Merge branch 'master' into master

2020-06-28 22:10:54 -07:00 · 2020-06-28 22:10:54 -07:00 · e3d6a43a47
--- a/.gitignore
+++ b/.gitignore
@ -335,5 +335,5 @@ ASALocalRun/
 # No need to store DeployedQueries.json - it is auto generated anyway
 Hunting Queries/DeployedQueries.json

-# macOS folder metadata - Desktop Services Store
-.DS_Store
+#Mac OSx
+.DS_Store
--- a/VM/QualysVM_API_FunctionApp.json
+++ b/VM/QualysVM_API_FunctionApp.json
@ -121,7 +121,7 @@
        },
        {
            "title": "",
-            "description": "**3. Configure the Function App**\n\n1. In the Function App, select the Function App Name and select **Configuration**.\n2. In the **Application settings** tab, select **+ New application setting**.\n3. Add each of the following six (6) application settings individually, with their respective string values (case-sensitive): \n\t\tapiUsername\n\t\tapiPassword\n\t\tworkspaceID\n\t\tworkspaceKey\n\t\turi\n\t\ttimeInterval\n> - Enter the URI that corresponds to your region. The complete list of API Server URLs can be [found here](https://www.qualys.com/docs/qualys-api-vmpc-user-guide.pdf#G4.735348). The `uri` value must follow the following schema: `https://<API Server>/api/2.0/fo/asset/host/vm/detection?action=list&published_after=` -- There is no need to add a time suffix to the URI, the Function App will dynamically append the Time Value to the URI in the proper format.\n> - Set the `timeInterval` (in minutes) to the default value of `5` to correspond to the default Timer Trigger of every `5` minutes. If the time interval needs to be modified, it is recommended to change the Function App Timer Trigger accordingly to prevent overlapping data ingestion.\n> - Note: If using Azure Key Vault, use the`@Microsoft.KeyVault(SecretUri={Security Identifier})`schema in place of the string values. Refer to [Key Vault references documentation](https://docs.microsoft.com/azure/app-service/app-service-key-vault-references) for further details.\n4. Once all application settings have been entered, click **Save**."
+            "description": "**3. Configure the Function App**\n\n1. In the Function App, select the Function App Name and select **Configuration**.\n2. In the **Application settings** tab, select **+ New application setting**.\n3. Add each of the following six (6) application settings individually, with their respective string values (case-sensitive): \n\t\tapiUsername\n\t\tapiPassword\n\t\tworkspaceID\n\t\tworkspaceKey\n\t\turi\n\t\ttimeInterval\n> - Enter the URI that corresponds to your region. The complete list of API Server URLs can be [found here](https://www.qualys.com/docs/qualys-api-vmpc-user-guide.pdf#G4.735348). The `uri` value must follow the following schema: `https://<API Server>/api/2.0/fo/asset/host/vm/detection/?action=list&detection_processed_after=` -- There is no need to add a time suffix to the URI, the Function App will dynamically append the Time Value to the URI in the proper format.\n> - Set the `timeInterval` (in minutes) to the default value of `5` to correspond to the default Timer Trigger of every `5` minutes. If the time interval needs to be modified, it is recommended to change the Function App Timer Trigger accordingly to prevent overlapping data ingestion.\n> - Note: If using Azure Key Vault, use the`@Microsoft.KeyVault(SecretUri={Security Identifier})`schema in place of the string values. Refer to [Key Vault references documentation](https://docs.microsoft.com/azure/app-service/app-service-key-vault-references) for further details.\n4. Once all application settings have been entered, click **Save**."
        }
    ]
 }
--- a/VM/azuredeploy_QualysVM_API_FunctionApp.json
+++ b/VM/azuredeploy_QualysVM_API_FunctionApp.json
@ -24,7 +24,7 @@
          },
          "Uri": {
              "type": "string",
-              "defaultValue": "https://<API Server URL>/api/2.0/fo/asset/host/vm/detection?action=list&published_after="
+              "defaultValue": "https://<API Server URL>/api/2.0/fo/asset/host/vm/detection/?action=list&detection_processed_after="
          },
          "TimeInterval": {
              "type": "string",
--- a/Detections/readme.md
+++ b/Detections/readme.md
@ -6,7 +6,7 @@ For general information please start with the [Wiki](https://github.com/Azure/Az

 More Specific to Detections:
 * [Contribute](https://github.com/Azure/Azure-Sentinel/wiki/Contribute-to-Sentinel-GitHub-Community-of-Queries) to Analytic Templates (Detections) and Hunting queries
-* Specifics on what is required for Detections and Hunting queries is in the [Query Style Guide](https://github.com/Azure/Azure-Sentinel/wiki/Query-Style-Guide )
+* Specifics on what is required for Detections and Hunting queries is in the [Query Style Guide](https://github.com/Azure/Azure-Sentinel/wiki/Query-Style-Guide)
 * These detections are written using [KQL query langauge](https://docs.microsoft.com/azure/kusto/query/index) and will provide you a starting point to protect your environment and get familiar with the different data tables.
