VirusTotal playbooks to gallery

* Removed parameters for connections and changed display name
* Update tags, title

Playbooks/Get-VirusTotalDomainReport/incident-trigger/azuredeploy.json

@@ -2,12 +2,12 @@
     "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
     "contentVersion": "1.0.0.0",
     "metadata": {
-        "title": "Get-VirusTotalDomainReport",
+        "title": "URL Enrichment - Virus Total domain report",
         "description": "This playbook will take each URL entity and query VirusTotal for Domain Report (https://developers.virustotal.com/v3.0/reference#domain-info). It will write the results to Log Analytics and add a comment to the incident.",
-        "prerequisites": "You will need to register to Virus Total community for an API key.",
-        "lastUpdateTime": "2021-06-08T00:00:00.000Z",
+        "prerequisites": "Register to Virus Total community for an API key.",
+        "lastUpdateTime": "2021-05-08T00:00:00.000Z",
         "entities": [ "URL" ],
-        "tags": [ "Enrich" ],
+        "tags": [ "Enrichment" ],
         "support": {
             "tier": "Community"
         },
@@ -19,16 +19,6 @@
         "PlaybookName": {
             "defaultValue": "Get-VirusTotalDomainReport",
             "type": "string"
-        },
-        "VirusTotalAPIKey": {
-            "defaultValue": "<APIKey>",
-            "type": "string"
-        },
-        "workspaceId": {
-            "type": "string"
-        },
-        "workSpaceKey": {
-            "type": "string"
         }
     },
     "variables": {
@@ -43,14 +33,10 @@
             "name": "[variables('AzureLogAnalyticsDataCollectorConnectionName')]",
             "location": "[resourceGroup().location]",
             "properties": {
-                "displayName": "[parameters('workspaceId')]",
+                "displayName": "[variables('AzureLogAnalyticsDataCollectorConnectionName')]",
                 "customParameterValues": {},
                 "api": {
                     "id": "[concat('/subscriptions/', subscription().subscriptionId, '/providers/Microsoft.Web/locations/', resourceGroup().location, '/managedApis/azureloganalyticsdatacollector')]"
-                },
-                "parameterValues": {
-                    "username": "[parameters('workspaceId')]",
-                    "password": "[parameters('workSpaceKey')]"
                 }
             }
         },
@@ -60,9 +46,6 @@
             "name": "[variables('VirusTotalConnectionName')]",
             "location": "[resourceGroup().location]",
             "properties": {
-                "customParameterValues": {
-                    "api_key": "[parameters('VirusTotalAPIKey')]"
-                },
                 "api": {
                     "id": "[concat('/subscriptions/', subscription().subscriptionId, '/providers/Microsoft.Web/locations/', resourceGroup().location, '/managedApis/virustotal')]"
                 }

Playbooks/Get-VirusTotalDomainReport/readme.md

@@ -26,6 +26,6 @@ After deployment, you can run this playbook manually on an alert or attach it to
 
 ## Screenshots
 **Incident Trigger**<br>
-![Incident Trigger](./incident-trigger/images/Get-VirusTotalDomainReport_incident.png)<br>
+![Incident Trigger](./incident-trigger/images/designerLight.png)<br>
 **Alert Trigger**<br>
 ![Alert Trigger](./alert-trigger/images/Get-VirusTotalDomainReport_alert.png)<br>

