Standalone metadata updates (#7914)

* Standalone metadata updates * Update WorkbooksMetadata.json * Updated kind * Update kind
2023-04-28 10:10:42 +05:30 · 2023-04-28 10:10:42 +05:30 · 7e0c50c538
--- a/Detections/MultipleDataSources/Dev-0530_FileExtRename.yaml
+++ b/Detections/MultipleDataSources/Dev-0530_FileExtRename.yaml
@ -70,5 +70,14 @@ entityMappings:
        columnName: AlgorithmCustomEntity
      - identifier: Value
        columnName: FileHashCustomEntity
-version: 1.0.1
+version: 1.0.2
 kind: Scheduled
+metadata:
+    source:
+        kind: Community
+    author:
+        name: Ashwin Patil
+    support:
+        tier: Community
+    categories:
+        domains: [ "Security - Others" ]
--- a/Detections/MultipleDataSources/ExchangeWorkerProcessMakingRemoteCall.yaml
+++ b/Detections/MultipleDataSources/ExchangeWorkerProcessMakingRemoteCall.yaml
@ -44,5 +44,14 @@ entityMappings:
    fieldMappings:
      - identifier: FullName
        columnName: DeviceName
-version: 1.0.0
+version: 1.0.1
 kind: Scheduled
+metadata:
+    source:
+        kind: Community
+    author:
+        name: petebryan
+    support:
+        tier: Community
+    categories:
+        domains: [ "Application" ]
--- a/Detections/MultipleDataSources/PrestigeRansomwareIOCsOct22.yaml
+++ b/Detections/MultipleDataSources/PrestigeRansomwareIOCsOct22.yaml
@ -93,5 +93,14 @@ entityMappings:
    fieldMappings:
      - identifier: HostName
        columnName: HostCustomEntity
-version: 1.0.1
+version: 1.0.2
 kind: Scheduled
+metadata:
+    source:
+        kind: Community
+    author:
+        name: Ashwin Patil
+    support:
+        tier: Community
+    categories:
+        domains: [ "Security - Others" ]
--- a/Detections/MultipleDataSources/STRONTIUMJuly2019IOCs.yaml
+++ b/Detections/MultipleDataSources/STRONTIUMJuly2019IOCs.yaml
@ -116,5 +116,14 @@ entityMappings:
    fieldMappings:
      - identifier: Address
        columnName: IPCustomEntity
-version: 1.5.0
+version: 1.5.1
 kind: Scheduled
+metadata:
+    source:
+        kind: Community
+    author:
+        name: petebryan
+    support:
+        tier: Community
+    categories:
+        domains: [ "Security - 0-day Vulnerability" ]
--- a/Detections/SecurityAlert/Dev-0530AVHits.yaml
+++ b/Detections/SecurityAlert/Dev-0530AVHits.yaml
@ -39,5 +39,14 @@ entityMappings:
    fieldMappings:
      - identifier: Address
        columnName: PublicIP
-version: 1.0.1
+version: 1.0.2
 kind: Scheduled
+metadata:
+    source:
+        kind: Community
+    author:
+        name: aprakash13
+    support:
+        tier: Community
+    categories:
+        domains: [ "Security - Others" ]
--- a/Detections/SecurityAlert/HiveRansomwareAVHits.yaml
+++ b/Detections/SecurityAlert/HiveRansomwareAVHits.yaml
@ -39,5 +39,14 @@ entityMappings:
    fieldMappings:
      - identifier: Address
        columnName: PublicIP
-version: 1.0.1
+version: 1.0.2
 kind: Scheduled
+metadata:
+    source:
+        kind: Community
+    author:
+        name: aprakash13
+    support:
+        tier: Community
+    categories:
+        domains: [ "Security - Others" ]
--- a/Detections/SecurityEvent/COMEventSystemLoadingNewDLL.yaml
+++ b/Detections/SecurityEvent/COMEventSystemLoadingNewDLL.yaml
@ -93,5 +93,14 @@ entityMappings:
        columnName: SHA1
      - identifier: Algorithm
        columnName: HashAlgo
-version: 1.0.1
+version: 1.0.2
 kind: Scheduled
+metadata:
+    source:
+        kind: Community
+    author:
+        name: Shain
+    support:
+        tier: Community
+    categories:
+        domains: [ "Security - Others" ]
--- a/Detections/SigninLogs/PrivilegedUserLogonfromnewASN.yaml
+++ b/Detections/SigninLogs/PrivilegedUserLogonfromnewASN.yaml
@ -46,5 +46,14 @@ entityMappings:
    fieldMappings:
      - identifier: Address
        columnName: IPCustomEntity
-version: 1.0.3
