllo#pCJLG z$RceH*{&F>bp2v%RoD;a7lM!vR-M`Q0Xg;airi&d+G6|V4$Bq0x z=zwn+A-~$hIcaVnRTADJy&O=-BApYp-*r)PJ2d9%P?iFkpL1H zQN#If;CMM^hb+c7&GLThm;ER)_f@y+-EiLevh6MA{zF*jqtoOD#*3m@``I7y;aM<+ zV4IjMP(J;*Z-rxvzFsriqt=b)o567=WTEfs3aVU&m6L_*+jU4Yr1+4<&}F^NZ-+It zVLo7Bo`B|NgKP2{6~79Iw*8v7EFtTJjZOA|2Bcm%L|nH6g=wS7t3{U}Z0j76EriUc z?tegB-yXi83f?EDWd@$O-`tYz3?dAyWjoS}Em@ETLBWcM8A>?gqcq>k4oa-eryXeL zHX2+}uCrmlzwRn_RP@Zaw3Ra5pD^*H7dNLyCxX0b<4EnPxl4rG&J<{P8VcatoR~w&@zx40C^*^4DJdX-J`zZal zB1;8v;gUD=o6E98^8P=b7Lw<$fZBIHNN+yYb8gHfO;?afR2}o2Dp2LV*WiBc5NqM+DQQpkvGGmhMF*eyg6qv3YaK*c0N3o-ZN^M1hY-{x}40ikAD1uRx)Pb17$dVuxVO@lq7!79+E&xy#`3(Q5?1Pv z#&G!z|7K92?s7TrV$8bI%? z0%*P?Y1JsGSr;n5iiO2fiQiav#bXB90@J&ju~!~>OtZP4;WyO!ws@(&r4*`tHFM=p z5l;}raM&?h(=V0Dn)+yuN+C47oRS1j7z28Z_^%JfPQ8W5BMKu$Zrq_@PQH!cekiN$ z(akms$4|exxDn9Y8d<*KDXy9@+P&~8H27K6ukPxJR+%7aQZ?*1;;PPg?N;p|550Zp z-d^@xK>y*KkdG_VGUG4XM1R$n4{VeMSbi;~u8g)K3#XJb1`^$8K}kqq!U--*%>2%! zH;mzj_$4G42mc?$CSG~Bgm>@mT1ER^yZ1w)E=R>uvGJy5M!m{epeB@hvas>GJ@)6X zU#Gl)Ji@rrVuJZi+RChtZ{7nhkO!oi{M13QSc<6*fgw)2R4>YhLMjUcxlm=cO-wb! zp-ycJB|IsR(OeFkQG5hGzHscQ4?TP~<)D0aEE9+OaXXtPV%JHiSWQKOKsHdy8R z5uqZ`yp&=(kD=yOWz#B9RuCS_U$+re_#{2IyvY4ePDlF4#XDMd zkwTZHSjyAC@+H#t{y~4K7RpZGU51ltXYlI8q%wq97OcEY*{c$Slw0ATJv;I8D&Z9} z>3qwsd-is7lX{>s^PI>H55uHA#1lQmQ*G5p1+!%9n_EfVrABYp29v|)+pi+&%=)E= zh)9DPV$UH~R*bm7At%vh_r7zUeI?lJ zhjE-X`qjZgd@xy7Nm&=RtK^5Rq>F`)ece&s@tg*6ZFSrsK|&IthK&!8?gf8pe0>GU zW_V0&YWGZW^D{JrfDx#u>bCgsdNb9PavC;e!>6Q4yLgxBaVLu=w@Sq-%O*FJVs&k? zF4UGqz2Fg`7NbL=e-rawD5?Em6#x+w68(DF2Gj4!6WMAr1G}U**L+t?VF$1I00B@r z>seZ`RC}gd7ak}8Gq#O%wFbbZ0a@JSa*U<-uOCuF<5P|~mG$+~V0s-5Ny<0rFY8Jz z_=zGdjxbFg!z-LTCmC-h%s)11O-v|FVMVWW&|_q3u0E%Q;K^7Wm22%+9(jt(w9Zf>n~11WLK?-W z?gVOVvag^ehqeY<4B^e^Alaa#O;=_tOmDsC!1tdCb)hzQ7ZmqFL}5i=!D>>#Pe=7N ze41g2@m^4thOd5Z1mdfc1+2`(eaK)8Zroto zuS6*|8|!}Ubp0tl?r7H?E}%3}Lm)rARIl7hmQ7sE)loT!JRIxZ+g1x2o82>rWHY}? z=y3}y{32STe^cKMdytXt7{LXmKfieWw88LN)pNGpLr=qzlYSelQ|jcjIDBBjtk!^0 z0f3U#t6NI3td@iA-sg=3u2Ek?sZ<}Kq6f1*za9xIqPJ&2QohGUB(I|oC4)1eAO$Z` zwqgIe03QYRudgx z!p~ol!78}7XSZl>hZ7L|$RSzj=>`FY_#z@tZ0;wvQ9(HsN*z&1Yo29%#Pf>H<>qEk z^Mlu*AQm2zU;W(p;6MUdQAdP9_Hk?(yNulw!J?JQB2#T@tUNpRfCFlhl&N-IrbNtj zs`asa!z-?Zi7N+=I157n0*wzCwSAcTn9jiL#6$b+w2<|!9vR5?^Dvr)=?yIY9+Yzo zhUpyXX7k8|Wwzmi0>H9!`ZL<9ZIEA+3Y_bgZe<*j^3H5B0Z``&mL`?a+w1=5dDI!X zQQ(jhIMo}^yB{6yBU@?NWb*#f?F!|YHLY7Twr5OrrZZZ-4l+Z024v8akwtF8;)xkO zY{gN|nO73#FX(Q1dYpBQmrmrEtzX$fA7frDN9!Gh=}2$HB*v7=hg<=>zUpOk4omk9 zD5FfT!*b)0;m(71a2)+K9i@D?PUtzM3mD%2VK{Sm;-hCg=EQl{y@2(RXf5f@XKA}R z%sh9`52t%ZfnQEjHU}NwSZvI7%rv|^+v#fAc~a_(*O1gJhB2k+3!>q6&ajg>hHXu` zOPbc?#OtLSwaGjC;oW7Ai}L>{3kS_0Ur!y_^tq9olEI6~={-MOQY88>eIULj6a{mY zo%3(I>vZZ+&v3~fORr$XAxAt}6M_Y=uzM-LTX{PN_sij@P9Em^I)9qdlg#i$HD0X(K6-Qt8;9P|^I?hqmFG;5eToOw5`0CkfMu%48b`y>He4*E$iRKLS6p7vGG zeLC}+$oSEusW{Ka&;k|FI?Rn)7o`-HvQ&ejk7%oB`(6dn!h*sx`*sFV3seNCZ$z%x z(GoXw2|H^RM8)32sL7y%WMx11urp9XWeAb2E=y{GVWOw@`QFpo^#823OAPGR{t-ru z-)Lwh4&C>gE(i3H=Re3L!~}wVJR=aQxc?mG*dJar~Z zql^DD5q>LJwjMJ+4%J<)`Ce^Ge40;qm83xRi{8_wuli(E0z`O`+PP?mMaevH{Pf~? zK`N!pGy|l3G|f}ZiI%DN)}9UAV3hAZc*a(ngBxF%Q~Rb&$ysu*F83A{|M_88zNelb zVfQ)scJSWIV7t$=(oUbaW%R9FM=piMEZofC5yl&TR73mMxukwbUoc;DOkBK^&wNF4 zqTCccA0I!lppke;FDE-Qti@g-cIh~X;u>^!`rEf}Z(ia$ecb3KA3n=|OWnn|L$88} zKJ`LAQZn*0cZ6oxB#J#|F(0d*ojIH_5(Rc*mXq$;QFrt#f^t4Hld`)8n1a)u>;de6 zGwI8?`V+$y=5-et!_zEyfFclI6$Gy}1WzY>Gex6+@l?}~wS=2m*W~#+X69Lgd9+t6 zLMXd(_iqkKM}YU*Zp#B=%tvk{G0tJLI(K>FT7gR>p|1*e_d}OseX_-Cz1zcbIS%zk zD$(x?6ib=nF50*`xzA?~a%d5vVsl_`7AJJ@P`YrcpsUomel|Hp0)o4M!48r zbnx$p{6~X1Gs{I{prAQi2-r6T^VCHeH1gGREdPMSl|fJLEN29WdAuJ`&yac z=2|5sBi1XVJAU94iM++mZ!M(w69-`2)L{{H&l{$=Bpz7E`%kZ!lrdofnTW`#o1G`+ zm^1GvG22sYTujQUk)Bd)Hk6Cz$|$H@{6(Uo^Q?N{2&!j7@6-ZMV89c_&-%{*ZF$mqV@qyP#JnrmHZWkM6#@51gu}U1~I{Nk{!u-wd*1 z4`xm-{B0WTu{tPd#*N(ROB@JE9xi$>#TKHinyvBP$bjBhNJxnKWV2W*a)qCiEc8Ye zD)dIm)iBM8(0+{M6+i93r6l``#qj&m?R8lpYwgNYi4NUX?LvnxqlJ?o*rqofsQ6T$ zeX3P)414EsDSY$m*-B7l?0X)Xtx%;g&SEC^y5p}~8~$}e)veo_$4DumT5Xzd17q&i zYZK)hTU)0ut=>(uGf7~|Mrf~+{~qy?0=y^ObP$cNQdnX{Y%2%8Pwg8Huw0|4uiE<+ z6v;s}2#MVbITwq*nJZT~wt2!D3TE)zGAJdbr=8luC!18zvU-^#+cIBQIc)jLgYrE2 zY_i|yLWlv_?Rd;M5zajhC&>*?Cd{7_-6h}%VZN^~yM=dRATUU(M0K&q={hAcTng$W z+c{$wVYs*GKO`m73ZN3LEmbP}aO3vjE>^KPfWT>*M(3`{8U?b>QNejI@ByRiX9; z)YJqg+3*dE7W*87#%0ish`ftUEMseGsE-Df9Dt}bU5iE_eh9Ad2n9};pN`9H*Pqb# z4o%A3Igi?xaeqE2=~|_Sw%;#w-WmcE;s&X1MY+lZ+eHg%Gf&4J8r88j~iVdP879W46 zy9_ZY!6|;t{137kOMzI~nX}usnt_Htpv!14P2+N0$v33D7>3jtEnkM|@0N(;(v^nm z47oT;@`$wWez%J1;Fz$K42&FkZf?hWKctE@>$+3)_FRZn)SmWLr1!E|LWrRU`)BM8 zS9qvJHE1M_Va6oRGZKiD{&bY z)Gfr*A8dgFH*Zb}8MHHZ>C5nFAb$ZG=t~6 zWBsla+V#W@vavnf?i}#;4L}NV_Zvt)agKaLb3e zqP&ogTB8y4XT6G?rBqu15+b_Fe2X|lEo-@x$TvI#(iwg_R;;tzuz{kLY7o};sIQQa z(TsRqWd8~KeIH1JyS?L0PSC`3*SEcJ-qAtqvN?W;@3nWE_B!w*=E%<%t{y91M|%IyUESnH417mDhf~+dxe&t1QUC;J4G}36emZp!+hLYbu_2 z54QY62i`hW3y=^8?`s$J!8yh;Zcd77pq#&2NF;nTWps27(20>5tEyQM6%KGr@ zUX1Thm#=g#{+)b_!v-#U$r^GDu+MRbplNhNJB0@y!>m4isKZLyZ!|S3vX!yolhR&B zt*vPHdd>|iwSAJez`0U}`8EP9Y^%Tocq}9*;NV?+hj&*#fn#}7Wdq!@FDX&?=JBw%ItcbzBhx?KH(lkC?jwQ= zAzQVa3vC91VrB>1xeUKY*X*Ym_W+I=p4Nc&N>{-?s|!B2hbgSIveq=Ka4atVFyPDH zqk`>V`R-`3RV9E(V_emEM_Wh85FwJ0mJ}FO%6p1OhdhWWKDMMHGA1gE1A9zHx!dS+ zCZ%0vGoq(|=~iTjgiNKyhfVZ2g}uOJzn0%h)AZwdkQC~+Ip4P=1C@xpzey*E-39fb zmX+}nk+6x=>G0BVxxUDP;;n7Z_fk8*&|qKPPP_5FH^P1cA74iggdQ5=sN1lkpzjJN zP4ZVlwQBd3^~U4D94p-pdSz~;F=%aGNZlfD8*#n>eq|}@`sKs7>;4>Zt)ttPO_Q%d zH2Dkwp)-Blgg^Q5V~nj}Jb)T3GzlF_zhaR+4pjw=1pv4Qp=?$;$8Mjw+hmlp zKC&22ZX4JQY=@Of$r&RsvAyX&3`kp5sSSus=T-ZEPvp$?isVQs9?QA6xz6l_->{OZUo;tqb_S^)i`tdIRVC6>B2%QW5Ko|%!AmiROO z##DQ0mbAA*oM(N~1`ZCWqQB{CV5a%Bsp!f!Ea>j-KG)e3x_$F$aR4po@sIIs@rL~; z{IQ@{EHr|uCzZoL!+46qA4=2__J@9}k2#!M9(rt=5w>>mFI`st9}0H(=eH(W|B~4M zr!$Qvz~UBw27mseGv#<%MOqTw+=BYgrMVSCMwuYX(EW$Ky&z`{suG}dk940@x_D94 z^tGX`XZL>y-YQf2CI7n`N5$#k|4Hlq|Lm2c8Ts=47z@qmt1>bZ|HxMZ>N=PH$8G9O z|I;$f|9>x@fA92v!>?!md|Nl{Q^k}(2)u{$^ytsKrB1$%G&Fr_KYnP#{$sVFVy^#E zMp^i7^}h|#s2kSOD>Iv6v)6~QC(Muk?H3xJ6J3`MC*6J99iumPQwsvG_ICc7*q$!c z^pE=YnlGP>gMmVHC&x6muq|nki!Wxy8(v-j4U^ImmbCv{=d)5gcEY{NCnG?qsE>RKBWM|1z1CKy|9-Ss>EkCd z$_X;QUNIL1PBADw@m$3zKQ2v#nRy>Lzg^IcOa>}8f63Tpy9m=7!CTIm@4rB$~wCEU{ii-rEz7vN)#?b*=gMhCue zuuyuSn2aHY%;VF2DY3yx(@?9cORh8To6O_0fb^GZ)f4Xvrxb z61~#JW&g(sneuDcJWT{xkS6~IletHW`vHc$5*3W%{BiPb)bG-)ohPhzGAqtDG&l0R z^QFo6_wVz%B+7&}kXCtR3HM#jKFa@(cLI${VGPgVZvgBy-dkp&ZX7y}0#sV(6?mQV zS{7`SuGosSt>##o|JL}WAxt)@*wf4IdMy-D(zUv;>E~>bmciajG#t;@ifFiG`2GQx z^|ha)S~#TBIQ`(ThrkN z0xEarOVz}ueCaTs>nFi;A6aX}ON(ZtjgcAbsX^0cC758~m6BFyQ?c4-dkJ6OPVIzGY@Y1kScJD6=|OT&cQ2^k!M0*4p=z*+6dbno61*G{i#1+M|(GI z)l%jHaXUvgt3EEXA70zYb>;wc;s+6@&bgHqIvL`>+;?-zxN}?M_9>PhjB07)27Vc3 zxfX1GS8i(bp1=n^5S)>JoxZD1Yw&z=Nvohi*QwZ*MfR<2HIB=XRt`dM^6vwvhyoAr zoHt?D(rVC!o+4wUCL%Qm>D#r_0>RwcekS!rO&u&p-v|nXx^7mxDe5Ie%|I6z z^V59Hke;`Hy;%Qm*;Is}(WV`)1K_{$Y{HNA8>Q5lr9=ainnbehlEQ)-5>CMw8j2(y zWi(p|xd(BH`=?E_XJp=>m(k1?f7Zb7d-i4GbqTx|X{cP)SH0Qylq5zT&4^lP?HRwT zH^3%9O4jH|PMq!IMH^VjN5A;r6^L(){}vdncjXM$rBqx=zgfwVZfw@cRMs$(ETB`n z?Ag}tn%lTe;a@mxx^vK%%|N4B_djFl_Y9COo&{kNy%O9>xet)5=D!a7YidNJKXV4V zq^{!Fw04!Z2L3df*>p#b?8m@j?78&sho=!#iqs6Er&(ll`cFg-|6HUmqx|2$Yl{58 zbb9;uw*NP)%YXe*X#VGt{r}Lf?(YKjD*a{-<#}x5Ar&UYAI21?tac>kx^(V@%1UZ_ z`pV9K)*ivLF>HswkAHDEhXnF6HQ(BP+AVXu|3C~InzzbhIsnv#6>bIJbS6N5+CFU$^VhLlJNIu$3%@7iGZ3E>hJ$s0@P_o|xQZ(Y zXvFmRaAr=hC9vcsM0dG-pLw983C%s}_#`iVu5&_9*zK2d?Aq#wv;8NP;Z6oKhMMX6 z3;w&cxG*HV6|8=gDL+q>bOx}S2_OBr56kg8_|tz2%Z-Q)uY>UI(nlTf;3a}@)HSJv zRy&!XpWD9}L+^IbcEJRz!fu>6Tm3xtg~X#6!Ql&xHsa4iQ(H0=#RoY}Re&tb;63oV zNzD9vo_cBmjwL?(TeB$LKgDkzJ2%_JKg}`pwcUfY^(o!rRq!!mU~w!rKI%KrTei50 zxWiPow=AMvR^c(q@x#=)=@l2Qs3@UW#~3cf_wVRRa*t#QHN(ETAMHCgca>Km*i1*S zg6A{%`I6_7$n%?t=SPzilpnr>va*3aaxa<=nR=BpN-i-O_FvkP!vc;nZt>iOH(b0% zvB)hyFlhFU>^dY$sQF<$;5ier<}rQvTjJ(`c~vHVWr~4-e;pca*Y`DR<%D)@;v)>Z zL@;qVIO@D>#3Ug{N-tih_u1^f9)#iBd7D7CGSwi*oIc1E5JZ~&hy@U7Fz)BCGoe2+ z^MUjt`6;YIQ~zEQn@+~1%Vjlm?EWy9?+8F<&>7ysWh-gm3w=sbE_zTd>zVIvQ8jLA zCDv3dAS8F?(Wi>iM8l-Xuy9+bL}M|XG^PS} z8JGZalKr#g&R7n0KSpHlQ|lFtRlk<@PsBHa??z`>6lG+xRJtCxQ#d_Wm9GkVTu5Oo zd8Bbx;Y4!8Nzq$*&V^}sH;I6!4`S;C^nwgZvDs%{-Y;A`sk8ku6&x=ckSN~4@%G=$ zF1J{qxvxE@ z*X^mavPVho2!u~uq3Vuwk>&gJdh3pL6}=1@#druXIL=$suYsMCW7yZLA~+vwCnx@G ztw{aTsP+Cdu#u2wmaB%aaHtOeJ#Cm&$Ob+#)U~{<%gxs{wFwzJ>HE%~PMDtY$%6Q+ zGhwSDhTer36+Im`;Kn>c#v;bUHbZw+t7j%3tf}V|VB?{{p>5MdF$3m>AI@Rb-&&E^ zv|-pL_MaxTe}?_E&%C3|jB$meS@0s!tu=Gm4j84UzI z{Sdr+6Q8#b-0&M=iV7VX_awk z12Q0K1U9Y(6HGK zvn`@~M9FN_J+&wu?xw-FR89{>GJQVdsw)#E29G5g%2xaK=4FsT!3(!<+(pam+&*^v z4b!XX8XR4y@ot9c-{~&gYw)_Y-}Uq5WeyWDD0%3P+26O2EVw*z7S>=0CF-26@f!N*lqep&4_<~Nur zo`2Lm@beH7wuPJuPSWut9m8oNLg7-Gi@R8|0B{6WgqNHHBhnIqI&-7eAUhivwfGOL*;Rw894_C=q&r6@2cO(F2DD<$d-QKH#>~%=2Cj2 z{QUwc&*c|gsEbG|LJoNWz=MVcQys+on^0ZVfZRIBM#|M$ z`?itD4i+KqE+J$+K*0n(>mQfk=32!JL)R}$L?J1OsF#?vbIDotj#ZoVwA&(kjb|IR zisz2r0)`K{oOC+%)*m*N5$b5VD=hD z{aUJP6DK-P9gp{pD!J9L?GP4+ga)g|(|)FV7-H(OV9R>f6M>%SNw?nq<=fA*rr2XO zf3DLp@sjAFY6B+TDE`i%;CoI!>Tg3`v}LV}18+Lbqt`CJ2vYW}tB{Gqk>cQR)lChH z#Sg%sQdxQU*XH=~GDaut#cT%FFAQr}{<}RS6LZuZkD-q1NQI8a0+4R(dKeJ z^h!hd^bwea2X&0ZJR_%;?9z?Hj*JF^`G45$mJ2v7eb9AA&vJ^U&W`*D6En);1pQ74 za7@B;DXNJ7`fZU?SnZ#cced(-r`j8@SAjcs?^_V_F1dNCCEL4R^tFb9cIX@aq~n^3 ze-rVy^6r^mBF9iOOpeeJH36eKm%u~!3HKNf;)zrx`nY)A2mwQ)>AYoE_5B)oZ=}y$ zM_FmV9}DS7yx8y{rlle=g&Jh>eHuixftzYknDuk`0gt%fe%EG4?w@eVn;CzI+!b~U zb@0{A2H| zAXUEN+;KCOHo^zl!+t;!;Dfw-;2f1S*Z^y?euaoAFk&q-QOd>Piw5t8H8!z|6fIGDlOIsJadpE6Y16Aju!a2n)iI%nX(qp)0b)gp%?bjy$3IjJKIl>R zcUf{8^g(pLsrESRi-)gq$J=lRo zTZj#LKx+8{ldMyr!?_wYI6nL&dfmgSzz_9V>liCP6cK>5(Q;VhhG{t$m35x%jIb6c^^({)`FP zC^7el`_;bKfT6lxUo{z&bR_o`ruBX^1g$f1UzurhK+5qg)jD_RI1*J+THsJgEF=Bg zv(NNfc|PGZcaFPM?DzWv-M|VY$7Dfc+p$<|PMh&Elb3-56Wj>w09K7YwOne>D->d^ ze^6mBl3XP|G zH7LI#pB7<(4y%&00(WP@T#uE8aNW^PG$Giy5WjXbA&hUFx!l_|peD9$U8F5j-mY*6 zmHPblN0;&C4&99Xdrv!jrlkyJ>W=1D6V-nrhMe1ca!Rjm!>y5HtcuNEk5t5;mBLp~ z5O&Bgr}YF~uKkiG{Q0rQuC>*=1?vHyh*K??)y=}p7!Tfu_7NBP10?IJOJmOi4nATs zCI|+BrQoH#tASU(g)(Ks;u$M~cb>h9xDblk>Yak2mZ?27PQ41Zy&8v&?6aCqkh zRb*_Z_t5Ep5X7D3DTfRsJ|4(9PAL`$+4ykcJmWtR>Wq!sOhLtKBo|kYad{!Di%}!k zl+?$5)F4m$Tx&vjar~6r&&xQkhB8V7e>bK))cZhFZN}beV$kr##-%0lzWR;WjN=j= zt!pJ$M;CU&eWz4ocdaHy3`;h~o=D(}($9vJR>FO_p2EueH1?COkNUDPAWWhx5nl_R zpDBTU)|Z;l;1xSN^Rc-bwF#Vpe^Gl2(OqMc)?1ji@`KE6y;HQp*Xw7F4t#OGeeeR1 zdYuiS@aIcgTc0Sc4m8h^&7y5}r+o3wS6QFt$-`Sn-VqoWHw2aI#>0GqJP=oWb$1zV zy!6Az%*bfy%C9_k>bc`8dsI1O;(C-TLrpS5P75qsZIsJh{K5QTT+Z?~Ev>YK-xoXd zZVo;aocr0XJn?H^6H-1klk2KwLub`gtww1n*a$%_-Q`h20)i%L2oOzpM6y_0Jfs&wPr;x4{eQIj+-EOfz-=}jaTC4u!;%~>Kti50Rz=~lT; zM~FbzH~G$I_2ApE5&!nw@V9!cwymxop2&^p>e(A8OwkiMTw@=6jw))cj zr(CcsKjA|tw)p$wrAF^x1Phn-i;fn+;W1b~z|h7#2ba!ea)ZFVJ;|;DO*F!-kjk*L z8jg!TiuVc&&z$3L_WQjCYsGt;Vb?)fPAPNaru(z{~X+`dqX--v7)m`Ic7Dp`xmbFIWn#+=o zj=git8{%{mr=Q)*%>mO++p=oa4UXb6?CYb~*)w7%*6vLNm{sbmWm%^Jgs6M|V|;If zjL4^WuUVKKc1A)Dz>E*Omec=+m&+$CR`A>=f%*T-!%CfeTLutEZr*O ziS!K1>9~-`)#Tw7f|xlDQW$w)^{I0Na08f zC_h!_`r@Ehq=mXh^Jl|s*QY$ZTdM))u&+%52^0o^D-IauEPt?u) zxH-!kgoc_2z=48KkD@T&DKxMn>Z_V~XFrJU{O`Paje2g`9P%3{amAi8&R2w=XA^=esuxRtJ_|#Fc1Q`lF^VG1 zIu~q&E97B!UjyGoF!`T#t!!P+!>n_5YVI8S>~NFp?`13nns@zMRmZT#b$6ksv5bi+ z&VMq3HK+MJ!l|wWbI3PzXt$xx#zb{8Y zPJE_OcfCM;;OIs*iw>v_Yjd!vRE3>_{j9yZIJS#go6jru6?uqFVcNZ9o zpn8hV#9pMp3W5A2(;vb8*kR&>>OnsB5tffF=>$!#v_{~wd^ZH(sdid0=dXrYc!{0u zrL&`cE_0dm?xeX6mOIXUqxcI9O5tApg~_8m76~?B-jU~1Mgx}KYE{#MfBGflpMDWe zKNv7fbu*<1n67-u`+kix#M-<-;_RKZE6D|~PJb&ggh?eS1$}f#ji&jY(nOkB2eD!7 z!Uw(7fS1hOx%NjnKD=aie<&zv?_Qb7OKK-)B1Q~BE=P;F>>T)m*DbEoTpM=?k5WEJ z3Ow2L{z5F*lX6Udzauc~-_rgQ>?gFv?Wh@6@Vyn#PVcnUiIoa%!si@v$;4jr0iln# z5dPJbuG@Jb1mS>;!k?