diff --git a/Solutions/ThreatAnalysis&Response/Workbooks/DynamicThreatModeling&Response.json b/Solutions/ThreatAnalysis&Response/Workbooks/DynamicThreatModeling&Response.json
index 64d0e30cf4..9915eefb01 100644
--- a/Solutions/ThreatAnalysis&Response/Workbooks/DynamicThreatModeling&Response.json
+++ b/Solutions/ThreatAnalysis&Response/Workbooks/DynamicThreatModeling&Response.json
@@ -212,7 +212,7 @@
"queryType": 1,
"resourceType": "microsoft.resourcegraph/resources",
"crossComponentResources": [
- "{Workspace}"
+ "{Subscription}"
],
"gridSettings": {
"formatters": [
@@ -231,6 +231,14 @@
]
}
},
+ {
+ "columnMatch": "ManageeTenantId",
+ "formatter": 7,
+ "formatOptions": {
+ "linkTarget": "CellDetails",
+ "linkIsContextBlade": true
+ }
+ },
{
"columnMatch": "ManagedByTenantName",
"formatter": 18,
@@ -248,19 +256,12 @@
},
{
"columnMatch": "ManagedByTenantId",
- "formatter": 1,
+ "formatter": 7,
"formatOptions": {
- "linkTarget": "Resource"
+ "linkTarget": "CellDetails",
+ "linkIsContextBlade": true
}
},
- {
- "columnMatch": "PermanentAccess",
- "formatter": 1
- },
- {
- "columnMatch": "JITAccess",
- "formatter": 1
- },
{
"columnMatch": "AddedDate",
"formatter": 18,
@@ -290,6 +291,14 @@
}
]
}
+ },
+ {
+ "columnMatch": "PermanentAccess",
+ "formatter": 1
+ },
+ {
+ "columnMatch": "JITAccess",
+ "formatter": 1
}
],
"filter": true
@@ -14937,9 +14946,6 @@
"showAnalytics": true,
"title": "🟥 ️[Attack] Security Incidents by Technique",
"noDataMessage": "No Incidents Observed For This Technique Within These Thresholds",
- "timeContext": {
- "durationMs": 1209600000
- },
"timeContextFromParameter": "TimeRange",
"showExportToExcel": true,
"queryType": 0,
@@ -15061,9 +15067,6 @@
"showAnalytics": true,
"title": "🟦 [Defense] Configure Security Baselines",
"noDataMessage": "An Empty Panel Provides Opportunity To Explore Further and Implement Hardening. Controls: Confirm Licensing, Availability, and Health of Respective Offerings. Logging: Confirm Log Source is Onboarded to the Log Analytics Workspace. Time: Adjust the Time Parameter for a Larger Data-Set. ",
- "timeContext": {
- "durationMs": 1209600000
- },
"timeContextFromParameter": "TimeRange",
"showExportToExcel": true,
"queryType": 0,
@@ -18681,7 +18684,7 @@
"type": 3,
"content": {
"version": "KqlItem/1.0",
- "query": "{\"version\":\"1.0.0\",\"content\":\"[\\r\\n\\t{ \\\"Techniques\\\": \\\"[T1087] Account Discovery\\\", \\\"tab\\\": \\\"T1087\\\" },\\r\\n\\t{ \\\"Techniques\\\": \\\"[T1580] Cloud Infrastructure Discovery\\\", \\\"tab\\\": \\\"T1580\\\" },\\r\\n\\t{ \\\"Techniques\\\": \\\"[T1538] Cloud Service Dashboard\\\", \\\"tab\\\": \\\"T1538\\\" },\\r\\n\\t{ \\\"Techniques\\\": \\\"[T1526] Cloud Service Discovery\\\", \\\"tab\\\": \\\"T1526\\\" },\\r\\n\\t{ \\\"Techniques\\\": \\\"[T1619] Cloud Storage Object Discovery\\\", \\\"tab\\\": \\\"T1619\\\" },\\r\\n\\t{ \\\"Techniques\\\": \\\"[T1046] Network Service Scanning\\\", \\\"tab\\\": \\\"T1046\\\" },\\r\\n\\t{ \\\"Techniques\\\": \\\"[T1201] Password Policy Discovery\\\", \\\"tab\\\": \\\"T1201\\\" },\\r\\n\\t{ \\\"Techniques\\\": \\\"[T1069] Permission Groups Discovery\\\", \\\"tab\\\": \\\"T1069\\\" },\\r\\n\\t{ \\\"Techniques\\\": \\\"[T1518] Software Discovery\\\", \\\"tab\\\": \\\"T1518\\\" },\\r\\n\\t{ \\\"Techniques\\\": \\\"[T1082] System Information Discovery\\\", \\\"tab\\\": \\\"T1082\\\" },\\r\\n\\t{ \\\"Techniques\\\": \\\"[T1614] System Location Discovery\\\", \\\"tab\\\": \\\"T1614\\\" },\\r\\n\\t{ \\\"Techniques\\\": \\\"[T1049] System Network Connections Discovery\\\", \\\"tab\\\": \\\"T1049\\\" }\\r\\n]\",\"transformers\":null}",
+ "query": "{\"version\":\"1.0.0\",\"content\":\"[\\r\\n\\t{ \\\"Techniques\\\": \\\"[T1087] Account Discovery\\\", \\\"tab\\\": \\\"T1087\\\" },\\r\\n\\t{ \\\"Techniques\\\": \\\"[T1580] Cloud Infrastructure Discovery\\\", \\\"tab\\\": \\\"T1580\\\" },\\r\\n\\t{ \\\"Techniques\\\": \\\"[T1538] Cloud Service Dashboard\\\", \\\"tab\\\": \\\"T1538\\\" },\\r\\n\\t{ \\\"Techniques\\\": \\\"[T1526] Cloud Service Discovery\\\", \\\"tab\\\": \\\"T1526\\\" },\\r\\n\\t{ \\\"Techniques\\\": \\\"[T1619] Cloud Storage Object Discovery\\\", \\\"tab\\\": \\\"T1619\\\" },\\r\\n\\t{ \\\"Techniques\\\": \\\"[T1046] Network Service Scanning\\\", \\\"tab\\\": \\\"T1046\\\" },\\r\\n\\t{ \\\"Techniques\\\": \\\"[T1201] Password Policy Discovery\\\", \\\"tab\\\": \\\"T1201\\\" },\\r\\n\\t{ \\\"Techniques\\\": \\\"[T1069] Permission Groups Discovery\\\", \\\"tab\\\": \\\"T1069\\\" },\\r\\n\\t{ \\\"Techniques\\\": \\\"[T1518] Software Discovery\\\", \\\"tab\\\": \\\"T1518\\\" },\\r\\n\\t{ \\\"Techniques\\\": \\\"[T1082] System Information Discovery\\\", \\\"tab\\\": \\\"T1082\\\" },\\r\\n\\t{ \\\"Techniques\\\": \\\"[T1614] System Location Discovery\\\", \\\"tab\\\": \\\"T1614\\\" }\\r\\n]\",\"transformers\":null}",
"size": 3,
"exportMultipleValues": true,
"exportedParameters": [
@@ -19048,36 +19051,6 @@
"durationMs": 86400000
},
"id": "2feea22f-133e-4377-9f34-ef2f5dd55e66"
- },
- {
- "version": "KqlParameterItem/1.0",
- "name": "isT1049Visible",
- "type": 1,
- "isHiddenWhenLocked": true,
- "criteriaData": [
- {
- "criteriaContext": {
- "leftOperand": "Tab",
- "operator": "contains",
- "rightValType": "static",
- "rightVal": "T1049",
- "resultValType": "static",
- "resultVal": "true"
- }
- },
- {
- "criteriaContext": {
- "operator": "Default",
- "rightValType": "param",
- "resultValType": "static",
- "resultVal": "false"
- }
- }
- ],
- "timeContext": {
- "durationMs": 86400000
- },
- "id": "e8c157ee-4199-4caf-bb53-aa211a74bfa7"
}
],
"style": "pills",
@@ -21802,165 +21775,6 @@
"styleSettings": {
"showBorder": true
}
- },
- {
- "type": 12,
- "content": {
- "version": "NotebookGroup/1.0",
- "groupType": "editable",
- "items": [
- {
- "type": 1,
- "content": {
- "json": "# [System Network Connections Discovery (T1049)](https://attack.mitre.org/techniques/T1049/)\r\n\r\n### Recommended Logs\r\n🔷 [SecurityIncident](https://docs.microsoft.com/azure/azure-monitor/reference/tables/securityincident) ✳️ [Microsoft Sentinel](https://azure.microsoft.com/services/microsoft-sentinel/)
\r\n\r\n### Microsoft Portals\r\n🔀 [Microsoft Sentinel](https://portal.azure.com/#blade/HubsExtension/BrowseResource/resourceType/microsoft.securityinsightsarg%2Fsentinel)
\r\n\r\n### NIST 800-53 Controls to ATT&CK Mappings\r\n[N/A](https://ctid.mitre-engenuity.org/our-work/nist-800-53-control-mappings/)"
- },
- "customWidth": "50",
- "name": "text - 5",
- "styleSettings": {
- "maxWidth": "50"
- }
- },
- {
- "type": 12,
- "content": {
- "version": "NotebookGroup/1.0",
- "groupType": "editable",
- "items": [
- {
- "type": 3,
- "content": {
- "version": "KqlItem/1.0",
- "query": "SecurityIncident\r\n| extend Techniques = tostring(parse_json(tostring(AdditionalData.techniques)))\r\n| extend Tactics = tostring(parse_json(tostring(AdditionalData.tactics)))\r\n| where Techniques <> \"\"\r\n| where Techniques contains \"T1049\"\r\n| summarize arg_max(TimeGenerated, *) by IncidentNumber\r\n| parse IncidentUrl with * '/#asset/Microsoft_Azure_Security_Insights/Incident' IncidentBlade\r\n| extend SeverityRank=iff(Severity == \"High\", 3, iff(Severity == \"Medium\", 2, iff(Severity == \"Low\", 1, iff(Severity == \"Informational\", 0, 0))))\r\n| sort by SeverityRank, TimeGenerated desc\r\n| project ['Incident Name']=Title, IncidentNumber, Severity, IncidentUrl, FirstActivityTime, IncidentBlade\r\n| limit 250",
- "size": 0,
- "showAnalytics": true,
- "title": "🟥 ️[Attack] Security Incidents by Technique",
- "noDataMessage": "No Incidents Observed For This Technique Within These Thresholds",
- "timeContext": {
- "durationMs": 1209600000
- },
- "timeContextFromParameter": "TimeRange",
- "showExportToExcel": true,
- "queryType": 0,
- "resourceType": "microsoft.operationalinsights/workspaces",
- "crossComponentResources": [
- "{Workspace}"
- ],
- "gridSettings": {
- "formatters": [
- {
- "columnMatch": "Incident Name",
- "formatter": 18,
- "formatOptions": {
- "thresholdsOptions": "icons",
- "thresholdsGrid": [
- {
- "operator": "Default",
- "thresholdValue": null,
- "representation": "Alert",
- "text": "{0}{1}"
- }
- ]
- }
- },
- {
- "columnMatch": "Severity",
- "formatter": 18,
- "formatOptions": {
- "thresholdsOptions": "icons",
- "thresholdsGrid": [
- {
- "operator": "==",
- "thresholdValue": "High",
- "representation": "Sev0",
- "text": "{0}{1}"
- },
- {
- "operator": "==",
- "thresholdValue": "Medium",
- "representation": "Sev1",
- "text": "{0}{1}"
- },
- {
- "operator": "==",
- "thresholdValue": "Low",
- "representation": "Sev2",
- "text": "{0}{1}"
- },
- {
