Zero Trust solution package 2.0.1

Solutions/ZeroTrust(TIC3.0)/Package/createUiDefinition.json

@@ -6,7 +6,7 @@
     "config": {
       "isWizard": false,
       "basics": {
-        "description": "<img src=\"https://raw.githubusercontent.com/Azure/Azure-Sentinel/master/Workbooks/Images/Logos/Azure_Sentinel.svg\" width=\"75px\" height=\"75px\">\n\n**Important:** _This Microsoft Sentinel Solution is currently in public preview. This feature is provided without a service level agreement, and it's not recommended for production workloads. Certain features might not be supported or might have constrained capabilities. For more information, see [Supplemental Terms of Use for Microsoft Azure Previews](https://azure.microsoft.com/support/legal/preview-supplemental-terms/)._\n\n**Note:** _There may be [known issues](https://aka.ms/sentinelsolutionsknownissues) pertaining to this Solution, please refer to them before installing._\n\nThe Microsoft Sentinel: Zero Trust (TIC3.0) Workbook provides an automated visualization of Zero Trust principles cross walked to the Trusted Internet Connections framework. Compliance isn’t just an annual requirement, and organizations must monitor configurations over time like a muscle. This workbook leverages the full breadth of Microsoft security offerings across Azure, Office 365, Teams, Intune, Windows Virtual Desktop, and many more. This workbook enables Implementers, SecOps Analysts, Assessors, Security & Compliance Decision Makers, and MSSPs to gain situational awareness for cloud workloads' security posture. The workbook features 76+ control cards aligned to the TIC 3.0 security capabilities with selectable GUI buttons for navigation. This workbook is designed to augment staffing through automation, artificial intelligence, machine learning, query/alerting generation, visualizations, tailored recommendations, and respective documentation references.\n\nMicrosoft Sentinel Solutions provide a consolidated way to acquire Microsoft Sentinel content like data connectors, workbooks, analytics, and automations in your workspace with a single deployment step.\n\n**Workbooks:** 1, **Analytic Rules:** 1, **Playbooks:** 3\n\n[Learn more about Microsoft Sentinel](https://aka.ms/azuresentinel) | [Learn more about Solutions](https://aka.ms/azuresentinelsolutionsdoc)",
+        "description": "<img src=\"https://raw.githubusercontent.com/Azure/Azure-Sentinel/master/Workbooks/Images/Logos/Azure_Sentinel.svg\" width=\"75px\" height=\"75px\">\n\n**Important:** _This Microsoft Sentinel Solution is currently in public preview. This feature is provided without a service level agreement, and it's not recommended for production workloads. Certain features might not be supported or might have constrained capabilities. For more information, see [Supplemental Terms of Use for Microsoft Azure Previews](https://azure.microsoft.com/support/legal/preview-supplemental-terms/)._\n\n**Note:** _There may be [known issues](https://aka.ms/sentinelsolutionsknownissues) pertaining to this Solution, please refer to them before installing._\n\nThe Microsoft Sentinel Zero Trust (TIC 3.0) Solution provides a mechanism for viewing log queries aligned to Zero Trust and Trusted Internet Connections models across the Microsoft and partner ecosystem. This solution enables governance and compliance teams to design, build, monitor, and respond to Zero Trust (TIC 3.0) requirements across 25+ Microsoft and 3rd party products. The solution includes the new Zero Trust (TIC 3.0) Workbook, (1) Analytics Rule, and (3) Playbooks. While only Microsoft Sentinel and Microsoft Defender for Cloud are required to get started, the solution is enhanced with numerous Microsoft offerings. This Solution enables Security Architects, Engineers, SecOps Analysts, Managers, and IT Pros to gain situational awareness visibility for the security posture of cloud, multi-cloud, hybrid, and on-premise workloads. For more information, see 💡[Microsoft Zero Trust Model](https://www.microsoft.com/en-in/security/business/zero-trust?rtc=1) 💡[Trusted Internet Connections: Core Guidance Documents](https://www.cisa.gov/tic) \n\nMicrosoft Sentinel Solutions provide a consolidated way to acquire Microsoft Sentinel content like data connectors, workbooks, analytics, and automations in your workspace with a single deployment step.\n\n**Analytic Rules:** 1, **Playbooks:** 3, **Workbooks:** 1\n\n[Learn more about Microsoft Sentinel](https://aka.ms/azuresentinel) | [Learn more about Solutions](https://aka.ms/azuresentinelsolutionsdoc)",
         "subscription": {
           "resourceProviders": [
             "Microsoft.OperationsManagement/solutions",
@@ -273,7 +273,7 @@
       }
     ],
     "outputs": {
-      "workspace-location": "[first(map(filter(basics('getLAWorkspace').value, (filter) => and(contains(toLower(filter.id), toLower(resourceGroup().name)),equals(filter.name,basics('workspace')))), (item) => item.location))]",
+      "workspace-location":"[first(map(filter(basics('getLAWorkspace').value, (filter) => and(contains(filter.id, toLower(resourceGroup().name)),equals(filter.name,basics('workspace')))), (item) => item.location))]",
       "location": "[location()]",
       "workspace": "[basics('workspace')]",
       "workbook1-name": "[steps('workbooks').workbook1.workbook1-name]",