-kind: Scheduled
+version: 1.0.4
+kind: Scheduled
+metadata:
+    source:
+        kind: Community
+    author:
+        name: petebryan
+    support:
+        tier: Community
+    categories:
+        domains: [ "Identity", "Security - Others" ]
--- a/Detections/http_proxy_oab_CL/ExchagngeSuspiciousFileDownloads.yaml
+++ b/Detections/http_proxy_oab_CL/ExchagngeSuspiciousFileDownloads.yaml
@ -30,5 +30,14 @@ entityMappings:
    fieldMappings:
      - identifier: FullName
        columnName: HostCustomEntity
-version: 1.0.0
-kind: Scheduled
+version: 1.0.1
+kind: Scheduled
+metadata:
+    source:
+        kind: Community
+    author:
+        name: petebryan
+    support:
+        tier: Community
+    categories:
+        domains: [ "Application" ]
--- a/Detections/http_proxy_oab_CL/HAFNIUMSuspiciousFileDownloads.yaml
+++ b/Detections/http_proxy_oab_CL/HAFNIUMSuspiciousFileDownloads.yaml
@ -28,5 +28,14 @@ entityMappings:
    fieldMappings:
      - identifier: FullName
        columnName: HostCustomEntity
-version: 1.0.0
-kind: Scheduled
+version: 1.0.1
+kind: Scheduled
+metadata:
+    source:
+        kind: Community
+    author:
+        name: petebryan
+    support:
+        tier: Community
+    categories:
+        domains: [ "Security - 0-day Vulnerability" ]
--- a/Queries/GitHub/Suspicious
+++ b/Queries/GitHub/Suspicious
@ -26,3 +26,13 @@ query: |
   ) on Actor, Organization
   | project-away Actor1, Organization1
   | where ContributedToRepos !contains Repository
+version: 1.0.0
+metadata:
+    source:
+        kind: Community
+    author:
+        name: itay6588
+    support:
+        tier: Community
+    categories:
+        domains: [ "DevOps" ]
--- a/Playbooks/QuickStart-SentinelTriggers/alert-trigger/azuredeploy.json
+++ b/Playbooks/QuickStart-SentinelTriggers/alert-trigger/azuredeploy.json
@ -4,16 +4,23 @@
    "metadata":{
        "title": "Alert trigger empty playbook", 
        "description": "Use this template to quickly create a new playbook which starts with an Azure Sentinel alert. The playbook is deployed with Managed Identity enabled.",
-        "prerequisites": "This playbook is configured to work with Managed Identity for the Azure Sentinel Logic Apps connector steps. After playbook is deployed, assign permissions for this playbook to Azure Sentinel workspace. [Learn more](https://docs.microsoft.com/connectors/azuresentinel/#authentication)",
+        "version": "1.0.0",
+		"prerequisites": "This playbook is configured to work with Managed Identity for the Azure Sentinel Logic Apps connector steps. After playbook is deployed, assign permissions for this playbook to Azure Sentinel workspace. [Learn more](https://docs.microsoft.com/connectors/azuresentinel/#authentication)",
        "lastUpdateTime": "2021-07-14T00:00:00.000Z", 
        "entities": [], 
        "tags": ["Quick start"], 
        "support": {
            "tier": "Microsoft" 
        },
+		"categories": {
+		  "domains": [ "Security - Automation (SOAR)" ]
+		},
        "author": {
            "name": "Lior Tamir"
-        }
+        },
+		"source": {
+		  "kind": "Community"
+		}
    },
    "parameters": {
        "PlaybookName": {
--- a/Playbooks/QuickStart-SentinelTriggers/incident-trigger/azuredeploy.json
+++ b/Playbooks/QuickStart-SentinelTriggers/incident-trigger/azuredeploy.json
@ -4,16 +4,23 @@
    "metadata":{
        "title": "Incident trigger empty playbook", 
        "description": "Use this template to quickly create a new playbook which starts with an Azure Sentinel incident. The playbook is deployed with Managed Identity enabled.",
-        "prerequisites": "This playbook is configured to work with Managed Identity for the Azure Sentinel Logic Apps connector steps. After playbook is deployed, assign permissions for this playbook to Azure Sentinel workspace. [Learn more](https://docs.microsoft.com/connectors/azuresentinel/#authentication)",
