OracleDBAudit Solution

2024-07-23 20:15:45 +05:30 · 2024-07-23 20:15:45 +05:30 · 5c088b0c3c
--- a/Rules/OracleDBAuditConnectFromExternalIp.yaml
+++ b/Rules/OracleDBAuditConnectFromExternalIp.yaml
@ -8,6 +8,9 @@ requiredDataConnectors:
  - connectorId: OracleDatabaseAudit
    dataTypes:
      - Syslog
+  - connectorId: SyslogAma
+    datatypes:
+      - Syslog
 queryFrequency: 30m
 queryPeriod: 30m
 triggerOperator: gt
@ -39,5 +42,5 @@ entityMappings:
    fieldMappings:
      - identifier: Address
        columnName: IPCustomEntity
-version: 1.0.0
+version: 1.0.1
 kind: Scheduled
--- a/Rules/OracleDBAuditDropManyTables.yaml
+++ b/Rules/OracleDBAuditDropManyTables.yaml
@ -8,6 +8,9 @@ requiredDataConnectors:
  - connectorId: OracleDatabaseAudit
    dataTypes:
      - Syslog
+  - connectorId: SyslogAma
+    datatypes:
+      - Syslog
 queryFrequency: 30m
 queryPeriod: 30m
 triggerOperator: gt
@ -32,5 +35,5 @@ entityMappings:
    fieldMappings:
      - identifier: FullName
        columnName: AccountCustomEntity
-version: 1.0.0
+version: 1.0.1
 kind: Scheduled
--- a/Rules/OracleDBAuditForbiddenSrcIpAddr.yaml
+++ b/Rules/OracleDBAuditForbiddenSrcIpAddr.yaml
@ -8,6 +8,9 @@ requiredDataConnectors:
  - connectorId: OracleDatabaseAudit
    dataTypes:
      - Syslog
+  - connectorId: SyslogAma
+    datatypes:
+      - Syslog
 queryFrequency: 1h
 queryPeriod: 1h
 triggerOperator: gt
@ -34,5 +37,5 @@ entityMappings:
    fieldMappings:
      - identifier: Address
        columnName: IPCustomEntity
-version: 1.0.0
+version: 1.0.1
 kind: Scheduled
--- a/Solutions/OracleDatabaseAudit/Analytic
+++ b/Solutions/OracleDatabaseAudit/Analytic
@ -8,6 +8,9 @@ requiredDataConnectors:
  - connectorId: OracleDatabaseAudit
    dataTypes:
      - Syslog
+  - connectorId: SyslogAma
+    datatypes:
+      - Syslog
 queryFrequency: 1h
 queryPeriod: 14d
 triggerOperator: gt
@ -42,5 +45,5 @@ entityMappings:
    fieldMappings:
      - identifier: Address
        columnName: IPCustomEntity
-version: 1.0.0
+version: 1.0.1
 kind: Scheduled
--- a/Rules/OracleDBAuditNewUserDetected.yaml
+++ b/Rules/OracleDBAuditNewUserDetected.yaml
@ -8,6 +8,9 @@ requiredDataConnectors:
  - connectorId: OracleDatabaseAudit
    dataTypes:
      - Syslog
+  - connectorId: SyslogAma
+    datatypes:
+      - Syslog
 queryFrequency: 3h
 queryPeriod: 14d
 triggerOperator: gt
@ -36,5 +39,5 @@ entityMappings:
    fieldMappings:
      - identifier: FullName
        columnName: AccountCustomEntity
-version: 1.0.0
+version: 1.0.1
 kind: Scheduled
--- a/Rules/OracleDBAuditQueryOnSensitiveTable.yaml
+++ b/Rules/OracleDBAuditQueryOnSensitiveTable.yaml
@ -8,6 +8,9 @@ requiredDataConnectors:
  - connectorId: OracleDatabaseAudit
    dataTypes:
      - Syslog
+  - connectorId: SyslogAma
+    datatypes:
+      - Syslog
 queryFrequency: 30m
 queryPeriod: 30m
 triggerOperator: gt
@ -29,5 +32,5 @@ entityMappings:
    fieldMappings:
      - identifier: FullName
        columnName: AccountCustomEntity
-version: 1.0.0
+version: 1.0.1
 kind: Scheduled
--- a/Rules/OracleDBAuditRareUserActivity.yaml
+++ b/Rules/OracleDBAuditRareUserActivity.yaml
@ -8,6 +8,9 @@ requiredDataConnectors:
  - connectorId: OracleDatabaseAudit
    dataTypes:
      - Syslog
+  - connectorId: SyslogAma
+    datatypes:
+      - Syslog
 queryFrequency: 1h
 queryPeriod: 14d
 triggerOperator: gt
@ -43,5 +46,5 @@ entityMappings:
    fieldMappings:
      - identifier: FullName
        columnName: AccountCustomEntity
-version: 1.0.0
+version: 1.0.1
 kind: Scheduled
--- a/Rules/OracleDBAuditSQLInjectionPatterns.yaml
+++ b/Rules/OracleDBAuditSQLInjectionPatterns.yaml
@ -8,6 +8,9 @@ requiredDataConnectors:
  - connectorId: OracleDatabaseAudit
    dataTypes:
      - Syslog
+  - connectorId: SyslogAma
+    datatypes:
+      - Syslog
