Merge pull request #2482 from malowe101/master

Modifying Watchlist templates.

Watchlists/Azure-Public-IPs/azuredeploy.json

@@ -11,12 +11,12 @@
   },
     "resources": [
         {
-        "name": "[concat(parameters('workspaceName'), '/Microsoft.SecurityInsights/DataCenterLocation')]",
+        "name": "[concat(parameters('workspaceName'), '/Microsoft.SecurityInsights/AzurePublicIPList')]",
         "type": "Microsoft.OperationalInsights/workspaces/providers/Watchlists",
         "kind": "",
         "properties": {
-            "displayName": "AzurePublicIPsList",
-            "source": "AzurePublicIPsList.csv",
+            "displayName": "AzurePublicIPList",
+            "source": "AzurePublicIPList.csv",
             "description": "Azure Public IPs list for reducing internet facing traffic alerts from MSFT IP Addresses",
             "provider": "Microsoft",
             "isDeleted": false,

Watchlists/NOBELIUM-TI/azuredeploy.json

@@ -7,13 +7,7 @@
           "metadata": {
               "description": "Workspace name for Log Analytics where Sentinel is setup"
           }
-      },
-        "watchlistdescription": {
-            "type": "string",
-            "metadata": {
-                "description": "Describe what the Watchlist is for."
-            }
-        }
+      }
   },
     "resources": [
         {
@@ -23,7 +17,7 @@
         "properties": {
             "displayName": "NOBELIUMTI",
             "source": "NOBELIUMTI.csv",
-            "description": "[parameters('watchlistdescription')]",
+            "description": "This is a list of Threat Intelligence posted by the Microsoft Threat Intelligence Center regarding the recent NOBELIUM attack.",
             "provider": "Microsoft",
             "isDeleted": false,
             "labels": [