$`tdF3kjEYFMzKEnuIIpjXJUQNFH59IOZ zQXWVobEv`=mB8iUgqV__<{km3Ch~BuA95PD8dHtm`OUQS2`Jd?hid?O^wlnsdNC`=IPLN?kG>(jKSW zm~Xpg{5bN=?(bjE&LFF^#s1*r$A9s6^*Bi9__mvq!RpDIcMAYs@{Oq9LPgrA+Z(?? zv^VWON=tm(lEB=#ZFSp3%W4){K-Gb6G1q06I^9m@k`-U46zQ#0ed`r6XgWR1A{g<1 z&Yi!YdiddtAKFS6q^|@(AhidnN2^Ls@9#M9=qGEk*OOHmEwT(Ax-%&~)X^==PgTZN zz8Y&PU+Fb&Adz3o@9*^;;IK^N&DQLWOb_iif?-TX1~Y6o2MPIwO$>sl^iw?-SO6up zPPVT7*PK6JU-0v|?pAfG(D!VME~RbMB8n-lnNZ|rkl;moV;9n~A8xDmcSL@7?TlhN zK(|xv$(iUeJ!R|$pcE;{1W4lvUnhPP4SHF}*Sh-v52=0Ur^EqM6#G_c7tCa}N5~mRvse6;Ol%ML1T_+90+@xR!6�!lE?kt?hA2e^M7pS;bd@F@MM1h!rHcrm zNa%!Kr3gY4>AiOd9jQ?ekQzEtLk|R!&_ZY-XM^8+&-roh7~dV|+<$ld$Vjr=Tyw9r zW_#A064NfqV1^jwF1lV6A4;i@uE{7NM%_1fMyAcgEdgJD9yvU7(~B9WUU?WT{3~rG zhuk^d89B9+#^vy3$5&TxfKGEqMqAUHfph7K_5~FnvU*zEOr3%lTGT#G<1=-W51ety zMFogQa|P>OBQ!6hm??fh3D{i6dY=s;I^G>A3y$8v20z z3jOi^6ARdl{*rmhi)dFfehaK*iEgBmnD=b0lB-WWRs&S9smjsVV2l;))mTk=aB+m~ z<=99Uw{ps=T0C9;32jQ?iM0k#&6E}pe#&2!a+|y0Wg?^&)JZNdE(;<8QTefg?uzF%a6(-^t=dXkNzPxRD=K1Y0uNbm=q-*BfuR1AY}-w} zH0(4`MJZ`r(Dd}0GE8AeL;)Hqq4$zmuFxki7L4F}KxbFLeql@|?Mp7^T_ThtvJl z_VZ(Gg?paMU5x3Cn8rIz|gg zAIm(<#)mfZwt0AfP1vkPk1??yXG|^A_nf4D=#|To3d+i+)nXj^;VKwvWNG6lV|kGelnohzD;0NPq{CVm0TF1Hvv)l{1s} z^7532tIb-HIKb#4wlsy>;e5&}6uyT2@q==+tr{(n)Bj@Z0!k*{Pm`slCKCvm(XBa0-F3}3zD<6> z(ovr z@?PH&{lfN-z2rUq)(dtlTo&Uw;CflZ?vKBN_#GWRgpI&~+{5RXi)dmpE(~XQ{TZ>~ zdV4RoBiL~EYw`SPpzpNFd1#%2D;Or^?MZoz5fIyD^GNL~&(-hU)AW9;QH)bHmaS_= zy5cU491pTjW9-GK;-1EfltXmcK%6)B2|OZtmhIK?+Rs;D3rkB0pVNC9F^hf}2%?d( zB9M-dq%k0U5|{uePcfI;b$85hCm)EYpwy)OI#09n>KNh#V zQ=Rmz#iYEW@!cTpl$+c-jF{>3e49L*R<0u$Wm-}p1{<0+4o#{5_f#@vg^EkEm3wSs z5fJ-9jp98Z?J0j~%U};sSk@aAppvfBO;dtMkc3?oZ>%e{S6X-C~9g(oA?p& z?*Nwqz6q$m=y`;xqwojx_q%y-0@=AXA7T1Ucb%2vgcOR5Y62%s_2nTmzOlY1OBn*- z33Zf9QPzwh^%G}0qwR8c00CLHUS@5Z%6K+P3udr`($f1ScxyDY<5Li;s-k($?*^iQ#5K|9hre^{`jZ~{>_5I54?pK|dV0CdvS z^f4Zqi_<)Q#VOv#UFbXlFBH0a#}m+fDB>_JUrgdBqGP>o9;lnU2q;U1u+b8yT4<9-Rzm@Cv2Y|0Ua6YlQ4& z!H-bL>CEFS9ry{Abz>bG2}nMFj-8%YiGPw!chsEb(8l|Hq5(U(%jTRJ=GY<~ixoB0 zp<&Oy604Fo1D&gWb9Y6Y*2p%$C=}!gfH9KXNa~8N7tSfbGNXls!`>aX!h^rIQ=GCJaJ@ZpZo!nNxsHG`%$h08BoQ)}p|{Ht|?VwOI~4aKB! zak{BHgvhI`0tJ6os4L^}Be%}pO-9O9da{F!Dnts0^~v$U=~^aNsJS{9I+&p(k{VlX z8e4?hslk0+uEm=*hui`?VJXn=@^=dZs{-G>uN!s5d%Jp!tJ&gXuB22Kt&#QB4jZ@I z42^R6KfCtVaBI6DTvorr1p3Xe>ELmmL)vTa-YLhT8tz<_{mdh>G_v8)Kuq&RI7D1s zFIuF^k9|2O47>S2(PnRt}?-^^)@YXy9eEG0`@f?{ck90#iB$&U)|w z(E!1vf!?-Vcv;qf<~g0ObF18%o7vAUa&PTfhJS(;mJk7D`x*>X4a-;YOvUo)+;~UN zAedW3C8{H4qBL*d#0C_6)#+o=y49?Mg3 zWX$hs&@=fM$Oz9#sd&KrNF1wtA=Za`tXI_>S#b7t{fz>s&jFaJjOw%cFcC|enID=@mLSSR zo5pGSS~yzRwYe}+NSi6wda~w%IN1`vkkIfMf_zTIYwrV)o+9>)#u4t?xlqS_hguU> z_%ozmy$&nPx&$mnu3h}V=hX6T{JPsTb>*K|EkMfY|9c!5pf-d6c``OfMN>zy??I~E zkL(jXOW0Qn=f9qnqbZyMfMs9iKA-oW2HYodYi|SD3GZE;LX_j#adwz9M4h7P&{bLr z-;8Nqr)2h@Jh~;X4$rYG7=7~>eQI#ybb_9>+dTAMo7p2a5^_~qdc5sZ*Z=1cbWHlc z2s*%=VmNctoL%!T)Non(VsY^YqF(*8i-3n6XxIMZ%R%du+!iU-GA1=uXSOi=*1E}f zww$;(mHIZ-)pWSo=2WSdW%5{Zon9iRefzKLMz`7NVx)T5V5=lzAbW;st@oSl>i42p z?NKIVwTWxw_v*|zN(rsS8yZ@rHnAzWr`M8MF#h${QfWc5HG{95qH)mdhWZq0HtUUM zrMs{mjZyBJ;zP?TnZT|Krpbx`Q5lCQ&lHa=^+J7}PVK^iZhEE2Q@1af#p{3f1pIxY zENTc@Vl}pFb%}C$jH5OVEDld&-7he1j$S~snY)f^S3LXK#*plbgvFG4)z~6Ah#qt0 zEi+Au-+;t6H*p*Usab2-=JyWsjvf?s+^>QtP zi{vuBTC#weXp8*WHVK(4r+!1sWV;wH-cr=?iygLZFgl1t6z8*nMji7`i6!ekcjn`L zz#w`Ym-|{tb}cW_cGSEB>NbuV6=^_W@P}qSCaiff!lx%cr~2yET02#Wje2hgC&`g+F$Z!3#S|+dJfFTOJrIE*W5F@cg zpoH!|Lzhy3MGG0bVSQj!RfBR`$s1V7pUkph&1!VKY|5kDcAMrA;;otEUK`LY-{Sjg zD~Fw{nFIh{IX{K$J4I)N(ynt_uk0pr}yL@g2F!(bsU|iHnpl9wGTPpz-aoXD$YaQ zVY!|lCVnb;{RjTzk5oJIE}lIw%bzhtB`7D2Hhz*}bBSY0f78bXV)0Y8Xm(X;IvKC4 z@0VJ;<&{F=Pw6Y97Ajx!(d3SXw6f0y4cGnVltJI${92C_A9I5?b}$NHM6Ksr*|i&qFY#83pDPpQ=b9+y3`c(KPLE+q2DkJ(o$PSj`c_2G<7&&JbT_|GhQ!R9{EQhgP&b`M z&YkK4K3%tm0Z?iJ4_IL}<7vEOJ8OnNvhto!^CG3OgT-f|J26*BvO5`vl4xoiB7}I3y6R;@RvH3#yGy(J`z${qF_ zN2p*WgCOfhj5TJ_W^F|jzu{}XQc0N)d!Oqgtf6w`rWwD_fgXlr-t?g}+Xc#oo!3;k znA5wRujZ*pQ$L*UY-8D5o`+anHZ1en8WBz;4KvP;6-CgqFJVzC`R%@KkfJkJ+elLQ6@@&l23Vb`|pT%)dlxkS07KT zztbsvc9B&orF07Ua+u_koar+$6cA1?>@{l7Bm>Ddru~&VK0^0s4A)y}8X2wPkB_oE z@ya}O*&dBs9kTX61);QH%>USZ+%+!!8j(7p8Nse+fSe9qiohlp-2$bNg9*7|o<%T` zOxU+1oBnI<2bTPSkZPBZ<8%(cmO#?eb++*%OXdUrxt;iAS%$qF}pprMot2n!~S6#^|M{gq(cPnp|kJ z%*9J$wce#7l2Yk4eG}m`6`F;EufAO*dj2BfMgS*^1E_C!+}i6rdo4RW(=C6WAn zj)>ko)2^^(ThW3K7|TXZV_b@PKWogjW86~D*hQ#VF+=?7Ba78vKjNoA)I-5VFxe2< zhvJSyF2-?I5Khar6{UG;`M8(xt1N_L|Od(J06>PvzY=mjjMmzW0T=uw| zwOfAmQi{J(QfkhL#f9unJ*?6gAr%-{rjPjbne=luKkWpnj1)>AkyO1r+o)(~cO{gS zMiGZvs3unfLjBAIvW(HA{41ox5)+>jL^mmPM#nDl3VUL<-c{6UA;Z`opQrXRJ0SX- zGR5@=q-rm+=Rs!<@kjHr>6buWDPAsu%aqdEkOS%(ubjRqh&Ez#6DZDGJ2}hVQ3_&P zNb_p{bTlD7bQR}gJD#LBA3YJx?O{=uTjjctJ7lh6!@cwVdqCH1s$;cPF+4@6_!KPp z_MP7|brIjIZlAMAP2qf{(CxFL6=L=FcPS@&u4QN&YQxPrdi(lpUuKXLZsoksq33za zqVLlBcba?JTsOJhM#ByXnnnbjlE{Qam==I zD66p+zHa%p!A3TC`%L7k?!U!YmLBHqaV?YYu9oBwAytM?k1&HuN3OUJbvBP92jjhO z6`sh^#;%|r*^{Um_r08YsrM?v9{i!n@~n5MmA*OPKXFUsBcaV9Zt@U(Z|`-Wvut{j z#0xfx@uv4G&kt1I1iKSGQyJZS2=ze0&VFsj7m_kbNEM;0G!ILpH4;|^A6dj-|EjDR z{E_0H_1&?OxAxSKM1rhW?{$;I?vKnILXYnhqLT7H>fCjZJ2y*{S2 zr8st@oQ!NhVOM-d!q^qBj~*VxZm#++02YReQ|=0j)N`pEv+OntE2oUy8S?jcjUq6C6(Si0(E(!z%s7GI3P5g15c z4!~GAjWSR#N74s%t9NmnfoMkBzGV>80)<+jN(jI0vb`u)&<9@_$9Isvrz#=vENnps zDdM+$oIEHSu~-b59rZMP)*~yqq~fE)8umTtRG<`8zu9-h)QsDV6ug!|7i7BtRS4D- zL1}}NHMXw%^PyAMPc^w6&wV8FPtEUs$-KJRUWsSs8ZvU`>XW7i@tig*zb~{Oc%>-r zE`__gm5RsOtdaOBcs=On1buXDX~GH)12fSYvWm z_L+|kO`XtmZi0L3));Sji97gRlpGd5kE8tDaG|65*4Rg>=m)TRq;K}vn! zWnmG&&fTNS>GKQeR718T37ON49TKC`hBBx3% z-ygjk8H2P^T{bbz$-NFwmo;Qa;+l+4yUrxq^rWl-reHjMa-*1e&@@W`q&^<;Z7I&X z$b)8{<7vaxwD<1j0M}eFZ4+WRMOv=)pe|#=&*aXZa-1@l;?k4}1$qr`Xa6MvnmdPzo;ZtI+ zqi6Y7kLQEN!x+v=EPZp$kYrmMa^$#l{BEDX!SnSoye8~C=G0iamiM9+dOyv*H5Ie9 zlTI?q&CLZD^4bHApdEzm) zNVRIs!RF+w4=2a}kd;>@)-KaD*XTwluT%4>&c0S$nfD}AMKa-k*?4$niY2#_!yqaq zsqT3**ZZk1$E}u;-;IxcOcXw6CSP9n(Pds_Uaj6%`8$_9!zEAf$BWn0=5bqFIXAf2 zX(xBy!FTX~xFP5jw3o_=#SU`tdGH?b7N!Z>BUP8~Igu*yXn-cS*7t6t>xzp{`G$I| zG1KvJo1k%akgbQ02$JyVa5p@uSv6_fi-P{L=JEJt3hQV4Z2_@3Vbft85z+Jl4oTz9 zQS6jj(=+QEQv0@zUze&9Mqe8hu@n3{z{Yjb!rtGXRHc%I76A+~|2@94ZnN>^$TghV zGboTVM&{k-)_^?C+AmrS7pR!F$E?GF<;^L6Xth31zfuKr$U&flT0O=5(REhR5w9x$ zKvVC{)x7tu(9B?E<0qzT#EllwyA2TYRw&;VO7Nz(w)P(pvL9tGBx%BGLru_z?hG|{ zLZ2P!U9x~q8hZ`R&TlS;z>f#PqnMy|Xoc+$^}W3hYKE0?U%#1h&qMI9I073}sUJq{ zwO(-WV=}TIf~0`8hV4mP%*_Frnl}jOdFm%}pFVv8515^!vEQul*s&zIXLCmB_$n2K z7ssEoh>g^B`mGvxAy?2LYO7rcnC6W;YawPs< z+N;T9KPYOt`rWd6Lg}IMBEZ?(d!+_-FWT7nN>9A3s|7r~YvO!=m&jJrliLntq!)V6 zTJ_n|{PUaP>h8D)N$WU_lGPe=>Mr^!Y`gE+!(V4LR-%8n5Fz+XnexK9Ydbq|5)o$E zpRyL$W&`G4Gmq6aD7XXJQ|xP@%zLlvr1=i7Sp|~+%H`RsD!yGv7LLl#;x=Leo zyjTR4?D_a&?+d+?@4jOldkD&1+UG9Xy9_aI2mqSM>A2I~x6oUmT~NY3%bW_f?n#Xpphq#eG< z0x%t0o9|;)y_)z_#EINDVZ;5cd|9FrjqGu`F3hB~%(!u~c_@liaytEJqY7%`K7TQi zMO^c)!smf69P-n|z9Q4W8`>q6=naqU{2Ob_B-B-p9nJ%**huaIwr}ZQ z@=MNn{mK3%4znt6R`23FPzG6f;~9olBx=XQP*vR>7va^SrU{@}4`qlNq5jBtwE5vi zg`5)1;QW`vw4MjL*n#-ig@dN(#Kj;}pz5-?JjF1^5!B@%BUCrS2K|*HRA!__^>Uo5X5v$(D#HmL~gzX1t<6PWn&}&ll#D#8vXm zGz#uF@^(}EAP&rXX@QXgi(MDxb#<$_*+MFv(bC$|OWsXxBCVOSlim`5!(?QWm6jB; z9Z+`I#j7`0Qz5gj2|%_(6Kf#53{b=+eu}IaknTy3Ey5KdnR30b^_@{x;4S5s)x{z? zRz-CrML1oqgn5q)<%Js_-5M;#)@hf7wBHcCP0Pf_^SJZSiw; z$a@~%iZ{U#MDt!y+()Tz&Z8;kK%ZyAaz4~3r`!*NwIJqvp6^gU%YD%9fjEee*7&|^ zvD}kS=d4j|Y3mlCQ9rvLEG_@OtJ`4J0~aGT8Yh;N@ATr{7D05sE;k9;x9!BR z(2@m*KGCg4%n_x(cc!L`>|N~V)~esR%gu4i{TFDZ`sbx>GP3F>LBBtFJM6}}g)r|t zd@>KfDnpCdmE%Q~)R?2R?v|O>&u6=z!>+4Q%T`uaR=aP#<2S7Br4m2aLOSunuMKxn zDfAw0FZawWp9*T$!5iH=y5k=%LKL25NWC)n-Fu1l<-Odz3+F#cxWhkC>rJ^XkmvIh zy43XQje$MN0yi&VLP$LyNPZah?;0S+czfu0-X3aOMO0sf|2Tb(dE-D+h6x+LX_+VA zH^DO46y$IMxk2e3eiOxOt(qt6?+|p81iFY+$w5(~s6fXHG|pI_CAQX%1cb7xj0*8lS4caWeqBJN*vUqgm&fJ)puiT3EM;~sdPp7L`@u?y_*fXhZ}z^MEm82Ny!^HF{9|p0t^VhiCtVTC z_K)qmjXD36bG=h4wyK|h_IB*~*YGRRu@Zm2{Ygl?Co-#K{ku0p7si=p_A<&V^7zrR z=o^j;0QycKR(UJf( zCXC5iHdJN^=8NYwcIx5;pWjW*S9Rt}h<@!>D;M^dp8h7l(x)%2^BqJ~9v^^S2tR-J zY-vb+IpV5L^dCJAQ|CrgqvY~CuR0z)-Rk%MvaR77j;+sny(6@q{DSsNRv|VX_Y(yk zkSvJHh#7fL@=1u+o1I{w@Ue|cvAHLd{oFcVkuut-#%HYP4t?C1NKl7a=f{tt|Mcxs zeoeSxchbUJ6Eg#Fn}eqoJHS9cwQ=)wKHnY_<~jbp7zLF3JHoC1BxfJV3}v$+D4zxh zH8nM-^H%&$cG5AksXv5~qMRRZJo9>Z;Xpn(x^ixOYuRH_UYWYyBK{du{5T73jYI~nvwr<6?D@As+-zgd($FR zM29APh4uMDn%-t57hgXOD@a9sS^cuz6O(bT-5$NTI;DDNL|%YTDrd`~#e=(j!eIoH zDfW`s9E*_M;fKq4fw&)0pR^zMSnUdpv>)_t46L8Zz|+RW=qm*jC+Y6$dW~%H!LY40 z6K03Y&DvZ#7(rH()z)tIS09;{czNBYGYSMcpD}_2Hzi#vqJw|?(y~-kng6S&r=YB=| zlvzFB@6Gy&k4J1r5$N-H{GQ$}4+Hx6jwv0*3%}julE_`LJPm#3hpVE!)3?2~%`N8R zx|!m509L9vwCu`Rijja5lHl2!vZhMrmfU9Q4yt7xp0iKCcgV;~cQ=ji#LL>E`EH+e z5->p57m8Tiq-|tL2MAXnH`Q7Ukld%PkMB!_K*Mi-NNjvO3L8QHV&YTxP>Dnkef6`5 z%2+A&?$TVnD+AZ)>FM35$jW(V{1DO&V9f2t(FSh^;v?WcGO|DTZT5sRURd)O_#cc` zwx#d!0t5V&n_DfAxNKekNK-omlxpfpxGHmR*u63BvC@C&A`(|DAH7uQ+Y~b)I+|n%Cl^ZbTxxl|nBNtr`0Xd;;wnko_{F z+16$Mx>vX`2X{#qJ^a{)gNb|%b_ft2%@6@BYk$vc zXHjaA#7*;|93|}GQr9;M0I(!iJXDZ&7DYLuv6O!PU&Iz!8288j>%i^2zn7n$1c2rL zCl2A=mH+>O|F>MKxbDl>4XBk_3QMsQtX94jNkV*s9*7B^O0Tn*0DM?QGO_y7StJX# z%E!~Hs|*)#L#^8lBro$LF3Hviv{@EUQ=bKpfKxN1trmKrY06BGHSdNbTV&kWjhx*- zvTJxd@OGx!Du^|x!!WZGCS!VDp!DvK{jNuQM9H2n@9__hsKp=S3 zJD*KF*EkzTU3O52aUfY9s1CTlfeCFJG$_^+k7=+A*I!xP(nF3^!Xq`KWk#Dewvq^` ztRV`A3cM!9nKkPe%X^B(R!Df2Q7Zaafkn}CFH+^TJ>)iU8!|Gy&`(8Q-azY`Cj)U7`m5Nq8K?wj4oCMeOyN@A@FoeH-Zq+@e( z+g73e1YDeL6v(s#8G+GPU`1?PHX&#&Bc+V)v&?^XOtbwJlY8s)U;g43Olj=i+n>TAzAY6CtdPcgILNk|_ftc4=Hf!gvXysu^@o+* zhFzG&kbjj+0OK**i63@yq>~taB_g+3(dO5LbnehZ!&|G`?K;Y#Td3p0MXl7Uy#ocs zHWcSuc!xfk#oJ6~)kwJSKSv4OM+cr5?sg!nTz~$`8W1G%nhfk$2(Hgv&0FnwB*Uq5 z)7E6~pus0m8q5#hQJ}{&=Wgjyjr=rJefvn^ZW&W{>nsDhc3qKYcB1Y>xBGI-I=d-K z$cqoYquDpA-(Y}V zfbr>^LNTb0GVaDQ>Ioql)Rq*|1oKC*4JY*AG=1A2b$_3zuS*tkRc$x$F{e3;nos8K zAY@HJDUKmCHr`}6eADW&K#F_2vmvVsxN^{c)QmAjJZYmFUJ;{Kk7aOF*#XGLufebg=W5^8X%QEZ&e?tYTx@+WgkA zbt7Hickf_R%2#wI03Yhol>7mk`a+Q;iG61L5FC}4gwU-}rUpv#_6ms;gm#kNgG>{3 zn^4{k%?Or}oewCX8QbZl>0-o8-7yi86Qu6ae-sS=tOIRfvPwG=o*KSuvp1u|Wi?`o zvb9+W-X;pjYo(_aUiXqDIN^eLiayL8U3tJg$lPB~p6-$-bOkY%2diHi$up*hUO&UPyHD6X%48n>x!nU-I6Il+>DA zbyjQ;Vu?E$W`7bRD4_l6hRe^efc`ONgRP>S#YRx9S&wMqav(f$NIM;!%%nxtz1tz% zw-HWv5aMO%!(I|_KiNO)jm2yi!>1tO&D)J&$|tYyOUUxf@=_$~IPF$g!b}m^lXdD_ zUkq3kez9BT!Ja@(DrAa4)GuXPQ>W(R2lSNsq2W}9#3?mPq_Hf@m}MQgh<@_wyt(qjXU7d%KX^i1`cZ0fjl`vS0DXNXvR-8646?%6H$ zw4DIz{TlRa{hbr|hw%Q3`(8q6I1SBQcH67FSWq@`3F;+*RDu? zg&hYwi(t_64L%iK*Y%(r+{$a;pZ2hM>TDMiC|o0Ms9z_Al9cZ)u}~6 z)dU?E%;Z{_&!Qv$;-D8lrFWF%#ZPPmC!Zv&JW=^|30H$Iy(-Z7iX5`r)Og?0w)MA* z^ohP+>O%?n^Ae)FKKiiPm17g|un`Jk)`9Su&Eam29YA=1PbZI@>L)t?V?c8&H`FvU zhs8k10{Y#_ivXr>_Q9jHNigW_3`NiK{7ph z*wTrl&3vimO}nOO>KggaY$ay1HrPNGV~1yYvC@w5LMH-!M+J4>6ExPdRC&-aML4Bev!@2VI%2FE z4jVYk`I^))fV|eUmF2zS$y)lESwLG8TI0D0t6Tf2W1Pw>HsGHujI*a*UMJLq_ck`V zhQxuT6&RN2tgyHbKSsU~=r_MzVBMX$nzV8((7XREb=7D`X~rtA>68^@@1iJ#`(=(k zG%nLfoojmf`}fzo6abX$hX8}#a``$&^()uCNL}BBH_L+MRoY~?1H;3wG+qL(%P4DM z?>$BSl)i`%mO2|%WEF+A{y}rV3SZ6jAN4ciX=@Pm*+858j}q#CNhqLmAX9#A3z*dg zxo*<{N-j$tK|^N6iiM-t{@zzIXQh7aefh|Fr+-3ph{x zzu9|0+WsjKvI1m9C!6i~WZvKI|A{@N)kk`n1+XmM!(Nu3%Ksl_gx^At^=?~OjiKBT zT^%+V#>4_3t!yhbaKsIRo>NVJjAL>$dk5^OeCv;~H1%pu9oyk7)-GXDU`By&aiTR>TV1t5#b$R6FB7?&6G{bLGG^~pF)9h<@0J#of*5ZDWtyAO*= za~-Bi9JL=fMqif#`+(I}`yPt7z{nW0w zZMi`l?l-`r6?DM1o)+U6!=h@ZEd@Mwyd8VC@>bKIz0EL2R*81&PPfKEN>#F<3g?s= z8`kanuA?mshymqB*1>K@rde2VnPBzQ;Dg?w7GhmeQCn2gX@t4~Q6zIu^bGW($x=z}4 zshrI~c+IwyZ?YgCc4&n3tL%%~^CBHwu`@9(3^4a9lvix5%GHjCRT6n@xI>rrj?0_* zrt#IEJk?Z$x%*^iF+0}_>EbZwHGO6dl`VpIYcDt6M?5|b(1d*C-4J>f6c&TfbAESg=l#fn;{O z{b6O3ZIad-#w8cm@oZ4TM6SBxe1@yT;P=U>&P-5$QM)>6NpvlYW;{R^S48g3ZoAl^ z>~(LXmYqoIF4=c#)Rk&}ic*#RK_!OP+!