+        "version": "1.0.0",
+		"prerequisites": "This playbook is configured to work with Managed Identity for the Azure Sentinel Logic Apps connector steps. After playbook is deployed, assign permissions for this playbook to Azure Sentinel workspace. [Learn more](https://docs.microsoft.com/connectors/azuresentinel/#authentication)",
        "lastUpdateTime": "2021-07-14T00:00:00.000Z", 
        "entities": [], 
        "tags": ["Quick start"], 
        "support": {
            "tier": "Microsoft" 
        },
+		"categories": {
+		  "domains": [ "Security - Automation (SOAR)" ]
+		},
        "author": {
            "name": "Lior Tamir"
-        }
+        },
+		"source": {
+		  "kind": "Community"
+		}
    },
    "parameters": {
        "PlaybookName": {
--- a/Workbooks/WorkbooksMetadata.json
+++ b/Workbooks/WorkbooksMetadata.json
@ -23,7 +23,19 @@
    "title": "Attack Surface Reduction Dashboard",
    "templateRelativePath": "AttackSurfaceReduction.json",
    "subtitle": "",
-    "provider": "Microsoft Sentinel community"
+    "provider": "Microsoft Sentinel community",
+	  "support": {
+      "tier": "Microsoft"
+    },
+    "author": {
+      "name": "Daniel Chronlund"
+    },
+    "source": {
+      "kind": "Community"
+    },
+    "categories": {
+      "domains": [ "Security - Threat Protection" ]
+    }
  },
  {
    "workbookKey": "ForcepointNGFWAdvanced",
@ -153,7 +165,19 @@
    "title": "Eset Security Management Center Overview",
    "templateRelativePath": "esetSMCWorkbook.json",
    "subtitle": "",
-    "provider": "Community"
+    "provider": "Community",
+	  "support": {
+      "tier": "Community"
+    },
+    "author": {
+      "name": "Tomáš Kubica"
+    },
+    "source": {
+      "kind": "Community"
+    },
+    "categories": {
+      "domains": [ "Security - Others" ]
+    }
  },
  {
    "workbookKey": "FortigateWorkbook",
@ -618,7 +642,19 @@
    "title": "One Identity",
    "templateRelativePath": "OneIdentity.json",
    "subtitle": "",
-    "provider": "One Identity LLC."
+    "provider": "One Identity LLC.",
+	  "support": {
+      "tier": "Community"
+    },
+    "author": {
+      "name": "Amit Bergman"
+    },
+    "source": {
+      "kind": "Community"
+    },
+    "categories": {
+      "domains": [ "Identity" ]
+    }
  },
  {
    "workbookKey": "SecurityStatusWorkbook",
@ -1503,7 +1539,19 @@
    "title": "SolarWinds Post Compromise Hunting",
    "templateRelativePath": "SolarWindsPostCompromiseHunting.json",
    "subtitle": "",
-    "provider": "Microsoft"
+    "provider": "Microsoft",
+	  "support": {
+      "tier": "Microsoft"
+    },
+    "author": {
+      "name": "Shain"
+    },
+    "source": {
+      "kind": "Community"
+    },
+    "categories": {
+      "domains": [ "Security - Others" ]
+    }
  },
  {
    "workbookKey": "ProofpointPODWorkbook",
@ -1656,7 +1704,19 @@
    "title": "SOC Process Framework",
    "templateRelativePath": "SOCProcessFramework.json",
    "subtitle": "",
-    "provider": "Microsoft Sentinel Community"
+    "provider": "Microsoft Sentinel Community",
+	  "support": {
+      "tier": "Microsoft"
+    },
+    "author": {
+      "name": "Rin Ure"
+    },
+    "source": {
+      "kind": "Community"
+    },
+    "categories": {
+      "domains": [ "Security - Threat Protection" ]
+    }
  },
  {
    "workbookKey": "Microsoft365SecurityPosture",
@ -1859,7 +1919,19 @@
    "title": "Log4j Post Compromise Hunting",
    "templateRelativePath": "Log4jPostCompromiseHunting.json",
    "subtitle": "",
-    "provider": "Microsoft Sentinel Community"
+    "provider": "Microsoft Sentinel Community",
+	  "support": {
+      "tier": "Microsoft"
+    },
+    "author": {
+      "name": "Samik Roy"
+    },
+    "source": {
+      "kind": "Community"