Playbooks/Get-VirusTotalFileInfo/incident-trigger/azuredeploy.json

@@ -2,12 +2,12 @@
     "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
     "contentVersion": "1.0.0.0",
     "metadata": {
-        "title": "Get-VirusTotalFileReport",
+        "title": "FileHash Enrichment - Virus Total report",
         "description": "This playbook will take each File Hash entity and query VirusTotal for File Report (https://developers.virustotal.com/v3.0/reference#file-info). It will write the results to Log Analytics and add a comment to the incident.",
-        "prerequisites": "You will need to register to Virus Total community for an API key.",
-        "lastUpdateTime": "2021-06-08T00:00:00.000Z",
+        "prerequisites": "Register to Virus Total community for an API key.",
+        "lastUpdateTime": "2021-05-08T00:00:00.000Z",
         "entities": [ "FileHash" ],
-        "tags": [ "Enrich" ],
+        "tags": [ "Enrichment" ],
         "support": {
             "tier": "community"
         },
@@ -19,16 +19,6 @@
         "PlaybookName": {
             "defaultValue": "Get-VirusTotalFileInfo",
             "type": "string"
-        },
-        "VirusTotalAPIKey": {
-            "defaultValue": "<APIKey>",
-            "type": "string"
-        },
-        "workspaceId": {
-            "type": "string"
-        },
-        "workSpaceKey": {
-            "type": "string"
         }
     },
     "variables": {
@@ -43,14 +33,10 @@
             "name": "[variables('AzureLogAnalyticsDataCollectorConnectionName')]",
             "location": "[resourceGroup().location]",
             "properties": {
-                "displayName": "[parameters('workspaceId')]",
+                "displayName": "[variables('AzureLogAnalyticsDataCollectorConnectionName')]",
                 "customParameterValues": {},
                 "api": {
                     "id": "[concat('/subscriptions/', subscription().subscriptionId, '/providers/Microsoft.Web/locations/', resourceGroup().location, '/managedApis/azureloganalyticsdatacollector')]"
-                },
-                "parameterValues": {
-                    "username": "[parameters('workspaceId')]",
-                    "password": "[parameters('workSpaceKey')]"
                 }
             }
         },
@@ -60,9 +46,6 @@
             "name": "[variables('VirusTotalConnectionName')]",
             "location": "[resourceGroup().location]",
             "properties": {
-                "customParameterValues": {
-                    "api_key": "[parameters('VirusTotalAPIKey')]"
-                },
                 "api": {
                     "id": "[concat('/subscriptions/', subscription().subscriptionId, '/providers/Microsoft.Web/locations/', resourceGroup().location, '/managedApis/virustotal')]"
                 }

Playbooks/Get-VirusTotalFileInfo/readme.md

@@ -28,6 +28,6 @@ After deployment, you can run this playbook manually on an alert or attach it to
 
 ## Screenshots
 **Incident Trigger**<br>
-![Incident Trigger](./incident-trigger/images/Get-VirusTotalFileInfo_incident.png)<br>
+![Incident Trigger](./incident-trigger/images/designerLight.png)<br>
 **Alert Trigger**<br>
 ![Alert Trigger](./alert-trigger/images/Get-VirusTotalFileInfo_alert.png)<br>

Playbooks/Get-VirusTotalIPReport/incident-trigger/azuredeploy.json

@@ -2,12 +2,12 @@
     "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
     "contentVersion": "1.0.0.0",
     "metadata": {
-            "title": "Get-VirusTotalIPReport", 
+            "title": "IP Enrichment - Virus Total report", 
             "description": "This playbook will take each IP entity and query VirusTotal for IP Address Report (https://developers.virustotal.com/v3.0/reference#ip-info). It will write the results to Log Analytics and add a comment to the incident.",
-            "prerequisites": "You will need to register to Virus Total community for an API key.",
-            "lastUpdateTime": "2021-06-03T00:00:00.000Z", 
+            "prerequisites": "Register to Virus Total community for an API key.",
+            "lastUpdateTime": "2021-05-08T00:00:00.000Z",
             "entities": ["IP"], 
-            "tags": ["Enrich"], 
+            "tags": ["Enrichment"], 
             "support": {
                 "tier": "community" 
             },
@@ -19,16 +19,6 @@
         "PlaybookName": {
             "defaultValue": "Get-VirusTotalIPReport",
             "type": "string"
-        },
-        "VirusTotalAPIKey": {
-            "defaultValue": "<APIKey>",
-            "type": "string"
-        },
-        "workspaceId": {
-            "type": "string"
-        },
-        "workSpaceKey": {
-            "type": "string"
         }
     },
     "variables": {
@@ -43,14 +33,10 @@
             "name": "[variables('AzureLogAnalyticsDataCollectorConnectionName')]",
             "location": "[resourceGroup().location]",
             "properties": {
-                "displayName": "[parameters('workspaceId')]",
+                "displayName": "[variables('AzureLogAnalyticsDataCollectorConnectionName')]",
                 "customParameterValues": {},
                 "api": {
                     "id": "[concat('/subscriptions/', subscription().subscriptionId, '/providers/Microsoft.Web/locations/', resourceGroup().location, '/managedApis/azureloganalyticsdatacollector')]"
-                },
-                "parameterValues": {
-                    "username": "[parameters('workspaceId')]",
-                    "password": "[parameters('workSpaceKey')]"
                 }
             }
         },
@@ -75,9 +61,6 @@
             "name": "[variables('VirusTotalConnectionName')]",
             "location": "[resourceGroup().location]",
             "properties": {
-                "customParameterValues": {
-                    "api_key": "[parameters('VirusTotalAPIKey')]"
-                },
                 "api": {
                     "id": "[concat('/subscriptions/', subscription().subscriptionId, '/providers/Microsoft.Web/locations/', resourceGroup().location, '/managedApis/virustotal')]"
                 }