}QwB>DK(B!dl;3(CBzcTLmP!oG6Oyzk+l zPnaO1b@k!r2sAv`^Lg;Ln!skdmSJJ>ai_`9TgeVSQo;j5Ro1%ryPlU5&V7#w=Rkx{ zkhOl^8$@~4gs-Bni8!jy9?C?VMA07EJ-o0nRtmRZk=dyy;H3mhbq~3e>}1FbT74?L zd@!BwarCaYyy{oEM(>)m4F?QZ6)_fqXmtjg-f8{clOb$Q(ey76&K zjT(a-B!#OQmrZ!i^wL=uwDLuIdVk?U(ydBs79Fvr@*8i)-1in&gv=&qj$^xvIp2ya z=8w47YVw;jJkO_QS%8Bhw_l-FD?bIS1$*fO1+Ew#ajvseaSL;7&w97JSyj>N!_XZfncu6IBKUq!r{_juW(m%09V~U{E z_)LzV$HF`{D}EG?-4kL~s~KM#MDh0;$>oHTM2??0bcmr{A*;~|b^UCo267TI4)yz4y4HxNH&^LvnC#Uz;HH!msd3f> z1-EHVuQg&Yz32Ko4qsfnr;D079#-g8{o5bE%M5b{vHR*LqFenfi98&+u@K z+ZYTLeSUI}mT83Y!DqNJEhYDKJ4R76w0uYp+{J7EWp3}{TG8vYAw5#UlizHV68L;q z#9`RU0j=vxb4wE`Uz1hmw@3-pL!fJxD9ePM$Nn+j;GYV1x++K zhPr(y)`SuzCZv6jSZ8(Wd|kf_xbFi97wrrE1zxfOtE2LucL%}uhThMM>Il5QKlL zmu)M4NWyiYv1V^8%-~xZT$^1m{*YbM>&L>Zc_eB!>%cX3VSDeTS;whF9M~|pcWkxO z%|2?8Pd!iyo5YA>?n*zl@fYygzuP!-0XAEt1ymD<#!T4(8inYOn4-y+TxB9TjzdT3 zfEMmVNbXqODI-2pOqr2)WL?}%zdzP^G!@yZ$NXlm+Z4-F4GUe43n`jtl42r~r(|lW ztre5^65p@J7%<5<{HTn$)=DlWb5k#&itWFjcX#IhrFM?er>w|5B-kVux4 zH_--#`Ti-(We2;&^T+m?(jH`o!Unjr*>r@wV*ypg-|ffl-go?$*oNf{nrfFr2_27< z@I$N+voNPw?1>|?&P{`P1i9PzCJQ?L2lH}zmU&ii&+f}0S%8z?*CWk)Xmo^{^G>!) zvzXLF(`^mUe(=bhYbkvEqlL6W(n88NTwi)y$?wL}ynmsm&SP{wjbuOm-h-){{9O7Z z^Vi16;dqUaE)Ils_XiIcZ8ty8b-}pd^QoFgX7#9#$#-L_IY_{B+nl)fNn^Ub1VU9R zF(CTOw1nK$FfUo7YHCvwW7&K%dHztk)Cf>&crB9BAlMb${2+^}eo41oY4cJn+(kPB zsqk|D+JIjPcK7o{ooO01x0M`%#t_@x`}r3A&{V7bIn%@Z6?C$f(6b}o1U6=dF}stmRRg&rRKc%)*c_l#;4;<&C13W)q z+a*S@^2VwY#St~{2eLgkZ_M6$H!RaksIukH&dO>n`-jXe_Xt<7XsS_o6tP=ux|W?L zyOvYmCOfFdX}B@lA-_k=R-2)&1!0Z|KT1o^GQq_!4@@M$i z4D~{x#S&{lMFJvmSK6(!tDZ~jeR5XsF~~F2V9n4fioYz)^FagpBcX@Q3rR z3Eeo=A@ZSwUb#g87bWOm9Qm0l>j{#_6lZj((efTH1(9>qk^Z7TDw*dom&{@S+8T^k0k?S)T!hMjnRLiM-^twbM1@ko?L*KG$xi0F&ynA&&GwKs6^(S=#6h83jsU0@eePJ5(v z_=EsDe~tFpboq+1v?a9Jcl|BN`g%eIgN#F1-i3~qJ+IRGgOjA;T?XW;2Q|uP*EOwe zM`n6GVL~ckUCKMxIkh}wr(YzFdXpVkISTqhNyo42I$=X?aN={E%<%rD6_W3+7i8}@ zW{VfUm7Kg`a>@ZY!@<=}^J1!p>g(l7v=Tn-mA^XehBX#z$N$LwV6^>Uo4IMemQAo- zo|}^IkxX@~%A<_C5`O>}run?Jw{z=Bmp6yK*qtz!8F|6_`mtGt^Y>>;0^DX83j=}< zRcvLhBpPRyuT!PCG-}qoQE4{aR}|{Fn*=&qombSpC9|@?JL-qmZaENgYNGB%4l^WR-l`o^3_ zh@8r6TdWP?^D0no6j#|l@$G+;ZE-?z@Kwg(ZZ36!{!QyS|DU4X1wN`6Cg-SU%8JJO za(!{Z#G?!HRB-vxe3)}GJNeyctBwmVAnD-m75g1%FXwobz$%gH+rOku6!itOkMEWa zzNPxi^<^`JdwzPo#07+M$E}65@43qvpBjN@?ML?O`A%mf>1i<1H1{d}-D*qX18Jgh z2v2eCRJQMIJ?qM!CS2w2#GwmuCG=|be&b-jNLiJl`DaYMV-UE`B2D#E36nF2Tj9xU z<=fGo^CyXXTMX+@tL%D$N0|eKBYvh0>8DxTAWHxHK&tVA&1{>{T}&Kww{1-1u>YXG zU%xdNf!+7);VGS|)Lc(pwgnYV4o>gLQjcc(v?_DztHkqDCyKvv?o~9it)VLU@?Jpp;GJ>f8|R3rVwp#FVgRUKRY444M4n%Oo*&!yU( zqy4A3n2Odp&QwaF?D?^uJWb;6*r9)1#iXDvGgsqTZi;_&U@j3HqjH<(u2YJC{=jRL z6h1YI`uaoKs05BymKGf!-krMMmvC(mSSKMa=)35}5cv?)Y%0R&@#^5frERwJ_xZ2- zjA_MNz0Cuk%B~auIl|ZgbAg-gxhKktE8$@$$&naPOJ{LVoQ-u zyk`NOUV4Au;rX!r`PW+nslrm>Q~m9%@xxxvE83~j?qCevtdgrP_+kq_Jo6}y+eDXU zNp2oO{v|H3Z1@zpc7lA-36Oc)C)Rz?*aN zU~US3m?MXXh`T9i0h96EzaqA=sodk`) zXoCh{Ww7av;dc9XQ6S4$uCdyG1i>1ydT;)8E2h#v#dY2gG5b0LMuk_>#-N=*6-D9?Invb$8+HRUxW)n4BcKbJ@ zI@yonuK7;aapQbo&$I?m3Ax7W_!Nwm>eS6W34m{_0qo&vsJy$szgE$(-j^{+PqU~{ zenZrN`hR^e9gx3f@f3S}8eIo!8#j*I{|vk+fl6_n#)D@X>Zde-?R8!N_y0CI6>FFM ztxnmKK`Lnz@2wX^Ac|k^MO5u7_5(b-OcE{yGj}1M8EyL?p=wj^sJ&FycEUe4a@L)Y z|ECu5{B3Vo)15v>OW!z;sL*tVcGvT*W$Xrd#U+PT(>F{;7b{aWE(7X?9lAk-beC-%U?pt}**O10p1&?IpE}b? z#~{efGm!YwSH;QZr&k#SM!N2&mjIZJDeRVzd7t>oG`CjXpXR>bL?`d+?hd+w?>QrI zRj3~J6(auFvUh+{IROlnR8g3)T8^7s{QCSm_$0v{(2%mki(}0?>Er1hs0b}xJ$l^o z-ZH7f)&P%p8s3hjzX^UW#PvLtVErsoc$urWNJh8Gp`^RR;~6_d_0Iu?M>kJ-C_k;$ z`z~iz0;?jmoaUvYoWOW_oX6|5ofe<&->T)3QqxF{OihMK+hhXj*mwG2wrRK~ZG_JE zCl2ubX1;#N$#^47^+j;IvT_0OH2=a`3j=mp$f9kHPNtm^I`K`DiQy}~uaqYF`gVK^ zW$r1~TWg-YBaPz%9?i1Ra*JQ=R<35g{=5O~Z5cImG!glbTU=bZVqG&(Q}bJHW#s@D z#%x@r3#bIKt+SN+>3ZKSXalxNN>JnAlX+}9ZIjTjz4>Iq`&hc0^@N+Zg!q?^53oo7 zgSYp9YT{e_g|SyeK|w%3R6szQbP$3dAWfuqP?6r04xuRuHmZc)r1##dQk52Z4@iwb zNa!Jigu8?KKj(edJ$HR;eeb=qmM$QZnLV>-_I~#BD^G5Pb%i<2Zp2D`PpC4I@HT*Q zC?MW=E)ntd#;P-1{OnzLGT*>GjL`k1rB`IF2i!^>M;%HY%AWYKk?w(o<>m?KW&8WX z|6C54r3u{?pGhE(us^oREEDhx^jj&Ea06C%mY39bhE73?S{WO6e+XAC>MWyC$Atfh zb~>a<{NVcgf)=bToXmZ=G7A4A(gLQhmmA1+}*5`QT0DmfU)xac)746A+UpP;63sy4l^>pttlZd`b}&KO zHpZInm-6MXY-y=mefeN*^@34taOQykMogC7s>jG%H|@q}?7pFGk z%&qBCPxfv3_2ihdyxNZCiF2GomzQc5JjO23d)1o7*wV6(*5?c4xkYvqf)`BhrJM;%--Ot#4q zx8z#~ygQg^?p0d8K#;?48ja|T3Ok;j5z@tOwM1X9M9NmB@s&pKvb~_N>KFnj&syNc zBYmIFs3E;GEUf_>_^g}`lMmG^4YvK!y5P z0juy@Nl=@d#3nTgc@7*9mI101baxDVgDd?9KcvpSY9>JFs+UO0QsrU5ASM3fb;$m{ zS7pn#5>NeetWaWg@DfGMlW#{Qu#--%VBss(X+6A_s-hdgFi!PAHkQ{pK(YU>e|qs@ z(=9VOI5`2RS7oUP7z;k7ux60e&63BTgHY}T>>O91%ikwy0lsMbwjV$y`T9Jp&IOqD z3^HZ~Jal8ESvlEE&<0>#?_{?Q0UqdO_PVuz8!p@XSr`yQ`9%&B%@45v!1)q%J$d>N znI!)MX-PdGCzm=c37Tnh{||}F`idQyG|7}f|8sDq2ucj#bD+BVI4P}=>@7C??q-=; zCw0DY{W!wsfPftWvnmV*tDXS%!ULRzb+ZNZBs~3zPU?&(*`R*_l614D_i>xsKpirX z|6MNlS~lseu?HtW(M8n%j@Q*_CB57e_{F+DQ5*t$bbo=ptRe0G59&JL)PjEl8FETS z=ig{~03fP8rtmzxxUlXxVYr>wqijwPagcC9DG6|i$u3m~iBJ?N6!F_L^jIx-CAUl> z{hbluF1=#WYjZ2?$kF^^7O3oNBhq~1S}&hi9k+IDl~Lk<3iJDqQQB`VqJvL~LPH>= z&)5j0Im7Jo$G>d)Oli0!6el5$k=d!r%Dx2+Ln&gXokAKC9fJ`$Mo7eL1aDET=e1r1 z2Z^nE!~}12W6oceu zgdyJ-bA^X<^Qd5~=FV~_Q>A4gI$`^xKlW2qy!$WXy|D)TF9J^*@}ux*>3HnjZraGK zdDIOOnBzBW{e9kh+vNu}p?aD_!smyDt3z{)Q@3CP;YIGFq?SA8pv`2KHh|L-kW{kjWp7CFgrvmi+oR)RE|o) zsuCOWiAqhYh1sBGM4<95$DYdz z8FxHM0!oh*E!V&i68ndhlT)GVr!wZM&F2QE}wb?AFCeATiK`Sg&mrjx_N1Xms@KmWMe}kvgW^1s&jOjFxosY z4r^47bnJW&U>!&y_k+Pno2n>kFq>k z;$g};gV`RsBm*6-cchP<-cs`o>Joq4xQpl^m!fMH_W0P~;heWOvHET=WN2T@z}X@P zVgG5+(7SZm%*Y6Ns$Bbh&7K-kLPfIOp7elOI>d7AkLoM!_NAM~yJ9ZyM^BjGxtvKjx+atQd3!MYnCioUSnqgW(+PGIX%0QI@ zZe*{>|1V?~yBNny;s=vidUWp;R@sTWj+Q^JkN16J>^^85yPNADzaWK0?vW>yFHXo& zo1&vq23vYbFiLKjaypj(i*(|~fO+*RIVr`x(b!k-88A8-jz~v^GvB`6l;m%By7#@F z#G-&g{kA%L%O3KpOQUZ(4=d{F6-R_VvB(h#n13?~R9Ivw7M|Ywp3)A4UAuImxUWBg zemQ|n_*ZT?m*;w0VR^exg7csQbou*Ji89On5q-TfHC2=C>V|{oaSW?i;^vj{x(4-Q z?K|p$!LAlc+1w^(c&)8cC0$>NN@U=w*-SyE%Ak#Yih>n!-99PgVS14*SkbHu>u_+U zRmzS^ctp-nMAY0ge42F0@s6RLglrQU;VlOjl)=02VmiGZZHr*tU-*`1B{ib4OnRn0 z;I^--`~`h)cm?e>PdEt@8mc{Wo6u|erH`>w!YUt!NA1YetQumNV8jC*8=p5kQHe!? z8M`}P=BBPiL3%c*RL+^}` zpenYSUoiZ0iPm$h+_M6vJB3%~lfp{ItK*V;;inf)-bH(#?63h%O6GH&C{4A;@4aBy z-7N6@iY*o@$SsqXw!`-wVBsHlDs5T^=$(7Ej!nKu<-THK=T_*1zqM*4FV*eSQ4nfd3|2KFVECO3Z z56Jd?R$RRsS#+td_io-A#U{kRcRE-vYm0UjAzD`LM6c#1PQAHU&X zW>%Nk`qgUD6E%_4jAPSRdvkKW+-SN!q^04mkvv@sxzX8(E82%i+`h5026ZgKGpNEL zzklHzMIRbJXp*$N79mkaEVUCuW1%4C*xpxQGYa#4XRxF6JA+W8-IC%KK!rk{u zPfII85;7ad5agTj1&!vemJdrE!>D-NqM3F?H5gvM5%_7ek|9Fd)5 z#8y-(bR|C3)ye}UdHTcH_OkDXj_oPY-@K9@5Z!lq+1N$4%CWEK~X2_fgrUv*lVZ9 zT*6}vx!mBu#vodkiJ%{Q8HGy6(rEw64{RJMEEqRPaN7jcRl1I!ack*iTplh>O|02) z@+P9qYb&`*B-s1w(vuSV7j`UV=2h>0x!>*Av^ydAEwssK(&v`TX-@Bj$hwV_XY5Tv z3+NWuy|+W&`=h=kYxwG8^Fn?lLDT{tz*63L?AP@oh0KZ~CrnB6itBrj=9Z{+?JcCL zv3b0Y-W$oBURs)kZ#4_~+AXa33>b;_Kt!6OL}^e<+z?1sX@#)MVj$nVGfr_6R;Zco z-l-SksD7?p(f%MRG0-17=ON&FIZK_n$to0^d9 z+l}iXm+XlzX?&zOJwYzkv}$k81)j@)kotkN1=`qJj5)%7zUc~uTeGOF411Fp>6g8G4sHHGdZG;e*IkT1mb#>eX->8ZT+l{#(Wy`z*X<5a+6>0N};z4Oyh~0EuL<^wQ9T8$2yI1oknkW zwu>f#iEmt#eCmN8zjF@gaKGxL^9kxo&8`pw^BmC!Uc}Q9k0)PV>UdgBDd_&BoAK6R zkJq!lWip;{-R(3cjN#hnCZ{o1O0I1V^q`CV6f03M1ZgMz(52OvE6kiOo%fk6m$qDT zHp*7ru`%Sa;YErERTzWXO!8%iJ)=8)?KUXaTlN@o3=LlByQQC0HK&6qCi#Jpcd?bd zPecJW;8aF?TN)B2$944EkA8I^m>=Lzy`>h|5-9Y*1Sh3E*P$Tz6L;XM5}A1)dVTFj zo=e-i2@!AHgM@1v@flr_*h6nb*9s8e9+d#j!m`G7`(}j?No%X#I^}`Q9z+vyW9)dw z9qomRVIo%BcPUG%F(`D6Ir%^ru|!+y(0GqQz1J_1sbUfqL(9jJR{6H{c*B+|;Mrl# z-|P^0C4{*13ZKIgB#I3MW9#v(;#kYqC!qD8AwNEiZl)TmL3{%isjp?6I)-^Vcm^zkbNvE-2Uc$Fu!70!;rBJbAv_8nGmk+UpXS*=$mSj7CiU>hXeJ{~@+yrPl zWcls?z6>jU%S3iD_i%aoj&)xIm4*9vKVB%RwUFbb``RaOi6&f6W2G#%9|KA^5 zu&+W|$cz1hjg)DDgm|J}bq_(5P}aOv+cHJh*QgV;&_+cuEb5Kz>pJlIVkfSAqrVHx zWvJKBSy&cxvnpuMgABKcdd@R9_Q#Rt-)X4*S{iPsoK9Nk)1x@b@ox zaHg~A8jkVXdK;oLUIPUD&8V8YujFDKsm!&Kn07z)zDPw|uy#ZMVlu!aJXq2Ag7No zoa`%O)y#|?BU6?o| zobvT6c^NbqC=WNk#r~|dIV2uk(AU2Iz=?>5aeKZ@r}o{d?-;I6-!*Q};V6jWhI*8j zL>2TgOVloRBw-xjXZLWb>Iv%y6$a#5X(_Lto25e=vX~re*zT;|PGB~1Im0T>--JKm zYc#2M-lLLTHLNyg3iCTg=}Og|NQr7AYOX`*o-M zw1bzuIsb7*0a2yzcY=gkGY#QRnmm0cMa4TWYM6IM)N<%V;-MrZ|L+au6?6ge2_fe4 z*s&0SSVX?ZC*W>{i05MCXXkz9o2bNqHDNK;jh(U6cLu!G z%YxvkGeYtqym2is0MNuP$?NJM$F{BK^t|bW&8(co^Nx&dBYjK-#kA3al*7E;&kVZR};Wx96S@#prB#wyY_!u zHVOkNDc*1_QyMHg#`JSt{G#N=Ww58qC^-PTf;?RD{Jv zIw&dNXiUbIzLDPVhNgxc2@mMYTh`JoF;__ux%K5w1(FaCO8}-uT3fdyvX$RHw_2RC zM1Bt>-w!uG^NS?04Vm9*4i1jr8E`*An_)PSttX&p9a?9Rbm0Mr%_DkC44q>#*YXG*r0u6xlc{xWWHBF;yn@ z8ORjQGu826vzqAK^lfOS-M4WptG?EyUlr=?QfUyRRVw)G*LfCYo}oczR};I*;(xrW zcFff(!rNh-xdm=tq0*l~)CFt}-Z1fOU&{`6@F{}o2kzFpjdaEYPJjmiTyAGA{z4N) z8B_(0TOW>sSnl@=)}R)K4(BM0Fl3qMfM{4><5F-zvO-gPsqlcH=vI%55we?}LEGHj zWbsme_WkaS!Y)RTT9UfML0CNHtzBHL#dUxW2)#z?di^*s>KyFVHId(w#6Qgya+sbu z$?VpE%jU?<5%`rUv3h%H3}&;vy10to2!Y4$g*20(4ND8Ah@7fhMVD`v^Qs&o62YGo z8_#z;^%S}d%R4zW$Jt&P>(00hr=MCw+UGHg_SBlo9SWpdPTCI!ZZ^l+t$9DX}t5yW3{>MB9+0e>33@yqxt;3BGMX zTz(UF#nmTmeduVZ>`|7+0D_*|d8G)z`{hVrPO2>oroE0XJy|GmqwsrzEY)qA#h&YD zD1w`&Ro~EZqCJL2T-xNaB&o$%QPoFFJ?ci@?Kb?Kc(P1Vnbq!mQejC#owT2+_&)KO>{`Hrw0x2UMx2vsAuMb~_U1*= zraNB9(vOs{lWf}NL(Wkg-GG(vIv=c`@a<=!iN-5MQm!KJe1Du)>yp$dcWWP4nLvC^ot{E$;V2AXn;7_{ECO~#>CBmL zyw4s!Le$HGv}z90Nf2awG*O1__O;`9M?v^P(Fs%?6Mbv4oW>YTim4t`~bvg!9`+HVRz?lh58SvhAN#Lralp(rt17r(w^ke(Ya<}%wJ2c5B6pUN zMaL51ih_;xk4nJLi(ex6qV(Jhg3~$Op>m8o?qkE%;Pgxzo1iW~`F#)eGe-NXul z#ZPacuOhvB)|^n7>(4)76C$l1xvr52WWBmC$5HzZ^JA^zgVHQIhl5SNI#}AtKwXE* zj(9t_J%z5ko2uo^9aRUyJ+b=Cm7-w zgpCIx;>;=Jo+)Yp$D?YA+xy7fvv>}cCfoDA%`d3@ZUwwKd!J}ZTuIC3Ex$hc5J7(7 zXg#ko@6UT9gS~Jrx@%@*xy&&`*syzfk=MUJy5l%ckMo{uW|iD}Dvu1xpHbEt2&3YbZS?$(04+~(VkLTTBllD zS5rk?N}zO$G~TNuiE!`Pd4zXhLEVmi?TIqgpjcd=XS$`ei;Ugt5YK!L^`}-P>Zhnc zhRIL2SA}7AkAoW>N~d&+&=QPOi_5)RR?NZm9H(Ys2_2GgRfejiOb&{yN}4wu<{A7( zFPYAqvM#?Zo)+?6T*>^`d5}P$qy+It^hKJ=K-UqC<$@D}kv(*a!P)BRr4P{O)YDa5 z?btkt`m0ld+|JCOvW7NI-4CO-6q(&V<6B$gOKh_{4;A9lXO|aAcW5+5@nC~~)yMul zdRG8f?2j+dSzF=F1aipm zE&YQgElmxo*IGO!d(ozc$wX~$;2<+EY0Ri#CRWm^%INpOs1JjyXVS2Sk;ojYasBO) zBD3I%6hT`ebg36wJ#AE>iCDOXm|+?`FL|4@ z*alz#L4s(H+UebCgjnf{Lj)c&(Rh=Wd)pp1&O9_({Eg3o$npVRG3lr=gfz}wHh6*Q z_G&;}$ZFuJW%$KIStYkis2<@PNho|dlr(qe6{XJ3l&^5RUJ`%G-XRnHv8sh&=%ZZ>JNvo1_sbRwT@`p zQw^3B5xzs#$GJDhQvl02)qY+-HXq^+tg^ZHZx{qZ?Ak??_F^yX&8b7{w28g5Zt0?X zAwb3I7V*pN71=z>gcE_=k21MHuC8d}qo#B+F?#@^$Hm(FaF~e-spY#v^?qzmHpp+$ z7+F(j8OpFZH!xClKMseQx~yQ!>FFy>4eFtKmc;K?hSAWQjeO@%sY0pIeCfgla}JDHnMXAJ0UdKs|Cl}rgJ zF~UNyiA_)amv8rXqn)Yp?s)bEv#X)&v0|nl1PQiofh(vOwJjPCqA}s+QlU%x)=C60 zHz&?8BKX#fyI(e6p`X?CjZ{mCq7lVP%qwH#`x`|}U4jzVA~qc%P^*f?Hzy!Vs?({< z2KVrENT+!0rmuhqcx;M)x^ySuB8=V5OBhX_xoP1aZxTHVjla7QrvwgUYI!V|rrB(K zh#Iky2QDNv>*4z3BK_?0L9QLF!X_@UUmJ0yLRrgfNZd7omd0X4TChEyf``g)zbakV z?Yuy#@P2xHj?5dRN#8Yser8hQbGKart8(W&j*ts>mFGBpgXV)DfM*<+SKc@INn5$-7HYsW9mZU{4b^-h+Va= z+D~H8-&vs}KTA7*a1G{jRY-<}+j5D?Hn+!TmimY*(3~%+&0)y6q+^s?>eVy-C4k8s zdxE^qGCTm^Gf*{?IVwSxa!5P_Z+&L{pzPcb3p$5R$s)l@-fp-e2U%9Wyi~NnuGL0p zCcQbB!E_nVpcUu7+el0KgJkp1X?fCAuXinE-bDJBe0f(%(N>KeHzi-U*+wBjO`acW5tCr*d&foSsWzr66qhI5*mrRZ(J1I`p)c%x z4;^DLCcyic?CXpzwk!WWLw;BL?i zs672hEqZtK_t4m4zM7?a=D$`Q38UVR<~9b zm|GJa)mcS$Aq38*V#_YzQNwykQ~OG!ya^e~6YLR<`@4!Gdv^X$q5*vNU-L(#OvCd1LsJ%Icu16I zu;ve8$f!iV%>GpE%0gH3D#>QEXr*uS*r7ckz@em8p8U@1^fB*CK}m_A?ZcV?U_Y{P z>fgLi($D{s284FE_HPfwPqT91M*BJni)u;7KiqCudhM!JYdh?78PLSL)`fqjBy_H4 z-d>3*ca_>)?k~?R!zMZsY5wk>to>5!LhTe8y=H`WM#$i-Jdyl$_FGCqUZ_BI$1~H1`$`xhN!xa{| z?C`ek{oRcd62?W^Vy-F1?l@+Z1jkx?{!VXIIR>w*^uYc}SUZ1+x^@*Cq+M4dZ8I{V z^0!TXCoK(k`|5KOme$LMwQHa^3~CLX3LXudk&iCXmACqe6XrNDbxKxt3Sj9FE*)iv zg!GsQ*)%1L^}zc&gvFICzFR0-k;mmbic5;J8_1$*zpd_vY`P3M*e&JH1+MJq2v^-S zgxP2bEO?QN41aQwJlLT1oIA5g`<^aL$GqJuXP-T)!