Solutions/ZeroTrust(TIC3.0)/data/Solution_ZeroTrust(TIC3.0).json

@@ -18,5 +18,5 @@
   ],
   "Metadata": "SolutionMetadata.json",
   "BasePath": "https://raw.githubusercontent.com/Azure/Azure-Sentinel/master/Solutions/ZeroTrust(TIC3.0)",
-  "Version": "1.0.12"
+  "Version": "2.0.1"
 }

Tools/Create-Azure-Sentinel-Solution/input/Solution_CybersecurityMaturityModelCertification(CMMC)2.0.json

@@ -1,21 +0,0 @@
-{
-  "Name": "CybersecurityMaturityModelCertification(CMMC)2.0",
-  "Author": "Nikhil Tripathi - v-ntripathi@microsoft.com",
-  "Logo": "<img src=\"https://raw.githubusercontent.com/Azure/Azure-Sentinel/master/Workbooks/Images/Logos/Azure_Sentinel.svg\"width=\"75px\"height=\"75px\">",
-  "Description": "The Microsoft Sentinel: Cybersecurity Maturity Model Certification (CMMC) 2.0 Solution provides a mechanism for viewing log queries aligned to CMMC 2.0 requirements across the Microsoft portfolio. This solution enables governance and compliance teams to design, build, monitor, and respond to CMMC 2.0 requirements across 25+ Microsoft products. The solution includes the new CMMC 2.0 Workbook, (2) Analytics Rules, and (1) Playbook. While only Microsoft Sentinel is required to get started, the solution is enhanced with numerous Microsoft offerings. This Solution enables Security Architects, Engineers, SecOps Analysts, Managers, and IT Pros to gain situational awareness visibility for the security posture of cloud workloads. There are also recommendations for selecting, designing, deploying, and configuring Microsoft offerings for alignment with respective security best practice.",
-  "Analytic Rules": [
-    "Analytic Rules/CMMC2.0Level1FoundationalPosture.yaml",
-	"Analytic Rules/CMMC2.0Level2AdvancedPosture.yaml"
-  ],
-  "Playbooks":  [
-  "Playbooks/Notify_GovernanceComplianceTeam.json",
-  "Playbooks/Open_DevOpsTaskRecommendation.json",
-  "Playbooks/Open_JIRATicketRecommendation.json"
-  ],
-  "Workbooks": [
-  "Workbooks/CybersecurityMaturityModelCertification(CMMC)2.0.json"
-  ],
-  "Metadata": "SolutionMetadata.json",
-  "BasePath": "C:\\GitHub\\azure\\Solutions\\CybersecurityMaturityModelCertification(CMMC)2.0",
-  "Version": "1.0.4"
-}

