diff --git a/Solutions/Recorded Future/Data/Solution_RecordedFuture.json b/Solutions/Recorded Future/Data/Solution_RecordedFuture.json index bbd4a9e0fd4..2783ae5e9f3 100644 --- a/Solutions/Recorded Future/Data/Solution_RecordedFuture.json +++ b/Solutions/Recorded Future/Data/Solution_RecordedFuture.json @@ -42,7 +42,7 @@ "Workbooks/RecordedFutureMalwareThreatHunting.json" ], "BasePath": "C:\\GitHub\\Azure-Sentinel\\Solutions\\Recorded Future", - "Version": "3.2.1", + "Version": "3.2.2", "Metadata": "SolutionMetadata.json", "TemplateSpec": true, "Is1Pconnector": false diff --git a/Solutions/Recorded Future/Package/3.2.2.zip b/Solutions/Recorded Future/Package/3.2.2.zip new file mode 100644 index 00000000000..71240d0adc9 Binary files /dev/null and b/Solutions/Recorded Future/Package/3.2.2.zip differ diff --git a/Solutions/Recorded Future/Package/mainTemplate.json b/Solutions/Recorded Future/Package/mainTemplate.json index b422fa8953d..fad65fab66b 100644 --- a/Solutions/Recorded Future/Package/mainTemplate.json +++ b/Solutions/Recorded Future/Package/mainTemplate.json @@ -97,7 +97,7 @@ "email": "support@recordedfuture.com", "_email": "[variables('email')]", "_solutionName": "Recorded Future", - "_solutionVersion": "3.2.1", + "_solutionVersion": "3.2.2", "solutionId": "recordedfuture1605638642586.recorded_future_sentinel_solution", "_solutionId": "[variables('solutionId')]", "analyticRuleObject1": { @@ -343,7 +343,7 @@ "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]" ], "properties": { - "description": "RecordedFutureDomainMalwareC2inDNSEvents_AnalyticalRules Analytics Rule with template version 3.2.1", + "description": "RecordedFutureDomainMalwareC2inDNSEvents_AnalyticalRules Analytics Rule with template version 3.2.2", "mainTemplate": { "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", "contentVersion": "[variables('analyticRuleObject1').analyticRuleVersion1]", @@ -385,8 +385,8 @@ "entityType": "Host", "fieldMappings": [ { - "columnName": "HostCustomEntity", - "identifier": "FullName" + "identifier": "FullName", + "columnName": "HostCustomEntity" } ] }, @@ -394,8 +394,8 @@ "entityType": "IP", "fieldMappings": [ { - "columnName": "IPCustomEntity", - "identifier": "Address" + "identifier": "Address", + "columnName": "IPCustomEntity" } ] }, @@ -403,8 +403,8 @@ "entityType": "DNS", "fieldMappings": [ { - "columnName": "DomainCustomEntity", - "identifier": "DomainName" + "identifier": "DomainName", + "columnName": "DomainCustomEntity" } ] } @@ -462,7 +462,7 @@ "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]" ], "properties": { - "description": "RecordedFutureDomainMalwareC2inSyslogEvents_AnalyticalRules Analytics Rule with template version 3.2.1", + "description": "RecordedFutureDomainMalwareC2inSyslogEvents_AnalyticalRules Analytics Rule with template version 3.2.2", "mainTemplate": { "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", "contentVersion": "[variables('analyticRuleObject2').analyticRuleVersion2]", @@ -504,8 +504,8 @@ "entityType": "Host", "fieldMappings": [ { - "columnName": "HostCustomEntity", - "identifier": "FullName" + "identifier": "FullName", + "columnName": "HostCustomEntity" } ] }, @@ -513,8 +513,8 @@ "entityType": "IP", "fieldMappings": [ { - "columnName": "IPCustomEntity", - "identifier": "Address" + "identifier": "Address", + "columnName": "IPCustomEntity" } ] }, @@ -522,8 +522,8 @@ "entityType": "URL", "fieldMappings": [ { - "columnName": "URLCustomEntity", - "identifier": "Url" + "identifier": "Url", + "columnName": "URLCustomEntity" } ] }, @@ -531,8 +531,8 @@ "entityType": "DNS", "fieldMappings": [ { - "columnName": "domain", - "identifier": "DomainName" + "identifier": "DomainName", + "columnName": "domain" } ] } @@ -590,7 +590,7 @@ "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]" ], "properties": { - "description": "RecordedFutureHashObservedInUndergroundinCommonSecurityLog_AnalyticalRules Analytics Rule with template version 3.2.1", + "description": "RecordedFutureHashObservedInUndergroundinCommonSecurityLog_AnalyticalRules Analytics Rule with template version 3.2.2", "mainTemplate": { "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", "contentVersion": "[variables('analyticRuleObject3').analyticRuleVersion3]", @@ -638,8 +638,8 @@ "entityType": "Account", "fieldMappings": [ { - "columnName": "AccountCustomEntity", - "identifier": "FullName" + "identifier": "FullName", + "columnName": "AccountCustomEntity" } ] }, @@ -647,8 +647,8 @@ "entityType": "Host", "fieldMappings": [ { - "columnName": "HostCustomEntity", - "identifier": "FullName" + "identifier": "FullName", + "columnName": "HostCustomEntity" } ] }, @@ -656,8 +656,8 @@ "entityType": "IP", "fieldMappings": [ { - "columnName": "IPCustomEntity", - "identifier": "Address" + "identifier": "Address", + "columnName": "IPCustomEntity" } ] }, @@ -665,8 +665,8 @@ "entityType": "URL", "fieldMappings": [ { - "columnName": "URLCustomEntity", - "identifier": "Url" + "identifier": "Url", + "columnName": "URLCustomEntity" } ] } @@ -724,7 +724,7 @@ "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]" ], "properties": { - "description": "RecordedFutureIPMalwareC2inAzureActivityEvents_AnalyticalRules Analytics Rule with template version 3.2.1", + "description": "RecordedFutureIPMalwareC2inAzureActivityEvents_AnalyticalRules Analytics Rule with template version 3.2.2", "mainTemplate": { "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", "contentVersion": "[variables('analyticRuleObject4').analyticRuleVersion4]", @@ -766,8 +766,8 @@ "entityType": "Account", "fieldMappings": [ { - "columnName": "AccountCustomEntity", - "identifier": "FullName" + "identifier": "FullName", + "columnName": "AccountCustomEntity" } ] }, @@ -775,8 +775,8 @@ "entityType": "IP", "fieldMappings": [ { - "columnName": "IPCustomEntity", - "identifier": "Address" + "identifier": "Address", + "columnName": "IPCustomEntity" } ] }, @@ -784,8 +784,8 @@ "entityType": "URL", "fieldMappings": [ { - "columnName": "URLCustomEntity", - "identifier": "Url" + "identifier": "Url", + "columnName": "URLCustomEntity" } ] }, @@ -793,8 +793,8 @@ "entityType": "IP", "fieldMappings": [ { - "columnName": "TI_ipEntity", - "identifier": "Address" + "identifier": "Address", + "columnName": "TI_ipEntity" } ] } @@ -852,7 +852,7 @@ "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]" ], "properties": { - "description": "RecordedFutureIPMalwareC2inDNSEvents_AnalyticalRules Analytics Rule with template version 3.2.1", + "description": "RecordedFutureIPMalwareC2inDNSEvents_AnalyticalRules Analytics Rule with template version 3.2.2", "mainTemplate": { "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", "contentVersion": "[variables('analyticRuleObject5').analyticRuleVersion5]", @@ -894,8 +894,8 @@ "entityType": "Host", "fieldMappings": [ { - "columnName": "HostCustomEntity", - "identifier": "FullName" + "identifier": "FullName", + "columnName": "HostCustomEntity" } ] }, @@ -903,8 +903,8 @@ "entityType": "IP", "fieldMappings": [ { - "columnName": "IPCustomEntity", - "identifier": "Address" + "identifier": "Address", + "columnName": "IPCustomEntity" } ] }, @@ -912,8 +912,8 @@ "entityType": "URL", "fieldMappings": [ { - "columnName": "URLCustomEntity", - "identifier": "Url" + "identifier": "Url", + "columnName": "URLCustomEntity" } ] }, @@ -921,8 +921,8 @@ "entityType": "IP", "fieldMappings": [ { - "columnName": "TI_ipEntity", - "identifier": "Address" + "identifier": "Address", + "columnName": "TI_ipEntity" } ] } @@ -980,7 +980,7 @@ "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]" ], "properties": { - "description": "RecordedFutureUrlReportedbyInsiktGroupinSyslogEvents_AnalyticalRules Analytics Rule with template version 3.2.1", + "description": "RecordedFutureUrlReportedbyInsiktGroupinSyslogEvents_AnalyticalRules Analytics Rule with template version 3.2.2", "mainTemplate": { "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", "contentVersion": "[variables('analyticRuleObject6').analyticRuleVersion6]", @@ -1022,8 +1022,8 @@ "entityType": "Host", "fieldMappings": [ { - "columnName": "HostCustomEntity", - "identifier": "FullName" + "identifier": "FullName", + "columnName": "HostCustomEntity" } ] }, @@ -1031,8 +1031,8 @@ "entityType": "IP", "fieldMappings": [ { - "columnName": "IPCustomEntity", - "identifier": "Address" + "identifier": "Address", + "columnName": "IPCustomEntity" } ] }, @@ -1040,8 +1040,8 @@ "entityType": "URL", "fieldMappings": [ { - "columnName": "URLCustomEntity", - "identifier": "Url" + "identifier": "Url", + "columnName": "URLCustomEntity" } ] } @@ -1099,7 +1099,7 @@ "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]" ], "properties": { - "description": "RecordedFutureThreatHuntingHashAllActors_AnalyticalRules Analytics Rule with template version 3.2.1", + "description": "RecordedFutureThreatHuntingHashAllActors_AnalyticalRules Analytics Rule with template version 3.2.2", "mainTemplate": { "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", "contentVersion": "[variables('analyticRuleObject7').analyticRuleVersion7]", @@ -1138,12 +1138,12 @@ "entityType": "FileHash", "fieldMappings": [ { - "columnName": "Hash", - "identifier": "Value" + "identifier": "Value", + "columnName": "Hash" }, { - "columnName": "HashType", - "identifier": "Algorithm" + "identifier": "Algorithm", + "columnName": "HashType" } ] } @@ -1155,23 +1155,23 @@ "ActorInformation": "RecordedFuturePortalLink" }, "alertDetailsOverride": { + "alertDescriptionFormat": "**{{Description}}**\\n\\nCorrelation found on {{Hash}} from the {{Type}} table.\\n", "alertDisplayNameFormat": "{{Description}}", "alertDynamicProperties": [ { - "value": "RecordedFuturePortalLink", - "alertProperty": "AlertLink" + "alertProperty": "AlertLink", + "value": "RecordedFuturePortalLink" } - ], - "alertDescriptionFormat": "**{{Description}}**\\n\\nCorrelation found on {{Hash}} from the {{Type}} table.\\n" + ] }, "incidentConfiguration": { - "createIncident": true, "groupingConfiguration": { - "lookbackDuration": "1h", - "reopenClosedIncident": false, "matchingMethod": "AllEntities", - "enabled": true - } + "reopenClosedIncident": false, + "enabled": true, + "lookbackDuration": "1h" + }, + "createIncident": true } } }, @@ -1226,7 +1226,7 @@ "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]" ], "properties": { - "description": "RecordedFutureThreatHuntingIPAllActors_AnalyticalRules Analytics Rule with template version 3.2.1", + "description": "RecordedFutureThreatHuntingIPAllActors_AnalyticalRules Analytics Rule with template version 3.2.2", "mainTemplate": { "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", "contentVersion": "[variables('analyticRuleObject8').analyticRuleVersion8]", @@ -1265,8 +1265,8 @@ "entityType": "IP", "fieldMappings": [ { - "columnName": "NetworkIP", - "identifier": "Address" + "identifier": "Address", + "columnName": "NetworkIP" } ] } @@ -1278,23 +1278,23 @@ "ActorInformation": "RecordedFuturePortalLink" }, "alertDetailsOverride": { + "alertDescriptionFormat": "**{{Description}}**\\n\\nCorrelation found on {{NetworkIP}} from the {{Type}} table.