 queryFrequency: 1h
 queryPeriod: 1h
 triggerOperator: gt
@ -32,5 +35,5 @@ entityMappings:
    fieldMappings:
      - identifier: Address
        columnName: IPCustomEntity
-version: 1.0.0
+version: 1.0.1
 kind: Scheduled
--- a/Rules/OracleDBAuditSelectOnManyTables.yaml
+++ b/Rules/OracleDBAuditSelectOnManyTables.yaml
@ -8,6 +8,9 @@ requiredDataConnectors:
  - connectorId: OracleDatabaseAudit
    dataTypes:
      - Syslog
+  - connectorId: SyslogAma
+    datatypes:
+      - Syslog
 queryFrequency: 1h
 queryPeriod: 1h
 triggerOperator: gt
@ -32,5 +35,5 @@ entityMappings:
    fieldMappings:
      - identifier: FullName
        columnName: AccountCustomEntity
-version: 1.0.0
+version: 1.0.1
 kind: Scheduled
--- a/Rules/OracleDBAuditShutdownServer.yaml
+++ b/Rules/OracleDBAuditShutdownServer.yaml
@ -8,6 +8,9 @@ requiredDataConnectors:
  - connectorId: OracleDatabaseAudit
    dataTypes:
      - Syslog
+  - connectorId: SyslogAma
+    datatypes:
+      - Syslog
 queryFrequency: 1h
 queryPeriod: 1h
 triggerOperator: gt
@ -32,5 +35,5 @@ entityMappings:
    fieldMappings:
      - identifier: Address
        columnName: IPCustomEntity
-version: 1.0.0
+version: 1.0.1
 kind: Scheduled
--- a/Connectors/Connector_OracleDatabaseAudit.json
+++ b/Connectors/Connector_OracleDatabaseAudit.json
@ -1,6 +1,6 @@
 {
    "id": "OracleDatabaseAudit",
-    "title": "Oracle Database Audit",
+    "title": "[Deprecated] Oracle Database Audit",
    "publisher": "Oracle",
    "descriptionMarkdown": "The Oracle DB Audit data connector provides the capability to ingest [Oracle Database](https://www.oracle.com/database/technologies/) audit events into Microsoft Sentinel through the syslog. Refer to [documentation](https://docs.oracle.com/en/database/oracle/oracle-database/21/dbseg/introduction-to-auditing.html#GUID-94381464-53A3-421B-8F13-BD171C867405) for more information.",
    "additionalRequirementBanner": "These queries are dependent on a parser based on a Kusto Function deployed as part of the solution.",
--- a/Solutions/OracleDatabaseAudit/Data/Solution_OracleDBAudit.json
+++ b/Solutions/OracleDatabaseAudit/Data/Solution_OracleDBAudit.json
@ -2,10 +2,10 @@
  "Name": "OracleDatabaseAudit",
  "Author": "Microsoft - support@microsoft.com",
  "Logo": "<img src=\"https://raw.githubusercontent.com/Azure/Azure-Sentinel/master/Logos/oracle_logo.svg\" width=\"75px\" height=\"75px\">",
-  "Description": "The Oracle Database Audit solution provides the capability to ingest [Oracle Database](https://www.oracle.com/database/technologies/) audit events into Microsoft Sentinel through the syslog. Refer to [documentation](https://docs.oracle.com/en/database/oracle/oracle-database/21/dbseg/introduction-to-auditing.html#GUID-94381464-53A3-421B-8F13-BD171C867405) for more information.\r\n  \r\n  **Underlying Microsoft Technologies used:** \r\n\r\n This solution takes a dependency on the following technologies, and some of these dependencies either may be in [Preview](https://azure.microsoft.com/support/legal/preview-supplemental-terms/) state or might result in additional ingestion or operational costs:\r\n\n  a. [Agent-based log collection (Syslog)](https://docs.microsoft.com/azure/sentinel/connect-syslog)\r\n\n\n\n",
+  "Description": "The Oracle Database Audit solution provides the capability to ingest [Oracle Database](https://www.oracle.com/database/technologies/) audit events into Microsoft Sentinel through the syslog. Refer to [documentation](https://docs.oracle.com/en/database/oracle/oracle-database/21/dbseg/introduction-to-auditing.html#GUID-94381464-53A3-421B-8F13-BD171C867405) for more information.\r\n  \r\n This solution is dependent on the Syslog solution containing the Syslog via AMA connector to collect the logs. The Syslog  solution will be installed as part of this solution installation. \n\n **NOTE**: Microsoft recommends installation of Syslog via AMA Connector. Legacy connector uses the Log Analytics agent which is about to be deprecated by **Aug 31, 2024**. Using MMA and AMA on same machine can cause log duplication and extra ingestion cost [more details](https://learn.microsoft.com/en-us/azure/sentinel/ama-migrate).",