 * To enable these detections in your environment follow the [out of the box guidance](https://docs.microsoft.com/azure/sentinel/tutorial-detect-threats-built-in).
 * The rule created will run the query on the scheduled time that was defined, and trigger an alert that will be seen both in the **SecurityAlert** table and in a case in the **Incidents** tab
--- a/Queries/SecurityEvent/GroupAddedToPrivlegeGroup.yaml
+++ b/Queries/SecurityEvent/GroupAddedToPrivlegeGroup.yaml
@ -18,6 +18,7 @@ query: |
  let timeframe = 7d;
  // For AD SID mappings - https://docs.microsoft.com/windows/security/identity-protection/access-control/active-directory-security-groups
  let WellKnownLocalSID = "S-1-5-32-5[0-9][0-9]$";
+  // The SIDs for DnsAdmins and DnsUpdateProxy can be different than *-1102 and -*1103. Check these SIDs in your domain before running the query 
  let WellKnownGroupSID = "S-1-5-21-[0-9]*-[0-9]*-[0-9]*-5[0-9][0-9]$|S-1-5-21-[0-9]*-[0-9]*-[0-9]*-1102$|S-1-5-21-[0-9]*-[0-9]*-[0-9]*-1103$";
  let GroupAddition = SecurityEvent 
  | where TimeGenerated > ago(timeframe)
@ -48,4 +49,4 @@ query: |
  GroupAddition
  ) on GroupSid
  | extend timestamp = GroupCreateTime, AccountCustomEntity = Account, HostCustomEntity = Computer
-  
+  
--- a/Queries/readme.md
+++ b/Queries/readme.md
@ -6,7 +6,7 @@ For general information please start with the [Wiki](https://github.com/Azure/Az

 More Specific to Hunting Queries:
 * [Contribute](https://github.com/Azure/Azure-Sentinel/wiki/Contribute-to-Sentinel-GitHub-Community-of-Queries) to Analytic Templates (Detections) and Hunting queries
-* Specifics on what is required for Detections and Hunting queries is in the [Query Style Guide](https://github.com/Azure/Azure-Sentinel/wiki/Query-Style-Guide )
+* Specifics on what is required for Detections and Hunting queries is in the [Query Style Guide](https://github.com/Azure/Azure-Sentinel/wiki/Query-Style-Guide)
 * These hunting queries are written using [KQL query langauge](https://docs.microsoft.com/azure/kusto/query/index) and will provide you a starting point to protect your environment and get familiar with the different data tables.
 * Get started and learn how to [hunt for threats in your environment with Azure Sentinel](https://docs.microsoft.com/azure/sentinel/hunting).

--- a/Logos/infoblox_logo.svg
+++ b/Logos/infoblox_logo.svg
@ -1,18 +1,12 @@
 <svg xmlns="http://www.w3.org/2000/svg" id="32de6b2b-4165-4947-9b45-8b5aa59ef5d4"
    xmlns:xlink="http://www.w3.org/1999/xlink" viewBox="0 0 56 66" fill="#fff" fill-rule="evenodd" stroke="#000" stroke-linecap="round" stroke-linejoin="round">
-    <use xlink:href="#A" x=".5" y=".5"/>
-    <symbol id="A" overflow="visible">
-        <g stroke="none" fill-rule="nonzero">
-            <path d="M10.095 27.966l-9.68-7.26c-.27-.27-.403-.538-.403-.672a.74.74 0 0 1 .403-.672l9.68-7.26c.672-.538 2.017-.538 2.824 0l9.68 7.26c.27.27.403.538.403.672a.74.74 0 0 1-.403.672l-9.68 7.26c-.807.538-2.15.538-2.824 0" fill="#95c840"/>