\\n", "alertDisplayNameFormat": "{{Description}}", "alertDynamicProperties": [ { - "value": "RecordedFuturePortalLink", - "alertProperty": "AlertLink" + "alertProperty": "AlertLink", + "value": "RecordedFuturePortalLink" } - ], - "alertDescriptionFormat": "**{{Description}}**\\n\\nCorrelation found on {{NetworkIP}} from the {{Type}} table.\\n" + ] }, "incidentConfiguration": { - "createIncident": true, "groupingConfiguration": { - "lookbackDuration": "1h", - "reopenClosedIncident": false, "matchingMethod": "AllEntities", - "enabled": true - } + "reopenClosedIncident": false, + "enabled": true, + "lookbackDuration": "1h" + }, + "createIncident": true } } }, @@ -1349,7 +1349,7 @@ "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]" ], "properties": { - "description": "RecordedFutureThreatHuntingDomainAllActors_AnalyticalRules Analytics Rule with template version 3.2.1", + "description": "RecordedFutureThreatHuntingDomainAllActors_AnalyticalRules Analytics Rule with template version 3.2.2", "mainTemplate": { "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", "contentVersion": "[variables('analyticRuleObject9').analyticRuleVersion9]", @@ -1388,8 +1388,8 @@ "entityType": "DNS", "fieldMappings": [ { - "columnName": "Domain", - "identifier": "DomainName" + "identifier": "DomainName", + "columnName": "Domain" } ] } @@ -1401,23 +1401,23 @@ "ActorInformation": "RecordedFuturePortalLink" }, "alertDetailsOverride": { + "alertDescriptionFormat": "**{{Description}}**\\n\\nCorrelation found on {{DomainName}} from the {{Type}} table.\\n", "alertDisplayNameFormat": "{{Description}}", "alertDynamicProperties": [ { - "value": "RecordedFuturePortalLink", - "alertProperty": "AlertLink" + "alertProperty": "AlertLink", + "value": "RecordedFuturePortalLink" } - ], - "alertDescriptionFormat": "**{{Description}}**\\n\\nCorrelation found on {{DomainName}} from the {{Type}} table.\\n" + ] }, "incidentConfiguration": { - "createIncident": true, "groupingConfiguration": { - "lookbackDuration": "1h", - "reopenClosedIncident": false, "matchingMethod": "AllEntities", - "enabled": true - } + "reopenClosedIncident": false, + "enabled": true, + "lookbackDuration": "1h" + }, + "createIncident": true } } }, @@ -1472,7 +1472,7 @@ "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]" ], "properties": { - "description": "RecordedFutureThreatHuntingUrlAllActors_AnalyticalRules Analytics Rule with template version 3.2.1", + "description": "RecordedFutureThreatHuntingUrlAllActors_AnalyticalRules Analytics Rule with template version 3.2.2", "mainTemplate": { "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", "contentVersion": "[variables('analyticRuleObject10').analyticRuleVersion10]", @@ -1511,8 +1511,8 @@ "entityType": "URL", "fieldMappings": [ { - "columnName": "Url", - "identifier": "Url" + "identifier": "Url", + "columnName": "Url" } ] } @@ -1521,23 +1521,23 @@ "ActorInformation": "RecordedFuturePortalLink" }, "alertDetailsOverride": { + "alertDescriptionFormat": "*{{Description}}**\\n\\nCorrelation found on {{Url}} from the {{Type}} table.\\n", "alertDisplayNameFormat": "{{Description}}", "alertDynamicProperties": [ { - "value": "RecordedFuturePortalLink", - "alertProperty": "AlertLink" + "alertProperty": "AlertLink", + "value": "RecordedFuturePortalLink" } - ], - "alertDescriptionFormat": "*{{Description}}**\\n\\nCorrelation found on {{Url}} from the {{Type}} table.