  "Workbooks": [ 
    "Workbooks/OracleDatabaseAudit.json" 
-   ],
+  ],
  "Parsers": [
    "Parsers/OracleDatabaseAuditEvent.yaml"
  ],
@ -36,9 +36,12 @@
    "Analytic Rules/OracleDBAuditShutdownServer.yaml",
    "Analytic Rules/OracleDBAuditSQLInjectionPatterns.yaml"
  ],
+  "dependentDomainSolutionIds": [
+    "azuresentinel.azure-sentinel-solution-syslog"
+  ],
  "Metadata": "SolutionMetadata.json",
  "BasePath": "C:\\GitHub\\Azure-Sentinel\\Solutions\\OracleDatabaseAudit",
-  "Version": "3.0.1",
+  "Version": "3.0.2",
  "TemplateSpec": true,
  "Is1PConnector": false
 }
--- a/Queries/OracleDBAuditActionsByIp.yaml
+++ b/Queries/OracleDBAuditActionsByIp.yaml
@ -6,6 +6,9 @@ requiredDataConnectors:
  - connectorId: OracleDatabaseAudit
    dataTypes:
      - Syslog
+  - connectorId: SyslogAma
+    datatypes:
+      - Syslog
 tactics:
  - InitialAccess
  - DefenseEvasion
--- a/Queries/OracleDBAuditActionsByUser.yaml
+++ b/Queries/OracleDBAuditActionsByUser.yaml
@ -6,6 +6,9 @@ requiredDataConnectors:
  - connectorId: OracleDatabaseAudit
    dataTypes:
      - Syslog
+  - connectorId: SyslogAma
+    datatypes:
+      - Syslog
 tactics:
  - InitialAccess
  - DefenseEvasion
--- a/Queries/OracleDBAuditActiveUsers.yaml
+++ b/Queries/OracleDBAuditActiveUsers.yaml
@ -6,6 +6,9 @@ requiredDataConnectors:
  - connectorId: OracleDatabaseAudit
    dataTypes:
      - Syslog
+  - connectorId: SyslogAma
+    datatypes:
+      - Syslog
 tactics:
  - InitialAccess
  - DefenseEvasion
--- a/Queries/OracleDBAuditDbConnectNonOperationalTime.yaml
+++ b/Queries/OracleDBAuditDbConnectNonOperationalTime.yaml
@ -6,6 +6,9 @@ requiredDataConnectors:
  - connectorId: OracleDatabaseAudit
    dataTypes:
      - Syslog
+  - connectorId: SyslogAma
+    datatypes:
+      - Syslog
 tactics:
  - InitialAccess
  - DefenseEvasion
--- a/Queries/OracleDBAuditDroppedTables.yaml
+++ b/Queries/OracleDBAuditDroppedTables.yaml
@ -6,6 +6,9 @@ requiredDataConnectors:
  - connectorId: OracleDatabaseAudit
    dataTypes:
      - Syslog
+  - connectorId: SyslogAma
+    datatypes:
+      - Syslog
 tactics:
  - Impact
 relevantTechniques:
--- a/Queries/OracleDBAuditInactiveUsers.yaml
+++ b/Queries/OracleDBAuditInactiveUsers.yaml
@ -6,6 +6,9 @@ requiredDataConnectors:
  - connectorId: OracleDatabaseAudit
    dataTypes:
      - Syslog
+  - connectorId: SyslogAma
+    datatypes:
+      - Syslog
 tactics:
  - InitialAccess
 relevantTechniques:
--- a/Queries/OracleDBAuditLargeQueries.yaml
+++ b/Queries/OracleDBAuditLargeQueries.yaml
@ -6,6 +6,9 @@ requiredDataConnectors:
  - connectorId: OracleDatabaseAudit
    dataTypes:
      - Syslog
+  - connectorId: SyslogAma
+    datatypes:
+      - Syslog
 tactics:
  - InitialAccess
  - DefenseEvasion
--- a/Queries/OracleDBAuditListOfTablesQueried.yaml
+++ b/Queries/OracleDBAuditListOfTablesQueried.yaml
@ -6,6 +6,9 @@ requiredDataConnectors:
  - connectorId: OracleDatabaseAudit
    dataTypes:
      - Syslog
+  - connectorId: SyslogAma
+    datatypes:
+      - Syslog
 tactics:
  - Collection
 relevantTechniques:
--- a/Queries/OracleDBAuditUsersNewPrivilegesAdded.yaml
+++ b/Queries/OracleDBAuditUsersNewPrivilegesAdded.yaml
@ -6,6 +6,9 @@ requiredDataConnectors:
  - connectorId: OracleDatabaseAudit
    dataTypes:
      - Syslog
+  - connectorId: SyslogAma
+    datatypes:
+      - Syslog
 tactics:
  - InitialAccess
  - PrivilegeEscalation
--- a/Queries/OracleDBAuditUsersPrivilegesReview.yaml
