ThreatAnalysis&Response Solution Package 1.0.14

Solutions/ThreatAnalysis&Response/data/Solution_ThreatAnalysis&Response.json

@@ -9,6 +9,6 @@
     "Workbooks/DynamicThreatModeling&Response.json"
   ],
   "Metadata": "SolutionMetadata.json",
-  "BasePath": "C:\\GitHub\\Azure-Sentinel\\Solutions\\ThreatAnalysis&Response",
-  "Version": "1.0.13"
+  "BasePath": "C:\\GitHub\\azure\\Solutions\\ThreatAnalysis&Response",
+  "Version": "1.0.14"
 }

Tools/Create-Azure-Sentinel-Solution/input/Solution_CybersecurityMaturityModelCertification(CMMC)2.0.json

@@ -1,21 +0,0 @@
-{
-  "Name": "CybersecurityMaturityModelCertification(CMMC)2.0",
-  "Author": "Nikhil Tripathi - v-ntripathi@microsoft.com",
-  "Logo": "<img src=\"https://raw.githubusercontent.com/Azure/Azure-Sentinel/master/Workbooks/Images/Logos/Azure_Sentinel.svg\"width=\"75px\"height=\"75px\">",
-  "Description": "The Microsoft Sentinel: Cybersecurity Maturity Model Certification (CMMC) 2.0 Solution provides a mechanism for viewing log queries aligned to CMMC 2.0 requirements across the Microsoft portfolio. This solution enables governance and compliance teams to design, build, monitor, and respond to CMMC 2.0 requirements across 25+ Microsoft products. The solution includes the new CMMC 2.0 Workbook, (2) Analytics Rules, and (1) Playbook. While only Microsoft Sentinel is required to get started, the solution is enhanced with numerous Microsoft offerings. This Solution enables Security Architects, Engineers, SecOps Analysts, Managers, and IT Pros to gain situational awareness visibility for the security posture of cloud workloads. There are also recommendations for selecting, designing, deploying, and configuring Microsoft offerings for alignment with respective security best practice.",
-  "Analytic Rules": [
-    "Analytic Rules/CMMC2.0Level1FoundationalPosture.yaml",
-	"Analytic Rules/CMMC2.0Level2AdvancedPosture.yaml"
-  ],
-  "Playbooks":  [
-  "Playbooks/Notify_GovernanceComplianceTeam.json",
-  "Playbooks/Open_DevOpsTaskRecommendation.json",
-  "Playbooks/Open_JIRATicketRecommendation.json"
-  ],
-  "Workbooks": [
-  "Workbooks/CybersecurityMaturityModelCertification(CMMC)2.0.json"
-  ],
-  "Metadata": "SolutionMetadata.json",
-  "BasePath": "C:\\GitHub\\azure\\Solutions\\CybersecurityMaturityModelCertification(CMMC)2.0",
-  "Version": "1.0.4"
-}

Tools/Create-Azure-Sentinel-Solution/input/Solution_GitHub.json

@@ -1,42 +0,0 @@
-{
-  "Name": "GitHub",
-  "Author": "Nikhil Tripathi - v-ntripathi@microsoft.com",
-  "Logo": "<img src=\"https://raw.githubusercontent.com/Azure/Azure-Sentinel/master/Workbooks/Images/Logos/GitHub.svg\"width=\"75px\"height=\"75px\">",
-  "Description": "",
-  "Workbooks": [
-	  "Workbooks/GithubWorkbook.json"
-  ],
-  "Analytic Rules": [
-    "Detections/(Preview) GitHub - A payment method was removed.yaml",
-    "Detections/(Preview) GitHub - Activities from Infrequent Country.yaml",
-	"Detections/(Preview) GitHub - Oauth application - a client secret was removed.yaml",
-	"Detections/(Preview) GitHub - Repository was created.yaml",
-	"Detections/(Preview) GitHub - Repository was destroyed.yaml",
-	"Detections/(Preview) GitHub - Two Factor Authentication Disabled in GitHub.yaml",
-	"Detections/(Preview) GitHub - User visibility Was changed.yaml",
-	"Detections/(Preview) GitHub - User was added to the organization.yaml",
-	"Detections/(Preview) GitHub - User was blocked.yaml",
-	"Detections/(Preview) GitHub - User was invited to the repository .yaml",
-	"Detections/(Preview) GitHub - pull request was created.yaml",
-	"Detections/(Preview) GitHub - pull request was merged.yaml"
-  ],
-  "Hunting Queries": [
-	  "Hunting Queries/First Time User Invite and Add Member to Org.yaml",
-	  "Hunting Queries/Inactive or New Account Usage.yaml",
-	  "Hunting Queries/Mass Deletion of Repositories .yaml",
-	  "Hunting Queries/Oauth App Restrictions Disabled.yaml",
-	  "Hunting Queries/Org Repositories Default Permissions Change.yaml",
-	  "Hunting Queries/Repository Permission Switched to Public.yaml",
-	  "Hunting Queries/User First Time Repository Delete Activity.yaml",
-	  "Hunting Queries/User Grant Access and Grants Other Access.yaml"
-  ],
-  "Parsers": [
-	  "Parsers/GitHubAuditData.txt"
-	  ],
-  "Data Connectors": [
-    "Data Connectors/azuredeploy_GitHub_native_poller_connector.json"
-  ],
-  "Metadata": "SolutionMetadata.json",
-  "BasePath": "C:\\GitHub\\azure\\Solutions\\GitHub",
-  "Version": "1.0.48"
-}