-            <path d="M10.095 51.36L.403 44.1C.133 43.83 0 43.56 0 43.427a.74.74 0 0 1 .403-.672l9.68-7.26c.672-.538 2.017-.538 2.824 0l9.68 7.26c.27.27.403.538.403.672a.74.74 0 0 1-.403.672l-9.68 7.26c-.807.672-2.15.672-2.824 0" fill="#59c9e6"/>
-            <use xlink:href="#C" fill="#ebe719"/>
-            <path d="M25.69 39.798l-9.68-7.26c-.27-.27-.403-.538-.403-.672a.74.74 0 0 1 .403-.672l9.68-7.26c.807-.538 2.017-.538 2.824 0l9.68 7.26c.27.27.403.538.403.672a.74.74 0 0 1-.403.672l-9.68 7.26c-.807.538-2.017.538-2.824 0" fill="#50c0af"/>
-            <use xlink:href="#C" y="47.194" fill="#0377bb"/>
-            <path d="M41.288 27.966l-9.68-7.26c-.27-.27-.403-.538-.403-.672a.74.74 0 0 1 .403-.672l9.68-7.26c.672-.538 2.017-.538 2.824 0l9.68 7.26c.27.27.403.538.403.672a.74.74 0 0 1-.403.672l-9.68 7.26c-.672.538-2.017.538-2.824 0" fill="#78bc43"/>
-            <path d="M41.288 51.36l-9.68-7.26c-.27-.27-.403-.538-.403-.672a.74.74 0 0 1 .403-.672l9.68-7.26c.672-.538 2.017-.538 2.824 0l9.68 7.26c.27.27.403.538.403.672a.74.74 0 0 1-.403.672l-9.68 7.26c-.672.672-2.017.672-2.824 0" fill="#109fda"/>
-        </g>
-    </symbol>
-    <defs>
-        <path id="C" d="M25.69 16.403l-9.68-7.26c-.27-.27-.403-.538-.403-.807a.74.74 0 0 1 .403-.672l9.68-7.26c.807-.538 2.017-.538 2.824 0l9.68 7.26c.27.27.403.538.403.672 0 .27-.134.538-.403.807l-9.68 7.26c-.807.538-2.017.538-2.824 0"/>
-    </defs>
+	<g stroke="none" fill-rule="nonzero"  transform='translate(0.5 0.5)'>
+		<path d="M10.095 27.966l-9.68-7.26c-.27-.27-.403-.538-.403-.672a.74.74 0 0 1 .403-.672l9.68-7.26c.672-.538 2.017-.538 2.824 0l9.68 7.26c.27.27.403.538.403.672a.74.74 0 0 1-.403.672l-9.68 7.26c-.807.538-2.15.538-2.824 0" fill="#95c840"/>
+		<path d="M10.095 51.36L.403 44.1C.133 43.83 0 43.56 0 43.427a.74.74 0 0 1 .403-.672l9.68-7.26c.672-.538 2.017-.538 2.824 0l9.68 7.26c.27.27.403.538.403.672a.74.74 0 0 1-.403.672l-9.68 7.26c-.807.672-2.15.672-2.824 0" fill="#59c9e6"/>
+		<path d="M25.69 16.403l-9.68-7.26c-.27-.27-.403-.538-.403-.807a.74.74 0 0 1 .403-.672l9.68-7.26c.807-.538 2.017-.538 2.824 0l9.68 7.26c.27.27.403.538.403.672 0 .27-.134.538-.403.807l-9.68 7.26c-.807.538-2.017.538-2.824 0" fill="#ebe719"/>
+		<path d="M25.69 39.798l-9.68-7.26c-.27-.27-.403-.538-.403-.672a.74.74 0 0 1 .403-.672l9.68-7.26c.807-.538 2.017-.538 2.824 0l9.68 7.26c.27.27.403.538.403.672a.74.74 0 0 1-.403.672l-9.68 7.26c-.807.538-2.017.538-2.824 0" fill="#50c0af"/>
+		<path transform="translate(0,47.194)" d="M25.69 16.403l-9.68-7.26c-.27-.27-.403-.538-.403-.807a.74.74 0 0 1 .403-.672l9.68-7.26c.807-.538 2.017-.538 2.824 0l9.68 7.26c.27.27.403.538.403.672 0 .27-.134.538-.403.807l-9.68 7.26c-.807.538-2.017.538-2.824 0" fill="#0377bb"/>