+++ b/Queries/OracleDBAuditUsersPrivilegesReview.yaml
@ -6,6 +6,9 @@ requiredDataConnectors:
  - connectorId: OracleDatabaseAudit
    dataTypes:
      - Syslog
+  - connectorId: SyslogAma
+    datatypes:
+      - Syslog
 tactics:
  - InitialAccess
  - PrivilegeEscalation
--- a/Solutions/OracleDatabaseAudit/Package/3.0.2.zip
+++ b/Solutions/OracleDatabaseAudit/Package/3.0.2.zip
--- a/Solutions/OracleDatabaseAudit/Package/createUiDefinition.json
+++ b/Solutions/OracleDatabaseAudit/Package/createUiDefinition.json
@ -6,7 +6,7 @@
    "config": {
      "isWizard": false,
      "basics": {
-        "description": "<img src=\"https://raw.githubusercontent.com/Azure/Azure-Sentinel/master/Logos/oracle_logo.svg\" width=\"75px\" height=\"75px\">\n\n**Note:** Please refer to the following before installing the solution: \n\n• Review the solution [Release Notes](https://github.com/Azure/Azure-Sentinel/tree/master/Solutions/OracleDatabaseAudit/ReleaseNotes.md)\n\n • There may be [known issues](https://aka.ms/sentinelsolutionsknownissues) pertaining to this Solution, please refer to them before installing.\n\nThe Oracle Database Audit solution provides the capability to ingest [Oracle Database](https://www.oracle.com/database/technologies/) audit events into Microsoft Sentinel through the syslog. Refer to [documentation](https://docs.oracle.com/en/database/oracle/oracle-database/21/dbseg/introduction-to-auditing.html#GUID-94381464-53A3-421B-8F13-BD171C867405) for more information.\r\n  \r\n  **Underlying Microsoft Technologies used:** \r\n\r\n This solution takes a dependency on the following technologies, and some of these dependencies either may be in [Preview](https://azure.microsoft.com/support/legal/preview-supplemental-terms/) state or might result in additional ingestion or operational costs:\r\n\n  a. [Agent-based log collection (Syslog)](https://docs.microsoft.com/azure/sentinel/connect-syslog)\r\n\n\n\n\n\n**Data Connectors:** 1, **Parsers:** 1, **Workbooks:** 1, **Analytic Rules:** 10, **Hunting Queries:** 10\n\n[Learn more about Microsoft Sentinel](https://aka.ms/azuresentinel) | [Learn more about Solutions](https://aka.ms/azuresentinelsolutionsdoc)",
+        "description": "<img src=\"https://raw.githubusercontent.com/Azure/Azure-Sentinel/master/Logos/oracle_logo.svg\" width=\"75px\" height=\"75px\">\n\n**Note:** Please refer to the following before installing the solution: \n\n• Review the solution [Release Notes](https://github.com/Azure/Azure-Sentinel/tree/master/Solutions/OracleDatabaseAudit/ReleaseNotes.md)\n\n • There may be [known issues](https://aka.ms/sentinelsolutionsknownissues) pertaining to this Solution, please refer to them before installing.\n\nThe Oracle Database Audit solution provides the capability to ingest [Oracle Database](https://www.oracle.com/database/technologies/) audit events into Microsoft Sentinel through the syslog. Refer to [documentation](https://docs.oracle.com/en/database/oracle/oracle-database/21/dbseg/introduction-to-auditing.html#GUID-94381464-53A3-421B-8F13-BD171C867405) for more information.\r\n  \r\n This solution is dependent on the Syslog solution containing the Syslog via AMA connector to collect the logs. The Syslog  solution will be installed as part of this solution installation. \n\n **NOTE**: Microsoft recommends installation of Syslog via AMA Connector. Legacy connector uses the Log Analytics agent which is about to be deprecated by **Aug 31, 2024**. Using MMA and AMA on same machine can cause log duplication and extra ingestion cost [more details](https://learn.microsoft.com/en-us/azure/sentinel/ama-migrate).\n\n**Data Connectors:** 1, **Parsers:** 1, **Workbooks:** 1, **Analytic Rules:** 10, **Hunting Queries:** 10\n\n[Learn more about Microsoft Sentinel](https://aka.ms/azuresentinel) | [Learn more about Solutions](https://aka.ms/azuresentinelsolutionsdoc)",