Tools/Create-Azure-Sentinel-Solution/input/Solution_GitHub.json

@@ -1,42 +0,0 @@
-{
-  "Name": "GitHub",
-  "Author": "Nikhil Tripathi - v-ntripathi@microsoft.com",
-  "Logo": "<img src=\"https://raw.githubusercontent.com/Azure/Azure-Sentinel/master/Workbooks/Images/Logos/GitHub.svg\"width=\"75px\"height=\"75px\">",
-  "Description": "",
-  "Workbooks": [
-	  "Workbooks/GithubWorkbook.json"
-  ],
-  "Analytic Rules": [
-    "Detections/(Preview) GitHub - A payment method was removed.yaml",
-    "Detections/(Preview) GitHub - Activities from Infrequent Country.yaml",
-	"Detections/(Preview) GitHub - Oauth application - a client secret was removed.yaml",
-	"Detections/(Preview) GitHub - Repository was created.yaml",
-	"Detections/(Preview) GitHub - Repository was destroyed.yaml",
-	"Detections/(Preview) GitHub - Two Factor Authentication Disabled in GitHub.yaml",
-	"Detections/(Preview) GitHub - User visibility Was changed.yaml",
-	"Detections/(Preview) GitHub - User was added to the organization.yaml",
-	"Detections/(Preview) GitHub - User was blocked.yaml",
-	"Detections/(Preview) GitHub - User was invited to the repository .yaml",
-	"Detections/(Preview) GitHub - pull request was created.yaml",
-	"Detections/(Preview) GitHub - pull request was merged.yaml"
-  ],
-  "Hunting Queries": [
-	  "Hunting Queries/First Time User Invite and Add Member to Org.yaml",
-	  "Hunting Queries/Inactive or New Account Usage.yaml",
-	  "Hunting Queries/Mass Deletion of Repositories .yaml",
-	  "Hunting Queries/Oauth App Restrictions Disabled.yaml",
-	  "Hunting Queries/Org Repositories Default Permissions Change.yaml",
-	  "Hunting Queries/Repository Permission Switched to Public.yaml",
-	  "Hunting Queries/User First Time Repository Delete Activity.yaml",
-	  "Hunting Queries/User Grant Access and Grants Other Access.yaml"
-  ],
-  "Parsers": [
-	  "Parsers/GitHubAuditData.txt"
-	  ],
-  "Data Connectors": [
-    "Data Connectors/azuredeploy_GitHub_native_poller_connector.json"
-  ],
-  "Metadata": "SolutionMetadata.json",
-  "BasePath": "C:\\GitHub\\azure\\Solutions\\GitHub",
-  "Version": "1.0.48"
-}

