From aaec6e1fb01f5ec6a212e11df6ae44ac06ea704c Mon Sep 17 00:00:00 2001
From: Lior Tamir <liortamir@microsoft.com>
Date: Sun, 27 Feb 2022 12:32:57 +0200
Subject: [PATCH] Fix more issues in validations

---
 Playbooks/.template/incident-trigger/azuredeploy.json       | 4 ++--
 .../Get-MDEStatistics/incident-trigger/azuredeploy.json     | 2 +-
 .../IdentityProtection-TeamsBotResponse/azuredeploy.json    | 2 +-
 .../Resolve-McasInfrequentCountryAlerts/azuredeploy.json    | 6 +++---
 Playbooks/Restrict-MDEDomain/alert-trigger/azuredeploy.json | 2 +-
 5 files changed, 8 insertions(+), 8 deletions(-)

diff --git a/Playbooks/.template/incident-trigger/azuredeploy.json b/Playbooks/.template/incident-trigger/azuredeploy.json
index 637eccdb16..41fbc0180f 100644
--- a/Playbooks/.template/incident-trigger/azuredeploy.json
+++ b/Playbooks/.template/incident-trigger/azuredeploy.json
@@ -9,8 +9,8 @@
         "2. step"],
         "prerequisites": ["1.preq", "2. preq"],
         "lastUpdateTime": "2021-11-25T00:00:00.000Z", 
-        "entities": [""], 
-        "tags": [""], 
+        "entities": [], 
+        "tags": [], 
         "support": {
             "tier": "community" 
         },
diff --git a/Playbooks/Get-MDEStatistics/incident-trigger/azuredeploy.json b/Playbooks/Get-MDEStatistics/incident-trigger/azuredeploy.json
index 52038782d2..84fb43422b 100644
--- a/Playbooks/Get-MDEStatistics/incident-trigger/azuredeploy.json
+++ b/Playbooks/Get-MDEStatistics/incident-trigger/azuredeploy.json
@@ -6,7 +6,7 @@
         "description": "This playbook will get IP, File and Domain statistics from Microsoft Defender for Endpoint and them to a comment on the Incident in Azure Sentinel.",
         "prerequisites": "You will need to grant Ip.Read.All, Url.Read.All, and File.Read.All permissions to the managed identity.",
         "lastUpdateTime": "2021-07-14T00:00:00.000Z",
-        "entities": [ "Ip", "Dns", "File" ],
+        "entities": [ "Ip", "dnsresolution", "File" ],
         "tags": [ "Enrich" ],
         "support": {
             "tier": "Community"
diff --git a/Playbooks/IdentityProtection-TeamsBotResponse/azuredeploy.json b/Playbooks/IdentityProtection-TeamsBotResponse/azuredeploy.json
index 9865efb321..39101f0507 100644
--- a/Playbooks/IdentityProtection-TeamsBotResponse/azuredeploy.json
+++ b/Playbooks/IdentityProtection-TeamsBotResponse/azuredeploy.json
@@ -10,7 +10,7 @@
         "lastUpdateTime": "2021-07-14T00:00:00.000Z", 
         "entities": ["Account"], 
         "tags": ["Identity protection", "Response from teams"], 
-        "source": {
+        "support": {
             "tier": "community" 
         },
         "author": {
diff --git a/Playbooks/Resolve-McasInfrequentCountryAlerts/azuredeploy.json b/Playbooks/Resolve-McasInfrequentCountryAlerts/azuredeploy.json
index 1e9a9ed327..157d229860 100644
--- a/Playbooks/Resolve-McasInfrequentCountryAlerts/azuredeploy.json
+++ b/Playbooks/Resolve-McasInfrequentCountryAlerts/azuredeploy.json
@@ -2,7 +2,7 @@
     "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
     "contentVersion": "1.0.0.1",
     "parameters": {
-        "logicAppName": {
+        "PlaybookName": {
             "defaultValue": "InfrequentCountryTriage",
             "type": "String",
             "metadata": {
@@ -46,7 +46,7 @@
         {
             "type": "Microsoft.Logic/workflows",
             "apiVersion": "2016-06-01",
-            "name": "[parameters('logicAppName')]",
+            "name": "[parameters('PlaybookName')]",
             "location": "[parameters('location')]",
             "dependsOn": [
                 "[parameters('azuresentinel_Connection_Name')]"
@@ -723,7 +723,7 @@
         
         "logicAppUrl": {
             "type": "string",
-            "value": "[listCallbackURL(concat(resourceId('Microsoft.Logic/workflows/', parameters('logicAppName')), '/triggers/When_a_response_to_an_Azure_Sentinel_alert_is_triggered'), '2016-06-01').value]"
+            "value": "[listCallbackURL(concat(resourceId('Microsoft.Logic/workflows/', parameters('PlaybookName')), '/triggers/When_a_response_to_an_Azure_Sentinel_alert_is_triggered'), '2016-06-01').value]"
         }
     }
 }
\ No newline at end of file
diff --git a/Playbooks/Restrict-MDEDomain/alert-trigger/azuredeploy.json b/Playbooks/Restrict-MDEDomain/alert-trigger/azuredeploy.json
index 58652494db..0c1642cd7d 100644
--- a/Playbooks/Restrict-MDEDomain/alert-trigger/azuredeploy.json
+++ b/Playbooks/Restrict-MDEDomain/alert-trigger/azuredeploy.json
@@ -6,7 +6,7 @@
         "description": "This play book will take DNS entities and generate alert and block threat indicators for each domain in Microsoft Defender for Endpoint for 90 days.",
         "prerequisites": "You will need to grant Ti.ReadWrite permissions to the managed identity.",
         "lastUpdateTime": "2021-07-14T00:00:00.000Z",
-        "entities": [ "Dns" ],
+        "entities": [ "dnsresolution" ],
         "tags": [ "Remediation" ],
         "support": {
             "tier": "Community"