+		<path d="M41.288 27.966l-9.68-7.26c-.27-.27-.403-.538-.403-.672a.74.74 0 0 1 .403-.672l9.68-7.26c.672-.538 2.017-.538 2.824 0l9.68 7.26c.27.27.403.538.403.672a.74.74 0 0 1-.403.672l-9.68 7.26c-.672.538-2.017.538-2.824 0" fill="#78bc43"/>
+		<path d="M41.288 51.36l-9.68-7.26c-.27-.27-.403-.538-.403-.672a.74.74 0 0 1 .403-.672l9.68-7.26c.672-.538 2.017-.538 2.824 0l9.68 7.26c.27.27.403.538.403.672a.74.74 0 0 1-.403.672l-9.68 7.26c-.672.672-2.017.672-2.824 0" fill="#109fda"/>
+	</g>
 </svg>
--- a/Logos/proofpointlogo.svg
+++ b/Logos/proofpointlogo.svg
@ -3,23 +3,20 @@
 <svg version="1.1" id="4ff5cc45-bc12-48de-9eee-0cfdfcd7ba1c" 
 	xmlns="http://www.w3.org/2000/svg" 
 	xmlns:xlink="http://www.w3.org/1999/xlink" x="0px" y="0px" viewBox="0 0 652 652" style="enable-background:new 0 0 652 652;" xml:space="preserve">
-	<style type="text/css">
-	.st0{fill:#231F20;}
-	</style>
 	<g id="Layer_2">
 		<g id="Layer_1-2">
-			<path class="st0" d="M597.7,352.5v-12.8h-4.4c-4.8,0-5.9-0.7-5.9-4.1v-35.2h10.4v-11.9h-10.4v-17.3h-17.8v17.3h-8.9v11.9h8.9v34.3 c0,13.3,3.2,18.1,18,18.1C589.4,352.9,592.8,352.6,597.7,352.5"/>
-			<path class="st0" d="M495.5,352.1h18v-37.7c0-8.4,5.4-13.4,13.8-13.4c7.7,0,10.4,4.1,10.4,12.7v38.4h18v-43.3 c0-14.6-7.3-21.9-22.1-21.9c-8.5,0-15.3,3.1-20.4,9.2v-7.5h-17.6V352.1z"/>
-			<rect x="466.5" y="266.1" class="st0" width="18" height="15.4"/>
-			<rect x="466.5" y="288.5" class="st0" width="18" height="63.5"/>
-			<path class="st0" d="M409.7,320.2c0-12.7,5.8-19.6,15.8-19.6c10,0,15.7,6.9,15.7,19.6c0,12.7-5.7,19.7-15.7,19.7 S409.7,332.9,409.7,320.2 M391.5,320.2c0,21.2,12.9,34,34,34s34-12.8,34-34c0-21.2-12.9-34-34-34S391.5,299,391.5,320.2"/>
-			<path class="st0" d="M367.9,320.7c0,11.8-5.7,18.8-14.5,18.8c-9.5,0-15-6.7-15-18.8c0-13,5.2-19.7,14.7-19.7 C362.4,301,367.9,307.8,367.9,320.7 M320.8,377.5h17.5v-33.4c4.4,6.6,11.3,10,19.9,10c15.7,0,27.6-13.3,27.6-34.2 c0-20.3-11.6-33.6-27.8-33.6c-8.7,0-14.8,3.4-20,10.8v-8.6h-17.1V377.5z"/>
-			<path class="st0" d="M284.3,352.1h17.6v-51.6H313v-11.9h-11.3v-4.4c0-4.1,1.6-4.8,6.6-4.8h4.7v-13.5c-3.2-0.2-5.9-0.4-8.6-0.4 c-13.8,0-20.1,5.3-20.1,17.2v5.9h-9.6v11.9h9.6L284.3,352.1z"/>
-			<path class="st0" d="M223.8,320.2c0-12.7,5.8-19.6,15.8-19.6c10,0,15.7,6.9,15.7,19.6c0,12.7-5.7,19.7-15.7,19.7 C229.6,340,223.8,332.9,223.8,320.2 M205.6,320.2c0,21.2,12.9,34,34,34c21.1,0,34-12.8,34-34c0-21.2-12.9-34-34-34 C218.4,286.3,205.5,299.1,205.6,320.2"/>
-			<path class="st0" d="M151.6,320.2c0-12.7,5.8-19.6,15.8-19.6s15.7,6.9,15.7,19.6c0,12.7-5.7,19.7-15.7,19.7 S151.6,332.9,151.6,320.2 M133.4,320.2c0,21.2,12.9,34,34,34s34-12.8,34-34s-12.9-34-34-34S133.4,299.1,133.4,320.2"/>
-			<path class="st0" d="M92.7,352.1h18v-33.6c0-9.6,5.1-14.4,14.8-14.4h5.9v-17.2c-0.9-0.1-1.8-0.1-2.7-0.1 c-8.6,0-14.7,3.9-19.4,12.7v-10.9H92.7V352.1z"/>
-			<path class="st0" d="M67.6,320.7c0,11.8-5.7,18.8-14.5,18.8c-9.5,0-15-6.7-15-18.8c0-13,5.2-19.7,14.7-19.7S67.7,307.8,67.6,320.7 M20.6,377.5H38v-33.4c4.4,6.6,11.3,10,19.9,10c15.7,0,27.6-13.3,27.6-34.2c0-20.3-11.6-33.6-27.8-33.6c-8.7,0-14.8,3.4-20,10.8 v-8.6H20.6V377.5z"/>