        "subscription": {
          "resourceProviders": [
            "Microsoft.OperationsManagement/solutions",
@ -57,7 +57,7 @@
        "bladeTitle": "Data Connectors",
        "elements": [
          {
-            "name": "dataconnectors-text1",
+            "name": "dataconnectors1-text",
            "type": "Microsoft.Common.TextBlock",
            "options": {
              "text": "This Solution installs the data connector for OracleDatabaseAudit. You can get OracleDatabaseAudit Syslog data in your Microsoft Sentinel workspace. After installing the solution, configure and enable this data connector by following guidance in Manage solution view."
@ -323,7 +323,7 @@
                "name": "huntingquery1-text",
                "type": "Microsoft.Common.TextBlock",
                "options": {
-                  "text": "Query searches sources from which DbActions were made. This hunting query depends on OracleDatabaseAudit data connector (Syslog Parser or Table)"
+                  "text": "Query searches sources from which DbActions were made. This hunting query depends on OracleDatabaseAudit SyslogAma data connector (Syslog Syslog Parser or Table)"
                }
              }
            ]
@ -337,7 +337,7 @@
                "name": "huntingquery2-text",
                "type": "Microsoft.Common.TextBlock",
                "options": {
-                  "text": "Query searches actions made by user. This hunting query depends on OracleDatabaseAudit data connector (Syslog Parser or Table)"
+                  "text": "Query searches actions made by user. This hunting query depends on OracleDatabaseAudit SyslogAma data connector (Syslog Syslog Parser or Table)"
                }
              }
            ]
@ -351,7 +351,7 @@
                "name": "huntingquery3-text",
                "type": "Microsoft.Common.TextBlock",
                "options": {
-                  "text": "Query for searching active database user accounts. This hunting query depends on OracleDatabaseAudit data connector (Syslog Parser or Table)"
+                  "text": "Query for searching active database user accounts. This hunting query depends on OracleDatabaseAudit SyslogAma data connector (Syslog Syslog Parser or Table)"
                }
              }
            ]
@ -365,7 +365,7 @@
                "name": "huntingquery4-text",
                "type": "Microsoft.Common.TextBlock",
                "options": {
-                  "text": "Query searches for users who have connected to databases during non-operational hours. This hunting query depends on OracleDatabaseAudit data connector (Syslog Parser or Table)"
+                  "text": "Query searches for users who have connected to databases during non-operational hours. This hunting query depends on OracleDatabaseAudit SyslogAma data connector (Syslog Syslog Parser or Table)"
                }
              }
            ]
@ -379,7 +379,7 @@
                "name": "huntingquery5-text",
                "type": "Microsoft.Common.TextBlock",
                "options": {
-                  "text": "Query searches for dropped tables. This hunting query depends on OracleDatabaseAudit data connector (Syslog Parser or Table)"
+                  "text": "Query searches for dropped tables. This hunting query depends on OracleDatabaseAudit SyslogAma data connector (Syslog Syslog Parser or Table)"
                }
              }
            ]
@ -393,7 +393,7 @@
                "name": "huntingquery6-text",
                "type": "Microsoft.Common.TextBlock",
                "options": {