- "operator": "Default",
- "thresholdValue": null,
- "representation": "Sev3",
- "text": "{0}{1}"
- }
- ]
- }
- },
- {
- "columnMatch": "IncidentUrl",
- "formatter": 7,
- "formatOptions": {
- "linkTarget": "OpenBlade",
- "linkLabel": "Go to Incident >>",
- "bladeOpenContext": {
- "bladeName": "CaseBlade",
- "extensionName": "Microsoft_Azure_Security_Insights",
- "bladeParameters": [
- {
- "name": "id",
- "source": "column",
- "value": "IncidentBlade"
- }
- ]
- }
- }
- },
- {
- "columnMatch": "IncidentBlade",
- "formatter": 5
- }
- ],
- "filter": true
- }
- },
- "name": "query - 3"
- },
- {
- "type": 11,
- "content": {
- "version": "LinkItem/1.0",
- "style": "list",
- "links": [
- {
- "id": "521d368e-c46e-41b5-bea0-fd07dc96b511",
- "linkTarget": "OpenBlade",
- "linkLabel": "Review Current MITRE ATT&CK® Coverage >>",
- "style": "secondary",
- "bladeOpenContext": {
- "bladeName": "MitrePage.ReactView",
- "extensionName": "Microsoft_Azure_Security_Insights",
- "bladeParameters": []
- }
- }
- ]
- },
- "name": "links - 8"
- }
- ]
- },
- "customWidth": "50",
- "name": "group - 3"
- }
- ]
- },
- "conditionalVisibility": {
- "parameterName": "isT1049Visible",
- "comparison": "isEqualTo",
- "value": "true"
- },
- "name": "System Network Connections Discovery",
- "styleSettings": {
- "showBorder": true
- }
}
]
},
@@ -24601,7 +24415,7 @@
"type": 3,
"content": {
"version": "KqlItem/1.0",
- "query": "{\"version\":\"1.0.0\",\"content\":\"[\\r\\n\\t{ \\\"Techniques\\\": \\\"[T1485] Data Destruction\\\", \\\"tab\\\": \\\"T1485\\\" },\\r\\n\\t{ \\\"Techniques\\\": \\\"[T1486] Data Encrypted for Impact\\\", \\\"tab\\\": \\\"T1486\\\" },\\r\\n\\t{ \\\"Techniques\\\": \\\"[T1491] Defacement\\\", \\\"tab\\\": \\\"T1491\\\" },\\r\\n\\t{ \\\"Techniques\\\": \\\"[T1499] Endpoint Denial of Service\\\", \\\"tab\\\": \\\"T1499\\\" },\\r\\n\\t{ \\\"Techniques\\\": \\\"[T1498] Network Denial of Service\\\", \\\"tab\\\": \\\"T1498\\\" },\\r\\n\\t{ \\\"Techniques\\\": \\\"[T1496] Resource Hijacking\\\", \\\"tab\\\": \\\"T1496\\\" }\\r\\n]\",\"transformers\":null}",
+ "query": "{\"version\":\"1.0.0\",\"content\":\"[\\r\\n\\t{ \\\"Techniques\\\": \\\"[T1485] Data Destruction\\\", \\\"tab\\\": \\\"T1485\\\" },\\r\\n\\t{ \\\"Techniques\\\": \\\"[T1486] Data Encrypted for Impact\\\", \\\"tab\\\": \\\"T1486\\\" },\\r\\n\\t{ \\\"Techniques\\\": \\\"[T1491] Defacement\\\", \\\"tab\\\": \\\"T1491\\\" },\\r\\n\\t{ \\\"Techniques\\\": \\\"[T1499] Endpoint Denial of Service\\\", \\\"tab\\\": \\\"T1499\\\" },\\r\\n\\t{ \\\"Techniques\\\": \\\"[T1498] Network Denial of Service\\\", \\\"tab\\\": \\\"T1498\\\" }\\r\\n]\",\"transformers\":null}",
"size": 3,
"exportMultipleValues": true,
"exportedParameters": [
@@ -24788,36 +24602,6 @@
"durationMs": 86400000
},
"id": "46ffac92-407a-4545-a2b1-b51493e4c5e3"
- },
- {
- "version": "KqlParameterItem/1.0",
- "name": "isT1496Visible",
- "type": 1,
- "isHiddenWhenLocked": true,
- "criteriaData": [
- {
- "criteriaContext": {
- "leftOperand": "Tab",
- "operator": "contains",
- "rightValType": "static",
- "rightVal": "T1496",
- "resultValType": "static",
- "resultVal": "true"
- }
- },
- {
- "criteriaContext": {
- "operator": "Default",
- "rightValType": "param",
- "resultValType": "static",
- "resultVal": "false"
- }
- }
- ],
- "timeContext": {
- "durationMs": 86400000
- },
- "id": "8ef1aa55-8dc2-423f-a0ab-ada5dd73b626"
}
],
"style": "pills",
@@ -26331,165 +26115,6 @@
"styleSettings": {
"showBorder": true
}
- },
- {
- "type": 12,
- "content": {
- "version": "NotebookGroup/1.0",
- "groupType": "editable",
- "items": [
- {
- "type": 1,
- "content": {
- "json": "# [Resource Hijacking (T1496)](https://attack.mitre.org/techniques/T1496/)\r\n\r\n### Recommended Logs\r\n🔷 [SecurityIncident](https://docs.microsoft.com/azure/azure-monitor/reference/tables/securityincident) ✳️ [Microsoft Sentinel](https://azure.microsoft.com/services/microsoft-sentinel/)
\r\n\r\n### Microsoft Portals\r\n🔀 [Microsoft Sentinel](https://portal.azure.com/#blade/HubsExtension/BrowseResource/resourceType/microsoft.securityinsightsarg%2Fsentinel)
\r\n\r\n### NIST 800-53 Controls to ATT&CK Mappings\r\n[N/A](https://ctid.mitre-engenuity.org/our-work/nist-800-53-control-mappings/)"
- },
- "customWidth": "50",
- "name": "text - 5",
- "styleSettings": {
- "maxWidth": "50"
- }
- },
- {
- "type": 12,
- "content": {
- "version": "NotebookGroup/1.0",
- "groupType": "editable",
- "items": [
- {
- "type": 3,
- "content": {
- "version": "KqlItem/1.0",
- "query": "SecurityIncident\r\n| extend Techniques = tostring(parse_json(tostring(AdditionalData.techniques)))\r\n| extend Tactics = tostring(parse_json(tostring(AdditionalData.tactics)))\r\n| where Techniques <> \"\"\r\n| where Techniques contains \"T1496\"\r\n| summarize arg_max(TimeGenerated, *) by IncidentNumber\r\n| parse IncidentUrl with * '/#asset/Microsoft_Azure_Security_Insights/Incident' IncidentBlade\r\n| extend SeverityRank=iff(Severity == \"High\", 3, iff(Severity == \"Medium\", 2, iff(Severity == \"Low\", 1, iff(Severity == \"Informational\", 0, 0))))\r\n| sort by SeverityRank, TimeGenerated desc\r\n| project ['Incident Name']=Title, IncidentNumber, Severity, IncidentUrl, FirstActivityTime, IncidentBlade\r\n| limit 250",
- "size": 0,
- "showAnalytics": true,
- "title": "🟥 ️[Attack] Security Incidents by Technique",
- "noDataMessage": "No Incidents Observed For This Technique Within These Thresholds",
- "timeContext": {
- "durationMs": 1209600000
- },
- "timeContextFromParameter": "TimeRange",
- "showExportToExcel": true,
- "queryType": 0,
- "resourceType": "microsoft.operationalinsights/workspaces",
- "crossComponentResources": [
- "{Workspace}"
- ],
- "gridSettings": {
- "formatters": [
- {
- "columnMatch": "Incident Name",
- "formatter": 18,
- "formatOptions": {
- "thresholdsOptions": "icons",
- "thresholdsGrid": [
- {
- "operator": "Default",
- "thresholdValue": null,
- "representation": "Alert",
- "text": "{0}{1}"
- }
- ]
- }
- },
- {
- "columnMatch": "Severity",
- "formatter": 18,
- "formatOptions": {
- "thresholdsOptions": "icons",
- "thresholdsGrid": [
- {
- "operator": "==",
- "thresholdValue": "High",
- "representation": "Sev0",
- "text": "{0}{1}"
- },
- {
- "operator": "==",
- "thresholdValue": "Medium",
- "representation": "Sev1",
- "text": "{0}{1}"
- },
- {
- "operator": "==",
- "thresholdValue": "Low",
- "representation": "Sev2",
- "text": "{0}{1}"
- },
- {
- "operator": "Default",
- "thresholdValue": null,
- "representation": "Sev3",
- "text": "{0}{1}"
- }
- ]
- }
- },
- {
- "columnMatch": "IncidentUrl",
- "formatter": 7,
- "formatOptions": {
- "linkTarget": "OpenBlade",
- "linkLabel": "Go to Incident >>",
- "bladeOpenContext": {
- "bladeName": "CaseBlade",
- "extensionName": "Microsoft_Azure_Security_Insights",
- "bladeParameters": [
- {
- "name": "id",
- "source": "column",
- "value": "IncidentBlade"
- }
- ]
- }
- }
- },
- {
- "columnMatch": "IncidentBlade",
- "formatter": 5
- }
- ],
- "filter": true
- }
- },
- "name": "query - 3"
- },
- {
- "type": 11,
- "content": {
- "version": "LinkItem/1.0",
- "style": "list",
- "links": [
- {
- "id": "521d368e-c46e-41b5-bea0-fd07dc96b511",
- "linkTarget": "OpenBlade",
- "linkLabel": "Review Current MITRE ATT&CK® Coverage >>",
- "style": "secondary",
- "bladeOpenContext": {
- "bladeName": "MitrePage.ReactView",
- "extensionName": "Microsoft_Azure_Security_Insights",
- "bladeParameters": []
- }
- }
- ]
- },
- "name": "links - 8"
- }
- ]
- },
- "customWidth": "50",
- "name": "group - 3"
- }
- ]
- },
- "conditionalVisibility": {
- "parameterName": "isT1496Visible",
- "comparison": "isEqualTo",
- "value": "true"
- },
- "name": "Resource Hijacking",
- "styleSettings": {
- "showBorder": true
- }
}
]
},
@@ -26513,53 +26138,12 @@
"groupType": "editable",
"items": [
{
- "type": 12,
+ "type": 1,
"content": {
- "version": "NotebookGroup/1.0",
- "groupType": "editable",
- "items": [
- {
- "type": 1,
- "content": {
- "json": "# [Recommended Data Connectors](https://docs.microsoft.com/azure/sentinel/connect-data-sources)\r\n---\r\n\r\nAfter onboarding Microsoft Sentinel into your workspace, connect data sources to start ingesting your data into Microsoft Sentinel. Microsoft Sentinel comes with many connectors for Microsoft products, available out of the box and providing real-time integration. For example, service-to-service connectors include Microsoft 365 Defender connectors and Microsoft 365 sources, such as Office 365, Azure Active Directory (Azure AD), Microsoft Defender for Identity, and Microsoft Defender for Cloud Apps. Check out these references if you're new to Microsoft Sentinel."