-			<path class="st0" d="M620.6,346.8c0.1,3.9-2.9,7.1-6.8,7.2c-3.9,0.1-7.1-2.9-7.2-6.8c-0.1-3.9,2.9-7.1,6.8-7.2c0.1,0,0.2,0,0.3,0 C617.4,339.9,620.5,343,620.6,346.8C620.6,346.8,620.6,346.8,620.6,346.8z M608.3,346.8c-0.1,2.9,2.2,5.4,5.1,5.5 c0.1,0,0.1,0,0.2,0c2.9,0,5.2-2.4,5.2-5.2c0-0.1,0-0.1,0-0.2c0.1-2.9-2.1-5.4-5-5.5c-2.9-0.1-5.4,2.1-5.5,5 C608.3,346.5,608.3,346.7,608.3,346.8L608.3,346.8z M612.5,350.4h-1.6v-6.8c0.9-0.2,1.7-0.2,2.6-0.2c0.8-0.1,1.6,0.1,2.4,0.5 c0.4,0.4,0.7,0.9,0.7,1.5c-0.1,0.8-0.6,1.4-1.4,1.6v0.1c0.7,0.3,1.2,0.9,1.2,1.6c0.1,0.6,0.2,1.2,0.5,1.7h-1.7 c-0.3-0.5-0.4-1.1-0.5-1.7c-0.1-0.8-0.5-1.1-1.4-1.1h-0.8L612.5,350.4z M612.5,346.5h0.8c0.9,0,1.6-0.3,1.6-1s-0.5-1-1.5-1 c-0.3,0-0.6,0-0.9,0.1V346.5z"/>
+			<path style="fill:#231F20;" d="M597.7,352.5v-12.8h-4.4c-4.8,0-5.9-0.7-5.9-4.1v-35.2h10.4v-11.9h-10.4v-17.3h-17.8v17.3h-8.9v11.9h8.9v34.3 c0,13.3,3.2,18.1,18,18.1C589.4,352.9,592.8,352.6,597.7,352.5"/>
+			<path style="fill:#231F20;" d="M495.5,352.1h18v-37.7c0-8.4,5.4-13.4,13.8-13.4c7.7,0,10.4,4.1,10.4,12.7v38.4h18v-43.3 c0-14.6-7.3-21.9-22.1-21.9c-8.5,0-15.3,3.1-20.4,9.2v-7.5h-17.6V352.1z"/>
+			<rect x="466.5" y="266.1" style="fill:#231F20;" width="18" height="15.4"/>
+			<rect x="466.5" y="288.5" style="fill:#231F20;" width="18" height="63.5"/>
+			<path style="fill:#231F20;" d="M409.7,320.2c0-12.7,5.8-19.6,15.8-19.6c10,0,15.7,6.9,15.7,19.6c0,12.7-5.7,19.7-15.7,19.7 S409.7,332.9,409.7,320.2 M391.5,320.2c0,21.2,12.9,34,34,34s34-12.8,34-34c0-21.2-12.9-34-34-34S391.5,299,391.5,320.2"/>
+			<path style="fill:#231F20;" d="M367.9,320.7c0,11.8-5.7,18.8-14.5,18.8c-9.5,0-15-6.7-15-18.8c0-13,5.2-19.7,14.7-19.7 C362.4,301,367.9,307.8,367.9,320.7 M320.8,377.5h17.5v-33.4c4.4,6.6,11.3,10,19.9,10c15.7,0,27.6-13.3,27.6-34.2 c0-20.3-11.6-33.6-27.8-33.6c-8.7,0-14.8,3.4-20,10.8v-8.6h-17.1V377.5z"/>
+			<path style="fill:#231F20;" d="M284.3,352.1h17.6v-51.6H313v-11.9h-11.3v-4.4c0-4.1,1.6-4.8,6.6-4.8h4.7v-13.5c-3.2-0.2-5.9-0.4-8.6-0.4 c-13.8,0-20.1,5.3-20.1,17.2v5.9h-9.6v11.9h9.6L284.3,352.1z"/>
+			<path style="fill:#231F20;" d="M223.8,320.2c0-12.7,5.8-19.6,15.8-19.6c10,0,15.7,6.9,15.7,19.6c0,12.7-5.7,19.7-15.7,19.7 C229.6,340,223.8,332.9,223.8,320.2 M205.6,320.2c0,21.2,12.9,34,34,34c21.1,0,34-12.8,34-34c0-21.2-12.9-34-34-34 C218.4,286.3,205.5,299.1,205.6,320.2"/>
+			<path style="fill:#231F20;" d="M151.6,320.2c0-12.7,5.8-19.6,15.8-19.6s15.7,6.9,15.7,19.6c0,12.7-5.7,19.7-15.7,19.7 S151.6,332.9,151.6,320.2 M133.4,320.2c0,21.2,12.9,34,34,34s34-12.8,34-34s-12.9-34-34-34S133.4,299.1,133.4,320.2"/>
+			<path style="fill:#231F20;" d="M92.7,352.1h18v-33.6c0-9.6,5.1-14.4,14.8-14.4h5.9v-17.2c-0.9-0.1-1.8-0.1-2.7-0.1 c-8.6,0-14.7,3.9-19.4,12.7v-10.9H92.7V352.1z"/>
+			<path style="fill:#231F20;" d="M67.6,320.7c0,11.8-5.7,18.8-14.5,18.8c-9.5,0-15-6.7-15-18.8c0-13,5.2-19.7,14.7-19.7S67.7,307.8,67.6,320.7 M20.6,377.5H38v-33.4c4.4,6.6,11.3,10,19.9,10c15.7,0,27.6-13.3,27.6-34.2c0-20.3-11.6-33.6-27.8-33.6c-8.7,0-14.8,3.4-20,10.8 v-8.6H20.6V377.5z"/>
