Validation errors fixes

2021-07-01 22:17:27 +05:30 · 2021-07-01 22:17:27 +05:30 · 973298326b
--- a/Logos/IronNet.svg
+++ b/Logos/IronNet.svg
@ -1,6 +1,6 @@
 <?xml version="1.0" encoding="utf-8"?>
 <!-- Generator: Adobe Illustrator 25.3.1, SVG Export Plug-In . SVG Version: 6.00 Build 0)  -->
-<svg version="1.1" id="Layer_1" xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink" x="0px" y="0px"
+<svg version="1.1" id="Layer_1" xmlns="http://www.w3.org/2000/svg" x="0px" y="0px"
 	 viewBox="0 0 75 75" style="enable-background:new 0 0 75 75;" xml:space="preserve">
 <g>
 	<rect x="41.9" y="47.2" transform="matrix(0.5 -0.866 0.866 0.5 -20.0165 62.121)" fill="#2A7DE1" width="3.7" height="2.5"/>
--- a/Rules/IronDefense_Detection_Query.yaml
+++ b/Rules/IronDefense_Detection_Query.yaml
@ -15,13 +15,13 @@ tactics:
 relevantTechniques:
 query: |
  CommonSecurityLog
-| where DeviceProduct == "IronDefense"
-| summarize arg_max(TimeGenerated, *) by DeviceCustomString4, DeviceCustomString2
-| extend Category = extract(@'cat=([^;]+)(\;|$)', 1, AdditionalExtensions)
-| extend Subcategory = extract(@'subcat=([^;]+)(\;|$)', 1, AdditionalExtensions)
-| extend AlertDescription = strcat(Category, ': ', Subcategory)
-| extend Status = tostring(DeviceCustomString2)
-| extend IronVueUrl = replace(@'\\', @'', tostring(DeviceCustomString3))
+  | where DeviceProduct == "IronDefense"
+  | summarize arg_max(TimeGenerated, *) by DeviceCustomString4, DeviceCustomString2
+  | extend Category = extract(@'cat=([^;]+)(\;|$)', 1, AdditionalExtensions)
+  | extend Subcategory = extract(@'subcat=([^;]+)(\;|$)', 1, AdditionalExtensions)
+  | extend AlertDescription = strcat(Category, ': ', Subcategory)
+  | extend Status = tostring(DeviceCustomString2)
+  | extend IronVueUrl = replace(@'\\', @'', tostring(DeviceCustomString3))
 entityMappings:
  - entityType: IP
    fieldMappings:
@ -56,3 +56,4 @@ alertDetailsOverride:
  alertDisplayNameFormat: {{Category}}: {{Subcategory}} ({{DeviceCustomString4}})
  alertDescriptionFormat: IronDefense detected suspicious activity on {{TimeGenerated}} and categorized it as "{{AlertDescription}}".  View full details in IronVue: {{IronVueUrl}}
  alertSeverityColumnName: LogSeverity
+version: 1.0.0
--- a/IronDefense/Workbooks/Images/Logos/IronNet.svg
+++ b/IronDefense/Workbooks/Images/Logos/IronNet.svg
@ -0,0 +1,25 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!-- Generator: Adobe Illustrator 25.3.1, SVG Export Plug-In . SVG Version: 6.00 Build 0)  -->
+<svg version="1.1" id="Layer_1" xmlns="http://www.w3.org/2000/svg" x="0px" y="0px"
+	 viewBox="0 0 75 75" style="enable-background:new 0 0 75 75;" xml:space="preserve">
+<g>
+	<rect x="41.9" y="47.2" transform="matrix(0.5 -0.866 0.866 0.5 -20.0165 62.121)" fill="#2A7DE1" width="3.7" height="2.5"/>