>x|iv>+_w%sGP$=YQ^&rAN>? zi07xl6EqBWVDO<6nMs8cG}Jaq?x#15!dTDOYF2Yn44)95w_NT{jaVBijeRi_#E~?ef#f9u?BvCG5!CD;Q4Am+w^dgjIXrLU{(F+3m~J?ZzTD1!pk1Lz}4gXo*jd z+Q0_fCo8tU_YvT4_U@8D1CB0C3#uzj=l9N01+HA>UwQWOMO({HBv)O|5U|i$py%*t$LX!-G5R)DC$*fHAle4^`?`JUcLGsq`c#Rb z8HWdaauYtU#I!KwU)?jAo5J%i;7vbDE|3Wr$WYW9Z4#?>L#FSkE8H#R?&*6Yn}O1d zncB@{=PZ{VI62{{-s9NRt%Trj)WZkiOP9i(w~Aed!a_q)`y?>gQ}-dAl#`mA7*X5)kNH_hDaFhbR~&m1I9A z4F)wT4G&)lS=!lD?R$66mxuCiPxS5xaPRAGM>{6n)_C}-*U4nnCP$Z0)jF1xoMzh9 zM(;Vd%DwC@h3PeO!+wf{_3D@h%m08xE@>Pvwx3+!@o6r=+r4B=S-CI2@|vDeeFkD- z)iTv18qzax7kZczB%P>?D<~eP_Qk9+W2t3;XXp*R{h*3)noUb#zaU1O-Ks^;zIo$F zW393RgK(DR>#2-`H2xPf!R!Sq|hD9r-Ii=oO;icJEjAL`k=CRce(Y6U+vHY1Q9zV zCSsSexM-L)0Ev2|AFK4sy-TbO??vX~{q!sjv~Hltnme6QaTh{gy!lGAspRDV5Y5W0Kkin2nO zf!R5-0U0xypFzTK+4VprJQPs+yQ!G&flm&EL7I zx1y{ThzWWhAKEd2uYL+#EhP!9QGu>5JdD#qNHpg^$-(pZs{SX<)5SzXIEm$-!P!t-ZPLy{%puPav9{ z{MpP~D&>RgG^trxyyj#dSA5&xhXU~1jk}Z|n}12+eNWW`72R7`%*0p5ToU_E!mN6V zbiGLIf6^wEM`Cl>O$d=Q-qZEQ?+lqm8D)$ZLscNe-BbwDVnLD=j?Ks63*EX7+LroARiMyVrsS!AO$loHJ=1G*L z=I(mG5>K`TJkfKrTi69%ja-g2uz%@GmoYg6st9Q5>n|73lSDz=SDk`IMp9u~yBr0*zIwX^6xyqS9)BmBDv^Jyz1Y#(=U@x574txE2WcwLM~@Q)!Qw^meFQ z4`>Ub&pdMMwy z29*Zv?k(Bu_dr{6?e@_8rdAQ}eS*+;mp^IuJvoRD z5;`aF48eBta{Q&`$_GcEz-Afxgiag1mI%21s3W<>_NB^iu!78ml@ zuu|DSC*dqV_XfOo-jPe5)$nhR$8*tJbQ+TXc)8OZPHT7cl#|zT*7qz-N)?k=0I0t1sn^u%xvZX_GPqVi3+)hd>?k>6TY_rT8Em@8` zD%#6Gk7Jc~$4;;&uLV$@QA`pOn%6IADeibDvho!|e-mP-&G1y}xSChRLCouVSq5lnAiS+icc$qf8>ksoA$BaJp9nzn4kwc;lf0 zQ*PSpKE+3LjPWi{tGY+KQJ)?lbziJUMq9_$(ADEDrUplB8-}5WsZP-DfEB1-l#*t~_j<7cv9zEAvX-KqzYCI@r^P--xGZD*Y8sO;Y zIBCp8z+>G)fVa35PyJT-aDh?oDJHL8a#cD`Vv#!-E$F_lx-^jmB*8FJ6-*!zwX%Te-~4q9w0` zX+-PUvy@uNg*tIYusG(&BMo@rbk09ArtpBmd=}XYZleP&hSinw|J=Phsn~S8{hb}A%dfW zaaG8PB8xEf&(shP5Ud1ox8d2=kL8}**1(N`l%aXZ8Nv^`9o5frJm zScd5s_W`x^YFOJ{lVzIRTfM!Lon2+T5E=6~A{O%z9Ku{CdPDU*fDohK`*lN=l`Li< z;Bv#s2#XKsQo{YW(j5k4-c#4vQesCg2$&V(#@=th63}P7_L*gWbO~T}uVC}g|}2R10Mn5-W`+mm!VG_alstEY2ZHrIYU@;f$%se!=QA9n%X+adq)j;&rh63 z@Gcbgh|Hb$27#Bo6e#2|i@tfaMl`upya#VUMm z4nZSofkCxlOiT=*UQjtl`!HrOy@MkM&hgYG=N2~To0*v{59h~8oLg;5K^2ATfk>f@ z*<1VXHCa}fvqMijCH^gQ;cJy|B#XCkT9YrkSP>4X-0K!@O&%LCEnGW!TyZQuBp~#8ntV#A1U%SM!$qx zRE?A+LHope{M@wnu+T!a6>r)^N@It5+PZ?$i+doiCHaT8d~q(od}l;UALQ3oFi&6m zPe=~T=ww(nn{@Y^1U7DEkkjpGF7p|s^9XrL2ZfY%y}4pipf$rrlwf^#+soqPNk*s8 z3zbl5k))TCN{B5t>>d$b)qy&&DlvXhq4GG@bPpebh($HZC14lUduo?)7{cmRi)u$z z!nV&*u#g%5OG17&^`!&+nag|0s5|EZdsF^M9?fv=H<_N7t~%QuOjV_F7a&yzmc8pg z0>Yx+TI{VNua~EO3X5BaT#;Qdgt3!^f}%JrCHzRpzW< zA={UK@-fv15xAP^u$)~=b)jF9b0ObE3jx$?BIV+e6aJ8;leNY*QXR-6JQVv3ES$+B z{T-v`Bud#*_y^rWPx|0uN>)xYD#v6!`8s>2(mNx4CpzXO-`B3R-O45W43C4E^!sMt zF@s~%xDIkt$z5ls(XL?Lb_Psjs{UU1YWF2Grq4B)PKTdIpd><9@6?~(?ls;Q&=a+A z&QIOf(ov~qzgl%X>Ij{kg<};zyYe)Jn_OEW9jHu080@OzE#-av>S2O1*|P%ZzM&{rkeyhE}|C?zCp4tC{n>JW{ zOG*49<&}FI`YMkEwI+eF(-l;^Iegf`e}2*Zbu;o>>6)H#ImVAPhw#D=VFswbQxutB zLMpB)BxkiBy3{}J@j)C_`2pYXa1So4zF-c<#6Mf|f}rZ|)7K%hoSNlCkENpAG-9O! zp+rloSkn`EG~4kr!|A`f_Ljsl`e@pHmb}VB2raC#*XoaSOYhk3gIGBh@|TeH>U z(bK@RdM4jM%{3*w^dm}}-ykA?K5Ztpw8LJw67b+|u&Yr~kJOEo=gyF2KQqWfL&8 z?S4E1f3GlE%jVfwuEz6p3}PAFP{oh&_gKiOYuuH5Okd0 z9av8&4|{Rj`HOCOV;F8hC7ZX5ZjnWj%&(@HiT#G8>@u~GLFz-QI;0NIx5VqOoQ^5| z^q3^fZ6uU?nN_!=1QCf$GeCC?VMDq9OtftbUHd2BkepAl=h|+Ys8Zf@e$$An9=TvK zHl?z>SvKh8=WF7`Ycd-087y8SW^H46uPc>m#+z20r?OAWz9Ug~JmSn9ueaG9CZS(; zPfr9u^N+GyDTCE3s|a*|q(kMj@ie4OhkzS06{y(Lf3>ok0Yx*T8f0QZpOsy{+Gt(D zdgoD}CYJFUx_Y5Q-?GzOwkGlnFW?;s^0pxonYADvn_xXy_O_p#ZaTwKQ_o@qPp5Njh{z~D{RvxL=*?+nYqycZ`Zf%3) z?I!{L&0FH`cJ$98(#(Wz=iTnu5mrc|wv;pGGCuSE%Z!SetL_*lRa2JX!VL2#`QL21 z;dl4oR5cjpJllWXN4_+VW(tkvoc^7A)3b)2g--kUI0aB7G7N85C4DSpx67(Su}eog zSzvf}00vZci4j?sRASWrCUd1$s7bj_73}uWC6g#c ziQ0!+3~3U|4Wl1e#;u)9*kvKOy~7NbnJ%PS1JIFdI|VF zZLeg6wPSmGO`P4ZN2Cn?IwO&8MA-@84mCx5QCh-elAE3$hf4f@k`2nhW|HNDqzG1M9OB|J0?MJX-A)0?=4DLwU*>}X zBrGdq5O#*&b%ioBitSn&Up6%Rxiyo7;2vAeT-{VG4)3iM>YYq<8~I{C9YO{Yqm`mn zN2Jv&-u*!uKqpE8uCWHXV`9z}ju5wOYsKdv?HL4e*Psc6D7Z`OF_UW3S?o$)6zjD# z$$IgLKH%AHBk&_JAFRjJv3Rel9be~9@)c@-3%EQ@Ax47yZ+FM))~6qPqa2sNberVDqpH~W#BBNAuI_e zWZQ-hkrrPUyGp-7jxz47RxBMJ1Z_cIYT?#a)=rxRbWr^k&B*6rEEoZ1Dy&F^7(zFq z^9?gzsBvPO&SzZbQf)sj%qoB@UlWZ)mH%W3?EMsmFEI_I1##D^2Cx1V9;d4AI0(Xa zp@GW!40wQAv&`D{<7Ro2kZf%vMv`_BU}|jXd>)Ni?+yGWXJ^8Fl__>|j2jbh4Vu}v zyHrV7z(ih++v-0TR!}I4+W0iB=&*+TvObB+K#6u*8ZEFMO)a=EvRHef&`HBowAx5s zhh7`Eh+9#`>o0+UuP*~@q4`&vMfIq2Px$;sx3E9w@+6e~tJJ}u+>=1x-d$Gbk(aY2 zeUwI%f-E$*inZT8K>)?tdllqe9yxNNe2Oc!@53-3*F5Q|XCDIiIRwlV&n*bSr-JX- zTli`{*}_7`Fzs=_}u_*`#-P8*obCZ+sAl(<>RT833uH#Yn;w<6plU>-or%;=L*LlIO!#(rN$kYMb*UBtK9U>Maa_NE3`KJbF0>@ z<=s*MZ4j{fpnc!w%IzOe+>@K`tiwyo>VvOk-VV(U;eBk#OouvIep8IjPG86=k^yh` zc?5<&hC5aEtZF~s4Lv6WqHlCm)+tKHo7Nj8+FSIH5p}nAp5EBt91pLybldPu70J~= z68>|QmP`Se$l!;Q(A2S%b3&E~7xqawb-NYl@k-*y-XJGoyU&!bgvG&mh&9> zp^QlnREEQvviOiWvZ|Iq2l>`nh0m)xtb)|Rr<%P0DiK|PN@Ta)4wJ9Kx?~P43{Y^@ zXk6U7K+i=qv*!)+l`AFH&@N~9yE4zVanm-~Q=$QuALB?bJiD&*a3(m6FgrhN-2Hv71;`Ak#!{8HB!4*;8UE_IB@T46O%)7(=v{$Zj=R~!~@D=N7uUj?f`({&eL&toTEw4#X zHO$HeNV7IO@ZJ0Q^wRf@1#EofL&@NqRg;*n#`%@PO8}l7ozxA_ z!Q1LsLv;NwAs}H)h3=JAJ$+I5>aqcMB`B|E#ZZW*J~Q}OeLbfY1R$85=m6#4Z{rp% zM!^j+;F&D6l_RhImQebrZ-+&A#+n!ql(k;J;ZrI}durX41UM04oTBzN+9R^>I@gGO zX4=i1MBd z0naQ|qC{6&mWQ3&mYUB^$QxfNwkzAkmKMZH_(%LDy9?w|wkZPv!&5Cv)hMry7Ctd) z2Q<%qD`|GT6qG#qCC4fekFw6=P5JmH7zuonHycqTs9Qag8EH{vV^HR#xt&1}IEF+4(KU{qL+HbE+TQoJHm(-nmC4E5aClA)yn|Rd1DEdPCo*8(w%eyJ= zIr5ZXB_OVK4$l$Oz8afhHzuIu(lSjJ6Qoa#)l8s%TS zgivu!kw?%|rH!AV>saN@8g(8;zD!NtBItHqqF8UmH|nmfcx{BHU^Hx`6e)2UyPR6m zW8NhnwAf(Gyd28{Nf^om!C8$Lv*^qN}IRMKBoAiRxUVqumcGe|Vvtk-p$MacWByaV9K zkL}qXVwOAxveBPkjGy=Y4u|B;%z96e%GBJ#Id5G?3<%}4?L{MOv1Z)t=OB>7gv4e(8eL!W)wp?-M#Ej29w@;mk>Ye6Ve$X5~^rgl=nn zmk{L^XUw^`Dt4-k1^thwqFy8(s;ZT|BM4a5qxd<1*WWT&_}HI_TH}WqT1{)iw=>!5 z{dX^~*+r*Klmp{XDm4G2By-y^iM%?FS@RTOuE5xRb;SkBtL zd~e_htvph3ch{zMCGk;d$H3h7^F!f8Ea*r;ajHBu67@6J)z*pO9 z3!bM<^WA&tB@ZodD;&|p8dtmnnJQ#OFm>fM-0ByxA%s~*{OCYmQZ>a0#Ym~NqE zI3urSGR|ICLj!wb{M!~Y~iY88a&A2o16W}yD0&OZ8fSE}CY{IPF^P!F=4yu7O4)=9O; zydo16FZGhHGJ_qESk+s%tmvD(EVA dA!*CaUDDMh-Iu9qn_H)3X=ZcgkJBEB{|5Zbw(tM| literal 0 HcmV?d00001 From 733993723420a92d3190d2c118e06c9a0c32a8b3 Mon Sep 17 00:00:00 2001 From: jonbagg Date: Mon, 28 Aug 2023 10:33:56 -0400 Subject: [PATCH 23/26] Repackaged as added link to release notes --- Solutions/SalemCyber/Package/3.0.0.zip | Bin 8307 -> 8446 bytes .../Package/createUiDefinition.json | 2 +- .../SalemCyber/Package/mainTemplate.json | 22 +++++++++++++----- 3 files changed, 17 insertions(+), 7 deletions(-) diff --git a/Solutions/SalemCyber/Package/3.0.0.zip b/Solutions/SalemCyber/Package/3.0.0.zip index fe48e5797b25af9b4bb228d74fcbcf77a080b18a..29acaa4b3d92d721daae93929299070ccedbd55b 100644 GIT binary patch delta 8143 zcmZvhMNpi9wr+8UKyZfycZU!>&=4RH+}+(>e%yk)Lj#SwH0}^wf?IG4?k@M7TW|7S zyj`Kx^X;-I;i|e=dQFhCevJshdQ6jNRW@~HXNf8xUttzTLBDXP5-RO1AZI zYNVSkBN+ypOe-#zWzXatkk=5rhj24Y+|+0fiR1rLBz&a=^gyAW`>x|T7`;}gsTzHP zU%oxCMpu3ePGK|MG|Wakj-VFQ#i4EAmIXcFiHnYs|9W2&Kknv2l}Zx~=884`wmdAe ztWw_)+AWDyM7Ax`m||JqF9 ziO76rrVd)og(dj>Vp;|*rFx)YAmabK7cHr#ooZ>7HvSb_j5f+{oV`rc$TDKQGC#Z8 z&X6Xf5Qc(~J0h?L{!Ec8ly-n14Pr^CW`dA?av(NR!Q4WJ9cdShK1&eH{zz6fkd#41 zp&pWvV6Vlbio4PTV0;gmk_L!D?GG!3LWaOQQ{<$4R9}5=1 zp|#0ipKfMLYizoerwWNBmCZ&h7r1xAi5E4L9!~1}^}sqKOivOYWF$ORcb?POD6UtkLBe4nuN=qL$=4}(Ufw?6UMaU z=O^d|U07SY{^)glG5htep?jGwtv+ul>x0HCJTKbh&6f%H{`2mSI4C_%`H^ z#xRE{!sHPiP$^=ppTF^V1s$4~Csj*4R<8LvJbyi)>;Nr9%(hm->x-RHej3);tiVun zfp11arwk>H;N&npWGtCW5OnLio=^MWmc~earS4($)0s!Et4o|)3zTrtaHc`5#F-|K z#9+qvtyLy%@w1sANF(>fQaV+w+R{=(BXYl`(YZhp_yW`@bz&TH7dE(l12$6fI#SYc zQDZzT>IDn0OfJEu9hnzu)^pN+a4%x+{l5!e`BNC(s@Aw}X)0<}t;kQZJVjHGE!ja8 z`;1ldWi-r!{=4#!PuUXWE-6A@>;$GN%OHJx5yN#<%T(ErLlw+*ON#_#&4E|jeWj#- zj0xkwTF0WJaSdgB=xeY0dq;23lPI0NPU1N4R?%bweaXZ)!iuvCJI+-CMW?ruM0_;T zUv1tsXaL2vDi(V7y`_hbhfj+i(9$^@+GqENd<}1KkQLrDe}`!HZ2Is9JEBy)>Oqp> zlfx9!M#_P9FX)rt!g3s0xi9O2f);h;>(T` zYlkpgZTqd?a^|v}`=27W69iHwziyIXCRp&$@c%w~x><7UkMCLdt=SI6P!xYfr<>gS zjdSWV1_B+N$bhsoSf^jSFsBKz*(d>ZeW{@65MAOKs^G=-$d8t@*fsHHCdKnB(`}*- zJ9xV3Z0~j@p2V!Ax30S2Mz@7rtfh`OEEpN{EHU08`}sZRT}R$tKS@k5bYO^D{1Plp za(p7{%j4w+^m6RU%k*wZ(h1vpeg4b+412zp$>E{CfI&MBlUt1-$j)C0iCsv~W$U4ex8+A5XG>KkkcTTn1)*2>K>D$?43v>M`&U^tTUseG53sbn+KHtH*I!w zK(3`kFfcB`Ffcg(VUV4XmA$H&oujRhs~MZM3*caXDhz0>$|SyT_}r5}`SMS3O!55| zli~W#Cof~}37@5FNOz9qNugzJi&?*`G=|MS=Fwe#WM4+xWJ)YUw~U@;l<=gX=BDQ6 z=B9SMzwsVZw*a7e^pz+aGur$}G^NY6w;ks1EW;Hv5!o}Eae3p6^O}k&E|<5(c*;_2 z171(<0hj)r1}bgCPF#^3M1?*dAcEm#N z4hhZnSu^=QU>=J-9$E62rWIjVs?T3kHP|(d{*TZ_+jQge=kvFdfm~AYh7F%+z;AQ> zgH#{+2OqPMkcN$#!UyGXvNR9g^zMe^$a95s_Vgi>ceJpMh(bm+(KQn*_yV@KwNX(T zFl?lA+Qgv_&F<)~AR=D~?BdG#WBSr3<3xvy>Fk07P%T?6iFCCXRQ!df_Cj!z?QQfkd8&Pq;L0c81s%);##fxRUs$=R$9#!bpUn>If#Aijl&TK>Ow-8#>O)A{`U0in zjR^e@?L|mVM2Lm_*EUv`y=DrV_23$hAM~bodL?M~#7!ybrnMqbTj}!Qthv>;AtW_L z^`aMiDhT)FoWxT3HnJ&dRjP~>o;Ih+q&~>ti=iY*+ry)RzeY%56e+r+l#qhEG+C@a#!9sl8cC5O_+wn zTkHvoT0iM))Q4TxYHWlM?x%vjy1aiy1Z6ziF(kKi54%dS+y+RooCg%Od`(=bXaB5K zZu3b)R}0@c3^jfQ00O4U23l+31Ir06}5 z(5xEkkF=V8`SnA)Dwgs{Yc%eG7`pjSY_F;%CX4Hm-&0(fwOOfaf^eVZP$EOB@kTKg z55GX25AiyH6(9S!z`U`uBBY31_X*rMM6WO|EEk$s07cLTK~f(EuJ+LIp7rFa|80eVg5eR@xm%9++QZ^<7_=*h0P#y!}*2%?VaeUS97d^1_l+ygph6MFS9H9OmYLz4Wk8M&}LQx>m}RWV>0;Dm|jr~ zY;P|Q0H}&@_hUn-i}b3)dSEIbC2P9)^G076$HZRRyI_fh;v7bRfhqPg*s!+;nz zB3IgB54zhRJTP50Ph|By1Rh0SS0Io|upqiXJ6}m*YEojFD2p6AYZOfGDVP>eC4bVe zFsb#cSdr$JSXaiQILz%9`BK*9wxscDxJ9QxnTExt*9^L1vKG7lvUeb-JeLItjPAS+ zpqc(Jc|tr#`HyyFN8i7fm`g^)C?ApU1)shbObbSuW9-+-rrELnG5Zom-S-ofm2QTY z-`8!}km+q?c>kJ6vzWps);w$TTXr|E?@p46E5m|fd)9%un`lQ6Ylswix@>m3F8ZcXTM zKJV_2*tK$%Z#*Nm(98O zVqka<7}@+I$Q&ss4`Tq;6i`K7Z!$*01tabw2b8q2EmRyag!JPd9mY(-*T4iH?UBo9 zCl1Gg39-I1m7-R_VW2eVP??rb0H8Mk8c5|)Tcd>EMW^YfTLUB1{AKnE2(r=#M8-dB zHME6^2PwySlb?HpSdO09W9x?M&i4-B)%(8zN1spKpYp6nk@5^jyR2MCDym1yY#R;5 zAOghOWEhB-yk)E`z2%mKdpv&Xpx#_4C51no?IUJJHMrdnbhJWg6>Fi zuF#qKUe=fRJ4bWeLhFs*q-&xtt;M04HWp#2XYylUzO<2g@(Yu|?EhC?Xb()OI z1Lw#&^Ss=Ws`C6lwKO36i`HrGj%-aBXFZD1WJ!Z*U9k$n|3 z-SXw~M3Voc_ofeTOLK`2Ng0z@Dsu5FBYM=*1Vyb@f<}xI=D57(TmOe;68Gcq)H*@c zPyR^jlJvgc=eWZ7fhXOXjl{k5&N&t{*X8oY6Ua%`)LVRaj6R+NzwUh(iF)|EzEp#h zRb&<%b$Dc}vL-=Wwx}|rR0}hi`1=SOYe2xgfsQ$!jEvmQbNx3Q;Lla|@EOjkufOG>#V=yN zM-BsmPCiyyWO)H$q&FQP))!6=N}vpiHhkEKpN4r`zgd|5O>!oIzpSD?hLjps{*mjo zL6>~r#^ND)Em;m{)VoYf-iOQV)(zy;0E+o&WL?a)=r}7_mYKNU!&7>;&?mIal9;3= zbIY(H5$>l4nB+h@379Ju>!JR`HqzUE(pj(!#upSyPFpAf&BgcKC{h-;%zJ8DN_xIV zQSt!@Jx7IdqABA3as9Cf#AZYn%n@L9GAZE>!`Jod-Sa#n_afpSv{U(}=&|h=^VGJ< z%J9!9VX*wpsktcS6nkrD9;TdY`E+e#;RL1ulSbI=C;+A4bQP#z#Vo1`wW_5wZ873$?3< z9hY#jQ46$F!?DwRK3ZPX1F!C+)Qn9~ez z_(_}hq-?K)mB-DE?~wX!@TjN07<*)(0KZ2mQuYI?qTiVc82|92?5aGkmXxrj6FV^B zxOjYgtnUvKbrGr(Qk?D+_OVpbfbEg1!S($78NVk`EXe&X$GNint?o{rpshpCijs9` z=UMhuE1qt^u4alAK^y9s83*!7s?GOeXnaZ|xtw)l+KwEM-@0 zlk&0;;eFOl(eW^7DqDS1F62F@Py$x#i}jXZSj@n9K3C^|+!5^z5`>>Z>D5%}KKaR& zdzKbONo11Ddda;j|HIp}Eq`*2>WHg;8t)862WGmINy(7%`)$*yFvA#*9c zbcB;2VnC%B_uep@WEuP5&?1+_ynW0}wK8>`P`?S5&UjOcqdkjwfZy_lLjlYRxxe_j zCk2|0LT^4oiF?OjHdFpI{dM~J`^3m`CQWEMx|hd%k@$w_>+U4JMPUyr`yc8!exV`_ z5<}JI^3h?S7VpP(9UE%t^6o+XR(o5A%m-DHUE)&f^lIuh<1%D^yJhnD+F}n0+a5kv zS~`1Z#-p)ar-cZGC;0-OdI4a2`P3s#nprvb>op3+mW?-|ng4naNnk)i-VZ00T-io5 zY-O6$99-3;)OAY>mS53$_D%(Ns)gUBR=It#sW=X=Js5s8T2V`@gCRJ*=;+#*b1c2s zpKD|-+TGx#-`KZNF*h;leyDBr3?(~965-NS_c$rDXC!uU%p|@7va>DwD z5p)sy;WD~%bd*->=#;ve_))KHd=WnyX~3AryGqR;-uYBkEDV<_lkk#h@7Yt17PV-J z{WDM&RJn;{1Xt9TmsX&UOGYPgL$^H;o&jbenL!LIRtE%z!xGy_*jv6bN1rlte}Syo z7?l*^ZxE$j)}xAeQa}g=RNF*8Y2w_`(Shol(4p)A!~{3puA)7uCCS|i2U3OZ!4z4t zS6IuO$*DZZS6kNPL9eafUgmzT)&8pWYQpe6i#WpYtwTxI-vp_xCy!FAZ-Iypw1=V_ z{}8)}i;7n!huO1*Fpfr`UDOaZ*laqmxWFx$=+ zN)h75vaqixT%FLjW);DB@cg}i1!vRLq65D(!SC|dPJU7qk1%@ErfNI^XX)9>Dj_QB zvy>_gfAPyh{9B(2Fm*WG)Z;BjFDbzZBnc@n`zg z&fWpDfiIj$9h|Zq@3*`7md!