\\n" + ] }, "incidentConfiguration": { - "createIncident": true, "groupingConfiguration": { - "lookbackDuration": "1h", - "reopenClosedIncident": false, "matchingMethod": "AllEntities", - "enabled": true - } + "reopenClosedIncident": false, + "enabled": true, + "lookbackDuration": "1h" + }, + "createIncident": true } } }, @@ -1592,7 +1592,7 @@ "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]" ], "properties": { - "description": "RecordedFuture-IOC_Enrichment Playbook with template version 3.2.1", + "description": "RecordedFuture-IOC_Enrichment Playbook with template version 3.2.2", "mainTemplate": { "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", "contentVersion": "[variables('playbookVersion1')]", @@ -2247,7 +2247,7 @@ "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]" ], "properties": { - "description": "RecordedFuture-Playbook-Alert-Importer Playbook with template version 3.2.1", + "description": "RecordedFuture-Playbook-Alert-Importer Playbook with template version 3.2.2", "mainTemplate": { "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", "contentVersion": "[variables('playbookVersion2')]", @@ -2502,7 +2502,7 @@ "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]" ], "properties": { - "description": "RecordedFuture-AlertImporter Playbook with template version 3.2.1", + "description": "RecordedFuture-AlertImporter Playbook with template version 3.2.2", "mainTemplate": { "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", "contentVersion": "[variables('playbookVersion3')]", @@ -3122,7 +3122,7 @@ "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]" ], "properties": { - "description": "RecordedFuture-ThreatIntelligenceImport Playbook with template version 3.2.1", + "description": "RecordedFuture-ThreatIntelligenceImport Playbook with template version 3.2.2", "mainTemplate": { "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", "contentVersion": "[variables('playbookVersion4')]", @@ -3196,7 +3196,7 @@ "type": "ApiConnection", "inputs": { "body": { - "indicators": "@body('Select')", + "value": "@body('Select')", "sourcesystem": "Recorded Future" }, "host": { @@ -3344,7 +3344,7 @@ "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]" ], "properties": { - "description": "RecordedFuture-Domain-IndicatorImport Playbook with template version 3.2.1", + "description": "RecordedFuture-Domain-IndicatorImport Playbook with template version 3.2.2", "mainTemplate": { "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", "contentVersion": "[variables('playbookVersion5')]", @@ -3635,7 +3635,7 @@ "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]" ], "properties": { - "description": "RecordedFuture-Hash-IndicatorImport Playbook with template version 3.2.1", + "description": "RecordedFuture-Hash-IndicatorImport Playbook with template version 3.2.2", "mainTemplate": { "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", "contentVersion": "[variables('playbookVersion6')]", @@ -3926,7 +3926,7 @@ "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]" ], "properties": { - "description": "RecordedFuture-IP-IndicatorImport Playbook with template version 3.2.1", + "description": "RecordedFuture-IP-IndicatorImport Playbook with template version 3.2.2", "mainTemplate": { "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", "contentVersion": "[variables('playbookVersion7')]", @@ -4219,7 +4219,7 @@ "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]" ], "properties": { - "description": "RecordedFuture-URL-IndicatorImport Playbook with template version 3.2.1", + "description": "RecordedFuture-URL-IndicatorImport Playbook with template version 3.2.2", "mainTemplate": { "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", "contentVersion": "[variables('playbookVersion8')]", @@ -4510,7 +4510,7 @@ "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]" ], "properties": { - "description": "RecordedFuture-Sandbox_Enrichment-Url Playbook with template version 3.2.1", + "description": "RecordedFuture-Sandbox_Enrichment-Url Playbook with template version 3.2.2", "mainTemplate": { "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", "contentVersion": "[variables('playbookVersion9')]", @@ -4888,7 +4888,7 @@ "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]" ], "properties": { - "description": "RecordedFuture-CustomConnector Playbook with template version 3.2.1", + "description": "RecordedFuture-CustomConnector Playbook with template version 3.2.2", "mainTemplate": { "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", "contentVersion": "[variables('playbookVersion10')]", @@ -6962,19 +6962,19 @@ }, "created": { "type": "string", - "example": "2023-09-20T15:39:35.993568+02:00" + "example": "2023-09-20T19:09:35.993568+05:30" }, "modified": { "type": "string", - "example": "2023-09-20T15:39:35.993568+02:00" + "example": "2023-09-20T19:09:35.993568+05:30" }, "valid_from": { "type": "string", - "example": "2023-09-20T15:39:35.993568+02:00" + "example": "2023-09-20T19:09:35.993568+05:30" }, "valid_until": { "type": "string", - "example": "2023-09-20T16:39:35.993568+02:00" + "example": "2023-09-20T20:09:35.993568+05:30" }, "external_references": { "type": "array", @@ -7170,19 +7170,19 @@ }, "created": { "type": "string", - "example": "2023-09-20T15:39:35.993568+02:00" + "example": "2023-09-20T19:09:35.993568+05:30" }, "modified": { "type": "string", - "example": "2023-09-20T15:39:35.993568+02:00" + "example": "2023-09-20T19:09:35.993568+05:30" }, "valid_from": { "type": "string", - "example": "2023-09-20T15:39:35.993568+02:00" + "example": "2023-09-20T19:09:35.993568+05:30" }, "valid_until": { "type": "string", - "example": "2023-09-20T16:39:35.993568+02:00" + "example": "2023-09-20T20:09:35.993568+05:30" }, "external_references": { "type": "array", @@ -7480,7 +7480,7 @@ "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]" ], "properties": { - "description": "RecordedFuture-ThreatMap-Importer Playbook with template version 3.2.1", + "description": "RecordedFuture-ThreatMap-Importer Playbook with template version 3.2.2", "mainTemplate": { "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", "contentVersion": "[variables('playbookVersion11')]", @@ -7843,7 +7843,7 @@ "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]" ], "properties": { - "description": "RecordedFuture-MalwareThreatMap-Importer Playbook with template version 3.2.1", + "description": "RecordedFuture-MalwareThreatMap-Importer Playbook with template version 3.2.2", "mainTemplate": { "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", "contentVersion": "[variables('playbookVersion12')]", @@ -8218,7 +8218,7 @@ "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]" ], "properties": { - "description": "ActorThreatHunt-IndicatorImport Playbook with template version 3.2.1", + "description": "ActorThreatHunt-IndicatorImport Playbook with template version 3.2.2", "mainTemplate": { "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", "contentVersion": "[variables('playbookVersion13')]", @@ -8454,7 +8454,7 @@ "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]" ], "properties": { - "description": "MalwareThreatHunt-IndicatorImport Playbook with template version 3.2.1", + "description": "MalwareThreatHunt-IndicatorImport Playbook with template version 3.2.2", "mainTemplate": { "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", "contentVersion": "[variables('playbookVersion14')]", @@ -8691,7 +8691,7 @@ "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]" ], "properties": { - "description": "RecordedFuturePlaybookAlertOverview Workbook with template version 3.2.1", + "description": "RecordedFuturePlaybookAlertOverview Workbook with template version 3.2.2", "mainTemplate": { "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", "contentVersion": "[variables('workbookVersion1')]", @@ -8775,7 +8775,7 @@ "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]" ], "properties": { - "description": "RecordedFutureAlertOverview Workbook with template version 3.2.1", + "description": "RecordedFutureAlertOverview Workbook with template version 3.2.2", "mainTemplate": { "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", "contentVersion": "[variables('workbookVersion2')]", @@ -8859,7 +8859,7 @@ "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]" ], "properties": { - "description": "RecordedFutureDomainCorrelation Workbook with template version 3.2.1", + "description": "RecordedFutureDomainCorrelation Workbook with template version 3.2.2", "mainTemplate": { "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", "contentVersion": "[variables('workbookVersion3')]", @@ -8943,7 +8943,7 @@ "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]" ], "properties": { - "description": "RecordedFutureHashCorrelation Workbook with template version 3.2.1", + "description": "RecordedFutureHashCorrelation Workbook with template version 3.2.2", "mainTemplate": { "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", "contentVersion": "[variables('workbookVersion4')]", @@ -9027,7 +9027,7 @@ "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]" ], "properties": { - "description": "RecordedFutureIPCorrelation Workbook with template version 3.2.1", + "description": "RecordedFutureIPCorrelation Workbook with template version 3.2.2", "mainTemplate": { "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", "contentVersion": "[variables('workbookVersion5')]", @@ -9111,7 +9111,7 @@ "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]" ], "properties": { - "description": "RecordedFutureURLCorrelation Workbook with template version 3.2.1", + "description": "RecordedFutureURLCorrelation Workbook with template version 3.2.2", "mainTemplate": { "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", "contentVersion": "[variables('workbookVersion6')]", @@ -9195,7 +9195,7 @@ "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]" ], "properties": { - "description": "RecordedFutureThreatActorHunting Workbook with template version 3.2.1", + "description": "RecordedFutureThreatActorHunting Workbook with template version 3.2.2", "mainTemplate": { "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", "contentVersion": "[variables('workbookVersion7')]", @@ -9279,7 +9279,7 @@ "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]" ], "properties": { - "description": "RecordedFutureMalwareThreatHunting Workbook with template version 3.2.1", + "description": "RecordedFutureMalwareThreatHunting Workbook with template version 3.2.2", "mainTemplate": { "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", "contentVersion": "[variables('workbookVersion8')]", @@ -9359,7 +9359,7 @@ "apiVersion": "2023-04-01-preview", "location": "[parameters('workspace-location')]", "properties": { - "version": "3.2.1", + "version": "3.2.2", "kind": "Solution", "contentSchemaVersion": "3.0.0", "displayName": "Recorded Future", diff --git a/Solutions/Recorded Future/Playbooks/IndicatorImport/RecordedFuture-ThreatIntelligenceImport/azuredeploy.json b/Solutions/Recorded Future/Playbooks/IndicatorImport/RecordedFuture-ThreatIntelligenceImport/azuredeploy.json index 0851f1b1009..3c4918cc556 100644 --- a/Solutions/Recorded Future/Playbooks/IndicatorImport/RecordedFuture-ThreatIntelligenceImport/azuredeploy.json +++ b/Solutions/Recorded Future/Playbooks/IndicatorImport/RecordedFuture-ThreatIntelligenceImport/azuredeploy.json @@ -100,7 +100,7 @@ "type": "ApiConnection", "inputs": { "body": { - "indicators": "@body('Select')", + "value": "@body('Select')", "sourcesystem": "Recorded Future" }, "host": { @@ -169,4 +169,4 @@ } } ] -} \ No newline at end of file +}