- },
- "name": "NS Guide"
- },
- {
- "type": 11,
- "content": {
- "version": "LinkItem/1.0",
- "style": "nav",
- "links": [
- {
- "id": "b9a6293e-1c7b-4ec2-ad2a-d72b5ee01722",
- "cellValue": "https://docs.microsoft.com/azure/sentinel/best-practices",
- "linkTarget": "Url",
- "linkLabel": "Best Practices",
- "style": "link"
- },
- {
- "id": "1bad541e-219a-4277-9510-876b0e8cad51",
- "cellValue": "https://techcommunity.microsoft.com/t5/microsoft-sentinel-blog/azure-sentinel-all-in-one-accelerator/ba-p/1807933",
- "linkTarget": "Url",
- "linkLabel": "Microsoft Sentinel All-In-One Accelerator",
- "style": "link"
- },
- {
- "id": "7e8ff8aa-f632-4a4d-90cf-a71da0dc6b31",
- "cellValue": "https://docs.microsoft.com/learn/browse/?wt.mc_id=resilience_skilling_webpage_gdc&terms=sentinel",
- "linkTarget": "Url",
- "linkLabel": "Microsoft Sentinel Training",
- "style": "link"
- }
- ]
- },
- "name": "links - 29"
- }
- ]
+ "json": "# [Recommended Data Connectors](https://docs.microsoft.com/azure/sentinel/connect-data-sources)\r\n---\r\n\r\nAfter onboarding Microsoft Sentinel into your workspace, connect data sources to start ingesting your data into Microsoft Sentinel. Microsoft Sentinel comes with many connectors for Microsoft products, available out of the box and providing real-time integration. For example, service-to-service connectors include Microsoft 365 Defender connectors and Microsoft 365 sources, such as Office 365, Azure Active Directory (Azure AD), Microsoft Defender for Identity, and Microsoft Defender for Cloud Apps. Check out these references if you're new to Microsoft Sentinel."
},
"customWidth": "40",
- "name": "group - 3"
+ "name": "NS Guide"
},
{
"type": 1,
@@ -26576,9 +26160,9 @@
"style": "list",
"links": [
{
- "id": "4a388baf-b1ed-4d69-9b31-58039271c260",
+ "id": "b1cd1f8a-e807-4deb-93f4-7812e5ed014a",
"linkTarget": "OpenBlade",
- "linkLabel": "Data Connectors",
+ "linkLabel": "Data Connectors >>",
"style": "secondary",
"bladeOpenContext": {
"bladeName": "DataConnectorsBlade",
@@ -26588,10 +26172,43 @@
}
]
},
- "customWidth": "50",
+ "customWidth": "20",
"name": "EL0"
+ },
+ {
+ "type": 11,
+ "content": {
+ "version": "LinkItem/1.0",
+ "style": "nav",
+ "links": [
+ {
+ "id": "b9a6293e-1c7b-4ec2-ad2a-d72b5ee01722",
+ "cellValue": "https://docs.microsoft.com/azure/sentinel/best-practices",
+ "linkTarget": "Url",
+ "linkLabel": "Best Practices",
+ "style": "link"
+ },
+ {
+ "id": "1bad541e-219a-4277-9510-876b0e8cad51",
+ "cellValue": "https://techcommunity.microsoft.com/t5/microsoft-sentinel-blog/azure-sentinel-all-in-one-accelerator/ba-p/1807933",
+ "linkTarget": "Url",
+ "linkLabel": "Microsoft Sentinel All-In-One Accelerator",
+ "style": "link"
+ },
+ {
+ "id": "7e8ff8aa-f632-4a4d-90cf-a71da0dc6b31",
+ "cellValue": "https://docs.microsoft.com/learn/browse/?wt.mc_id=resilience_skilling_webpage_gdc&terms=sentinel",
+ "linkTarget": "Url",
+ "linkLabel": "Microsoft Sentinel Training",
+ "style": "link"
+ }
+ ]
+ },
+ "customWidth": "40",
+ "name": "links - 29"
}
- ]
+ ],
+ "exportParameters": true
},
"name": "group - 7"
},
@@ -26600,560 +26217,1154 @@
"content": {
"version": "NotebookGroup/1.0",
"groupType": "editable",
- "title": "Foundational Data Connectors",
+ "loadType": "always",
"items": [
{
- "type": 11,
+ "type": 1,
"content": {
- "version": "LinkItem/1.0",
- "style": "list",
- "links": [
- {
- "id": "58cc25ab-a9af-4516-99e1-fa22e0637a76",
- "linkTarget": "OpenBlade",
- "linkLabel": "Azure Activity Connector >>",
- "style": "secondary",
- "bladeOpenContext": {
- "bladeName": "DataConnectorBlade",
- "extensionName": "Microsoft_Azure_Security_Insights",
- "bladeParameters": [
- {
- "name": "dataConnectorId",
- "source": "static",
- "value": "AzureActiveDirectory"
- }
- ]
- }
- },
- {
- "id": "7c97e893-29f3-4d4c-a379-f220bb82518c",
- "linkTarget": "OpenBlade",
- "linkLabel": "Azure Active Directory Connector >>",
- "style": "secondary",
- "bladeOpenContext": {
- "bladeName": "DataConnectorBlade",
- "extensionName": "Microsoft_Azure_Security_Insights",
- "bladeParameters": [
- {
- "name": "dataConnectorId",
- "source": "static",
- "value": "AzureActivity"
- }
- ]
- }
- },
- {
- "id": "6a86eb8d-5487-4aad-ae7b-b526e68a249f",
- "linkTarget": "OpenBlade",
- "linkLabel": "Office 365 Connector >>",
- "style": "secondary",
- "bladeOpenContext": {
- "bladeName": "DataConnectorBlade",
- "extensionName": "Microsoft_Azure_Security_Insights",
- "bladeParameters": [
- {
- "name": "dataConnectorId",
- "source": "static",
- "value": "Office365"
- }
- ]
- }
- },
- {
- "id": "56600b70-0e55-433a-be86-b7c561bced8b",
- "linkTarget": "OpenBlade",
- "linkLabel": "Microsoft Defender for Cloud Connector >>",
- "style": "secondary",
- "bladeOpenContext": {
- "bladeName": "DataConnectorBlade",
- "extensionName": "Microsoft_Azure_Security_Insights",
- "bladeParameters": [
- {
- "name": "dataConnectorId",
- "source": "static",
- "value": "AzureSecurityCenter"
- }
- ]
- }
- },
- {
- "id": "935bb630-1fce-4021-b7b4-c010b9e05973",
- "linkTarget": "OpenBlade",
- "linkLabel": "Network Security Groups Connector >>",
- "style": "secondary",
- "bladeOpenContext": {
- "bladeName": "DataConnectorBlade",
- "extensionName": "Microsoft_Azure_Security_Insights",
- "bladeParameters": [
- {
- "name": "dataConnectorId",
- "source": "static",
- "value": "AzureNSG"
- }
- ]
- }
- },
- {
- "id": "d002eb41-c632-429b-8504-846b69314620",
- "linkTarget": "OpenBlade",
- "linkLabel": "Windows Security Event (AMA) Connector >>",
- "style": "secondary",
- "bladeOpenContext": {
- "bladeName": "DataConnectorBlade",
- "extensionName": "Microsoft_Azure_Security_Insights",
- "bladeParameters": [
- {
- "name": "dataConnectorId",
- "source": "static",
- "value": "WindowsSecurityEvents"
- }
- ]
- }
- },
- {
- "id": "9a8b0649-e79b-4a30-be25-4a5486f302ee",
- "linkTarget": "OpenBlade",
- "linkLabel": "Windows Security Event (MMA) Connector >>",
- "style": "secondary",
- "bladeOpenContext": {
- "bladeName": "DataConnectorBlade",
- "extensionName": "Microsoft_Azure_Security_Insights",
- "bladeParameters": [
- {
- "name": "dataConnectorId",
- "source": "static",
- "value": "SecurityEvents"
- }
- ]
- }
- },
- {
- "id": "2d8731f5-c225-4a39-9914-6391b2c89ecb",
- "linkTarget": "OpenBlade",
- "linkLabel": "DNS Connector >>",
- "style": "secondary",
- "bladeOpenContext": {
- "bladeName": "DataConnectorBlade",
- "extensionName": "Microsoft_Azure_Security_Insights",
- "bladeParameters": [
- {
- "name": "dataConnectorId",
- "source": "static",
- "value": "DNS"
- }
- ]
- }
- },
- {
- "id": "6d9cd26b-3fcd-4556-b2eb-3dcb711c4de4",
- "linkTarget": "OpenBlade",
- "linkLabel": "Azure Storage Account Connector >>",
- "style": "secondary",
- "bladeOpenContext": {
- "bladeName": "DataConnectorBlade",
- "extensionName": "Microsoft_Azure_Security_Insights",
- "bladeParameters": [
- {
- "name": "dataConnectorId",
- "source": "static",
- "value": "AzureStorageAccount"
- }
- ]
- }
- },
- {
- "id": "452e02e1-b0c4-4b9b-8a54-bc9295db22b9",
- "linkTarget": "OpenBlade",
- "linkLabel": "Common Event Format (CEF) Connector >>",
- "style": "secondary",
- "bladeOpenContext": {
- "bladeName": "DataConnectorBlade",
- "extensionName": "Microsoft_Azure_Security_Insights",
- "bladeParameters": [
- {
- "name": "dataConnectorId",
- "source": "static",
- "value": "CEF"