}t0?kzyER7f>2bJMwbKc~#Jq30bsONL`b2|7ai|`WhAdvcULuRq3a!^*T0q zBkq9;#N3q~J*aH#UtgIc^oGYlCs2xl4EySzn@)AP^G*)d8^^J?KjYb6V#P>)Lea{?KyB4=}(ik4?MY86IrtQ&;lAwPeQHNLD)4FAPnmd}r_@?6w z=tG0GPXAs-*=V9Mj?Zx!M$~c zlq!W1Y5{Q3F z>KA#6+&>5-oD4^@d%4~_HT#>D(TkK^Dzc{Ll67}%lxjBN3Gk;xhMp9*ZBx0>Olzqq8|nrrsQWqyq54Y zmONBG&EcJ6mt%aI4yP0(?=K*jN-G`IZB@Es-8%9At<1SKZqA&-_kzC>VV!EM{s=Ba zVlUS98sw+?KG}W~uCwrcf_wR4_+35+k<{sK+$bsC zKxnG#)3&Ze1n>HQ2>qeAimX?SYbmd3v6ET$FR zkl_-y!%>A8KErPSKTbnN+c4;6&e6*|NCnF*D>Q+fAliHo<^s-+H9V40yYVVjS3XTU z($iTr8;&T9>t8X|E$ZF3AG_(O9sv*n+rD68F6tSa69Iv_+a=!cKgg@3?I?-x3KSf{ zyRSCW;XfzgFjb8`7#>qR^?y9>hIf9+MB=SU8l zl;q+H4X;w{au8U?U^GW{F2aj<5V4_0iFA(Nh<^)v6i;zH$^s-1U& z&9VM5NICc8nqYg8J#RUbw_JpOsb|h|4UcI$aYu1TexO=Bb*c4iL{WJHF-}c-mm)th zty_g#2M9UhAd#+p+O_ZgVgnwh!#(u%u(-papeF++Vs9R$`q5F!YxqmA=I43pp1V?Y zo9k~fQ|4Y7GMH;Pvl-n~+$3lB`(d#8OfX!fdm#A4om?2D7SQds$m9ca-)?%p1} zMobJm(r3=gHw#G-45Nyv8@5T@oZ9hqUH41}nRSk9vic3cYRm`Hhn;ZNQZL4CoOQAf zj%KDf^@rWtj;><3An-7zo}o3I&cTxpu)L2mV6rjJ1woXh_4;fc?t!0juyA-V{~z&A l2m|w<{ohG?rDUc2ua*CQJ<0#+|8ruJzEja4nNs~X`5y-^uoM6Q delta 8000 zcmZvhWm6o0vTX;Kf#3}8gKKbicXxM(V8JrDySo#DyF-Gz1cC*3m%%N-J*Vn@dAIKF zs$JE;V0HC+7rzxFR#Sw7#{~cY$N&e`CmjStktBU203a9y0Dw{xDTo@mv0)&{nKq0@hH(lD|V+~ui5p_3u zQbGoQ1@AU!X4KA<7-ha##yn7QblmeRhefpBdJ*1_9vp&yntE&=#_4lb?JcT6hIz`S)xr1*7XB z4lTM8E0$Zlm!*T0wzdM4u;1>I(amCnMBBPkCpY5*%hyrU9r3sP8@*`yleX!4>`PqxeNa8wThNFXqb0u zJzOuSgohP<`uUKMMcXOhouKLFLkE#VslpfIQ!k`WzXH9}Y44UGO_msm6?Fpz@@Le5 z^kN5>?Ip9FQa3mb+6Xk^gERq+3YD)vUv7#oKbK2xp0X+_B-o5E^V-o*(qn&Hd1Itz zJWLq}luy~vgHCSz%9M2dGU!BCldaR4h*lT1OT<}g^XMV!pSB&f*x+8Kj+r-pZ}}Y1 zxq=U+ByKmdYi54@(+i*{td|K$C%V@!1c)VVG+f(#C|fHSGqo!Tk25lB8z8;XZmJ%@ ztj5k&`6@ViF^jL|q$--V>wOGH5)M#VT*l$L%>eVcOT%6~h9`Wa~}x zFlkD~+jY>}S&Bx5(g$IWg;zH=H^^MJ$X%{Hi`@)8k$9!u-6sKL$9y9#f?NW^@Kg?J zOd?n@V{6U*J_nsT4ard|0ReU+t+6JPA;{R&5>60cbaV;*r9i(}y~^_Efo~QHdbWV0 zJZCl%tlmRZ%14+u-_=Q+rp!#)`ZeYt7g0dl#842PXW+xJt*8v;z(bx0tgPla^a3hGlhz79At@Mb9}I;PON^SJsiqm3ID+r|RfOkzEAPCvTa*j)n1G-4MnkVo5`H6PH*$5!A1v4I za%us`$s+=<7^c(tg6)s{C|zLfp_kwZO5g3r+gD9}RO0<*ZOPcS3!-+NVO!e%QEW)D zI_0RZQ4BnU0nMfI>x#alQ!Uo2-jCv$k=#Q!-^&d4Gf#Q%Fu-*G?p|roembujx8Kr|xy@@y{-|wO&sun&KbwU;OC1 zPzjktlU-+&u=GaIJNjSf_cW=K0pUt!)Tw^REXsc;oa~4Ruv@b7( zeC=_42q3`ZoxTY}iYtFoFosP;H#_aOwwHv{TdH5oZ@y8i7jNo<#Z-=Mxsllmj1hf$ zM*9D;vjG>GN-9n0>^u$0kl#60N2;f^d`+Q`n*Mc&R9Zi;=q{^5B=Ljc{3tmY-*+@I!$CWn55h%o z>4mfg+30V$`u!W2p?4KGBRLymf8~S!^s#sfg*op_EI!vI;^2k4=b5_(eWV_E5E&-m zQN#N@!J6pDe#Mv4yI;6D&g(Hyv6JcwV;NwN+Ra4UT7AMc$9{t*A0i{{p~Jai4SuD` zU{9{5pz0CaGz6}#1Cb?|ngFN(wa|W`6HpK$XWBpcl~Ch6e>nL}b+L~RWm)w5J6D1D z347qhZzji`;a>)uA?<>R^g#S%Wk_6zbVuV~%~GS&Ks-#UR}1g`2<-1mq9Iw#1YQDG zO;ORRm6D{`NHi@3)H+;OBiGzY1;hL8mi%&$p7_i{6+q=~(chP$=c?l>q1l8dL(rue)454QojTFUdj zcv+^^Jg0MTF+Dx`(rNqMh@<(7gCo}g1j9jS7p^GpJu#GlAIjoN*v%8#T80Itt0P5V z?uZ#@U{5^L#K_E?`--KbVvP;IJjm+ZyNQjuBm%X=<-8I1)|=Hp@06S-V9*pd%u1kz zbEz3?r6pUG1|SP8?|D>a2=0~b`p!?wHo-R_^YYbCI7s4N4^IFzJJdXeD~o z_R=vQWM|m3w~L2uQUO-V#Z5Ko$ivjOrTJ=>S7Wx9p7_l_t7cY7OM(qZQant*VYbrc zM=Zz;VR+dW-MS4FTuiHU7Y?{X6fUIqM<(G5yk*sA!6|C%xvP)R2FW|3Q)5Uy;JzB zl0N+vlx^(7MlWT~sQKuoW=^rGHo=QE`P>h2_z+cu5Nq=CXME1Aeo|N!SU{W;aSY9q>SYq$joL*@_>Et;& zWn$}?c5k%@3?f6ox{)S$y2NxzJE#Au4mu3*L=h9iHdlpiR6^AEvHqX|g)DN)?AfMf zzr@Qo-P2XpgzeG*z3w672R`=v{L1-qp7L3G66^6G`+WR(H4hv~FyW#UpMApG{l}P*1kWq#8f@w*zcW=%egSsJ)LoN%Y^- z5+s*@e#c^as6n~^`b?OX`lzR}S$^;(VvW!Jftq4=VAZ{)s0o@jvaOP}OJasP;1SX@ zBn)t{nSn?|-Qff@a`zR!s=U8J?dAKIQd2@MYSrb(|In>jm!2m~jQD6W1Xgf)* zFkZ_RI&s19De!zOaJllP8|)pwOc2gNYpY)>N{7&QkgoN^j`K@WUxgapF#59DTf##e zsASxxEfQwdw`0U~<6d{dj4+uO!cuJdFN)o0`(v3VElCo`O6l>R=#M}k5xF??$aBvz zJEQ_u1T!Y;*OFF`x!uXp-Ez9ku(~7hz^_OzHZ4Lp&7^(Jt9kp?K&VA!Je^!CsQpK8 zAA~?4M-v6$a>c@|WIf@g1=dQ_+9f-*di(yA29PGr^eB;%XRh$V4})K7RLXE(9BV@B zcN>CY|I9|_-FjN&2rhpD?FbY~ig9|4iBvhqCAh!wK;tJ#Yb@J*H%U!S7mYsc>py+mI^nA`;m;1ogtqJw)6m|qnz^9O zT-*r@teJAINjQ)7gK|k&cf`0uTMLP^dCg*0O> z+YIzf3rBi3ztfGfJqdBd#q&TEc&8gE=)fS%SES3CA1Jb(1v^lXZK5+}k;yv=n(>;1wT~ zOMnKgUJBq;FbuQwHNmpk6rZt2V>nn3@4h6iOto5)*KbW_0jFV$0hBG+uF1*hJb^-8DX1oTs#8-6{oVUm+Lw~G3=GgsZw6snbB zvzm|sa_vN9Dn{cL2R5PxYi;t${@huV7Iu@{H61jjN5A`YxFqZIGpi7mxLemO_2s%4 z$iu{IFCc%NJGNV;roqz%i6mzgu5q(jS9eq1r3k=maz_4btIHCgSb-Oq=YI56x$v1TN4*pc$V;e!gX~0JP@9{RXAKDfI@+Mgw_YA6ua?} z>weD=$7Bz_0skYgy-;|@j#Du4`u3-sT#~7FquFU^@wbePNX@elBrcPwf#V||rHDonz9fE_FO?kN_Y44Yy>6@0S_^N58$OBR1 zLMOBKI#+_~LB$nSh*<7%7+ZsZ0@R=|cac^hj|vgAsfjI=UYmNHk<4oun>mpBp-e} zX6C_#m3o9vaF+P&`FSDS*c3k9=Ax@ZV4k=4%dYs|!2imOuKfY) zVUg~yb|Ub=B5=rhc!ISCCfAe35l-EZy@~LCNc0(8q8a^8mMYw_|FIKoJl=XIV@X9> z1`0ERHiOk^g$ap`W5q2)2ZJMB+JnYtj)QUBMP8J|{zV5|OwGo$>E{i9h8aI#pyyMTN02YVp$QsZ67FPytfIiyho|Y3I?9BN|D4WD@ z!Z!td^$ZZmG>gKr52oSu$GmEJlIV5=wTuLz{~h9PBUt*H%p^(NRrmL!YJ-48{2_R@ z*b11?4PE3QP>2o*gdGeb=Erg}J#|-z&T=E=3T=kSG)CknxKo*Cc$?ilea_m)Q1lwW z*uUdUC$^A5zKQO;H5_N4?zhKq+z1Ng=R{HL;rKAwG?fDVbA)riPFSNmU_bnBj+t0V63$bfsHew`Dwa1L82j+-9hv8Ky z*F3J?@7(4^c+PK?EnY9gA;`;0+k1=}g8`Xw;z2dDh+)Rxm5$zihE19q6HP=2QC-=% zlU>#$4o3@0cq(tOb;OUoh4b_AocPwbNDUG4x3>aHT(&RBRB!<8A58p-Wb8!cCm{wO zcu~PX^C(O@NV^HJ*l~BX4tBQ2a<*?UZLH-m+gy)Cb!7Vfl2tyWuoKqQiHTu@x*(=z z{_DF47c0}@5kVxU88}x))5#F6@J}<@)oC%6wi)4{WT}*S)a|jdiqWtNfkeh-R4WvS zDvUCXzP#{?d;PuJ^4i*(i8p|32UvluYl*6waI$pn3_nT1RoA z_*wlIv@B-cv)ol4FEL#!SRJOI4dze5(jgj59d_8*2mc*+`i6Nl1ceIs@@e~FUmrz5gJJ*{h|xGXP%=f zN#t7Q%u*8&z#6P*r$R1q0>ANV{pKr&FgP-~@nnPaRkO0~oa zv;_yIrIKW>v2t~?eLr0E)7?JAFSzbUt7wXBVhhJ>uBvW?MAYouX2tXetuWN_fWj;C zlb2DPj$eLBkx#Y2XWKd9ybVJ}Y*ZmaUj)i(FQiTm?}JrdP-}ZYw_Z3aMsid~6rTFz zBo-pyf3k;$FA#x>m#pGU>>O&-T?6Gc59f8C{Z7C4YI9$(Xr5Ut=`7#(AC5hluUdn; z`HXj-M0W%U;qWnX>6aMYjUQ;e9ee#Tw}*@kS| zYRK0?J&kZ9^=H?Pl%^9!DnSWqi?hjb)MjSSO@-#Se~e@7t8#3|Lx)~XXH0@U9oZqcax#_ihYd#STU7|#Q#O>+5!REbY1Oy{zfHA!y-0Y19qVyV_SAU!;@&`3i#BB=^5bZbbP z+P%CfJFac@C|N&-)_{$>TF7|P8>cdLM1e3I=4gNL?)*o#8fH_Gjic*t^)E7}WJR~( zjjRP6ah(v`i`1J_)0yvy4q&b(&4cTTuIZzL4fqg@LZ>qF22inscSsalKP5VohxzA>n7%2B_xC_OO zb&Z$e^7Ebxd5>GWG<`!p%DZltG3`)B12f9G$fY6AiH!x?#t`M$9R7?KEs3&zQZI0( z8tp-0aHc4F^1-M)HA9NKrK5qj28Rb}!%CL}RZewRx(+7*y*rrt zwg%z{4rFw%h%8vBTYk-ok;n7r zj)tejIN9C7MXiqezR&E%AZ8N2n^83QFMf9~Qem_DR!wfb1XN^W{aEHO`iMXaLjnT$ zpW0LTJ^A_^SiF7gAf)(c`&kPVoAS8li55Or75LE5=r>JF2?VMAB@koT?-P%zQQ7-6U~X@vqC&L z_BYKEgDY?)eo(w<-Q|QWkQGG+<>}3F$HNFg!65Mb8VbqcbB{peOAc%6C-|QFa`l+X zZTlar1h#H63D?!)T2ZFcx!Rb3BXu`@3xO{8Pd=^L4dBj(GZt#snD&k|vOUJfX4EKN z%tLE*bNr;B?ol>Mli{FIcl(kd7l=dQ z@{f#e!;*ps+yb-ck2@xA^qWwkc4KqJceH2mQ#i`Aa-`a~owRu+0(8OQnv5!~WxUTT zO8DO>7n|`|X)#UtO6Sb;x#yEL+EyalVBTWw5FvFXV2WtzEcRz$0Zdu1cLbeegRJ+%{TYlo0 ziwz!TpODUN1Atoe@V0cIhX!e*oi}DZG|g-^zC3Kx*|2F;qKASC;66w1QWY4S^YX8iBH!c5yw7btDQ1@G=1rJN9ZG+b;yKJIX^@9IZiR8CEjAn9-Qm$c!j? zWBmIW1IMKo@2nwK!QqzxmYd1uA`Dsg*nh41+q~u7x{$eg_ zRyt7UC-xLX(kek-2>#bYS|Fn1nBEstWAktdB{?Y$m}GZTSftVpgO5@nRFdI;21Lqd zXA}!znH}gMJv0I^j!@m-6Cm{n=Lw zXuqdzqup{Q{fTfAi%s^Ir#_Kt3!gzJ&`t)&axkrXF(IEp1tQ3R@9QPWnAW-_=&eHwrIDG%Lru|%~wT< zbwX!J_FBW)!ZBbc8c*nO9tD~FQ{nQwM=0JiBkH>xtY^jgT(F_UW-!)rjpnztfg(Dv z7gw^GEcDAR3nF4tkY{peUukFYV6+D&sT}sp)VH$H@bZCxo__j`Zu5Db%{i8QAYIsCDRPyAKsQ#ZRF1h zKMvn-3QNxu@p}JM=r=J%)497j=}6W^Ty;1beQ#)z%\n\n**Note:** _There may be [known issues](https://aka.ms/sentinelsolutionsknownissues) pertaining to this Solution, please refer to them before installing._\n\nSalem, [AI Cyber analyst](https://salemcyber.com), **automatically investigates** Microsoft Sentinel alerts and escalates validated threats that require your attention. \n\nThis Microsoft Sentinel integration allows you to send new Microsoft Sentinel alerts to Salem for analysis and reporting.\n\n**Why Salem?** \n\nMost alerts are false positives. Salem automatically triages noisy cyber alerts to find a small number of threats that require your attention. \n\nSalem scales the impact of your cyber team by helping you respond well 24/7 to a wide range of security threats. \n\nSalem's AI learns from your team and customizes its analysis to your cyber relevant business context. \n\n**Get Started with Salem** \n\nYou can find and install Salem, AI cyber analyst in the [Azure Marketplace](https%3A%2F%2Fazuremarketplace.microsoft.com%2Fen-us%2Fmarketplace%2Fapps%2Fsaleminc1627928803559.salemcyber%3Ftab%3DOverview)\n\n**Workbooks:** 1, **Playbooks:** 1\n\n[Learn more about Microsoft Sentinel](https://aka.ms/azuresentinel) | [Learn more about Solutions](https://aka.ms/azuresentinelsolutionsdoc)", + "description": "\n\n**Note:** Please refer to the following before installing the solution: \r \n • Review the solution [Release Notes](https://github.com/Azure/Azure-Sentinel/blob/master/Solutions/SalemCyber/ReleaseNotes.md)\r \n _There may be [known issues](https://aka.ms/sentinelsolutionsknownissues) pertaining to this Solution, please refer to them before installing._\n\nSalem, [AI Cyber analyst](https://salemcyber.com), **automatically investigates** Microsoft Sentinel alerts and escalates validated threats that require your attention. \n\nThis Microsoft Sentinel integration allows you to send new Microsoft Sentinel alerts to Salem for analysis and reporting.\n\n**Why Salem?** \n\nMost alerts are false positives. Salem automatically triages noisy cyber alerts to find a small number of threats that require your attention. \n\nSalem scales the impact of your cyber team by helping you respond well 24/7 to a wide range of security threats. \n\nSalem's AI learns from your team and customizes its analysis to your cyber relevant business context. \n\n**Get Started with Salem** \n\nYou can find and install Salem, AI cyber analyst in the [Azure Marketplace](https%3A%2F%2Fazuremarketplace.microsoft.com%2Fen-us%2Fmarketplace%2Fapps%2Fsaleminc1627928803559.salemcyber%3Ftab%3DOverview)\n\n**Workbooks:** 1, **Playbooks:** 1\n\n[Learn more about Microsoft Sentinel](https://aka.ms/azuresentinel) | [Learn more about Solutions](https://aka.ms/azuresentinelsolutionsdoc)", "subscription": { "resourceProviders": [ "Microsoft.OperationsManagement/solutions", diff --git a/Solutions/SalemCyber/Package/mainTemplate.json b/Solutions/SalemCyber/Package/mainTemplate.json index e8e120b93ba..9a4bf30a8db 100644 --- a/Solutions/SalemCyber/Package/mainTemplate.json +++ b/Solutions/SalemCyber/Package/mainTemplate.json @@ -47,7 +47,7 @@ "workbookVersion1": "1.0.0", "workbookContentId1": "SalemDashboard", "workbookId1": "[resourceId('Microsoft.Insights/workbooks', variables('workbookContentId1'))]", - "workbookTemplateSpecName1": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat(concat(parameters('workspace'),'-wb-',uniquestring(variables('_workbookContentId1'))),variables('workbookVersion1')))]", + "workbookTemplateSpecName1": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat(parameters('workspace'),'-wb-',uniquestring(variables('_workbookContentId1'))))]", "_workbookContentId1": "[variables('workbookContentId1')]", "workspaceResourceId": "[resourceId('microsoft.OperationalInsights/Workspaces', parameters('workspace'))]", "_workbookcontentProductId1": "[concat(take(variables('_solutionId'),50),'-','wb','-', uniqueString(concat(variables('_solutionId'),'-','Workbook','-',variables('_workbookContentId1'),'-', variables('workbookVersion1'))))]", @@ -57,7 +57,7 @@ "playbookContentId1": "SendAlertToSalem", "_playbookContentId1": "[variables('playbookContentId1')]", "playbookId1": "[resourceId('Microsoft.Logic/workflows', variables('playbookContentId1'))]", - "playbookTemplateSpecName1": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat(concat(parameters('workspace'),'-pl-',uniquestring(variables('_playbookContentId1'))),variables('playbookVersion1')))]", + "playbookTemplateSpecName1": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat(parameters('workspace'),'-pl-',uniquestring(variables('_playbookContentId1'))))]", "_playbookcontentProductId1": "[concat(take(variables('_solutionId'),50),'-','pl','-', uniqueString(concat(variables('_solutionId'),'-','Playbook','-',variables('_playbookContentId1'),'-', variables('playbookVersion1'))))]", "_solutioncontentProductId": "[concat(take(variables('_solutionId'),50),'-','sl','-', uniqueString(concat(variables('_solutionId'),'-','Solution','-',variables('_solutionId'),'-', variables('_solutionVersion'))))]" }, @@ -396,8 +396,19 @@ "description": "Use this playbook to send Microsoft Sentinel alerts to Salem Virtual Cyber Analyst", "prerequisites": [ "Install Salem from the Azure Marketplace", - "Obtain the send key from the Alerts Eventhub in the Salem resrouce gorup" + "Obtain the send key from the Alerts Eventhub in the Salem resource group" ], + "postDeployment": [ + "**Authorize Connection**", + "Once the Playbook is deployed, you must authorize the API connection to Microsoft Sentinel", + "1. Find the newly deployed logic app resource", + "2. Select 'API Connections' from the left side menu", + "3. Select the 'Salem-MicrosoftSentinel' API connection", + "4. Select 'Edit API Connection' from the left side menu", + "5. Select 'Authorize'", + "6. Once Authorized, save the api connection" + ], + "lastUpdateTime": "2023-08-23T00:00:00Z", "releaseNotes": [ { "version": "1.0.0", @@ -406,8 +417,7 @@ "Initial version" ] } - ], - "lastUpdateTime": "2023-07-24T09:59:19.887Z" + ] } }, "packageKind": "Solution", @@ -437,7 +447,7 @@ "contentKind": "Solution", "contentProductId": "[variables('_solutioncontentProductId')]", "id": "[variables('_solutioncontentProductId')]", - "icon": "", + "icon": "", "contentId": "[variables('_solutionId')]", "parentId": "[variables('_solutionId')]", "source": { From 78c05f2d2606f8e4de96a63c9b283d3d5096f8cb Mon Sep 17 00:00:00 2001 From: PrasadBoke Date: Tue, 29 Aug 2023 11:12:38 +0530 Subject: [PATCH 24/26] Updated zip with latest createui & maintemplate --- Solutions/SalemCyber/Package/3.0.0.zip | Bin 8446 -> 8615 bytes .../SalemCyber/Package/mainTemplate.json | 2 +- 2 files changed, 1 insertion(+), 1 deletion(-) diff --git a/Solutions/SalemCyber/Package/3.0.0.zip b/Solutions/SalemCyber/Package/3.0.0.zip index 29acaa4b3d92d721daae93929299070ccedbd55b..8a283ff2f026126949bc963dcdd45e0929f92a25 100644 GIT binary patch literal 8615 zcmZ{qRZty3v#oJ=-&k;mjVHLfyL)hV3-0djzR}?BF2Nx<1Pd-3cTWC$t8U$@bI!~| zS5M9KV}D(VR<5H_R^#aPKDoA+)fu;oPk?hre8%&0B~GlGWxFJ zO;l3R$%MyEck?e)?`TKG0PAzAoDVv}Z>{3_JQ)c)9ZrJp4_{+p``YG3srbK{4h(ku zB8?jxk)e@yDgHem~Qfl++V&-ECOeno~vshBYXQ4>Fq_dW@nfg@#~I3C?5T zQRdAY{AdcKw%(aa*c{f*bv7TV-_CMjq};$6HD$8<{{64)R6z1Xt`2rj?$R+qFVfKh z^NqDbSdfGi0w%X$^4{YyRt!6?4NCo=gD3gf781QWahK|Ap601%Dq}`K7i_9fK)PT5 zN?77;San~3kPPj~_O?+Awv?~$xhSFoEQcu#ifeX9m@!9fs^Ns&Ou1=!oH2V#Jfj3- zvt!F7eI_M0n_Y5az~`;edF@z3%XHmNv?w2->FYbgI>kc7P!5AYt!Xz?+8UU8#Je%y zv|;INIb4RHZnM2d7vWpZHP@TPif5%^nY?b!SNmJOM2y0;RtBTm43Z&-8S(}NGx!uqdK5?K;$T{Oe3`x`)CEhhYF$g+aa3aXR_S4&fh$_&f*-h zOp-H(D!C*t)T`gVZhoPswb1s-6@`yxlXE^t_l2cLhmzKi03sX3jW;{PXbg-$#<-Ke zAek&IbhOr?p$WdKn`O1q!Sz!y;kNC%NEY{Nr`uSsFfj=KG!UVV0$6efG0EMAdfcB+ zkuxx1jSu?NO;PP9QIZ&T*B`;aQ~n<3Ps5BrV5YPyH~B$r{CthRe{_IWp%0tp#fx7$ z6ixSap_Va%P|`O&NW3s#hB*h2hXdC`FUm2=Y@GOIH{^1eWiSi)@bl0G*b;%BApM<(=#0% z*eq)NSk#{d`~vy{T~A!Elchf;E1yqoHHv76e5L@zl#=H)^|j9qL63;Soo5_0oI+_ zx*V*UHRb@(p4$`q*|P`!I_9snf_G$Ej;eC@qw!i0%M|pXB$jFS4YU1iJdJ-b?U`{u za7ZyFuTqjSa#bXdvV*_o03Q{`Q{%m8^^c#4N0J>K=e)@GwVztw@d0Y=TC(BN=G;=9 z(pm?UY$OKlWI~fk=3F?;SC@JsuyWRi>QOeSUj6r{!bU`SmV6(tRc}M^)|I)YD_Px@ zpcid_5RPMbS~lTyCG`lMxHIKw)BdA7ox;yeUhIp3>T-84yX1ZO{K9U6+I1!C+Bzx; z%%^mYlxRtos!XCAoEB|mc@2QKo@qZn0$sYSI7p3oi_Ws42Cnw3;|qj>QIy*y-aB68 zyNEO7P9f?&kN`>_Uj{E*viHwDx|Y3#sgoPBBj$rhfw=T5`51 z^}IvXX%LwI)ed~jbZAd;;Xvs-BOCSLyxaOvmuWkNA_Vs2AY_R|MZb%Kpe(T!@~m34 zP;rnD(%{F_TJVM-y~f}#q3KxEZ0j0BL!l&W^;lmIvG#&J5h~f=yx=cxD(1OzV^Wpk zuIfG|nBL)pdvOVEBD%KvUOJH$1jnQNN>?S4lkFv-183j#IQ{bi@6lV?$z(n5x(_9~ zZN6c?bl*aDL-XR0H3vRUi;!T#&R3b)qV2_n$D=*_k6^K+liuEbq$D`0fU|XZrwzXs zawY^Qb%V8>%x?M`M3}huCn4rlEe(lp58WL4{cO;8Y=5Tay4Xkw>T{J+oNg%{;9{67 zCv%N#;v}cw)ydU>`+3=x(TeAgZA9dI|FVzDTU|%Gm3C9?`nsYysc5#NP2VN(wl1sV z`_QLH?~Q82mYjMePU;8Gj(gWQ++q}AXLy0Jx}y)lJ@>w|vUp=Z3HqVLUL_iE|G^+% ztOw}po`b94stW13zan$U`57vdGJAo2JbAPyCV;W4TX1+m?#khjK$tQ6$A>1){oRPi z_J;E^V5pmC7$q{t;y&~X0po3T++pp&5_*OPO6>rNt-yg7DVz%z2=q`fB92b z!6$_B|AV}x4vE%7>va6{KfpVOKtN#rgS@?owS&63y_4NP)c+s6p9{QuZg3~}?f5>rn+f8KgE^PonLmEK-1%>udZ-t@8K2xkN%lbB3gp>S2a zHLcrk%*v4oKnaAr+uiw$OPtxs6skb}d5e1Ti$`hg>rfFBfT?>mXC5~0x&KvQ_PAdO zuPPpOOs{0@y*BUTw-v!0r>q0!Wh%?U_`cgUdiwC^+DR1J8`WRsM~-Rj%;D8ptNO4{ zm3!pLp8kF50eGfB3gFQ#mDn6Muo&6Ji?0lDf}LJroeVxgk@I5`&!!@sUxcbOE;hkB zBz~dPpBHCIiA8XO(u3dFltEGj-UcF(%@vc&{z#Au*1*KM*+`}E7;R$BKZ#F@V)a+p z2NZ~1fauVU%QB?iEP;~}T}`o#RI@)`{L&9jM*j*wx|r-&A&T#s`s0;Hm(S#crsU2S zN|p1_vXw!iA}C3pvPpK^%^$rXWm@LGz393x2xZZF4{6vu^w?#B6on>+4Q3a| z9R09z?Edt6JD&gjaCx~OM0bHK`f9lP=rj!Y=}FFZ7W!BMe*#?3THt2k-DPJ*!<mt{E_8Gg^?oPjRe?gzz~a&7cYC6hg(?#dc(b`?|0te*bf*b<$0 z_ua~|)_M~ug;6Sn!HpmNTU_}-i8a7pG-XJvx*Tl?z;{Xva?-AdQnoMJUuLJo!fzG` zUH0*X5HWWo!PBb#xvEFW?BJD?%^Mn%?~xLALVXw3V<E?*X6-#|DakKyf{@91nc))0RTIH@ zPw3B){Ea@kZM{MWYnRJGy6pos1A(bmlWAoLovKHy%TO2w=2KnD)UP8T0*+%1w7F0cV&fdC*HegKW#Vr~-<6iD$K_H}Mwrr;sfT zzyG|rYF$-Lpr8n2u;=35MVHYK;neBF@E$@D5QNP~4(?cAi{30fJJoT0bl*;Qs5}EQ zRRwVg9VGp|63bOU9>8Y2yO#TgT~66@v3giC>8vmnOcRKsylrnOowDO|g+cn?Xyln# zY2*aJkSdNsBwX~5A1EV}s(&^j*n_`(0(utNzXi9#sgMK0m{G)`Pwk)e6585cHxhuJ zFMRu8&CdqUlgE&TBj5cK!M7eG%BBYV)aJlHyTOX=!2Ed`!WS)0?B%4dWl12RFrORJ zvx%-^L+AF8*rqEHFH+H4ri!YYP!}`~wv^bZEwpCp2Ah>!*bcXoG41-Eu!1hbmLGSZ zB2(X=MW&X%o65IVjun*|@6KvMzIuEL8v9#gjf_%TA0Hq2Rb3E8UYO#I5j^`7qB5s- zv}M2_la8_ygyUf<5(6y*2uP`Q=R)hg-C~cV_wUA?D?5OT%lj`v>uXm^QVA8WT_0YZ zEw0|^1{29SQ3VH}8EO*mg3UxRwK_L5lmJ~8Nr>JF{C3D3eJtUT;q9zDky?o~d~*&b*vWk&2o%UZK~nt5$C=H+c|YAd-+RYrM8&V%HW*3=E_&?F|(EPMBCh z(8|U;0N&_NRYyP;ARpM0p?<=9L%CU>lkx|oAyhXk7Iox7ma_0knwLVl>O<18)z2}=bOs#2<J~Z&k2=c(Lg=o= zD{mCns0_^~23J45Z_F$u$bkS=t5cmYK6g*2nKn zi5vS~fLCPrIiQ-zX8FQq2dhHXm`a+06H|VWzZ2&LL6NFy>%OE}G*(rTXV05pQR`&! z*THf{fFbu_YZ9CkBKN2Yq2{X-B}KyE!VXEa36HSYjEm}vp~m^xCi;&xVXV8?ICDn^ z=^3?+eku2bLKeilY)#^jN%mc)lMV~0*NEHpwZ=;3Y3Y6L@$Y$7r5)XBoa^Ah9fAYb zuHD-aR6M%$3T(zl3yjBmz1%9RduuDd`^fR9&cTcs55m+q>1l@)65yxt`$3{vowxQ3 zq8R7aBRa$;q0``W*|x?EeQ%I9-OI=NaD&zv>9O@dvloEX$^!10CA_NcAUh*=o32e# z(^57kL>k^`!h`{tTS#((+bDuH)XURL?p^Xhe-yM27$I49Z?so$t-jb`6AcW$GV342 zV6*ODWBo2=3&0%APOAi~E&pU!B8aaf+Sx*MEigCa^_-#mM#C>7B&#jhT)O5rd_RV0 zLQ?Ta|Cjy-pWR>P&e9lshO*AW(kUxP;px9)2KhC!F#d|)i{2^j9Q15P7op}XlcLkt z{2d1?P*m``zRd@}$zOu1rG*P*X_K`s>b}Bd3m3ADDRWaq^EI)h+ySGJKc0d?87wDB zYGErH#IQ*0SvY?NB?%5wI>u-?u`HQ7cOk+vkZ?&fBk3Al|ntRvAZIwM{4(p4|ue-OS^UQXP2$T%Kv+_b*;(*h8XFSLqWl6X-1i zFK}=EqgPH%t15^%TbQHPvXUY)T^Q!*pLtZyZphixA&8i4a!sV`D>P1lxlZ z_0a)T#tL2pk2o3VGH9LRbDd6RSxdyIc0LwYZUaj8IWF{Ku<3B4cZ%gOJ5&^ozk@-D<>qv9s8TZ`%gN1r zczHI>XovKYD#If3ol-hT2yL9hG$(6VjX@d>p}&nLw^fdND~2FA+32J+-*}FDE{^Z`j5w1 zb(i>qvM&sD?g{Z^k9hk9!yRrUc2@;gBKrmuLI=e4igj@G7EX8o&)vl#`L<&jkSRM` z47FmYZ%I{%4F@o=l-KXIjj0XI%?Y+W!LZ0?$&BFbss~?Z&-}cxna#K}3Nv$cMJsl) zUy8uG@7wC^i8<`zKjuI>$y?EH0EVArODS5Du*>@C8jX>fimM!m|9(Hfv21#?Y4w)b zncY;M#h3hEO)Sw7Z*oksUe^%ODY@jDQ**kON!4=CYZ&eV+JlO5Xki1Pspe4g3Ajpi4B znQz00QJ|*zHymfc;H(H=i6Rtj7i)mGShi)@ zReu)*+PUT^L@M4powPMI5!xW@Crr|kC4n{{V`+j?H964^dvfYY+>NZE+Y(D=ClPOIa8s+;OtzmXumuw2h z-jprII{LG^#C4#G;it_JR$7`M#?J~@e(d=k>@`1da*+CD-6r)pmIx3sc*SDnel)1^ z#~<)w0)HfChzV0Z2LZ-Sw$DncJSDJq5Y_v~?f}1apw1RjYUF!Jncce41`A{@_md9| z&a$6@QJR#LkmB6Z+!Gh7_Ryc4^!El<&0CsbjC5OH{>p4}w=)r0}N&7EhxrxwH7$t42!wN6G?ziM3{*TI8vRwDCL1Yu|G6SVwS<^&N6 z@dkl4fRJ{1Ii&Sy#fKL?UxGZVHT>`G#n@u90X#*{IA137i zNAyZ2KPoQc=u2@TSWM$Z4bR?gn`<0h$iaC+$uhrQ^Ac8>t#nG5dCJd$sGt^iYr4r{ zZQ3YTC!R!F((JtCnNE{u4wNS4CXuY?1~#eugL9N46H~5#p7{v&Mq{749Ou6Qtm1 z_win1YjK#OI=s}g+D(*B5$g`_X(K{*`>iX z(?={gCX;+QnqU`No49%Ule{>J>IwVX*wu1cp>SU2@^ufl2d~!6u60tWNs`c)W%WbH z`Mp8X9@whut+$+Bt76qaG%xO&Hty{Qcxv&vw@0Kt4iy*OrV1Q!B#5dYE~qY5ER26{ zE(ZZ6EMQQ#vsUYTAxCazxV_22Za|+cbWaRIU z?Q!e&!h?#%p}O1V>UCT%N!&QiPSH{IL)lDu#fZ%fzxa^$d3S&)zH^1S$qBFbyl)xW zNZr{wyAJ@qHFVwAItx;lF{k#fh<{n^TVM8Z- zl$?{0I;`{&BdBBLOWNa=ANc{9KCzbutdUkJ40F%l*MZaymK)j1>lW?>!ftsT z?lZm9S)Xf2+8aq#*l)A$e4nIf)7qO~*i$b{Ku_eOO{n)q*2;2Yss)o#>M^HC3#mYp z)2j*y+qD~kSMB2O%l<5<-L8(m-Bj7op|u`uKj&3kfX-d=A^kR3%+d+S8&F~tom;P;YcEogd0s3jO|3BT1ra7EWt1CM{WYq~Cp*ZfrmZ#- z(D|En{`1hQmpV_)&<$@e2s9CT=hq-M^}>IGT%-Z0nt>OJ+POdi%%3{$)xV&W04JbB zi4zNkVvh_<{cSD^-(p0{rJURV@0O&EiCt}AzCX?1EDB_6Xv!WSJQ2nlG7MDE4xZzO zLT5JUAB`78okZ?&ds;B0eT=Fk=v4w6bAG=qpEk;#*Y~gjwiQ`=KVF2jGk)+(%z7CG zTom&@9L|g#-RJ-9eq+*RF&&TJHtTWD5ODSZYr{Z%^>p)W07kIu@C#U!BXgXMUj~) zvV&6jMP8~4-B@c8PZB3zXbQMr5Ca%&zv4y>js4qB42mVceSW0wnc;aAR#F7p|5y&_ z_Uml9k9)fMT#~1QW*3kIv%yrrc9iek2%LxKtUkI@6kBhK$AUB>zP#{;4>A8nV`Xq? zPe0SXY!%r%_3Sbwl_`%z&%u^kj!y=;a`#!H?g6#^kcIk;9=yE>w` zJzIl6Cpgr$gLBOD2`0}!JU_`6hy)ETt@nS7+}8|5I0?j$)Cfd~=Y{%#j>1?$hbHyq zA&(Wz2apft<2?<9Fi#s-+tk9!jYu|pCWuZ26$>NpXFS*1-Fpso2Vp9C*t7-_fw9iG3?-TDO zj=e@(u?=OEmc2+PK`qWBN}NF>+>aWzJ;pcWM>RqDl>lzyaRmZiEeAFmBs*pho+Dh? zr&D8SgPj+BIjojVA&0g{CMjCPVngg@susaE)q?NJJ`IQ^H~Tv=w2t7X)FB@VO^v;w z5*+(t_1?Cfiba73B+@~SAXUBCkSv1!h!*f`@w;Ar!hO>s7Ga6LA1Q2?h1P_F;JiFS z`Pc~_u&|B}8>HD1Dq#RU*}URDmK)jkc_DA(3-D*#yUT=l=&fkG1G9A;?9{c}@*Cuq zVUuYdHF=$2bq)6+Qeb(h9J3ELO*{vu->cWm(v=C@093umJr8j;e>#|1taIYB%}^D@ zah<}H%?`_Zb0G^tV*n;uj#1RN4sbWLl`fJTVbXT!kwF=s*{ph>2+L>R(^*gUrq8|} zku>WF!XLbLoj6{*E3%!l?iAD#pmR&*DEPWFD{T52$vt$ZU%J=!jcMpYw?8(gUy;=I zMrfSYnatYceQ2(g=(c`!?-Qu}B#BnKCJ6}sT*c-e%QKFz#uh}6OupqPq)Buhgn_}x z$0y?l#g4rn3(zL(C;YsHf&`gGeB0w;ZUVJaK`dN)1UYDg-U_6e(`d`cu|9_GHNpAVi)BjuK@SoG-zlkr(aPx# literal 8446 zcmZ{qQ*b4Kv*u6iOl(hVYvM^xII(Tpwr%Ugc24YMVoYpnVoa?4-+kHLyLG#}s;jHI zx*vZJ-=`=G1&sv&0N?@kDnuG-cBqS*Z~#CcE&%YK0+=|P8M&INS&5sOTiIK=S~=J= zTe~>eZ)sXNY;fa!3K@O{-Kejk+VYKdl4xp}N^f9GEfeZ10YINWZ;&ZaCnb`#KDDM0%Z&pHJnx&Ws{&QQ9$=j>cegpg^5w#|>70IhQ60 zBixjDa?Y~4oO$)B+lB~npTUR`58dgfW@Dc7kjb71bo5h8=!hbX3ZD*>q4YY>9Wf6& zPPwiYTZKFI=0t=0Ity?x99UMD_?{ALF_nGur~NK|FUF91OCZNo9Z$;jko+#Ljq>Y< zz(A2)D8Yc1qO)s>#dxp9ha$OuY-ag^PyYmsf6VN^R{< z3+A^r@ao84UAzI~UQ^708D`8LsmvB`%*Sqxs!#`JQ%OvdoJ)??{WZn|_t$jnk5nCzDQGmiz$AxF^v#_(HP z>`N1P_(}xtlmhy}V9#UMsXXKXD};27L4LlU&rGp37$IrQrn`o@Fz1ov{JQ8=UHdY? zXDm_S3F4TqP0{l{b_9tG{t)(fnB%Z6gmWrz1+ zYekOo`gaQky|d1(#j8*(EksFv^W2-szv7wC&o_eW*irf4-c2jP6=ctpw0JyQN3r5+ z+Ub^78B;&NWr!0j#<^>FEsW#F>q`q8U9=fe^5O8%`QyAtpzkF40vRXJl0e3!I{H!~ z3I}{66_hg67|rmBzrA-Rm}BPWa-dFjwmyg;sf16T#0RD z4kVs2k2%>_Q(6HOIF(Gb)M_7O+K-U3!QG2CvEh5Uvpc4#S@*sFI1eyo2c%Cuqq6^ zIQtai=ZfX2CL&3ff*;B_<>rgi({{+#+f&=q)wUm64gLAdw#q1t$0Mpip_OvN1ulO1 z^pW_vtn8Lagv@p6{^Sy(QXX;Aq?X*$G!4HCQ%CO~y>33Un7_?^Yt$J{1*i(zuDm9Pfm=apZ_GxP_-hy$ng|TgR^7-Rv**VE>%)8@cSRil~Ux25xb-bc(LG^s;mL^v4sq` z5iHYXLQhptwk<7^;53InY>$;v{?a8)ZFa9X8rPF1hJ6gUe{~N8zY0^^>m*Nc?Ul?l z)09t7L9aWzu%O>1k@R>wi6zFuZfSFEf&)qJRZ)?0pDaCmJbc>y0@`~P!UpaB5N~3Q zj4(lY79QX&T+N;SLyN2st$h}!rEr*q-AOyq9spAC-`;}oSD3w-kSL^L;TxGKsiTY9 z&!M4u`1K~?-=gS@@*r|uz&(!Q|FRiEH{n>1tymPs^z})4?3)3dAAnVQOepoahqdB@ z54>V^H&HHnlG+aH0zQ=srS$m+Jqb8P9r2PlQN4NaBBNL1@QCepEu7 z$Nva%8nv14eFGsa$4xOi6RuLPU!c1s)M_i|RY;fYzh<+eZ&m8?mzx0^|0#7cafLa<%bMIa#bGT^Cr0V(-!Lgyb`152T zE89^RmJ4Y0iDo8cOY3u;!VU*mx|z&hcIBSBDN* z33VfbRk{tX_eFUvtH+(o)NW@3ROx7*B*Gn$8!