+    },
+    "categories": {
+      "domains": [ "Security - Threat Protection" ]
+    }
  },
  {
    "workbookKey": "UserMap",
@ -2149,7 +2221,19 @@
    "title": "Sentinel Health",
    "templateRelativePath": "SentinelHealth.json",
    "subtitle": "",
-    "provider": "Microsoft Sentinel Community"
+    "provider": "Microsoft Sentinel Community",
+	  "support": {
+      "tier": "Microsoft"
+    },
+    "author": {
+      "name": "Samik Roy"
+    },
+    "source": {
+      "kind": "Community"
+    },
+    "categories": {
+      "domains": [ "Platform" ]
+    }
  },
  {
    "workbookKey": "MicrosoftSentinelCostGBP",
@ -2162,7 +2246,19 @@
    "title": "Microsoft Sentinel Cost (GBP)",
    "templateRelativePath": "MicrosoftSentinelCostGBP.json",
    "subtitle": "",
-    "provider": "Microsoft Sentinel Community"
+    "provider": "Microsoft Sentinel Community",
+	  "support": {
+      "tier": "Microsoft"
+    },
+    "author": {
+      "name": "noodlemctwoodle"
+    },
+    "source": {
+      "kind": "Community"
+    },
+    "categories": {
+      "domains": [ "Platform" ]
+    }
  },
   {
    "workbookKey": "SentinelCosts",
@ -2175,7 +2271,19 @@
    "title": "Sentinel Costs",
    "templateRelativePath": "SentinelCosts.json",
    "subtitle": "",
-    "provider": "Microsoft Sentinel Community"
+    "provider": "Microsoft Sentinel Community",
+	  "support": {
+      "tier": "Microsoft"
+    },
+    "author": {
+      "name": "Yahya Abulhaj"
+    },
+    "source": {
+      "kind": "Community"
+    },
+    "categories": {
+      "domains": [ "Platform" ]
+    }
  },
  {
    "workbookKey": "AutomationHealth",
@ -2224,9 +2332,9 @@
    "templateRelativePath": "Dynamics365Workbooks.json",
    "subtitle": "",
    "provider": "Microsoft Sentinel Community",
-	"support": {
+	  "support": {
            "tier": "Microsoft"
-        },
+     },
     "author": {
            "name": "Microsoft Corporation"
        },
@ -2305,7 +2413,19 @@
      "title": "Microsoft Sentinel Cost (EUR)",
      "templateRelativePath": "MicrosoftSentinelCostEUR.json",
      "subtitle": "",
-      "provider": "Microsoft Sentinel Community"
+      "provider": "Microsoft Sentinel Community",
+	    "support": {
+      "tier": "Microsoft"
+		},
+		"author": {
+		  "name": "Marco Passanisi"
+		},
+		"source": {
+		  "kind": "Community"
+		},
+		"categories": {
+		  "domains": [ "Platform" ]
+		}
    },
    {
      "workbookKey": "LogAnalyticsQueryAnalysis",
@ -2318,7 +2438,19 @@
      "title": "Log Analytics Query Analysis",
      "templateRelativePath": "LogAnalyticsQueryAnalysis.json",
      "subtitle": "",
-      "provider": "Microsoft Sentinel Community"
+      "provider": "Microsoft Sentinel Community",
+	    "support": {
+      "tier": "Microsoft"
+		},
+		"author": {
+		  "name": "Samik Roy"
+		},
+		"source": {
+		  "kind": "Community"
+		},
+		"categories": {
+		  "domains": [ "Platform" ]
+		}
    },
    {
      "workbookKey": "AcscEssential8",
@ -2332,7 +2464,7 @@
      "templateRelativePath": "AcscEssential8.json",
      "subtitle": "",
      "provider": "Microsoft",
-		"support": {
+		  "support": {
            "tier": "Microsoft"
        },
 		"author": {
@ -2410,17 +2542,17 @@
      "support": {
          "tier": "Community"
      },
-  "author": {
-          "name": "Microsoft Sentinel Community"
-      },
-  "source": {
-          "kind": "Community"
-      },
-  "categories": {
-          "domains": [
-              "Data Collection"
-          ]
-      }	  
+      "author": {
+              "name": "Microsoft Sentinel Community"
+          },
+      "source": {
+              "kind": "Community"
+          },
+      "categories": {
+              "domains": [
+                  "Data Collection"
+              ]
+          }	  
  },
  {
      "workbookKey": "IncidentTasksWorkbook",