- }
- ]
- }
- },
- {
- "id": "021644a3-bd51-4b09-8117-017a89c71d58",
- "linkTarget": "OpenBlade",
- "linkLabel": "Syslog Connector >>",
- "style": "secondary",
- "bladeOpenContext": {
- "bladeName": "DataConnectorBlade",
- "extensionName": "Microsoft_Azure_Security_Insights",
- "bladeParameters": [
- {
- "name": "dataConnectorId",
- "source": "static",
- "value": "Syslog"
- }
- ]
- }
- },
- {
- "id": "393c465e-4398-428b-8da2-87ac07d8a987",
- "linkTarget": "OpenBlade",
- "linkLabel": "Amazon Web Services (AWS) Connector >> ",
- "style": "secondary",
- "bladeOpenContext": {
- "bladeName": "DataConnectorBlade",
- "extensionName": "Microsoft_Azure_Security_Insights",
- "bladeParameters": [
- {
- "name": "dataConnectorId",
- "source": "static",
- "value": "AWS"
- }
- ]
- }
- },
- {
- "id": "d9b9144c-69bc-4eb2-a747-a9e0d206780b",
- "linkTarget": "OpenBlade",
- "linkLabel": "Amazon Web Services (S3) Connector >> ",
- "style": "secondary",
- "bladeOpenContext": {
- "bladeName": "DataConnectorBlade",
- "extensionName": "Microsoft_Azure_Security_Insights",
- "bladeParameters": [
- {
- "name": "dataConnectorId",
- "source": "static",
- "value": "AwsS3"
- }
- ]
- }
- }
- ]
+ "json": "## Foundational Connectors",
+ "style": "info"
},
- "customWidth": "50",
- "name": "EL0"
+ "name": "text - 13"
+ },
+ {
+ "type": 12,
+ "content": {
+ "version": "NotebookGroup/1.0",
+ "groupType": "editable",
+ "loadType": "always",
+ "items": [
+ {
+ "type": 1,
+ "content": {
+ "json": "### [Azure Activity Connector](https://docs.microsoft.com/azure/azure-monitor/essentials/activity-log)"
+ },
+ "customWidth": "33",
+ "name": "text - 2"
+ },
+ {
+ "type": 9,
+ "content": {
+ "version": "KqlParameterItem/1.0",
+ "crossComponentResources": [
+ "{Workspace}"
+ ],
+ "parameters": [
+ {
+ "id": "909d0019-23cb-43ad-8285-9f1dca1cd1be",
+ "version": "KqlParameterItem/1.0",
+ "name": "AzureActivity",
+ "label": "Status",
+ "type": 1,
+ "query": "AzureActivity\r\n| limit 1\r\n| summarize count()\r\n| extend Results = iff(count_ ==0, \"❌ Not Connected\", \"✅ Connected\")\r\n| project Results",
+ "crossComponentResources": [
+ "{Workspace}"
+ ],
+ "timeContext": {
+ "durationMs": 0
+ },
+ "timeContextFromParameter": "TimeRange",
+ "queryType": 0,
+ "resourceType": "microsoft.operationalinsights/workspaces"
+ }
+ ],
+ "style": "pills",
+ "queryType": 0,
+ "resourceType": "microsoft.operationalinsights/workspaces"
+ },
+ "customWidth": "33",
+ "name": "Azure Activity Connector"
+ },
+ {
+ "type": 11,
+ "content": {
+ "version": "LinkItem/1.0",
+ "style": "list",
+ "links": [
+ {
+ "id": "58cc25ab-a9af-4516-99e1-fa22e0637a76",
+ "linkTarget": "OpenBlade",
+ "linkLabel": "Enable Connector",
+ "style": "secondary",
+ "bladeOpenContext": {
+ "bladeName": "DataConnectorBlade",
+ "extensionName": "Microsoft_Azure_Security_Insights",
+ "bladeParameters": [
+ {
+ "name": "dataConnectorId",
+ "source": "static",
+ "value": "AzureActivity"
+ }
+ ]
+ }
+ }
+ ]
+ },
+ "customWidth": "33",
+ "name": "EL0"
+ }
+ ],
+ "exportParameters": true
+ },
+ "name": "33",
+ "styleSettings": {
+ "showBorder": true
+ }
+ },
+ {
+ "type": 12,
+ "content": {
+ "version": "NotebookGroup/1.0",
+ "groupType": "editable",
+ "loadType": "always",
+ "items": [
+ {
+ "type": 1,
+ "content": {
+ "json": "### [Azure Active Directory (AAD) Connector](https://docs.microsoft.com/azure/sentinel/connect-azure-active-directory)"
+ },
+ "customWidth": "33",
+ "name": "text - 2"
+ },
+ {
+ "type": 9,
+ "content": {
+ "version": "KqlParameterItem/1.0",
+ "crossComponentResources": [
+ "{Workspace}"
+ ],
+ "parameters": [
+ {
+ "id": "23ba579d-c894-43be-9fe1-d1b04bc34d7a",
+ "version": "KqlParameterItem/1.0",
+ "name": "SignInLogs",
+ "label": "Status",
+ "type": 1,
+ "query": "SigninLogs\r\n| limit 1\r\n| summarize count()\r\n| extend Results = iff(count_ ==0, \"❌ Not Connected\", \"✅ Connected\")\r\n| project Results",
+ "crossComponentResources": [
+ "{Workspace}"
+ ],
+ "timeContext": {
+ "durationMs": 0
+ },
+ "timeContextFromParameter": "TimeRange",
+ "queryType": 0,
+ "resourceType": "microsoft.operationalinsights/workspaces"
+ }
+ ],
+ "style": "pills",
+ "queryType": 0,
+ "resourceType": "microsoft.operationalinsights/workspaces"
+ },
+ "customWidth": "33",
+ "name": "Azure Active Directory"
+ },
+ {
+ "type": 11,
+ "content": {
+ "version": "LinkItem/1.0",
+ "style": "list",
+ "links": [
+ {
+ "id": "7c97e893-29f3-4d4c-a379-f220bb82518c",
+ "linkTarget": "OpenBlade",
+ "linkLabel": "Enable Connector",
+ "style": "secondary",
+ "bladeOpenContext": {
+ "bladeName": "DataConnectorBlade",
+ "extensionName": "Microsoft_Azure_Security_Insights",
+ "bladeParameters": [
+ {
+ "name": "dataConnectorId",
+ "source": "static",
+ "value": "AzureActiveDirectory"
+ }
+ ]
+ }
+ }
+ ]
+ },
+ "customWidth": "33",
+ "name": "EL0"
+ }
+ ],
+ "exportParameters": true
+ },
+ "name": "Azure Active Directory (AAD) Connector",
+ "styleSettings": {
+ "showBorder": true
+ }
+ },
+ {
+ "type": 12,
+ "content": {
+ "version": "NotebookGroup/1.0",
+ "groupType": "editable",
+ "loadType": "always",
+ "items": [
+ {
+ "type": 1,
+ "content": {
+ "json": "### [Office 365 Connector](https://docs.microsoft.com/azure/sentinel/data-connectors-reference#microsoft-office-365)"
+ },
+ "customWidth": "33",
+ "name": "text - 2"
+ },
+ {
+ "type": 9,
+ "content": {
+ "version": "KqlParameterItem/1.0",
+ "crossComponentResources": [
+ "{Workspace}"
+ ],
+ "parameters": [
+ {
+ "id": "68bd12c8-e473-45d1-8bbc-2dd9f326ea69",
+ "version": "KqlParameterItem/1.0",
+ "name": "OfficeActivity",
+ "label": "Status",
+ "type": 1,
+ "query": "OfficeActivity\r\n| limit 1\r\n| summarize count()\r\n| extend Results = iff(count_ ==0, \"❌ Not Connected\", \"✅ Connected\")\r\n| project Results",
+ "crossComponentResources": [
+ "{Workspace}"
+ ],
+ "timeContext": {
+ "durationMs": 0
+ },
+ "timeContextFromParameter": "TimeRange",
+ "queryType": 0,
+ "resourceType": "microsoft.operationalinsights/workspaces"
+ }
+ ],
+ "style": "pills",
+ "queryType": 0,
+ "resourceType": "microsoft.operationalinsights/workspaces"
+ },
+ "customWidth": "33",
+ "name": "Azure Activity Connector - Copy - Copy"
+ },
+ {
+ "type": 11,
+ "content": {
+ "version": "LinkItem/1.0",
+ "style": "list",
+ "links": [
+ {
+ "id": "6a86eb8d-5487-4aad-ae7b-b526e68a249f",
+ "linkTarget": "OpenBlade",
+ "linkLabel": "Enable Connector",
+ "style": "secondary",
+ "bladeOpenContext": {
+ "bladeName": "DataConnectorBlade",
+ "extensionName": "Microsoft_Azure_Security_Insights",
+ "bladeParameters": [
+ {
+ "name": "dataConnectorId",
+ "source": "static",
+ "value": "Office365"
+ }
+ ]
+ }
+ }
+ ]
+ },
+ "customWidth": "33",
+ "name": "EL0"
+ }
+ ],
+ "exportParameters": true
+ },
+ "name": "Office 365 Connector",
+ "styleSettings": {
+ "showBorder": true
+ }
+ },
+ {
+ "type": 12,
+ "content": {
+ "version": "NotebookGroup/1.0",
+ "groupType": "editable",
+ "loadType": "always",
+ "items": [
+ {
+ "type": 1,
+ "content": {
+ "json": "### [Microsoft Defender for Cloud Connector](https://docs.microsoft.com/azure/sentinel/data-connectors-reference#microsoft-defender-for-cloud)"
+ },
+ "customWidth": "33",
+ "name": "text - 2"
+ },
+ {
+ "type": 9,
+ "content": {
+ "version": "KqlParameterItem/1.0",
+ "crossComponentResources": [
+ "{Workspace}"
+ ],