`z!&JdrW4Kh9`ccfsEJP~z>&xqpjDu}gEyNtt^><>(qxU!!`GXj$8$G#x5UqOnYR^i`eNS5mc_ z;!9DlA>|k)y=thrskynishuD1e8n{`2OxM1mdl^h+5Ad2rOvmv9pmY##N;;-Ix?Df z`D9D*nvE-~lCwpA%~9z5xU>&&89Hbt(>CnE6v~5wShmAeW-3lM<{CvzsgAoGD?Ng0VXxu%Hv zaIAp?Qoi3LMjV(zmgcP4BpC4Clf6tM94}sR9#dqGGJnyN?gB0q;Y@a(y;Uq=(Jp(WauxwcpJnC9LlO=Q1LwPuH$PdFE3bC?&{gSy#VVvxcHJ4j-0&HMzAdsvR z0gJwKHr(*2cFYkwN%+YIe)86rU91TIvzXB)o^TVcU|dHr7#%6p>vLT-3}DOTcoh3cqc zhE7&fC_(37kYu6}uK%gM5W$5IzJUMc&ib0yd~ur|WXt)p-rT`}80C?uDJk`wRun=9 zbs?lRhuVHAL48S+@C~;L^b;`~zC@voOqyD)DjkWZ&1EW~4;<)bG)3I@^sH#h2)5#g zT>3RSLu-7L!=Q&WD%=`=yOz5Y9&qKCL@_88x_?!yp8ll zM7>KIum&}pJs!9xP1M90cO3~(WbWdjk!uNJ_JfIUI&)6 z|43eMV)?FBWkaE%tA*_xj*z$>5I9>o++n*+v}8SD-3^^~JeIukrB?2Iksi8|E8hVghusqEmV1g;>{{VP zvLAk6W;uhaOQxb+d3t@`=#n67nenteqd}6%GMnf-9_))(IQ|qWApN;*#F{7#dB;iElZKEH2M{Gp+AM&+gO~e zw{orGg>3`{Wwrc~i#SQqBg#4Y8hLVHdhhftnNO|%ViFdU5!eMX0z_mOm2t=+cx~Kf zv}Ne6SRMTw8Mgo?(TIL%`VbQ30Bm-W_ZMh=2I-*k9ACJ;cl_=JPToMUl_b8Isza|N zO8bJxn*tczsiVLQ?%D_u?Ry*UaO~Rdcgh>E#Qof63ew_3RL-`h{7n63LPK=FH|4?N zB{vepu@8|}Aj0R9aCD)kUdOr#93D{+5rDIyxy`K}G|3M{GK}Q~AkJ?DHHmk*$7S(k z(0{-i*go8zfK`0^UfPQc&y^$w9+wM?4sVMutCZZ~)D8sB95k>|-1EmkjAmV3T^RkJ zmwad=2>r=^T)5JlYN?$P$`EeS<-V$n$`H&`^cZz@sG^0QW>2@pG#l@K4(iV1NZi_Z zJV@LM1h%&?{@MlKkw9*c@ICF?hi!gxHfmBd}KP zqIr2nE2d0=GDf5~>qQjsut&U_bGt8Yyb)p1!&|9gvFkODq>!q`;=kq{#3sjXK>*NQ z($UQPn>sC;r~F4ds(bM7d)zG@Otg=XbPH#$LKMASb$?}=dfZ0z>yQ9r!cqdHQ?PMk;l)o)SQF@10mgdrkaA4!N0>%-0q zxeoVY+=6BK1uqQ+Sz_f-hJE>AV)jXMowhbuLG+>U6SLVD1nLXIA_g*9!A;73MNNTq zi&LfxnUE9mu~kN)gHFR?0EQdQ#yfX?%I&}a{`(mjX{5~^uj7u}^w0xpjMA@y#2 z&Cst=+VJT_x;GVz^mLbC5H%kXS}e3R72o&vwB%`gQbH&d`GU-c-MX9qKhvw zvgfdo&0n1C@uI45T3~$Z*Amr?bSV}v2 zEFOf5`h&g#p&AkyzFCLNv}zjo$xB&UbJp1+=6BO$O7UP|giyG~Qe6tC^bLmY&t^SU zaq>ypdBM#0egVd_SC;t3(Z=he6Dakep8;pzFWp}YtS4X#3@3W6T*s^H#w%@G3`I(L z@%M?4VQ#r9nHUGEEOC!G{nUv&**4tS*#f-=sZa4tcq-}Kb(nDLcku{w;UB5?Sa1`m z&-99m!COrP6%#L<0?rs3cRoPovkY);AwpxyuhfJ<1Ikun(@xG6_rzXLS)7_+XLDNZ zNS4UdTOh_uc-5r$ZsKqsw+D!m{YNH0>BnDRZ)D>OgZ_L@xkta%=K1up6r8>&V)n54 zrU9n+#79SS%=74Amt^r~AN0wvbb(%^4k1$X&oj4ZKZ!w>pif9j|1|01UmEtZrdRTo zR8vR*x#87}l=k9W+I+Z?-#NL?pvxzVHFaVMG+r0TU5L`7voAZB2Rd#I>kKKCXSVTc zh9%imRpq6>Y8e5!d|H?J2Qu~HY)$Y+Gv&>ujb%0{YPAog`vv{E=Oz`pvR%xES*F*A z|ANhP_VR66+M+s`?+J=Zkb7~0c0N_R5T+&7zxu0Ui>n}ig=@Jvi-;sHIPOQ1xAWaz zi1SpAWqFKT!DhHB0 zBC11K6Q{G!68k&In1-$43##6TlWEEYM+{bKJC*vJ?(~DVL&Bo56pgIY%+Z#^Bu78K zt6>uLlLTng0GLVseTIfQ%hFJ^G@O%;B))m^1^R|D>3Xf741pb^zbSS_K#*=;$s_& z=hV$qS@a3-N)b69cC!aJpi?t24#UX0jD5v%fxj|4`M966;%a$NV2v?3MN8^|c1JA2 zPtPQ;vYp$a4~=hzcf$|~QYVrS>^A(^t~q>vy>^;ayxPgp7(xIO(b|dv9HHdXsL(qxqGYDT$us&8Z*jmI5 zORZ5MDS`+K8+SGV*N{%$$3e2fN`BUiOA(n|0C=0+X>E*JhDTGe*Sx6G{h515;BVOS zDA0CXAp$~d@|oS^u^ji1XQ!JB8BFj8=-5*Fh>1`J2+qz6+51q3*)>5-i8g z+i5izbkuTTZEr`Q+Ax%#thNrz?1ff!sD5)tH`ZQ(=nVZYDP3GQWd-^+v}hf zaByHdr2iZ_>u)MU8y_yh?pKPE`G%n2cclWtKE;sPkmJ&l5Y%*HnRZ+`KR?&^2Sne5 zsf3ng`h;Uth#N4!us6G2U%z4Z2Z;o`Kjt~tRDCu+>f>~F>sgU9jUK$od}t+758Ktx zGC^yDJ+l*lJ}C`_UbHQ*83eZrZuI+6lju(;;AJb@%33-c^%foaL32VbmQk$l+G#o- z2CbDFpUTBt*Ca|CO=Wtk07f$qme1YwA9ol#gCxP%Fd8*gY6?HuD$k0NXt8X91uxkz z<-b@*wpFjL(cSU(R@t-?N<9N~)Y?0235E&dwE8!T2~<~+&ro~bknm>39DKg+DM6+a;C~ok{DDcp zZrY#LEhoj_7e$1Dxh7`2X;J9L``{6!#;r{2@=^5h&3hFjQ@;nivac!1{IH z$c#|2c6idX*VWlA^-Y!F5Wm7YvyQyexDt-XZjCsxq0B?fwx64cirOBW^zKF4Mbs%=&3eV_u# zt!un_r-ORbA|BIg-S}*(&m$U6#$Jrp)iN3ZIF~owy*rDJ6*tF=EleecJ6tq7$2KbF zCPsbF4IQ3gMAxuF?7He67nSyO_%5!T8NIMC-W}ivD{omr{nJS5Nc{*YU0G^Ut8FAw zT}|xh4`%MjUoDg%l=DNSwr^kDD(e=8t2HTDsZ>uaX=f{1RQUc`@XM+kcvAf9>T9d( z;FndSi-ggK{!-3i20W<|WGf~IXxh_q+bDZ;B}=un)RnBtvs|5JeF6C1 z`tyBJakC+&!K)S7_bT!X*|!lsQ-2qzww*dbuD%DvKhYkIZTW-m9w97RlO*J+lZSpi z8T6Ha2QbVMZvl%*$ycLS6IFPj!&ILhq3~jTPxyNM1nfIoC`F1I%RqdYCTD=^Z?aNdyj}&)i=jgz)_c#Qk{R+?eqJ#wUWz;C&-sOSj$h?)-KIz zF*+(*+~y#ly|bo-vz~!^9=l714YsNnRwB_vn*gp3Tl2QCSq(rY0TT{WKSGk`HQrRuL)a~g|6x1mUU)cjYPqtsf!ehWf&^sG!H=9iN*TW&U zWgG0zAam7aOCwrwIc)ATy12iIy;~W)Q8sotWG#)?TKSrta@5{D1c}{s3=5}R!wq;? zRivfnFcnM!Ux(RecbH+P0-URq%@5Rqc8yRMgo3_NyO&gWf%|w#B z3-XA$R1lSM8MW34T~qV_XuzHN8WqJ@Apg9p@l)3Nm>l^h>VXjVSb6rWvU7ZYXAV6O zkpP~CF9|jrYrCqq2C7Ub=ACEpTO~U%y9>r0|Uzzz#aM^Z*I}XE|W)-iGz0;%p_8%8XS99u;~);A(mGINy6r24F@4BlI*@S zM#UYZlxVm8kEofEs}$KBD+B#xH?_uBhY!QjncWaT)+vMDoWON4780O{a1igi4dvJA zSmfCu=|Rz_5A~O7Y5pNllk1`6kpW75e1*0?*}IAJpEB21x_7YZbGrAuz=LU)IXmh7 zqwg=?ayeIO8|0d@#gglZ#Uy(SHy4BZ3hi(HrPuB+!B&q7m#mXC`KrkRi;2HC9Q<>q z@yZjMJ*U2M-v&n$eJ1^p1xnGxVE&Xht#FpOe-nhh7>i=@g4_*a>8MHC zj^C|dE;)mKpfbQCmhv>H{zX?7Yys+Qy{#Ux!}eNzT!43Az}X4tlZ?{4yTj_)_xtKW zIYav`p*Tn?>oV$vc z8n!-9YAU=)B}jh^A^8{Y;oZzFmI#71nxU(_jYgz4$aAq?q zMsz!r9+~zo{C_L6?M<08q;bDv??hUs8>_#7iec%@<2LFHm;A!9I6mUCy38`SUN(ND zjjO`CO++cVt<5t~imvC1m)hX4W!PE%um&+d8LhGk)2JZ&`f>Z*%27ID z#Tyi+`@Y)#6l}EceT97gWhgC|2Se!eIAxTQX&^A$OR=vj7RfbyTN&gAtY}9rKA*!4 z?lry*&d>Dq1@CnmN?EfCv7*2)8#fhkA`BSF6A&&hA$9M=#XzK?N8JB<`J>w4QD}6% z1{?TfYx20y2#p257Y{So-H6cN&#b4dclIL=9*t8~>OilxLF0){z|%-KCpgfiQ+30` z6DF@WTtCo-|Hf(HZr&#W!xbh`8m>LC7E&ZohpeRV4l50lGUAd01eC|~qxqTGQCus} zs+g^rpIR@TIYfImAt1+_fu)9KY3!THXjIw2p&ZTOQ1y*aCM4ES%+(aSqn z1=TDkEQtjt)_eqT18K(;5k;rna+j_vm!Tcy>8zRyi5JfPw~Xuo;qm9M!%PH^z)~FB z!4Q0Q@_F2)YnNM|F1Gn=c@-Eq90z ztb?^sv5cZ`+XJ-|aL4Yl59Tt4fMf*RUMkwbnbD(lQ#wLGPi9J^pn5#;NXSILPaubVw zF8M%VRBpIVG<~(>YFt5i8YV$a@{pu3Dx*(@Lnk2gjFmvL;q}nIkIx1)MU8pt>tXST zPC`R89sln|Vh9Pos-CCfZfS|L@vS#qx2@@4cG^2cs@Y1><|ThB5w+V&!J>hWvdfnAT7B=kP~n@w57!Jr>ItmMh`#koU8sQRC-01( z25nxAFQ^R1FM|mZck=67Xh9b3#O_@ooA~%IG}%jXZ2}TFV+bPZhMi*nF73E`@B8P1 z&3dLZnf!(!G?s#B!Y|kw$XDWbu6kHTCbH9pgHN%uMnFr7omuU8Na4z zQJCo#gG-eq^#*O8p8^zRAt12;|Fg^BKibCs75{_h;J+XF@9N0^xe)gs1H=EPl_<)> T!2Z_? Date: Tue, 29 Aug 2023 11:22:39 +0530 Subject: [PATCH 25/26] discarded changes updated with master --- .../Solution_MicrosoftExchangeSecurity.json | 30 +++++++++++++ ...crosoftExchangeSecurityExchangeOnline.json | 23 ++++++++++ .../input/Solution_CyberArkEPM.json | 44 +++++++++++++++++++ .../input/Solution_DNS.json | 41 +++++++++++++++++ 4 files changed, 138 insertions(+) create mode 100644 Tools/Create-Azure-Sentinel-Solution/V2/input/Solution_MicrosoftExchangeSecurity.json create mode 100644 Tools/Create-Azure-Sentinel-Solution/V2/input/Solution_MicrosoftExchangeSecurityExchangeOnline.json create mode 100644 Tools/Create-Azure-Sentinel-Solution/input/Solution_CyberArkEPM.json create mode 100644 Tools/Create-Azure-Sentinel-Solution/input/Solution_DNS.json diff --git a/Tools/Create-Azure-Sentinel-Solution/V2/input/Solution_MicrosoftExchangeSecurity.json b/Tools/Create-Azure-Sentinel-Solution/V2/input/Solution_MicrosoftExchangeSecurity.json new file mode 100644 index 00000000000..81fbe66e8f6 --- /dev/null +++ b/Tools/Create-Azure-Sentinel-Solution/V2/input/Solution_MicrosoftExchangeSecurity.json @@ -0,0 +1,30 @@ +{ + "Name": "Microsoft Exchange Security - Exchange On-Premises", + "Author": "Microsoft - support@microsoft.com", + "Logo": "", + "Description": "The Exchange Security Audit and Configuration Insight solution analyze Exchange On-Premises configuration and logs from a security lens to provide insights and alerts.\n\n**Underlying Microsoft Technologies used:**\n\nThis solution takes a dependency on the following technologies, and some of these dependencies either may be in [Preview](https://azure.microsoft.com/support/legal/preview-supplemental-terms/) state or might result in additional ingestion or operational costs:\n\na. [Windows Event logs collection, including MS Exchange Management Event logs](https://learn.microsoft.com/azure/azure-monitor/agents/data-sources-windows-events)\n\nb. [Custom logs ingestion via Data Collector REST API](https://learn.microsoft.com/en-us/azure/azure-monitor/logs/data-collector-api?tabs=powershell)", + "Data Connectors": [ + "Data Connectors/ESI-ExchangeAdminAuditLogEvents.json", + "Data Connectors/ESI-ExchangeOnPremisesCollector.json" + ], + "Parsers": [ + "Parsers/ExchangeAdminAuditLogs.txt", + "Parsers/ExchangeConfiguration.txt", + "Parsers/ExchangeEnvironmentList.txt" + ], + "Workbooks": [ + "Workbooks/Microsoft Exchange Least Privilege with RBAC.json", + "Workbooks/Microsoft Exchange Search AdminAuditLog.json", + "Workbooks/Microsoft Exchange Admin Activity.json", + "Workbooks/Microsoft Exchange Security Review.json" + ], + "Analytic Rules": [ + "Analytic Rules/CriticalCmdletsUsageDetection.yaml", + "Analytic Rules/ServerOrientedWithUserOrientedAdministration.yaml" + ], + "BasePath": "C:\\Git Repositories\\Azure-Sentinel\\Solutions\\Microsoft Exchange Security - Exchange On-Premises\\", + "Version": "2.0.0", + "Metadata": "SolutionMetadata.json", + "TemplateSpec": true, + "Is1Pconnector": false +} \ No newline at end of file diff --git a/Tools/Create-Azure-Sentinel-Solution/V2/input/Solution_MicrosoftExchangeSecurityExchangeOnline.json b/Tools/Create-Azure-Sentinel-Solution/V2/input/Solution_MicrosoftExchangeSecurityExchangeOnline.json new file mode 100644 index 00000000000..82a299b1fbd --- /dev/null +++ b/Tools/Create-Azure-Sentinel-Solution/V2/input/Solution_MicrosoftExchangeSecurityExchangeOnline.json @@ -0,0 +1,23 @@ +{ + "Name": "Microsoft Exchange Security - Exchange Online", + "Author": "Microsoft - support@microsoft.com", + "Logo": "", + "Description": "The Exchange Security Audit and Configuration Insight solution analyze Exchange Online configuration and logs from a security lens to provide insights and alerts.\n\n**Underlying Microsoft Technologies used:**\n\nThis solution takes a dependency on the following technologies, and some of these dependencies either may be in [Preview](https://azure.microsoft.com/support/legal/preview-supplemental-terms/) state or might result in additional ingestion or operational costs:\n\na. [Custom logs ingestion via Data Collector REST API](https://learn.microsoft.com/en-us/azure/azure-monitor/logs/data-collector-api?tabs=powershell)", + "Data Connectors": [ + "Data Connectors/ESI-ExchangeOnlineCollector.json" + ], + "Parsers": [ + "Parsers/ExchangeConfiguration.txt", + "Parsers/ExchangeEnvironmentList.txt" + ], + "Workbooks": [ + "Workbooks/Microsoft Exchange Least Privilege with RBAC - Online.json", + "Workbooks/Microsoft Exchange Security Review - Online.json" + ], + "Analytic Rules": [], + "BasePath": "C:\\Git Repositories\\Azure-Sentinel\\Solutions\\Microsoft Exchange Security - Exchange Online", + "Version": "2.0.0", + "Metadata": "SolutionMetadata.json", + "TemplateSpec": true, + "Is1Pconnector": false +} \ No newline at end of file diff --git a/Tools/Create-Azure-Sentinel-Solution/input/Solution_CyberArkEPM.json b/Tools/Create-Azure-Sentinel-Solution/input/Solution_CyberArkEPM.json new file mode 100644 index 00000000000..359d860881c --- /dev/null +++ b/Tools/Create-Azure-Sentinel-Solution/input/Solution_CyberArkEPM.json @@ -0,0 +1,44 @@ +{ + "Name": "CyberArkEPM", + "Author": "CyberArk Business Development - business_development@cyberark.com", + "Logo": "", + "Description": "Endpoint Privilege Manager, a critical and foundational endpoint control addresses the underlying weaknesses of endpoint defenses against a privileged attacker and helps enterprises defend against these attacks.", +"Data Connectors": [ + "Solutions/CyberArkEPM/DataConnectors/CyberArkEPM_API_FunctionApp.json" +], +"Parsers": [ + "Solutions/CyberArkEPM/Parsers/CyberArkEPM.txt" +], + "Hunting Queries": [ + "Solutions/CyberArkEPM/Hunting Queries/CyberArkEPMElevationRequests.yaml", + "Solutions/CyberArkEPM/Hunting