+	<path fill="#2A7DE1" d="M36.9,3.7l-9.6,5.5c-0.3,0.2-0.6,0.6-0.6,1v11.1c0,0.2,0.1,0.4,0.2,0.6c0.1,0.2,0.2,0.3,0.4,0.4l9.6,5.5
+		c0.3,0.2,0.8,0.2,1.1,0l9.6-5.5c0.3-0.2,0.6-0.6,0.6-1V10.2c0-0.4-0.2-0.8-0.6-1l-9.6-5.5C37.7,3.4,37.3,3.4,36.9,3.7 M45.2,10.6
+		c0.3,0.2,0.5,0.5,0.5,0.9v8.3c0,0.4-0.2,0.7-0.5,0.9L38,24.9c-0.3,0.2-0.7,0.2-1.1,0l-7.2-4.1c-0.2-0.1-0.3-0.2-0.4-0.4
+		c-0.1-0.2-0.1-0.3-0.1-0.5v-8.3c0-0.4,0.2-0.7,0.5-0.9L37,6.5c0.3-0.2,0.7-0.2,1.1,0L45.2,10.6z"/>
+	<rect x="42.5" y="24.7" transform="matrix(0.866 -0.5 0.5 0.866 -7.4356 25.4595)" fill="#2A7DE1" width="2.5" height="3.7"/>
+	<path fill="#2A7DE1" d="M49.5,25.4L39.9,31c-0.3,0.2-0.6,0.6-0.6,1V43c0,0.2,0.1,0.4,0.2,0.6c0.1,0.2,0.2,0.3,0.4,0.4l9.6,5.5
+		c0.3,0.2,0.8,0.2,1.1,0l9.6-5.5c0.3-0.2,0.6-0.6,0.6-1V32c0-0.4-0.2-0.8-0.6-1l-9.6-5.5C50.3,25.2,49.9,25.2,49.5,25.4 M57.8,32.4
+		c0.3,0.2,0.5,0.5,0.5,0.9v8.3c0,0.4-0.2,0.7-0.5,0.9l-7.2,4.1c-0.3,0.2-0.7,0.2-1.1,0l-7.2-4.1c-0.2-0.1-0.3-0.2-0.4-0.4
+		c-0.1-0.2-0.1-0.3-0.1-0.5v-8.3c0-0.4,0.2-0.7,0.5-0.9l7.2-4.1c0.3-0.2,0.7-0.2,1.1,0L57.8,32.4z"/>
+	<path fill="#2A7DE1" d="M36.9,47.2l-9.6,5.5c-0.3,0.2-0.6,0.6-0.6,1v11.1c0,0.4,0.2,0.8,0.6,1l9.6,5.5c0.3,0.2,0.8,0.2,1.1,0l9.6-5.5
+		c0.2-0.1,0.3-0.2,0.4-0.4c0.1-0.2,0.2-0.4,0.2-0.6V53.7c0-0.4-0.2-0.8-0.6-1l-9.6-5.5C37.7,47,37.3,47,36.9,47.2 M37,50.1
+		c0.3-0.2,0.7-0.2,1.1,0l7.2,4.1c0.3,0.2,0.5,0.5,0.5,0.9v8.3c0,0.2-0.1,0.4-0.1,0.5c-0.1,0.2-0.2,0.3-0.4,0.4L38,68.5
+		c-0.3,0.2-0.7,0.2-1.1,0l-7.2-4.1c-0.3-0.2-0.5-0.5-0.5-0.9v-8.3c0-0.4,0.2-0.7,0.5-0.9L37,50.1z"/>
+	<path fill="#EA0029" d="M24.4,25.4L14.8,31c-0.3,0.2-0.6,0.6-0.6,1V43c0,0.2,0.1,0.4,0.2,0.6c0.1,0.2,0.2,0.3,0.4,0.4l9.6,5.5
+		c0.3,0.2,0.8,0.2,1.1,0l9.6-5.5c0.3-0.2,0.6-0.6,0.6-1V32c0-0.4-0.2-0.8-0.6-1l-9.6-5.5C25.1,25.2,24.7,25.2,24.4,25.4 M32.6,32.4
+		c0.3,0.2,0.5,0.5,0.5,0.9v8.3c0,0.4-0.2,0.7-0.5,0.9l-7.2,4.1c-0.3,0.2-0.7,0.2-1.1,0l-7.2-4.1c-0.2-0.1-0.3-0.2-0.4-0.4
+		c-0.1-0.2-0.1-0.3-0.1-0.5v-8.3c0-0.4,0.2-0.7,0.5-0.9l7.2-4.1c0.3-0.2,0.7-0.2,1.1,0L32.6,32.4z"/>
+</g>
+</svg>
--- a/IronDefense/Workbooks/IronDefenseAlertDashboard.json
+++ b/IronDefense/Workbooks/IronDefenseAlertDashboard.json
@ -1109,6 +1109,6 @@
      "name": "IronDome Notification group"
    }
  ],
-  "fromTemplateId": "sentinel-UserWorkbook",
+  "fromTemplateId": "sentinel-IronDefenseAlertDashboard",
  "$schema": "https://github.com/Microsoft/Application-Insights-Workbooks/blob/master/schema/workbook.json"
 }
--- a/IronDefense/Workbooks/IronDefenseAlertDetails.json
+++ b/IronDefense/Workbooks/IronDefenseAlertDetails.json
@ -1099,6 +1099,6 @@
    "paddingStyle": "wide",
    "spacingStyle": "wide"
  },
-  "fromTemplateId": "sentinel-UserWorkbook",
+  "fromTemplateId": "sentinel-IronDefenseAlertDetails",
  "$schema": "https://github.com/Microsoft/Application-Insights-Workbooks/blob/master/schema/workbook.json"
 }