fix: support -> microsoft in azuredeploy files

MasterPlaybooks/Remediation-IP/AzureFirewall-BlockIP-Nested-Remediation/azuredeploy.json

@@ -11,11 +11,11 @@
       "3. IP Group must be created in portal. [Refer here](https://docs.microsoft.com/azure/firewall/ip-groups) on how to create IP Group. User must have access tp IP Group.",
       "4. Client ID, Tenant ID and Client Secret for your application registered in your AAD."
     ],
-    "lastUpdateTime": "2021-08-06T00:00:00.000Z",
+    "lastUpdateTime": "2022-09-05T14:46:14Z",
     "entities": [ "IP" ],
     "tags": [ "Remediation" ],
     "support": {
-      "tier": "community"
+      "tier": "microsoft"
     },
     "author": {
       "name": "Accenture"

MasterPlaybooks/Remediation-IP/CiscoFirepower-BlockIP-Nested-Remediation/azuredeploy.json

@@ -10,11 +10,11 @@
         "prerequisites": ["1. In Cisco Firepower there needs to be a Network Group object. [Creating Network Objects](https://www.cisco.com/c/en/us/td/docs/security/firepower/630/configuration/guide/fpmc-config-guide-v63/reusable_objects.html#ariaid-title15)",
             "2. Cisco Firepower custom connector needs to be deployed prior to the deployment of this playbook, in the same resource group and region. Relevant instructions can be found in the [connector doc](https://github.com/Azure/Azure-Sentinel/tree/master/Playbooks/CiscoFirepower/CustomConnector#deployment-instructions)"],
         "prerequisitesDeployTemplateFile": "../CustomConnector/azuredeploy.json",
-        "lastUpdateTime": "2021-07-28T00:00:00.000Z",
+        "lastUpdateTime": "2022-08-29T10:43:00Z",
         "entities": ["Ip"],
         "tags": ["Remediation"],
         "support": {
-            "tier": "community"
+            "tier": "microsoft"
         },
         "author": {
             "name": "Wortell"
@@ -601,19 +601,5 @@
                 }
             }
         }
-    ],
+    ]
-    "metadata":{
-        "title": "Cisco Firepower - Add IP Addresses to a Network Group object",
-        "description": "This playbook allows blocking of IPs in Cisco Firepower, using a Network Group object. This allows making changes to a Network Group selected members, instead of making Access List Entries. The Network Group object itself should be part of an Access List Entry.",
-        "prerequisites": "1. Cisco Firepower custom connector needs to be deployed prior to the deployment of this playbook, in the same resource group and region. Relevant instructions can be found in the connector [doc pages](https://github.com/Azure/Azure-Sentinel/tree/master/Playbooks/CiscoFirepower/CustomConnector). 2. In Cisco Firepower there needs to be a Network Group object. [Creating Network Objects](https://www.cisco.com/c/en/us/td/docs/security/firepower/630/configuration/guide/fpmc-config-guide-v63/reusable_objects.html#ariaid-title15)",
-        "lastUpdateTime": "2022-08-29T10:43:00Z",
-        "entities": ["ip"],
-        "tags": ["Remediation", "Incident management"],
-        "support": {
-            "tier": "microsoft"
-        },
-        "author": {
-            "name": "microsoft"
-        }
-    }
 }

MasterPlaybooks/Remediation-IP/CiscoUmbrella-BlockIP-Nested-Remediation/azuredeploy.json

@@ -8,7 +8,7 @@
 			"1. ServiceNow Instance URL, Username, and password.",
 			"2. Access and authorization to enable API connectors"
 		],
-		"lastUpdateTime": "2021-06-29T10:00:00.000Z",
+		"lastUpdateTime": "2022-08-29T10:43:00Z",
 		"entities": [
 			"Account",
 			"Url",
@@ -19,7 +19,7 @@
 			"Notification"
 		],
 		"support": {
-			"tier": "community"
+			"tier": "microsoft"
 		},
 		"author": {
 			"name": "Jing Nghik"
@@ -249,19 +249,5 @@
                 }
             }
         }
-    ],
+    ]
-    "metadata":{
-        "title": "CiscoUmbrella-AddIpToDestinationList",
-        "description": "When  this playbook gets triggered and performs the following actions: 1. Retrieves all destinations lists from Cisco Umbrella. 2. Adds all IP to all destination list received in previous step. 3. Creates comment about action taken.",
-        "prerequisites": "1. Prior to the deployment of this playbook, Cisco Umbrella Management API Connector needs to be deployed under the same subscription. 2. Obtain Cisco Umbrella Management API credentials. Refer to Cisco Umbrella Management API Custom Connector documentation. 3. Obtain Cisco Umbrella Organiztion Id",
-        "lastUpdateTime": "2022-08-29T10:43:00Z",
-        "entities": ["ip"],
-        "tags": ["Remediation", "Incident management"],
-        "support": {
-            "tier": "microsoft"
-        },
-        "author": {
-            "name": "microsoft"
-        }
-    }
 }