+ "parameters": [
+ {
+ "id": "1673e4cf-354f-4a42-bed2-2374be47779e",
+ "version": "KqlParameterItem/1.0",
+ "name": "MDfC",
+ "label": "Status",
+ "type": 1,
+ "query": "SecurityAlert\r\n| where ProviderName == \"Azure Security Center\"\r\n| limit 1\r\n| summarize count()\r\n| extend Results = iff(count_ ==0, \"❌ Not Connected\", \"✅ Connected\")\r\n| project Results",
+ "crossComponentResources": [
+ "{Workspace}"
+ ],
+ "timeContext": {
+ "durationMs": 0
+ },
+ "timeContextFromParameter": "TimeRange",
+ "queryType": 0,
+ "resourceType": "microsoft.operationalinsights/workspaces"
+ }
+ ],
+ "style": "pills",
+ "queryType": 0,
+ "resourceType": "microsoft.operationalinsights/workspaces"
+ },
+ "customWidth": "33",
+ "name": "Azure Activity Connector - Copy - Copy - Copy"
+ },
+ {
+ "type": 11,
+ "content": {
+ "version": "LinkItem/1.0",
+ "style": "list",
+ "links": [
+ {
+ "id": "56600b70-0e55-433a-be86-b7c561bced8b",
+ "linkTarget": "OpenBlade",
+ "linkLabel": "Enable Connector",
+ "style": "secondary",
+ "bladeOpenContext": {
+ "bladeName": "DataConnectorBlade",
+ "extensionName": "Microsoft_Azure_Security_Insights",
+ "bladeParameters": [
+ {
+ "name": "dataConnectorId",
+ "source": "static",
+ "value": "AzureSecurityCenter"
+ }
+ ]
+ }
+ }
+ ]
+ },
+ "customWidth": "33",
+ "name": "EL0"
+ }
+ ],
+ "exportParameters": true
+ },
+ "name": "Microsoft Defender for Cloud Connector",
+ "styleSettings": {
+ "showBorder": true
+ }
+ },
+ {
+ "type": 12,
+ "content": {
+ "version": "NotebookGroup/1.0",
+ "groupType": "editable",
+ "loadType": "always",
+ "items": [
+ {
+ "type": 1,
+ "content": {
+ "json": "### [Amazon Web Services (AWS) Connector](https://docs.microsoft.com/azure/sentinel/connect-aws?tabs=s3)"
+ },
+ "customWidth": "33",
+ "name": "text - 2"
+ },
+ {
+ "type": 9,
+ "content": {
+ "version": "KqlParameterItem/1.0",
+ "crossComponentResources": [
+ "{Workspace}"
+ ],
+ "parameters": [
+ {
+ "id": "18ed59f0-c497-44b1-94b7-8700051cf189",
+ "version": "KqlParameterItem/1.0",
+ "name": "AWS",
+ "label": "Status",
+ "type": 1,
+ "query": "AWSCloudTrail\r\n| limit 1\r\n| summarize count()\r\n| extend Results = iff(count_ ==0, \"❌ Not Connected\", \"✅ Connected\")\r\n| project Results",
+ "crossComponentResources": [
+ "{Workspace}"
+ ],
+ "timeContext": {
+ "durationMs": 0
+ },
+ "timeContextFromParameter": "TimeRange",
+ "queryType": 0,
+ "resourceType": "microsoft.operationalinsights/workspaces"
+ }
+ ],
+ "style": "pills",
+ "queryType": 0,
+ "resourceType": "microsoft.operationalinsights/workspaces"
+ },
+ "customWidth": "33",
+ "name": "Azure Activity Connector - Copy - Copy - Copy - Copy - Copy - Copy - Copy - Copy - Copy - Copy - Copy"
+ },
+ {
+ "type": 11,
+ "content": {
+ "version": "LinkItem/1.0",
+ "style": "list",
+ "links": [
+ {
+ "id": "393c465e-4398-428b-8da2-87ac07d8a987",
+ "linkTarget": "OpenBlade",
+ "linkLabel": "Enable Connector",
+ "style": "secondary",
+ "bladeOpenContext": {
+ "bladeName": "DataConnectorBlade",
+ "extensionName": "Microsoft_Azure_Security_Insights",
+ "bladeParameters": [
+ {
+ "name": "dataConnectorId",
+ "source": "static",
+ "value": "AWS"
+ }
+ ]
+ }
+ }
+ ]
+ },
+ "customWidth": "33",
+ "name": "EL0"
+ }
+ ],
+ "exportParameters": true
+ },
+ "name": "Amazon Web Services (AWS) Connector",
+ "styleSettings": {
+ "showBorder": true
+ }
+ },
+ {
+ "type": 12,
+ "content": {
+ "version": "NotebookGroup/1.0",
+ "groupType": "editable",
+ "loadType": "always",
+ "items": [
+ {
+ "type": 1,
+ "content": {
+ "json": "### [Google Cloud Platform IAM Connector](https://docs.microsoft.com/azure/sentinel/data-connectors-reference#google-workspace-g-suite-preview)"
+ },
+ "customWidth": "33",
+ "name": "text - 2"
+ },
+ {
+ "type": 9,
+ "content": {
+ "version": "KqlParameterItem/1.0",
+ "crossComponentResources": [
+ "{Workspace}"
+ ],
+ "parameters": [
+ {
+ "id": "548cdd92-87c3-4e69-be08-52ecca0f76a8",
+ "version": "KqlParameterItem/1.0",
+ "name": "GCP",
+ "label": "Status",
+ "type": 1,
+ "query": "GCP_IAM_CL\r\n| limit 1\r\n| summarize count()\r\n| extend Results = iff(count_ ==0, \"❌ Not Connected\", \"✅ Connected\")\r\n| project Results",
+ "crossComponentResources": [
+ "{Workspace}"
+ ],
+ "timeContext": {
+ "durationMs": 0
+ },
+ "timeContextFromParameter": "TimeRange",
+ "queryType": 0,
+ "resourceType": "microsoft.operationalinsights/workspaces"
+ }
+ ],
+ "style": "pills",
+ "queryType": 0,
+ "resourceType": "microsoft.operationalinsights/workspaces"
+ },
+ "customWidth": "33",
+ "name": "parameters - 3"
+ },
+ {
+ "type": 11,
+ "content": {
+ "version": "LinkItem/1.0",
+ "style": "list",
+ "links": [
+ {
+ "id": "d9b9144c-69bc-4eb2-a747-a9e0d206780b",
+ "linkTarget": "OpenBlade",
+ "linkLabel": "Enable Connector",
+ "style": "secondary",
+ "bladeOpenContext": {
+ "bladeName": "DataConnectorBlade",
+ "extensionName": "Microsoft_Azure_Security_Insights",
+ "bladeParameters": [
+ {
+ "name": "dataConnectorId",
+ "source": "static",
+ "value": "1f2ba663-dd7a-49b6-87ba-0b8adf6d2d34"
+ }
+ ]
+ }
+ }
+ ]
+ },
+ "customWidth": "33",
+ "name": "EL0"
+ }
+ ],
+ "exportParameters": true
+ },
+ "name": "Amazon Web Services (AWS) S3 Connector - Copy",
+ "styleSettings": {
+ "showBorder": true
+ }
}
- ]
+ ],
+ "exportParameters": true
},
- "name": "group - 3"
+ "name": "group - 5",
+ "styleSettings": {
+ "showBorder": true
+ }
},
{
"type": 12,
"content": {
"version": "NotebookGroup/1.0",
"groupType": "editable",
- "title": "Basic Data Connectors",
+ "loadType": "always",
"items": [
{
- "type": 11,
+ "type": 1,
"content": {
- "version": "LinkItem/1.0",
- "style": "list",
- "links": [
- {
- "id": "6a86eb8d-5487-4aad-ae7b-b526e68a249f",
- "linkTarget": "OpenBlade",
- "linkLabel": "Microsoft 365 Defender Connector >>",
- "style": "secondary",
- "bladeOpenContext": {
- "bladeName": "DataConnectorBlade",
- "extensionName": "Microsoft_Azure_Security_Insights",
- "bladeParameters": [
- {
- "name": "dataConnectorId",
- "source": "static",
- "value": "MicrosoftThreatProtection"
- }
- ]
- }
- },
- {
- "id": "94a0e6f0-7918-4575-baf4-6e52541646dd",
- "linkTarget": "OpenBlade",
- "linkLabel": "Azure Firewall Connector >>",
- "style": "secondary",
- "bladeOpenContext": {
- "bladeName": "DataConnectorBlade",
- "extensionName": "Microsoft_Azure_Security_Insights",
- "bladeParameters": [
- {
- "name": "dataConnectorId",
- "source": "static",
- "value": "AzureFirewall"
- }
- ]
- }
- },
- {
- "id": "d40e1198-0e60-4672-9ad1-c70c58dcb39d",
- "linkTarget": "OpenBlade",
- "linkLabel": "Windows Firewall Connector >>",
- "style": "secondary",
- "bladeOpenContext": {
- "bladeName": "DataConnectorBlade",
- "extensionName": "Microsoft_Azure_Security_Insights",
- "bladeParameters": [
- {
- "name": "dataConnectorId",
- "source": "static",
- "value": "WindowsFirewall"
- }
- ]
- }
- },
- {
- "id": "18bb33e3-9d70-4043-925d-30af02d24991",
- "linkTarget": "OpenBlade",
- "linkLabel": "Azure WAF Connector >>",
- "style": "secondary",
- "bladeOpenContext": {
- "bladeName": "DataConnectorBlade",
- "extensionName": "Microsoft_Azure_Security_Insights",
- "bladeParameters": [
- {
- "name": "dataConnectorId",
- "source": "static",
- "value": "WAF"
- }
- ]
- }
- },
- {
- "id": "5ece71ef-6973-449a-899d-514b41c7bfb7",
- "linkTarget": "OpenBlade",
- "linkLabel": "Azure KeyVault Connector >>",