-                  "text": "Query for searching user accounts which last activity was more than 30 days ago. This hunting query depends on OracleDatabaseAudit data connector (Syslog Parser or Table)"
+                  "text": "Query for searching user accounts which last activity was more than 30 days ago. This hunting query depends on OracleDatabaseAudit SyslogAma data connector (Syslog Syslog Parser or Table)"
                }
              }
            ]
@ -407,7 +407,7 @@
                "name": "huntingquery7-text",
                "type": "Microsoft.Common.TextBlock",
                "options": {
-                  "text": "Query for auditing large queries. This hunting query depends on OracleDatabaseAudit data connector (Syslog Parser or Table)"
+                  "text": "Query for auditing large queries. This hunting query depends on OracleDatabaseAudit SyslogAma data connector (Syslog Syslog Parser or Table)"
                }
              }
            ]
@ -421,7 +421,7 @@
                "name": "huntingquery8-text",
                "type": "Microsoft.Common.TextBlock",
                "options": {
-                  "text": "Query searches for tables queries. This hunting query depends on OracleDatabaseAudit data connector (Syslog Parser or Table)"
+                  "text": "Query searches for tables queries. This hunting query depends on OracleDatabaseAudit SyslogAma data connector (Syslog Syslog Parser or Table)"
                }
              }
            ]
@ -435,7 +435,7 @@
                "name": "huntingquery9-text",
                "type": "Microsoft.Common.TextBlock",
                "options": {
-                  "text": "Query for searching user accounts whith new privileges. This hunting query depends on OracleDatabaseAudit data connector (Syslog Parser or Table)"
+                  "text": "Query for searching user accounts whith new privileges. This hunting query depends on OracleDatabaseAudit SyslogAma data connector (Syslog Syslog Parser or Table)"
                }
              }
            ]
@ -449,7 +449,7 @@
                "name": "huntingquery10-text",
                "type": "Microsoft.Common.TextBlock",
                "options": {
-                  "text": "Query searches for user accounts and their privileges. This hunting query depends on OracleDatabaseAudit data connector (Syslog Parser or Table)"
+                  "text": "Query searches for user accounts and their privileges. This hunting query depends on OracleDatabaseAudit SyslogAma data connector (Syslog Syslog Parser or Table)"
                }
              }
            ]
--- a/Solutions/OracleDatabaseAudit/Package/mainTemplate.json
+++ b/Solutions/OracleDatabaseAudit/Package/mainTemplate.json
--- a/Solutions/OracleDatabaseAudit/ReleaseNotes.md
+++ b/Solutions/OracleDatabaseAudit/ReleaseNotes.md
@ -1,5 +1,6 @@
 | **Version** | **Date Modified (DD-MM-YYYY)** | **Change History**                          |
 |-------------|--------------------------------|---------------------------------------------|
+| 3.0.2       | 23-07-2024                     | Deprecated data connectors |
 | 3.0.1       | 26-04-2024                     | Repackaged for fix on parser in maintemplate to have old parsername and parentid                    |
 | 3.0.0       | 19-12-2023                     | Documentation changes for oracle data base audit
- 
+
--- a/Solutions/OracleDatabaseAudit/SolutionMetadata.json
+++ b/Solutions/OracleDatabaseAudit/SolutionMetadata.json
@ -7,9 +7,9 @@
 		"domains" : ["Application"]
 	},
 	"support": {
-	  "name": "Microsoft Corporation",
-	  "email": "support@microsoft.com",
-	  "tier": "Microsoft",
-	  "link": "https://support.microsoft.com"
+		"name": "Microsoft Corporation",
+		"email": "support@microsoft.com",
+		"tier": "Microsoft",
+		"link": "https://support.microsoft.com"
 	}
 }