MasterPlaybooks/Remediation-IP/F5-BlockIP-Nested-Remediation/azuredeploy.json

@@ -12,11 +12,11 @@
       "4. The address list should be a part of Firewall Policy Rule"
     ],
     "prerequisitesDeployTemplateFile": "./BasePlaybook-F5BigIP/azuredeploy.json",
-    "lastUpdateTime": "2021-08-12T00:00:00.000Z",
+    "lastUpdateTime": "2022-08-29T10:43:00Z",
     "entities": [ "Ip" ],
     "tags": [ "Remediation" ],
     "support": {
-      "tier": "community"
+      "tier": "microsoft"
     },
     "author": {
       "name": "Accenture"
@@ -719,19 +719,5 @@
         }
       }
     }
-  ],
+  ]
-    "metadata":{
-        "title": "F5 BIG-IP Block IP Playbook",
-        "description": "When this playbook gets triggered performs the below actions: 1. Fetches a list of potentially malicious IP addresses. 2. For each IP address in the list, checks if the IP address is present in IP Address list of F5 BIG-IP firewall. 3. If IP address not present in IP address list, then adds the IP address to IP address list.",
-        "prerequisites": "1. Deploy the F5 BIG-IP Base Playbook before the deployment of this playbook under the same subscription and same resource group and under the same location/region. Capture the name of the playbook during deployment. 2. A Firewall policy rule should be created for blocking of IP. 3. An address list should be created for blocking IP. 4. The address list should be a part of Firewall policy rule.",
-        "lastUpdateTime": "2022-08-29T10:43:00Z",
-        "entities": ["ip"],
-        "tags": ["Remediation", "Incident management"],
-        "support": {
-            "tier": "microsoft"
-        },
-        "author": {
-            "name": "microsoft"
-        }
-    }
 }

MasterPlaybooks/Remediation-IP/ForcepointNGFW-BlockIP-Nested-Remediation/azuredeploy.json

@@ -11,11 +11,11 @@
             "3. Forcepoint SMC Version number should be known. [Refer here](https://help.stonesoft.com/onlinehelp/StoneGate/SMC/)",
             "4. IP address list name for blocking IP address present in SMC should be known."
         ],
-        "lastUpdateTime": "2021-08-06T00:00:00.000Z",
+        "lastUpdateTime": "2022-08-29T10:43:00Z",
         "entities": [ "IP" ],
         "tags": [ "Remediation" ],
         "support": {
-            "tier": "community"
+            "tier": "microsoft"
         },
         "author": {
             "name": "Accenture"

MasterPlaybooks/Remediation-IP/Fortinet-BlockIP-Nested-Remediation/azuredeploy.json

@@ -13,7 +13,7 @@
             "5. Managed Identity should be created. [Create user assigned manage identity](https://docs.microsoft.com/azure/active-directory/managed-identities-azure-resources/how-to-manage-ua-identity-portal)"
 
         ],
-        "lastUpdateTime": "2021-08-06T00:00:00.000Z",
+        "lastUpdateTime": "2022-08-29T10:43:00Z",
         "entities": [ "IP" ],
         "tags": [ "Remediation" ],
         "support": {

MasterPlaybooks/Remediation-IP/MDE-BlockIP-Nested-Remediation/azuredeploy.json

@@ -5,11 +5,11 @@
         "title": "Restrict MDE Ip Address",
         "description": "This playbook will take IP entities and generate alert and block threat indicators for each IP in MDE for 90 days.",
         "prerequisites": "You will need to grant Ti.ReadWrite permissions to the managed identity.",
-        "lastUpdateTime": "2021-07-14T00:00:00.000Z",
+        "lastUpdateTime": "2022-08-29T10:43:00Z",
         "entities": [ "Ip" ],
         "tags": [ "Remediation" ],
         "support": {
-            "tier": "Community"
+            "tier": "microsoft"
         },
         "author": {
             "name": "Nicholas DiCola"

MasterPlaybooks/Remediation-IP/Meraki-BlockIP-Nested-Remediation/azuredeploy.json

@@ -11,11 +11,11 @@
             "3. Organization name should be known.",
             "4. Network name should be known."
         ],
-        "lastUpdateTime": "2021-08-06T00:00:00.000Z",
+        "lastUpdateTime": "2022-08-29T10:43:00Z",
         "entities": [ "IP" ],
         "tags": [ "Remediation" ],
         "support": {
-            "tier": "community"
+            "tier": "microsoft"
         },
         "author": {
             "name": "Accenture"

MasterPlaybooks/Remediation-IP/PaloAlto-PAN-OS-BlockIP-Remediation/azuredeploy.json