- "style": "secondary",
- "bladeOpenContext": {
- "bladeName": "DataConnectorBlade",
- "extensionName": "Microsoft_Azure_Security_Insights",
- "bladeParameters": [
- {
- "name": "dataConnectorId",
- "source": "static",
- "value": "AzureKeyVault"
- }
- ]
- }
- },
- {
- "id": "e4eb576b-5ab7-474f-bfc8-7310ad92acbc",
- "linkTarget": "OpenBlade",
- "linkLabel": "Azure DDoS Connector >>",
- "style": "secondary",
- "bladeOpenContext": {
- "bladeName": "DataConnectorBlade",
- "extensionName": "Microsoft_Azure_Security_Insights",
- "bladeParameters": [
- {
- "name": "dataConnectorId",
- "source": "static",
- "value": "DDOS"
- }
- ]
- }
- },
- {
- "id": "c41a232a-e50e-421b-ac72-235c2bb58bf6",
- "linkTarget": "OpenBlade",
- "linkLabel": "Export Security Recommendations >>",
- "style": "secondary",
- "bladeOpenContext": {
- "bladeName": "SecurityMenuBlade",
- "extensionName": "Microsoft_Azure_Security",
- "bladeParameters": []
- }
- }
- ]
+ "json": "## Basic Connectors",
+ "style": "info"
},
- "customWidth": "50",
- "name": "EL0"
+ "name": "text - 13"
+ },
+ {
+ "type": 12,
+ "content": {
+ "version": "NotebookGroup/1.0",
+ "groupType": "editable",
+ "loadType": "always",
+ "items": [
+ {
+ "type": 1,
+ "content": {
+ "json": "### [Microsoft 365 Defender Connector](https://docs.microsoft.com/azure/sentinel/connect-microsoft-365-defender?tabs=MDE)"
+ },
+ "customWidth": "33",
+ "name": "text - 2"
+ },
+ {
+ "type": 9,
+ "content": {
+ "version": "KqlParameterItem/1.0",
+ "crossComponentResources": [
+ "{Workspace}"
+ ],
+ "parameters": [
+ {
+ "id": "548cdd92-87c3-4e69-be08-52ecca0f76a8",
+ "version": "KqlParameterItem/1.0",
+ "name": "M365Defender",
+ "label": "Status",
+ "type": 1,
+ "query": "AlertEvidence\r\n| limit 1\r\n| summarize count()\r\n| extend Results = iff(count_ ==0, \"❌ Not Connected\", \"✅ Connected\")\r\n| project Results",
+ "crossComponentResources": [
+ "{Workspace}"
+ ],
+ "timeContext": {
+ "durationMs": 0
+ },
+ "timeContextFromParameter": "TimeRange",
+ "queryType": 0,
+ "resourceType": "microsoft.operationalinsights/workspaces"
+ }
+ ],
+ "style": "pills",
+ "queryType": 0,
+ "resourceType": "microsoft.operationalinsights/workspaces"
+ },
+ "customWidth": "33",
+ "name": "parameters - 3"
+ },
+ {
+ "type": 11,
+ "content": {
+ "version": "LinkItem/1.0",
+ "style": "list",
+ "links": [
+ {
+ "id": "d9b9144c-69bc-4eb2-a747-a9e0d206780b",
+ "linkTarget": "OpenBlade",
+ "linkLabel": "Enable Connector",
+ "style": "secondary",
+ "bladeOpenContext": {
+ "bladeName": "DataConnectorBlade",
+ "extensionName": "Microsoft_Azure_Security_Insights",
+ "bladeParameters": [
+ {
+ "name": "dataConnectorId",
+ "source": "static",
+ "value": "MicrosoftThreatProtection"
+ }
+ ]
+ }
+ }
+ ]
+ },
+ "customWidth": "33",
+ "name": "EL0"
+ }
+ ],
+ "exportParameters": true
+ },
+ "name": "Microsoft 365 Defender Connector",
+ "styleSettings": {
+ "showBorder": true
+ }
+ },
+ {
+ "type": 12,
+ "content": {
+ "version": "NotebookGroup/1.0",
+ "groupType": "editable",
+ "loadType": "always",
+ "items": [
+ {
+ "type": 1,
+ "content": {
+ "json": "### [Microsoft Defender for Endpoint Connector](https://docs.microsoft.com/azure/sentinel/data-connectors-reference#microsoft-defender-for-endpoint)"
+ },
+ "customWidth": "33",
+ "name": "text - 2"
+ },
+ {
+ "type": 9,
+ "content": {
+ "version": "KqlParameterItem/1.0",
+ "crossComponentResources": [
+ "{Workspace}"
+ ],
+ "parameters": [
+ {
+ "id": "548cdd92-87c3-4e69-be08-52ecca0f76a8",
+ "version": "KqlParameterItem/1.0",
+ "name": "MDE",
+ "label": "Status",
+ "type": 1,
+ "query": "SecurityAlert\r\n| where ProviderName == \"MDATP\"\r\n| limit 1\r\n| summarize count()\r\n| extend Results = iff(count_ ==0, \"❌ Not Connected\", \"✅ Connected\")\r\n| project Results",
+ "crossComponentResources": [
+ "{Workspace}"
+ ],
+ "timeContext": {
+ "durationMs": 0
+ },
+ "timeContextFromParameter": "TimeRange",
+ "queryType": 0,
+ "resourceType": "microsoft.operationalinsights/workspaces"
+ }
+ ],
+ "style": "pills",
+ "queryType": 0,
+ "resourceType": "microsoft.operationalinsights/workspaces"
+ },
+ "customWidth": "33",
+ "name": "parameters - 3"
+ },
+ {
+ "type": 11,
+ "content": {
+ "version": "LinkItem/1.0",
+ "style": "list",
+ "links": [
+ {
+ "id": "d9b9144c-69bc-4eb2-a747-a9e0d206780b",
+ "linkTarget": "OpenBlade",
+ "linkLabel": "Enable Connector",
+ "style": "secondary",
+ "bladeOpenContext": {
+ "bladeName": "DataConnectorBlade",
+ "extensionName": "Microsoft_Azure_Security_Insights",
+ "bladeParameters": [
+ {
+ "name": "dataConnectorId",
+ "source": "static",
+ "value": "MicrosoftDefenderAdvancedThreatProtection"
+ }
+ ]
+ }
+ }
+ ]
+ },
+ "customWidth": "33",
+ "name": "EL0"
+ }
+ ],
+ "exportParameters": true
+ },
+ "name": "Microsoft 365 Defender Connector - Copy",
+ "styleSettings": {
+ "showBorder": true
+ }
+ },
+ {
+ "type": 12,
+ "content": {
+ "version": "NotebookGroup/1.0",
+ "groupType": "editable",
+ "loadType": "always",
+ "items": [
+ {
+ "type": 1,
+ "content": {
+ "json": "### [Azure DDoS Connector](https://docs.microsoft.com/azure/sentinel/data-connectors-reference#azure-ddos-protection)"
+ },
+ "customWidth": "33",
+ "name": "text - 2"
+ },
+ {
+ "type": 9,
+ "content": {
+ "version": "KqlParameterItem/1.0",
+ "crossComponentResources": [
+ "{Workspace}"
+ ],
+ "parameters": [
+ {
+ "id": "548cdd92-87c3-4e69-be08-52ecca0f76a8",
+ "version": "KqlParameterItem/1.0",
+ "name": "DDoS",
+ "label": "Status",
+ "type": 1,
+ "query": "AzureDiagnostics | where ResourceType == \"PUBLICIPADDRESSES\"\r\n| limit 1\r\n| summarize count()\r\n| extend Results = iff(count_ ==0, \"❌ Not Connected\", \"✅ Connected\")\r\n| project Results",
+ "crossComponentResources": [
+ "{Workspace}"
+ ],
+ "timeContext": {
+ "durationMs": 0
+ },
+ "timeContextFromParameter": "TimeRange",
+ "queryType": 0,
+ "resourceType": "microsoft.operationalinsights/workspaces"
+ }
+ ],
+ "style": "pills",
+ "queryType": 0,
+ "resourceType": "microsoft.operationalinsights/workspaces"
+ },
+ "customWidth": "33",
+ "name": "Azure Activity Connector - Copy - Copy - Copy - Copy - Copy - Copy - Copy - Copy - Copy - Copy"
+ },
+ {
+ "type": 11,
+ "content": {
+ "version": "LinkItem/1.0",
+ "style": "list",
+ "links": [
+ {
+ "id": "d9b9144c-69bc-4eb2-a747-a9e0d206780b",
+ "linkTarget": "OpenBlade",
+ "linkLabel": "Enable Connector",
+ "style": "secondary",
+ "bladeOpenContext": {
+ "bladeName": "DataConnectorBlade",
+ "extensionName": "Microsoft_Azure_Security_Insights",
+ "bladeParameters": [
+ {
+ "name": "dataConnectorId",
+ "source": "static",
+ "value": "DDOS"
+ }
+ ]
+ }
+ }
+ ]
+ },
+ "customWidth": "33",
+ "name": "EL0"
+ }
+ ],
+ "exportParameters": true
+ },
+ "name": "Azure DDoS Connector",
+ "styleSettings": {
+ "showBorder": true
+ }
+ },
+ {
+ "type": 12,
+ "content": {
+ "version": "NotebookGroup/1.0",
+ "groupType": "editable",
+ "loadType": "always",
+ "items": [
+ {
+ "type": 1,
+ "content": {
+ "json": "### [Microsoft Defender for Cloud: Continuous Export](https://docs.microsoft.com/azure/defender-for-cloud/continuous-export?tabs=azure-portal)"
+ },
+ "customWidth": "33",
+ "name": "text - 2"
+ },
+ {
+ "type": 9,
+ "content": {
+ "version": "KqlParameterItem/1.0",
+ "crossComponentResources": [
+ "{Workspace}"
+ ],
+ "parameters": [