+			<path style="fill:#231F20;" d="M620.6,346.8c0.1,3.9-2.9,7.1-6.8,7.2c-3.9,0.1-7.1-2.9-7.2-6.8c-0.1-3.9,2.9-7.1,6.8-7.2c0.1,0,0.2,0,0.3,0 C617.4,339.9,620.5,343,620.6,346.8C620.6,346.8,620.6,346.8,620.6,346.8z M608.3,346.8c-0.1,2.9,2.2,5.4,5.1,5.5 c0.1,0,0.1,0,0.2,0c2.9,0,5.2-2.4,5.2-5.2c0-0.1,0-0.1,0-0.2c0.1-2.9-2.1-5.4-5-5.5c-2.9-0.1-5.4,2.1-5.5,5 C608.3,346.5,608.3,346.7,608.3,346.8L608.3,346.8z M612.5,350.4h-1.6v-6.8c0.9-0.2,1.7-0.2,2.6-0.2c0.8-0.1,1.6,0.1,2.4,0.5 c0.4,0.4,0.7,0.9,0.7,1.5c-0.1,0.8-0.6,1.4-1.4,1.6v0.1c0.7,0.3,1.2,0.9,1.2,1.6c0.1,0.6,0.2,1.2,0.5,1.7h-1.7 c-0.3-0.5-0.4-1.1-0.5-1.7c-0.1-0.8-0.5-1.1-1.4-1.1h-0.8L612.5,350.4z M612.5,346.5h0.8c0.9,0,1.6-0.3,1.6-1s-0.5-1-1.5-1 c-0.3,0-0.6,0-0.9,0.1V346.5z"/>
 		</g>
 	</g>
 </svg>
--- a/Logos/symantecvip_logo.svg
+++ b/Logos/symantecvip_logo.svg
@ -1,13 +1,10 @@
 <svg xmlns="http://www.w3.org/2000/svg" id="d9ea0856-ca6b-43ff-9513-56cc72f7d9ec"
    xmlns:xlink="http://www.w3.org/1999/xlink" viewBox="0 0 62 65" fill="#fff" fill-rule="evenodd" stroke="#000" stroke-linecap="round" stroke-linejoin="round">
-    <use xlink:href="#A" x=".5" y=".5"/>
-    <symbol id="A" overflow="visible">
-        <g stroke="none" fill-rule="nonzero">
-            <path d="M27.7 64C12.396 64 0 51.594 0 36.3S12.406 8.6 27.7 8.6s27.7 12.406 27.7 27.7S42.9 64 27.7 64zm0-46.725c-5.1 0-9.855 1.97-13.333 5.565a18.85 18.85 0 0 0-5.565 13.45c0 5.102 1.97 9.855 5.565 13.45s8.348 5.565 13.333 5.565a18.85 18.85 0 0 0 13.45-5.565c3.595-3.595 5.565-8.348 5.565-13.45s-1.97-9.855-5.565-13.45c-3.7-3.594-8.464-5.565-13.45-5.565zM57.846 4.3h2.203v2.203h-2.203zm0-4.3h2.203v2.203h-2.203zM51.7 6.377h1.97v2.087H51.7z" fill="#ffb71b"/>
-            <g fill="#231f20">
-                <path d="M47.76 10.55h2.087v1.97H47.76zm6.028-1.97h2.32v2.087h-2.32zm-8 0h1.97v1.97h-1.97zm5.912 1.97h1.97v1.97H51.7zm3.943-8.463h2.077v2.087h-2.087zM51.7 4.3h3.942v2.203H51.7z"/>
-                <path d="M49.846 6.377h1.97v4.174h-1.97zm0 6.145v2.087H47.76v-2.087h-3.362v1.507h-1.855v1.855h1.97v1.97h-1.97v-1.97h-2.087v3.13H38.37v1.97h-1.4v2.087h-1.5c-1.623 2.435-5.797 10.203-7.072 13.333-4.522-6.377-8.116-8.812-10.9-9.74-1.507-.464-3.362 1.16-.812 3.7 5.68 6.26 7.536 11.478 9.275 15.652.928 2.203 4.986 2.55 5.913.348 1.74-4.754 4.3-10.087 7.304-14.377v-2.203H40.8V27.7h1.74v-2.32h1.97v-2.32h-2.087v-2.087h2.087v2.087h1.97v-2.087h1.74V18.55h1.855v-1.623H51.7v-4.3h-1.855z"/>
-            </g>
+    <g stroke="none" fill-rule="nonzero" transform='translate(0.5 0.5)'>
+        <path d="M27.7 64C12.396 64 0 51.594 0 36.3S12.406 8.6 27.7 8.6s27.7 12.406 27.7 27.7S42.9 64 27.7 64zm0-46.725c-5.1 0-9.855 1.97-13.333 5.565a18.85 18.85 0 0 0-5.565 13.45c0 5.102 1.97 9.855 5.565 13.45s8.348 5.565 13.333 5.565a18.85 18.85 0 0 0 13.45-5.565c3.595-3.595 5.565-8.348 5.565-13.45s-1.97-9.855-5.565-13.45c-3.7-3.594-8.464-5.565-13.45-5.565zM57.846 4.3h2.203v2.203h-2.203zm0-4.3h2.203v2.203h-2.203zM51.7 6.377h1.97v2.087H51.7z" fill="#ffb71b"/>