Queries/CyberArkEPMPowershellDownloads.yaml", + "Solutions/CyberArkEPM/Hunting Queries/CyberArkEPMPowershellExecutionParameters.yaml", + "Solutions/CyberArkEPM/Hunting Queries/CyberArkEPMProcessNewHash.yaml", + "Solutions/CyberArkEPM/Hunting Queries/CyberArkEPMProcessesAccessedInternet.yaml", + "Solutions/CyberArkEPM/Hunting Queries/CyberArkEPMProcessesRunAsAdmin.yaml", + "Solutions/CyberArkEPM/Hunting Queries/CyberArkEPMRareProcVendors.yaml", + "Solutions/CyberArkEPM/Hunting Queries/CyberArkEPMRareProcessesRunByUsers.yaml", + "Solutions/CyberArkEPM/Hunting Queries/CyberArkEPMScriptsExecuted.yaml", + "Solutions/CyberArkEPM/Hunting Queries/CyberArkEPMSuspiciousActivityAttempts.yaml" +], +"Analytic Rules": [ + "Solutions/CyberArkEPM/Analytic Rules/CyberArkEPMAttackAttemptNotBlocked.yaml", + "Solutions/CyberArkEPM/Analytic Rules/CyberArkEPMMSBuildLOLBin.yaml", + "Solutions/CyberArkEPM/Analytic Rules/CyberArkEPMMultipleAttackAttempts.yaml", + "Solutions/CyberArkEPM/Analytic Rules/CyberArkEPMNewProcessStartetFromSystem.yaml", + "Solutions/CyberArkEPM/Analytic Rules/CyberArkEPMPossibleExecutionOfPowershellEmpire.yaml", + "Solutions/CyberArkEPM/Analytic Rules/CyberArkEPMProcessChangedStartLocation.yaml", + "Solutions/CyberArkEPM/Analytic Rules/CyberArkEPMRareProcInternetAccess.yaml", + "Solutions/CyberArkEPM/Analytic Rules/CyberArkEPMRenamedWindowsBinary.yaml", + "Solutions/CyberArkEPM/Analytic Rules/CyberArkEPMUnexpectedExecutableExtension.yaml", + "Solutions/CyberArkEPM/Analytic Rules/CyberArkEPMUnexpectedExecutableLocation.yaml" +], +"Workbooks": [ + "Solutions/CyberArkEPM/Workbooks/CyberArkEPM.json" +], +"BasePath": "/Users/Julie.Mauch/Documents/GitHub/Azure-Sentinel/Solutions/CyberArkEPM", +"Version": "2.0.0", +"Metadata": "SolutionMetadata.json", +"TemplateSpec": true, +"Is1PConnector": false +} diff --git a/Tools/Create-Azure-Sentinel-Solution/input/Solution_DNS.json b/Tools/Create-Azure-Sentinel-Solution/input/Solution_DNS.json new file mode 100644 index 00000000000..653dc9821e6 --- /dev/null +++ b/Tools/Create-Azure-Sentinel-Solution/input/Solution_DNS.json @@ -0,0 +1,41 @@ +{ + "Name": "DNS Domain Solution for Microsoft Sentinel", + "Author": "Microsoft - support@microsoft.com", + "Logo": "", + "Description": "This is a [domain solution](https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fdocs.microsoft.com%2Fazure%2Fsentinel%2Fsentinel-solutions-catalog%23domain-solutions&data=05%7C01%7Ckavishbakshi%40microsoft.com%7Cbe2a496082b24caa4b8c08da9cefacca%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C637994850502413731%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=OJegu%2B2EqD7rmYmK9pm9QniD6YWp5ooloZ6tHzcwVi0%3D&reserved=0) and does not include any data connectors. The content in this solution requires one of the product solutions below , as well as any other connector or data source normalized to the [ASIM](https://aka.ms/AboutASIM).\n\n**Prerequisite :-**\n\n Install one or more of the listed solutions, or develop your custom ASIM parsers to unlock the value provided by this solution.\n 1. Windows Server DNS \n 2. Azure Firewall \n 3. Cisco Umbrella \n 4. Corelight Zeek \n 5. Google Cloud Platform DNS \n 6. Infoblox NIOS \n 7. ISC Bind \n 8. Vectra AI \n 9. Zscaler Internet Access \n\n**Underlying Microsoft Technologies used:** \n\nThis solution takes a dependency on the following technologies, and some of these dependencies either may be in Preview state or might result in additional ingestion or operational costs: \n 1. Product solutions as described above \n 2. Logic app for data summarization\n\n**Recommendation :-**\n\nIt is highly recommended to use the **Summarize data** logic app playbook provided with this solution as it will significantly improve the performance of the Workbook, Analytic rules & Hunting queries.", + "Workbooks": ["Workbooks/DNSSolutionWorkbook.json"], + "Analytic Rules": [ + "Analytic Rules/DNSRequestToMaliciousDomain.yaml", + "Analytic Rules/ExcessiveNXDOMAINDNSQueriesAnomalyBased.yaml", + "Analytic Rules/ExcessiveNXDOMAINDNSQueriesStaticThresholdBased.yaml", + "Analytic Rules/MultipleErrorsReportedForSameDNSQueryAnomalyBased.yaml", + "Analytic Rules/MultipleErrorsReportedForSameDNSQueryStaticThresholdBased.yaml", + "Analytic Rules/PotentialDGADetectedviaRepetitiveFailuresAnomalyBased.yaml", + "Analytic Rules/PotentialDGADetectedviaRepetitiveFailuresStaticThresholdBased.yaml", + "Analytic Rules/RareClientObservedWithHighReverseDNSLookupCountAnomalyBased.yaml", + "Analytic Rules/RareClientObservedWithHighReverseDNSLookupCountStaticThresholdBased.yaml" + ], + "Playbooks": ["Playbooks/SummarizeData/azuredeploy.json"], + "Hunting Queries": [ + "Hunting Queries/AnomalousIncreaseInDNSActivityByClients.yaml", + "Hunting Queries/ConnectionToUnpopularWebsiteDetected.yaml", + "Hunting Queries/CVE-2020-1350 (SIGRED)ExploitationPattern.yaml", + "Hunting Queries/DNSQueryWithFailuresInLast24Hours.yaml", + "Hunting Queries/DNSRequestsToRiskyDomains.yaml", + "Hunting Queries/DomainsWithLargeNumberOfSubDomains.yaml", + "Hunting Queries/IncreaseInDNSRequestsByClientThanTheDailyAverageCount.yaml", + "Hunting Queries/PossibleDNSTunnelingOrDataExfilterationActivity.yaml", + "Hunting Queries/PotentialBeaconingActivity.yaml", + "Hunting Queries/Sources(Clients)WithHighNumberOfErrors.yaml", + "Hunting Queries/UnexpectedTopLevelDomains.yaml" + ], + "Watchlists": [ + "Watchlists/DNS_Solution_Monitoring_Configuration.json", + "Watchlists/DNS_Solution_Domain_IOCs.json" + ], + "BasePath": "C:\\Users\\vakohl\\Documents\\GitHub\\Azure-Sentinel\\Solutions\\DNS Domain Solution for Microsoft Sentinel", + "Version": "2.0.0", + "Metadata": "SolutionMetadata.json", + "TemplateSpec": true, + "Is1PConnector": false +} \ No newline at end of file From a1021bae53ff81b23ae16d7f733cf65f43085b59 Mon Sep 17 00:00:00 2001 From: PrasadBoke Date: Tue, 29 Aug 2023 12:22:18 +0530 Subject: [PATCH 26/26] Tier changed from Microsoft to Partner --- Solutions/SalemCyber/Package/3.0.0.zip | Bin 8615 -> 8617 bytes .../SalemCyber/Package/mainTemplate.json | 6 +++--- Solutions/SalemCyber/SolutionMetadata.json | 2 +- 3 files changed, 4 insertions(+), 4 deletions(-) diff --git a/Solutions/SalemCyber/Package/3.0.0.zip b/Solutions/SalemCyber/Package/3.0.0.zip index 8a283ff2f026126949bc963dcdd45e0929f92a25..2847a89b48a8b12bfa6dcb29f3018dfb973e4938 100644 GIT binary patch delta 3098 zcmV+#4CV8uL#aayP)h>@6aWAK2msq*u?*t}4YXn%S1OCm?fV!20Bf`S2V@O@;@T!m z)jV#*4fE|)$4Yj+xw#pX(Tn_E&*!W19at`)k$E}c%X_5=XfHbdndB{;vEC2lwG+;*d>Bq0tBzkuIq&ZQ~AK-r=NHbBL>4* zJZ3N;1sZH#Hjm?4m^(X)@YRyE2L;ZzLhgz%xi|vMs z$pD*6PZS)aAsbR;c@8}|)<>O5oodU+*p;ry8u};2635| z6toqc?Dessa`!YrK4 z+KDqVoanh=BIfdcl?Vm@R7^48-sTOPUaDCbr#WvG0RT;t;I|z~l^p=@`Jh+^H^e5j_KGDZ+>nq~NYT*AP z1pr#+iI`hwlsC)GR+S?)F02w2J^w&sd>`$n_eY1xB28j|*-#GXJFw}E&A*>@&8&P< zikP|=n|H%fgt0EZ_jY4}&e{oC50xTEu4q-3uhgN~bzNIV zFXO6PO8_0p{RI7%&+`vckI}uIjhgBk!-Q$~ueNe6_GJI)MN68n6<00JFkYWpK(sG- zU~7l%u3|@_GYez+-qDIXN6VdWr?j?QqS*F-2%_xH8lJDj?QB~UO53dN6Ns)ev(DMK zIrBeT0c$%_b%Ou7Zs*^_p&5(&Lx$3Q6csZz%uhbr<|<#0%U zoocim4y`KGhde6MIe9<3NLzZ2RLSy^83iVhz#$kZn#Ni4L1ZB?-GeexOEyrQVJ^X` zNtiH5u$bXp6&Z^R8gPbnO)Z^vH}l|Dyu!y>Zfw>3QKK00ox{d~C@+?7lc56axbzRMi?b|(2vFa19Eco@>r(Nd1RW05$}gF zIXEILA-73Rd=C?Y{G8#<$(y;yiG2TskwxQrW0`@vQZH1?k2KIvU=AxMmVVY(e{^O< z^VJ`nb@=gDf0{0ylzMQ7OMYVxwd)mnHx6z2nq?+2AMfn_VFzTKP>BR-a$=1$lsw z!|`*N@!X5l&#WDke=W%L2yQN;|I9-ca`z^F2V54%+*66wB-9?@{s1}lvMb7gJl}DY z(0M!M9!yyXE~vhuw-y3P?@P6RBqa(^cGH@@T3u9${k0b+zuU>h*Iyq9+ma8b==tvJ zuU%BfzWk{)lfo{37!A?m53}LayT}?|+T)uPDC_~n}`v$>gYpX#&EdB+VMrj zEtcx7I(r)Va@}nGP^o%<-OLp!)t39z{rgZhzUB*Nnxrb=Di_RFZo5WIr&}qd(h6ma z=wsFanoe~YsvvQl`(^jOB-VJ9>bgyt+5*-!bkem&R14TTX+DiYHmBK(Wy{$fX$bo4 z80H7Q5JBIQ^w|@}vm~B9LofNwlcD-Xp3ud!Q}GVc!n-9?N}hOsWS-H>r^PRbcvs$F z!G`)MLK`T%ij$i-WK8^m#WV4Z$gfX^-ZO%thTsD)0l{1>q9`rG9>i1Vv0+}l#OHmm z8d#aq%OsOOm9g|~SP%^N92Ay=O&|u==rZb3ztM;UK|{qfzEcY; z_0Sg=vx+BEkZ>)3m*)5mpP$oD&@*!FMPVSG6V`7Yaoh+HAsz4nu?i5uQAdF9fnnto z#o_3~z7ZyVBZG->M@O9ypsW&kirY$p^H9<&A3~85RTOAp{4&3lt^RJ9H!$M4PR%xO zBVHjUsd~hQ4ODk!d2;YBVA~{4LUv1hIShutON_NV!WI~R(Z=QnFxC>D>=lQAGI@_~ z0aniuk7y$Mi&AqMrKp4`M~LIn1PHjH(EE62xQ`@x1&9K=W{)J2U0Pi*QiX1VraPNq47F=Wg~3S#Nt&WYvIsCs(sribiiM+r?0jTz8b%R|B3_1MX|mZ6c=g0 z$^d}I{hY!7TQJxxO|eker28jS1r=XyzvABXtL+zW!TX|zN3*RiY0z%#8mn$aGs}&Q z3hUN0cB#5R(&XMs$E`riYaC#*K!@Z_lbk#3PPn;$e>Ho|5=!GXgT!~C*S?VzJh#Oq zZL?8xtf7gh0GvJeOF(WMVEwN9`?D3}!RBbQX{WBGiF@a3$&T03ov!tFxJqjP z_m0+o@|~mAcd$y`HSAce)88sPRR25tBU9v!NTK)x-_a-dk37M1)CuO8I^mOmC^~A}a=U*MJU%-i3h@fXE>RV0Rj{N o6aWAK2msq*lN%vJ4YXn%S1OCm?fV!20Be(LAvOjNApigX09$kX*Z=?k delta 3096 zcmV+z4CnKyL#IOwP)h>@6aWAK2mrEEu?*t}4QE*$SN68ej`0CBVY2V@O@S;^@( zz`=}r)v?lDZ*Fb|q*njfVtyK?A)mOOaev`z z{l=^3?V6@o+0bsO3EOSdxSWW898rtjdZzYAxJ}*m#}==7|BPCVy?pJ$MPL=MMrZgD zZP)Pjx>e=&=x2VZqVXcqmrE57b*Z9qO^xV#OaG^?Q`B!$wO^+w`{<6AiEr-$)jA6}D z+K1^jJ;nlDbmNP5ye4pHm}y(u7PGtL%bw!bxRdYNYg1ukWxe=+uy^q)cf1{bs~Ugd zw7ToQ>Sn}PlA}HKt#DuO%&l|x+VR4TXhG4-7=`P&$tOJTWf+G|j$MGP8H2b?OA6YG zPWJj+dl;Q)*%xHEq7y?(JxVFPzf^;7i%Ja8-wG3K0kafHZnUkluyrl-5n&e2X6?io z8BX+EFcEY4N`!)ce=4RJaBuU5Z7WX<302j`YU+s>gF1SGn>OvHGR&qkpciM z^F++8Gup8Ks34819I0_(m8j_X2O8rGX+OO`I!qR65(CVJazNjKO>b=e{j6(d<&#px z)VpwUV0`{EV77Oiw_w#rYlMjCrA*#22@{jo-EFSc5F zTh*4WQE0In(L{5V$a#Gk__ccVZ3!jlghWE#B!ITDGpR1%!ppN;prl>DPW&{o1 znb@v-0mbspHhCfObT4|{4|fn6FQXJFpk5XM7B2dKF7@W_?5z7=;z0fc6W+*axS-^x z)5EUww5!?`ct#bCR=PsQROL#TOiqW~+kK9MxY2bPLKktTWnt+$dC_~N4#lqP+A?|> z2eyRTduf>gS}U8a^r1Y}LpZ6WZt#n{a(^oBO5bL3uGLEIKAF$bI?;J4UBk zmc?HJ=uqw_=+}Inf0%lV?(J;URNojTOuK)zm20sl`$sQY(uA$JYH^0~`qToVeZd1; zJ8X9qI|`jy7|ZvLR@^yS?tD9?wdE4Uwnq?uWp~!_fF*8c+nP|?W_6!Hbe*|%&c4l= z|Je#y+mWgh{Lghe{~iv_Slk~nl(sQIrmY2*ZFo^^X!AQ|G&YBM*3xVk#l#yDpf$9u%2~JJI zgh7JE3~#H*SY*(EGpuWB>9o6<2e;xCKF)GutLBdy#gH!@HV#BVph;S(s8wr@OG7U2 zU(*yT9}zjX0HcDTAA1d@Ayk>xPLD9M9lcSf%GJVb?(>#oLKa9!2 z5n&0rO>*LUm>A^e4DU|f%so!z3owi<8rK`k4Ahl+p;~^VfqnvWSUIuuv%dVJGb5TW z|LCm4kH7rWboHdvgF9UE8*`{#@6fw(Xv^0uJAoRKk(Z`ks^(v=o*?9xt0${}Up-mo zne4CSc)lf_Q(kly!hxvCg!Fx}L(BR+=?kG%8LG|)KZ)P%3K`MrZ{o1}45Kf}1B4uq zpTmsjUZj3%?V$XNL8eD=bQ%3;9Ck` z+bQ>8(n4@S^%cFf5J-AoszoV(QGl|W*8J7#vP$f*y)YTxPA}E| zDw48|G#u^61Hg`NdXp|vP_V|jg{bj~3c_GEBp{#Mfo0oZLGW%v{%yB^!lVPyPC?Gg zAmpS>(>f&WT8wEycO7th10n{@0KpJ3%#FrgV1BphU7|)f|NfNXV-|RzsUm`HeAR!v zeY&;vjri~X)J!M?GCfA|F$AXtxu)XsJ?w^?*!OcHqG{YjjHp$IANo3m!!6bhFe+}b zRBzSU6UmngXX^(`)eC2Tu2`wI;HU22h_dlDUoq1pRRLGIVzzSIHKID*N-33AC}Tt) zvl7sBs_Re%iR;`jyZ1G*#>-UKZOYUZvaX?%u1%s^$ks{oX%w6j9xx1enrH)@&*ew z)Q1t;K-pEC+{7Vc;#Vx5iEl)HeKPc(5fn89A9xK2=3)^=X%Y4yolkdooO)oyWj}V7TX?upDdxF|bOPQJ4CiMkELtDyH$RT3D-x zzPOrIJez`qYq>Ok$9MPyoqmR%k!vps1M#G=e)ovuR)7fUfES2WfC!E{0(=h)E2k(9 zM<4c`F!4JXOoTf+>VyDgmB>@vR}!3ul3w{3ij=6LKnvrS`K@gAcf-7a5l?n%wt*Y* z5-~~DLpE%nx+}|*gLeVjCUFw7TjI-MFa%y=tmP55z=$?~Ha~)~mhfb+I0Tf*n{*4X zdX9KR6WJ%H-U45hn$svnB}6$w9G50Qzzv1o$2-G)B*`N;7zWAr*8m4on+2MvO2=J> zn?RtyS*%`a6P=3g#8a9gOAg{7Mna)3Y8-fCQ-?9jwHI?T%^8d#W9G@j+6aA5xlDuu zB@^3Gf{glqX#Ka|loBEqFB@44haOVx+eV=S{)#<)wSDl__!azD96>IM^~IpLN&{8~ z05tCB4F2DO!DeZSg~BG?KcgzB_-gwV_oiQMzjzDY7dtvQN z>Eg}nH|HI+Sw08k`@89H@O4fx>@eS-tr!nBN1IK1buCTYdtXcTyq4~Dt-r@rS_8QE zw3hFG9j(5HRqC!`&uX3iR@tLkwl{UZJ*od4icjzze}ezm6FkSAV2-O3J`aeJ^E03( zka5BU1Q4DVAUvpy$NlI%Cz4!`uk!){sAGpX;yEp|sJJ8m((ZPFZdHWzKg@NFQ0Bi~+*xxY- zW34Q*Vo-+-=uqg57$^aV9AYpgBIu|!5kvSy46x;p5K;nGm9SNpK;c>dP)h*<6aW+e m000O8vQv{CAwvykSshpQw#|