+ {
+ "id": "548cdd92-87c3-4e69-be08-52ecca0f76a8",
+ "version": "KqlParameterItem/1.0",
+ "name": "SecurityRecommendation",
+ "label": "Status",
+ "type": 1,
+ "query": "SecurityRecommendation\r\n| limit 1\r\n| summarize count()\r\n| extend Results = iff(count_ ==0, \"❌ Not Connected\", \"✅ Connected\")\r\n| project Results",
+ "crossComponentResources": [
+ "{Workspace}"
+ ],
+ "timeContext": {
+ "durationMs": 0
+ },
+ "timeContextFromParameter": "TimeRange",
+ "queryType": 0,
+ "resourceType": "microsoft.operationalinsights/workspaces"
+ }
+ ],
+ "style": "pills",
+ "queryType": 0,
+ "resourceType": "microsoft.operationalinsights/workspaces"
+ },
+ "customWidth": "33",
+ "name": "parameters - 3"
+ },
+ {
+ "type": 11,
+ "content": {
+ "version": "LinkItem/1.0",
+ "style": "list",
+ "links": [
+ {
+ "id": "d9b9144c-69bc-4eb2-a747-a9e0d206780b",
+ "linkTarget": "OpenBlade",
+ "linkLabel": "Enable Feature",
+ "style": "secondary",
+ "bladeOpenContext": {
+ "bladeName": "SecurityMenuBlade",
+ "extensionName": "Microsoft_Azure_Security",
+ "bladeParameters": []
+ }
+ }
+ ]
+ },
+ "customWidth": "33",
+ "name": "EL0"
+ }
+ ],
+ "exportParameters": true
+ },
+ "name": "Continuous Export Connector",
+ "styleSettings": {
+ "showBorder": true
+ }
}
- ]
+ ],
+ "exportParameters": true
},
- "name": "group - 3 - Copy"
+ "name": "group - 6",
+ "styleSettings": {
+ "showBorder": true
+ }
},
{
"type": 12,
"content": {
"version": "NotebookGroup/1.0",
"groupType": "editable",
- "title": "Intermediate Data Connectors",
+ "loadType": "always",
"items": [
{
- "type": 11,
+ "type": 1,
"content": {
- "version": "LinkItem/1.0",
- "style": "list",
- "links": [
- {
- "id": "b7426ec2-789c-45e0-8d43-11dfb2c3e539",
- "linkTarget": "OpenBlade",
- "linkLabel": "Azure Information Protection Connector >>",
- "style": "secondary",
- "bladeOpenContext": {
- "bladeName": "DataConnectorBlade",
- "extensionName": "Microsoft_Azure_Security_Insights",
- "bladeParameters": [
- {
- "name": "dataConnectorId",
- "source": "static",
- "value": "AzureInformationProtection"
- }
- ]
- }
- },
- {
- "id": "1ca7a45b-98bd-4fb9-944f-fcc6a54188b7",
- "linkTarget": "OpenBlade",
- "linkLabel": "Dynamics 365 Connector >>",
- "style": "secondary",
- "bladeOpenContext": {
- "bladeName": "DataConnectorBlade",
- "extensionName": "Microsoft_Azure_Security_Insights",
- "bladeParameters": [
- {
- "name": "dataConnectorId",
- "source": "static",
- "value": "Dynamics365"
- }
- ]
- }
- },
- {
- "id": "7e4f324f-8529-4ae0-b47b-b24697b8fc5d",
- "linkTarget": "OpenBlade",
- "linkLabel": "Azure Kubernetes Service (AKS) Connector >>",
- "style": "secondary",
- "bladeOpenContext": {
- "bladeName": "DataConnectorBlade",
- "extensionName": "Microsoft_Azure_Security_Insights",
- "bladeParameters": [
- {
- "name": "dataConnectorId",
- "source": "static",
- "value": "AzureKubernetes"
- }
- ]
- }
- },
- {
- "id": "6a86eb8d-5487-4aad-ae7b-b526e68a249f",
- "linkTarget": "OpenBlade",
- "linkLabel": "Qualys Vulnerability Management Connector >>>>",
- "style": "secondary",
- "bladeOpenContext": {
- "bladeName": "DataConnectorBlade",
- "extensionName": "Microsoft_Azure_Security_Insights",
- "bladeParameters": [
- {
- "name": "dataConnectorId",
- "source": "static",
- "value": "QualysVulnerabilityManagement"
- }
- ]
- }
- }
- ]
+ "json": "## Advanced Connectors",
+ "style": "info"
},
- "customWidth": "50",
- "name": "EL0"
- }
- ]
- },
- "name": "group - 6"
- },
- {
- "type": 12,
- "content": {
- "version": "NotebookGroup/1.0",
- "groupType": "editable",
- "title": "Advanced Data Connectors",
- "items": [
+ "name": "text - 13"
+ },
{
- "type": 11,
+ "type": 12,
"content": {
- "version": "LinkItem/1.0",
- "style": "list",
- "links": [
+ "version": "NotebookGroup/1.0",
+ "groupType": "editable",
+ "loadType": "always",
+ "items": [
{
- "id": "0bb302f6-3711-459c-ba1b-5ae434c35ca2",
- "linkTarget": "OpenBlade",
- "linkLabel": "Azure Active Directory Identity Protection Connector >>",
- "style": "secondary",
- "bladeOpenContext": {
- "bladeName": "DataConnectorBlade",
- "extensionName": "Microsoft_Azure_Security_Insights",
- "bladeParameters": [
- {
- "name": "dataConnectorId",
- "source": "static",
- "value": "AzureActiveDirectoryIdentityProtection"
- }
- ]
- }
+ "type": 1,
+ "content": {
+ "json": "### [Azure Active Directory Identity Protection Connector](https://docs.microsoft.com/azure/sentinel/data-connectors-reference#azure-active-directory-identity-protection)"
+ },
+ "customWidth": "33",
+ "name": "text - 2"
},
{
- "id": "6a86eb8d-5487-4aad-ae7b-b526e68a249f",
- "linkTarget": "OpenBlade",
- "linkLabel": "Threat Intelligence TAXII Connector >>",
- "style": "secondary",
- "bladeOpenContext": {
- "bladeName": "DataConnectorBlade",
- "extensionName": "Microsoft_Azure_Security_Insights",
- "bladeParameters": [
+ "type": 9,
+ "content": {
+ "version": "KqlParameterItem/1.0",
+ "crossComponentResources": [
+ "{Workspace}"
+ ],
+ "parameters": [
{
- "name": "dataConnectorId",
- "source": "static",
- "value": "ThreatIntelligenceTaxii"
+ "id": "548cdd92-87c3-4e69-be08-52ecca0f76a8",
+ "version": "KqlParameterItem/1.0",
+ "name": "AADIP",
+ "label": "Status",
+ "type": 1,
+ "query": "SecurityAlert | where ProductName == \"Azure Active Directory Identity Protection\"\r\n| limit 1\r\n| summarize count()\r\n| extend Results = iff(count_ ==0, \"❌ Not Connected\", \"✅ Connected\")\r\n| project Results",
+ "crossComponentResources": [
+ "{Workspace}"
+ ],
+ "timeContext": {
+ "durationMs": 0
+ },
+ "timeContextFromParameter": "TimeRange",
+ "queryType": 0,
+ "resourceType": "microsoft.operationalinsights/workspaces"
}
- ]
- }
+ ],
+ "style": "pills",
+ "queryType": 0,
+ "resourceType": "microsoft.operationalinsights/workspaces"
+ },
+ "customWidth": "33",
+ "name": "parameters - 1"
},
{
- "id": "b96a3f2e-61f1-4f30-ae85-b45e6e83402b",
- "linkTarget": "OpenBlade",
- "linkLabel": "Threat Intelligence Platform Connector >>",
- "style": "secondary",
- "bladeOpenContext": {
- "bladeName": "DataConnectorBlade",
- "extensionName": "Microsoft_Azure_Security_Insights",
- "bladeParameters": [
+ "type": 11,
+ "content": {
+ "version": "LinkItem/1.0",
+ "style": "list",
+ "links": [
{
- "name": "dataConnectorId",
- "source": "static",
- "value": "ThreatIntelligence"
+ "id": "d9b9144c-69bc-4eb2-a747-a9e0d206780b",
+ "linkTarget": "OpenBlade",
+ "linkLabel": "Enable Connector",
+ "style": "secondary",
+ "bladeOpenContext": {
+ "bladeName": "DataConnectorBlade",
+ "extensionName": "Microsoft_Azure_Security_Insights",
+ "bladeParameters": [
+ {
+ "name": "dataConnectorId",
+ "source": "static",
+ "value": "AzureActiveDirectoryIdentityProtection"
+ }
+ ]
+ }
}
]
- }
- },
- {
- "id": "6f75e7eb-1a0f-466d-8b26-de898770f1bf",
- "linkTarget": "OpenBlade",
- "linkLabel": "Microsoft Defender for IoT Connector >>",
- "style": "secondary",
- "bladeOpenContext": {
- "bladeName": "DataConnectorBlade",
- "extensionName": "Microsoft_Azure_Security_Insights",
- "bladeParameters": [
- {
- "name": "dataConnectorId",
- "source": "static",
- "value": "IoT"
- }
- ]
- }
+ },
+ "customWidth": "33",
+ "name": "EL0"
}
- ]
+ ],
+ "exportParameters": true
},
- "customWidth": "50",
- "name": "EL0"
+ "name": "Azure Active Directory Identity Protection Connector",
+ "styleSettings": {
+ "showBorder": true