@@ -10,11 +10,11 @@
             "2. Generate an API key.[Refer this link on how to generate the API Key](https://paloaltolactest.trafficmanager.net/restapi-doc/#tag/key-generation)",
             "3. Address group should be created for PAN-OS and this should be used while creating playbooks."
         ],
-        "lastUpdateTime": "2021-08-06T00:00:00.000Z",
+        "lastUpdateTime": "2022-08-29T10:43:00Z",
         "entities": [ "IP" ],
         "tags": [ "Remediation" ],
         "support": {
-            "tier": "community"
+            "tier": "microsoft"
         },
         "author": {
             "name": "Accenture"

MasterPlaybooks/Remediation-IP/azuredeploy.json

@@ -10,18 +10,23 @@
             "3. Response from individual playbooks are returned to master playbook for incident comment. "
         ],
         "prerequisites": [
-            "Atlease one of the below mentioned nested playbooks must be deployed prior to deployment of this playbook under same subscription and same resource group. Capture the name of all deployed playbooks during deployment.",
+            "At least one of the below mentioned nested playbooks must be deployed prior to deployment of this playbook under same subscription and same resource group. Capture the name of all deployed playbooks during deployment.",
             "- AzureFirewall-BlockIP-Nested-Remediation is a nested playbook that handles remidiation for Azure Firewall.",
             "- Forcepoint-BlockIP-Nested-Remediation is a nested playbook that handles remidiation for Forcepoint.",
             "- Fortinet-BlockIP-Nested-Remediation is a nested playbook that handles remidiation for Fortinet.",
             "- Meraki-BlockIP-Nested-Remediation is a nested playbook that handles remidiation for Meraki.",
-            "- PaloAlto-PAN-OS-BlockIP-Nested-Remediation is a nested playbook that handles remidiation for Palo Alto PAN-OS."
+            "- PaloAlto-PAN-OS-BlockIP-Nested-Remediation is a nested playbook that handles remidiation for Palo Alto PAN-OS.",
+            "- CiscoASA-BlockIP-Nested-Remediation is a nested playbook that handles remidiation for PaloAlto.",
+            "- CiscoFirepower-BlockIP-Nested-Remediation is a nested playbook that handles remidiation for PaloAlto.",
+            "- CiscoUmbrella-BlockIP-Nested-Remediation is a nested playbook that handles remidiation for PaloAlto.",
+            "- F5-BlockIP-Nested-Remediation is a nested playbook that handles remidiation for PaloAlto.",
+            "- MDE-BlockIP-Nested-Remediation is a nested playbook that handles remidiation for PaloAlto."
         ],
-        "lastUpdateTime": "2021-08-09T00:00:00.000Z",
+        "lastUpdateTime": "2022-08-29T10:43:00Z",
         "entities": [ "IP" ],
         "tags": [ "Remediation" ],
         "support": {
-            "tier": "community"
+            "tier": "microsoft"
         },
         "author": {
             "name": "Accenture"

MasterPlaybooks/Remediation-IP/readme.md

@@ -18,7 +18,7 @@ If a malicious IP is detected from the Azure sentinel, master playbook calls all
 
 
  ## Pre-requisites for deployment
-Atlease one of the below mentioned nested playbooks must be deployed prior to deployment of this playbook under same subscription and same resource group and the same location/region. Capture the name of all the deployed playbooks during deployment.
+At least one of the below-mentioned nested playbooks must be deployed prior to deployment of this playbook under same subscription and same resource group and the same location/region. Capture the name of all the deployed playbooks during deployment.
 
 - [AzureFirewall-BlockIP-Nested-Remediation](/MasterPlaybook-IP-Remediation/AzureFirewall-BlockIP-Nested-Remediation/azuredeploy.json) is a nested playbook that handles remidiation for AzureFirewall.  
 - [Forcepoint-BlockIP-Nested-Remediation](/MasterPlaybook-IP-Remediation/ForcepointNGFW-BlockIP-Nested-Remediation/azuredeploy.json) is a nested playbook that handles remidiation for Forcepoint. 
@@ -32,7 +32,7 @@ Atlease one of the below mentioned nested playbooks must be deployed prior to de
 - [F5-BlockIP-Nested-Remediation](/MasterPlaybook-IP-Remediation/F5-BlockIP-Nested-Remediation/azuredeploy.json) is a nested playbook that handles remidiation for PaloAlto.
 - [MDE-BlockIP-Nested-Remediation](/MasterPlaybook-IP-Remediation/MDE-BlockIP-Nested-Remediation/azuredeploy.json) is a nested playbook that handles remidiation for PaloAlto.
 
-If any one of the above mentioned playbooks are not deployed then default playbook will deploy in its place.
+If any one of the above-mentioned playbooks are not deployed then default playbook will deploy in its place.
 
 ## Nested Playbook Structure