Tools/Create-Azure-Sentinel-Solution/input/Solution_InfobloxNIOS.json

@@ -1,46 +0,0 @@
-{
-  "Name": "Infoblox NIOS",
-  "Author": "Nikhil Tripathi - v-ntripathi@microsoft.com",
-  "Logo": "<img src=\"https://raw.githubusercontent.com/Azure/Azure-Sentinel/master/Logos/infoblox_logo.svg\"width=\"75px\"height=\"75px\">",
-  "Description": "The [Infoblox Network Identity Operating System (NIOS)](https://www.infoblox.com/glossary/network-identity-operating-system-nios/) is the operating system that powers Infoblox core network services, ensuring non-stop operation of network infrastructure. The basis for Next Level Networking, NIOS automates the error-prone and time-consuming manual tasks associated with deploying and managing DNS, DHCP, and IP address management (IPAM) required for continuous network availability and business uptime.",
-  "Data Connectors" : [
-    "Data Connectors/Connector_Syslog_Infoblox.json"
-    ],
-  "Workbooks": [
-	"Workbooks/Infoblox-Workbook-V2.json"
-	],
-  "Parsers": [
-	"Parser/InfobloxNIOS.txt",
-	"Parser/Infoblox_all.txt",
-	"Parser/Infoblox_allotherdhcpdTypes.txt",
-	"Parser/Infoblox_allotherdnsTypes.txt",
-	"Parser/Infoblox_dhcp_consolidated.txt",
-	"Parser/Infoblox_dhcpadded.txt",
-	"Parser/Infoblox_dhcpbindupdate.txt",
-	"Parser/Infoblox_dhcpdiscover.txt",
-	"Parser/Infoblox_dhcpexpire.txt",
-	"Parser/Infoblox_dhcpinform.txt",
-	"Parser/Infoblox_dhcpoffer.txt",
-	"Parser/Infoblox_dhcpoption.txt",
-	"Parser/Infoblox_dhcpother.txt",
-	"Parser/Infoblox_dhcppack.txt",
-	"Parser/Infoblox_dhcprelease.txt",
-	"Parser/Infoblox_dhcpremoved.txt",
-	"Parser/Infoblox_dhcprequest.txt",
-	"Parser/Infoblox_dhcpsession.txt",
-	"Parser/Infoblox_dns_consolidated.txt",
-	"Parser/Infoblox_dnsclient.txt",
-	"Parser/Infoblox_dnsgss.txt",
-	"Parser/Infoblox_dnszone.txt"
-    ],
-  "Analytic Rules": [
-	"Analytic Rules/ExcessiveNXDOMAINDNSQueries.yaml",
-	"Analytic Rules/PotentialDHCPStarvationAttack.yaml"
-	],
-  "Watchlists": [
-	"Workbooks/Watchlist/InfobloxDevices-watchlist.json"
-	],
-  "Metadata": "SolutionMetadata.json",
-  "BasePath": "C:\\GitHub\\azure\\Solutions\\Infoblox NIOS\\",
-  "Version": "1.0.2"
-}

Tools/Create-Azure-Sentinel-Solution/input/Solution_ThreatAnalysis&Response.json

@@ -0,0 +1,14 @@
+{
+  "Name": "ThreatAnalysis&Response",
+  "Author": "Sanmit Biraj - v-sabiraj@microsoft.com",
+  "Logo": "<img src=\"https://raw.githubusercontent.com/Azure/Azure-Sentinel/master/Workbooks/Images/Logos/Azure_Sentinel.svg\" width=\"75px\" height=\"75px\">",
+  "Description": "MITRE ATT&CK® is a globally-accessible knowledge base of adversary tactics and techniques based on real-world observations. The ATT&CK knowledge base is used as a foundation for the development of specific threat models and methodologies in the private sector, in government, and in the cybersecurity product and service community. The MITRE ATT&CK Cloud Matrix provides tactics and techniques representing the MITRE ATT&CK® Matrix for Enterprise covering cloud-based techniques. The Matrix contains information for the following platforms: Azure AD, Office 365, SaaS, IaaS. For more information, see the 💡 [MITRE ATT&CK: Cloud Matrix](https://attack.mitre.org/matrices/enterprise/cloud/)",
+  "WorkbookDescription": "Workbook to showcase MITRE ATT&CK Coverage for Azure Sentinel",
+  "Workbooks": [
+    "Workbooks/ThreatAnalysis&Response.json",
+    "Workbooks/DynamicThreatModeling&Response.json"
+  ],
+  "Metadata": "SolutionMetadata.json",
+  "BasePath": "C:\\GitHub\\azure\\Solutions\\ThreatAnalysis&Response",
+  "Version": "1.0.14"
+}