+        <g fill="#231f20">
+            <path d="M47.76 10.55h2.087v1.97H47.76zm6.028-1.97h2.32v2.087h-2.32zm-8 0h1.97v1.97h-1.97zm5.912 1.97h1.97v1.97H51.7zm3.943-8.463h2.077v2.087h-2.087zM51.7 4.3h3.942v2.203H51.7z"/>
+            <path d="M49.846 6.377h1.97v4.174h-1.97zm0 6.145v2.087H47.76v-2.087h-3.362v1.507h-1.855v1.855h1.97v1.97h-1.97v-1.97h-2.087v3.13H38.37v1.97h-1.4v2.087h-1.5c-1.623 2.435-5.797 10.203-7.072 13.333-4.522-6.377-8.116-8.812-10.9-9.74-1.507-.464-3.362 1.16-.812 3.7 5.68 6.26 7.536 11.478 9.275 15.652.928 2.203 4.986 2.55 5.913.348 1.74-4.754 4.3-10.087 7.304-14.377v-2.203H40.8V27.7h1.74v-2.32h1.97v-2.32h-2.087v-2.087h2.087v2.087h1.97v-2.087h1.74V18.55h1.855v-1.623H51.7v-4.3h-1.855z"/>
        </g>
-    </symbol>
+    </g>
 </svg>
--- a/Logos/vmwarecarbonblack_logo.svg
+++ b/Logos/vmwarecarbonblack_logo.svg
@ -1,11 +1,9 @@
 <?xml version="1.0" encoding="utf-8"?>
 <!-- Generator: Adobe Illustrator 19.2.1, SVG Export Plug-In . SVG Version: 6.00 Build 0)  -->
-<svg version="1.1" id="layer" xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink" x="0px" y="0px"
-	 viewBox="0 0 652 652" style="enable-background:new 0 0 652 652;" xml:space="preserve">
-<style type="text/css">
-	.st0{fill:#0A0A0A;}
-</style>
-<path class="st0" d="M620,339.1h-10.2l-5.1,8.8l5.1,8.8H620l5.1-8.8L620,339.1 M598.5,308.2h-12.7l-8.9,15.3c-1.1,1.6-1.5,2.6-4,2.7
+<svg version="1.1" id="270b7627-20d2-458b-b4b4-f2f44dd07df0" 
+	xmlns="http://www.w3.org/2000/svg" 
+	xmlns:xlink="http://www.w3.org/1999/xlink" x="0px" y="0px" viewBox="0 0 652 652" style="enable-background:new 0 0 652 652;" xml:space="preserve">
+	<path style="fill:#0A0A0A;" d="M620,339.1h-10.2l-5.1,8.8l5.1,8.8H620l5.1-8.8L620,339.1 M598.5,308.2h-12.7l-8.9,15.3c-1.1,1.6-1.5,2.6-4,2.7
 	h-6.1v-33.9h-11.4v64.4h11.4v-20.1h5c2.4,0.1,2.9,1,3.8,2.5l10.1,17.6h12.8l-14-24.3L598.5,308.2z M547.1,312.8
 	c-1.8-1.4-3.7-2.6-5.8-3.5c-3.2-1.4-6.6-2.1-10.1-2.1c-4.5,0-9,1.2-12.9,3.5c-3.9,2.2-7.2,5.4-9.5,9.3c-2.3,3.8-3.6,8.1-3.6,12.5
 	c0,4.4,1.2,8.8,3.6,12.6c2.3,3.9,5.6,7.1,9.5,9.3c7.1,4.1,15.7,4.6,23.2,1.3c2-0.9,4-2.1,5.7-3.5l-5.1-8.9c-1.4,1.5-3,2.7-4.8,3.5
--- a/Parsers/AwsS3BucketAPILogsParser.txt
+++ b/Parsers/AwsS3BucketAPILogsParser.txt
@ -1,8 +1,8 @@
 // KQL AWS S3 Bucket API Logs Parser
-// Last Updated Date: Nov 11 2019
+// Last Updated Date: June 22, 2020
 //
 // Enable AWS S3 Object Level Logging:
-// https://docs.aws.amazon.com/awscloudtrail/latest/userguide/logging-management-and-data-events-with-cloudtrail.html#logging-data-events
+// https://docs.aws.amazon.com/AmazonS3/latest/user-guide/enable-cloudtrail-events.html
 //
 // Parser Notes:
 // 1. This parser works if logs are ingested via Logstash config under Logstash folder.