Playbooks/Get-VirusTotalIPReport/readme.md

@@ -26,6 +26,6 @@ After deployment, you can run this playbook manually on an alert or attach it to
 
 ## Screenshots
 **Incident Trigger**<br>
-![Incident Trigger](./incident-trigger/images/Get-VirusTotalIPReport_incident.png)<br>
+![Incident Trigger](./incident-trigger/images/designerLight.png)<br>
 **Alert Trigger**<br>
 ![Alert Trigger](./alert-trigger/images/Get-VirusTotalIPReport_alert.png)<br>

Playbooks/Get-VirusTotalURLReport/incident-trigger/azuredeploy.json

@@ -2,12 +2,12 @@
     "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
     "contentVersion": "1.0.0.0",
     "metadata": {
-        "title": "Get-VirusTotalURLReport",
+        "title": "URL Enrichment - Virus Total report",
         "description": "This playbook will take each URL entity and query VirusTotal for URL Report (https://developers.virustotal.com/v3.0/reference#url-info). It will write the results to Log Analytics and add a comment to the incident.",
-        "prerequisites": "You will need to register to Virus Total community for an API key.",
-        "lastUpdateTime": "2021-06-08T00:00:00.000Z",
+        "prerequisites": "Register to Virus Total community for an API key.",
+        "lastUpdateTime": "2021-05-08T00:00:00.000Z",
         "entities": [ "URL" ],
-        "tags": [ "Enrich" ],
+        "tags": [ "Enrichment" ],
         "support": {
             "tier": "Community"
         },
@@ -19,16 +19,6 @@
         "PlaybookName": {
             "defaultValue": "Get-VirusTotalURLReport",
             "type": "string"
-        },
-        "VirusTotalAPIKey": {
-            "defaultValue": "<APIKey>",
-            "type": "string"
-        },
-        "workspaceId": {
-            "type": "string"
-        },
-        "workSpaceKey": {
-            "type": "string"
         }
     },
     "variables": {
@@ -43,14 +33,10 @@
             "name": "[variables('AzureLogAnalyticsDataCollectorConnectionName')]",
             "location": "[resourceGroup().location]",
             "properties": {
-                "displayName": "[parameters('workspaceId')]",
+                "displayName": "[variables('AzureLogAnalyticsDataCollectorConnectionName')]",
                 "customParameterValues": {},
                 "api": {
                     "id": "[concat('/subscriptions/', subscription().subscriptionId, '/providers/Microsoft.Web/locations/', resourceGroup().location, '/managedApis/azureloganalyticsdatacollector')]"
-                },
-                "parameterValues": {
-                    "username": "[parameters('workspaceId')]",
-                    "password": "[parameters('workSpaceKey')]"
                 }
             }
         },
@@ -60,9 +46,7 @@
             "name": "[variables('VirusTotalConnectionName')]",
             "location": "[resourceGroup().location]",
             "properties": {
-                "customParameterValues": {
-                    "api_key": "[parameters('VirusTotalAPIKey')]"
-                },
+                "displayName": "[variables('VirusTotalConnectionName')]",
                 "api": {
                     "id": "[concat('/subscriptions/', subscription().subscriptionId, '/providers/Microsoft.Web/locations/', resourceGroup().location, '/managedApis/virustotal')]"
                 }

Playbooks/Get-VirusTotalURLReport/readme.md

@@ -26,6 +26,6 @@ After deployment, you can run this playbook manually on an alert or attach it to
 
 ## Screenshots
 **Incident Trigger**<br>
-![Incident Trigger](./incident-trigger/images/Get-VirusTotalURLReport_incident.png)<br>
+![Incident Trigger](./incident-trigger/images/designerLight.png)<br>
 **Alert Trigger**<br>
 ![Alert Trigger](./alert-trigger/images/Get-VirusTotalURLReport_alert.png)<br>