+ }
+ },
+ {
+ "type": 12,
+ "content": {
+ "version": "NotebookGroup/1.0",
+ "groupType": "editable",
+ "loadType": "always",
+ "items": [
+ {
+ "type": 1,
+ "content": {
+ "json": "### [Microsoft Defender for IoT Connector](https://docs.microsoft.com/azure/sentinel/data-connectors-reference#microsoft-defender-for-iot)"
+ },
+ "customWidth": "33",
+ "name": "text - 2"
+ },
+ {
+ "type": 9,
+ "content": {
+ "version": "KqlParameterItem/1.0",
+ "crossComponentResources": [
+ "{Workspace}"
+ ],
+ "parameters": [
+ {
+ "id": "548cdd92-87c3-4e69-be08-52ecca0f76a8",
+ "version": "KqlParameterItem/1.0",
+ "name": "MD4IOT",
+ "label": "Status",
+ "type": 1,
+ "query": "SecurityAlert | where ProductName == \"Azure Security Center for IoT\"\r\n| limit 1\r\n| summarize count()\r\n| extend Results = iff(count_ ==0, \"❌ Not Connected\", \"✅ Connected\")\r\n| project Results",
+ "crossComponentResources": [
+ "{Workspace}"
+ ],
+ "timeContext": {
+ "durationMs": 0
+ },
+ "timeContextFromParameter": "TimeRange",
+ "queryType": 0,
+ "resourceType": "microsoft.operationalinsights/workspaces"
+ }
+ ],
+ "style": "pills",
+ "queryType": 0,
+ "resourceType": "microsoft.operationalinsights/workspaces"
+ },
+ "customWidth": "33",
+ "name": "parameters - 1"
+ },
+ {
+ "type": 11,
+ "content": {
+ "version": "LinkItem/1.0",
+ "style": "list",
+ "links": [
+ {
+ "id": "d9b9144c-69bc-4eb2-a747-a9e0d206780b",
+ "linkTarget": "OpenBlade",
+ "linkLabel": "Enable Connector",
+ "style": "secondary",
+ "bladeOpenContext": {
+ "bladeName": "DataConnectorBlade",
+ "extensionName": "Microsoft_Azure_Security_Insights",
+ "bladeParameters": [
+ {
+ "name": "dataConnectorId",
+ "source": "static",
+ "value": "IoT"
+ }
+ ]
+ }
+ }
+ ]
+ },
+ "customWidth": "33",
+ "name": "EL0"
+ }
+ ],
+ "exportParameters": true
+ },
+ "name": "Microsoft Defender for IoT Connector",
+ "styleSettings": {
+ "showBorder": true
+ }
+ },
+ {
+ "type": 12,
+ "content": {
+ "version": "NotebookGroup/1.0",
+ "groupType": "editable",
+ "loadType": "always",
+ "items": [
+ {
+ "type": 1,
+ "content": {
+ "json": "### [Microsoft Purview: Insider Risk Management Connector](https://docs.microsoft.com/azure/sentinel/data-connectors-reference#microsoft-purview-insider-risk-management-irm-preview)"
+ },
+ "customWidth": "33",
+ "name": "text - 2"
+ },
+ {
+ "type": 9,
+ "content": {
+ "version": "KqlParameterItem/1.0",
+ "crossComponentResources": [
+ "{Workspace}"
+ ],
+ "parameters": [
+ {
+ "id": "548cdd92-87c3-4e69-be08-52ecca0f76a8",
+ "version": "KqlParameterItem/1.0",
+ "name": "IRM",
+ "label": "Status",
+ "type": 1,
+ "query": "SecurityAlert\r\n| where ProductName == \"Microsoft 365 Insider Risk Management\"\r\n| limit 1\r\n| summarize count()\r\n| extend Results = iff(count_ ==0, \"❌ Not Connected\", \"✅ Connected\")\r\n| project Results",
+ "crossComponentResources": [
+ "{Workspace}"
+ ],
+ "timeContext": {
+ "durationMs": 0
+ },
+ "timeContextFromParameter": "TimeRange",
+ "queryType": 0,
+ "resourceType": "microsoft.operationalinsights/workspaces"
+ }
+ ],
+ "style": "pills",
+ "queryType": 0,
+ "resourceType": "microsoft.operationalinsights/workspaces"
+ },
+ "customWidth": "33",
+ "name": "parameters - 1"
+ },
+ {
+ "type": 11,
+ "content": {
+ "version": "LinkItem/1.0",
+ "style": "list",
+ "links": [
+ {
+ "id": "d9b9144c-69bc-4eb2-a747-a9e0d206780b",
+ "linkTarget": "OpenBlade",
+ "linkLabel": "Enable Connector",
+ "style": "secondary",
+ "bladeOpenContext": {
+ "bladeName": "DataConnectorBlade",
+ "extensionName": "Microsoft_Azure_Security_Insights",
+ "bladeParameters": [
+ {
+ "name": "dataConnectorId",
+ "source": "static",
+ "value": "OfficeIRM"
+ }
+ ]
+ }
+ }
+ ]
+ },
+ "customWidth": "33",
+ "name": "EL0"
+ }
+ ],
+ "exportParameters": true
+ },
+ "name": "Microsoft Purview: Insider Risk Management Connector",
+ "styleSettings": {
+ "showBorder": true
+ }
}
]
},
"name": "group - 6"
}
- ]
+ ],
+ "exportParameters": true
},
"conditionalVisibility": {
"parameterName": "isDCVisible",
@@ -27233,7 +27444,7 @@
{
"id": "76c7831e-386d-4289-8145-486f52cba8ec",
"linkTarget": "OpenBlade",
- "linkLabel": "Content Hub",
+ "linkLabel": "Content Hub >>",
"style": "secondary",
"bladeOpenContext": {
"bladeName": "ContentHub.ReactView",
@@ -27494,7 +27705,7 @@
{
"type": 1,
"content": {
- "json": "# [Microsoft Insider Risk Management Solution](https://techcommunity.microsoft.com/t5/microsoft-sentinel-blog/announcing-the-microsoft-sentinel-microsoft-insider-risk/ba-p/2955786)\r\n---\r\n\r\nInsider risk management helps minimize internal risks by enabling you to detect, investigate, and act on malicious and inadvertent activities in your organization. Insider risk policies allow you to define the types of risks to identify and detect in your organization, including acting on cases and escalating cases to Microsoft Advanced eDiscovery. Risk analysts in your organization can quickly take appropriate actions to make sure users are compliant with your organization's compliance standards. Insider risks come in various forms including both witting (intentional) and unwitting (unintentional). This workbook provides an automated visualization of Insider risk behavior cross walked to Microsoft security offerings.
\r\n\r\n---\r\n![](\"https://aka.ms/deploytoazurebutton\"/)
\r\n![](\"https://aka.ms/deploytoazuregovbutton\"/)
"
+ "json": "# [Microsoft Insider Risk Management Solution](https://techcommunity.microsoft.com/t5/microsoft-sentinel-blog/announcing-the-microsoft-sentinel-microsoft-insider-risk/ba-p/2955786)\r\n---\r\n\r\nInsider risk management helps minimize internal risks by enabling you to detect, investigate, and act on malicious and inadvertent activities in your organization. Insider risk policies allow you to define the types of risks to identify and detect in your organization, including acting on cases and escalating cases to Microsoft Advanced eDiscovery. Risk analysts in your organization can quickly take appropriate actions to make sure users are compliant with your organization's compliance standards. Insider risks come in various forms including both witting (intentional) and unwitting (unintentional). This workbook provides an automated visualization of Insider risk behavior cross walked to Microsoft security offerings.
\r\n\r\n---\r\n\r\n"
},
"name": "text - 0"
},
@@ -27513,7 +27724,7 @@
},
{
"id": "7e8ff8aa-f632-4a4d-90cf-a71da0dc6b31",
- "cellValue": "https://github.com/Azure/Azure-Sentinel/tree/master/Solutions/MicrosoftInsiderRiskManagement",
+ "cellValue": "https://github.com/Azure/Azure-Sentinel/tree/master/Solutions/MicrosoftPurviewInsiderRiskManagement",
"linkTarget": "Url",
"linkLabel": "GitHub Repo",
"style": "link"
@@ -27682,7 +27893,7 @@
{
"type": 1,
"content": {
- "json": ""
+ "json": ""
},
"customWidth": " 100",
"name": "text - 2"
diff --git a/Solutions/ThreatAnalysis&Response/readme.md b/Solutions/ThreatAnalysis&Response/readme.md
index f7246aecd3..49066d89d8 100644
--- a/Solutions/ThreatAnalysis&Response/readme.md
+++ b/Solutions/ThreatAnalysis&Response/readme.md
@@ -9,7 +9,7 @@ You can deploy the solution by clicking on the buttons below:
-
+
## Getting Started Prerequisites
1️⃣ [Configure Analytics & Hunting with Microsoft Sentinel: MITRE Blade](https://docs.microsoft.com/azure/sentinel/mitre-coverage)