Tools/Create-Azure-Sentinel-Solution/input/Solution_InfobloxNIOS.json

@@ -1,46 +0,0 @@
-{
-  "Name": "Infoblox NIOS",
-  "Author": "Nikhil Tripathi - v-ntripathi@microsoft.com",
-  "Logo": "<img src=\"https://raw.githubusercontent.com/Azure/Azure-Sentinel/master/Logos/infoblox_logo.svg\"width=\"75px\"height=\"75px\">",
-  "Description": "The [Infoblox Network Identity Operating System (NIOS)](https://www.infoblox.com/glossary/network-identity-operating-system-nios/) is the operating system that powers Infoblox core network services, ensuring non-stop operation of network infrastructure. The basis for Next Level Networking, NIOS automates the error-prone and time-consuming manual tasks associated with deploying and managing DNS, DHCP, and IP address management (IPAM) required for continuous network availability and business uptime.",
-  "Data Connectors" : [
-    "Data Connectors/Connector_Syslog_Infoblox.json"
-    ],
-  "Workbooks": [
-	"Workbooks/Infoblox-Workbook-V2.json"
-	],
-  "Parsers": [
-	"Parser/InfobloxNIOS.txt",
-	"Parser/Infoblox_all.txt",
-	"Parser/Infoblox_allotherdhcpdTypes.txt",
-	"Parser/Infoblox_allotherdnsTypes.txt",
-	"Parser/Infoblox_dhcp_consolidated.txt",
-	"Parser/Infoblox_dhcpadded.txt",
-	"Parser/Infoblox_dhcpbindupdate.txt",
-	"Parser/Infoblox_dhcpdiscover.txt",
-	"Parser/Infoblox_dhcpexpire.txt",
-	"Parser/Infoblox_dhcpinform.txt",
-	"Parser/Infoblox_dhcpoffer.txt",
-	"Parser/Infoblox_dhcpoption.txt",
-	"Parser/Infoblox_dhcpother.txt",
-	"Parser/Infoblox_dhcppack.txt",
-	"Parser/Infoblox_dhcprelease.txt",
-	"Parser/Infoblox_dhcpremoved.txt",
-	"Parser/Infoblox_dhcprequest.txt",
-	"Parser/Infoblox_dhcpsession.txt",
-	"Parser/Infoblox_dns_consolidated.txt",
-	"Parser/Infoblox_dnsclient.txt",
-	"Parser/Infoblox_dnsgss.txt",
-	"Parser/Infoblox_dnszone.txt"
-    ],
-  "Analytic Rules": [
-	"Analytic Rules/ExcessiveNXDOMAINDNSQueries.yaml",
-	"Analytic Rules/PotentialDHCPStarvationAttack.yaml"
-	],
-  "Watchlists": [
-	"Workbooks/Watchlist/InfobloxDevices-watchlist.json"
-	],
-  "Metadata": "SolutionMetadata.json",
-  "BasePath": "C:\\GitHub\\azure\\Solutions\\Infoblox NIOS\\",
-  "Version": "1.0.2"
-}

Tools/Create-Azure-Sentinel-Solution/input/Solution_ZeroTrust(TIC3.0).json

@@ -0,0 +1,22 @@
+
+{
+  "Name": "ZeroTrust(TIC3.0)",
+  "Author": "Nikhil Tripathi - v-ntripathi@microsoft.com",
+  "Logo": "<img src=\"https://raw.githubusercontent.com/Azure/Azure-Sentinel/master/Workbooks/Images/Logos/Azure_Sentinel.svg\" width=\"75px\" height=\"75px\">",
+  "Description": "The Microsoft Sentinel: Zero Trust (TIC3.0) Workbook provides an automated visualization of Zero Trust principles cross walked to the Trusted Internet Connections framework. Compliance isn’t just an annual requirement, and organizations must monitor configurations over time like a muscle. This workbook leverages the full breadth of Microsoft security offerings across Azure, Office 365, Teams, Intune, Windows Virtual Desktop, and many more. This workbook enables Implementers, SecOps Analysts, Assessors, Security & Compliance Decision Makers, and MSSPs to gain situational awareness for cloud workloads' security posture. The workbook features 76+ control cards aligned to the TIC 3.0 security capabilities with selectable GUI buttons for navigation. This workbook is designed to augment staffing through automation, artificial intelligence, machine learning, query/alerting generation, visualizations, tailored recommendations, and respective documentation references.",
+  "WorkbookDescription": "Gain insights into ZeroTrust logs.",
+  "Workbooks": [
+    "Workbooks/ZeroTrust(TIC3.0).json"
+  ],
+  "Analytic Rules": [
+    "Analytic Rules/Zero_Trust_TIC3.0_ControlAssessmentPostureChange.yaml"
+  ],
+  "Playbooks": [
+    "Playbooks/Notify_GovernanceComplianceTeam.json",
+    "Playbooks/Open_DevOpsTaskRecommendation.json",
+    "Playbooks/Open_JIRATicketRecommendation.json"
+  ],
+  "Metadata": "SolutionMetadata.json",
+  "BasePath": "https://raw.githubusercontent.com/Azure/Azure-Sentinel/master/Solutions/ZeroTrust(TIC3.0)",
+  "Version": "2.0.1"
+}