--- a/Data/Feeds/Microsoft.Covid19.Indicators.csv
+++ b/Data/Feeds/Microsoft.Covid19.Indicators.csv
@ -655,4 +655,11 @@
 6/18/2020 10:54:36 PM,423ec50c2995bf94960187430e575244bddd681561d5afefdbb8a67be815819f,sha256,white,Azure Sentinel,Phish,Microsoft COVID-19 Threat Indicators
 6/18/2020 10:43:11 PM,f87119e2765dac058a58db5923f2cbb4d557c016eb3f2ab179c8e4c6aefe4711,sha256,white,Azure Sentinel,Phish,Microsoft COVID-19 Threat Indicators
 6/14/2020 8:33:48 PM,480aa8e298172fba620b5c0338fdac6468d5a4cd558bac5b3d5a763d70457506,sha256,white,Azure Sentinel,Phish,Microsoft COVID-19 Threat Indicators
-6/18/2020 12:24:16 PM,e10af470a58c060d2669d8b27e631f1f5a9abc0c901e6a37cf0edb6bf424180d,sha256,white,Azure Sentinel,Malware,Microsoft COVID-19 Threat Indicators
+6/18/2020 12:24:16 PM,e10af470a58c060d2669d8b27e631f1f5a9abc0c901e6a37cf0edb6bf424180d,sha256,white,Azure Sentinel,Malware,Microsoft COVID-19 Threat Indicators
+6/22/2020 11:32:17 AM,644c02e8ba4a019e702578e68cda27d8293a91661a220bd007d524f205703f80,sha256,white,Azure Sentinel,Malware,Microsoft COVID-19 Threat Indicators
+6/20/2020 7:43:39 PM,1286417a7414be12c1b811e5ad63435c2ecfcc21df6de3a5c3e7f944983a33a3,sha256,white,Azure Sentinel,Phish,Microsoft COVID-19 Threat Indicators
+6/21/2020 5:49:41 PM,ad5b351ee45017b66e502603023b2f4167f5bd8fcd1e4b5d37e7c7061e7902a6,sha256,white,Azure Sentinel,Phish,Microsoft COVID-19 Threat Indicators
+6/22/2020 6:37:58 PM,cde4322ae84041db8aeafc2ef302e6dc7407ee87a42e8f06c1a1d3eeabb88428,sha256,white,Azure Sentinel,Phish,Microsoft COVID-19 Threat Indicators
+6/22/2020 6:24:54 PM,aa110b07bfc48535ece41a5315ad14f3d24335d2a7704876b2613a36094fd242,sha256,white,Azure Sentinel,Malware,Microsoft COVID-19 Threat Indicators
+6/22/2020 6:19:19 PM,3db12bf96968a268743c6e6784afd5c354734b15d481036aaea351933e16e59b,sha256,white,Azure Sentinel,Malware,Microsoft COVID-19 Threat Indicators
+6/22/2020 8:42:25 PM,de09301a4b872e31f3658df15608eb7b0e66742ab72ea9ee1bae8755d6e275f8,sha256,white,Azure Sentinel,Phish,Microsoft COVID-19 Threat Indicators
--- a/Data/Feeds/Microsoft.Covid19.Indicators.json
+++ b/Data/Feeds/Microsoft.Covid19.Indicators.json
--- a/Workbooks/Images/Logos/AIVectraDetect.svg
+++ b/Workbooks/Images/Logos/AIVectraDetect.svg
@ -1,15 +1,13 @@
 <?xml version="1.0" standalone="no"?>
 <!DOCTYPE svg PUBLIC "-//W3C//DTD SVG 20010904//EN"
 "http://www.w3.org/TR/2001/REC-SVG-20010904/DTD/svg10.dtd">
-<svg version="1.0" xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink" x="0px" y="0px" viewBox="0 0 75.000000 75.000000" style=" enable-background:new 0 0 75.000000 75.000000;" xml:space="preserve">
-<g transform="translate(0.000000,75.000000) scale(0.100000,-0.100000)" fill="#048404" stroke="none">
-<path d="M65 741 c-50 -21 -60 -47 -63 -161 l-4 -109 87 -170 c48 -94 91 -171
-96 -171 10 0 60 93 212 393 l115 227 -211 -1 c-117 0 -221 -4 -232 -8z"></path>
-<path d="M680 634 c35 -65 65 -121 67 -123 1 -2 3 35 3 82 0 80 -2 89 -27 117 -19 20 -41 33 -67 37 l-39 6 63 -119z"></path>
-<path d="M527 573 c-19 -38 -91 -179 -160 -314 -70 -135 -127 -249 -127 -252
-0 -4 95 -7 210 -7 169 0 217 3 240 15 48 25 60 61 60 175 l0 100 -91 175 c-50
-96 -93 175 -95 175 -2 0 -19 -30 -37 -67z"></path>
-<path d="M1 167 c-1 -90 14 -129 59 -152 31 -16 60 -20 59 -7 0 4 -27 59 -59
-122 l-59 115 0 -78z"></path>
-</g>
+<svg version="1.0" id="02ea04f9-92a9-4c01-9f1c-02fa569b9e85"
+    xmlns="http://www.w3.org/2000/svg" 
+    xmlns:xlink="http://www.w3.org/1999/xlink" x="0px" y="0px" viewBox="0 0 75.000000 75.000000" style=" enable-background:new 0 0 75.000000 75.000000;" xml:space="preserve">
+    <g transform="translate(0.000000,75.000000) scale(0.100000,-0.100000)" fill="#048404" stroke="none">
+        <path d="M65 741 c-50 -21 -60 -47 -63 -161 l-4 -109 87 -170 c48 -94 91 -171 96 -171 10 0 60 93 212 393 l115 227 -211 -1 c-117 0 -221 -4 -232 -8z"></path>
+        <path d="M680 634 c35 -65 65 -121 67 -123 1 -2 3 35 3 82 0 80 -2 89 -27 117 -19 20 -41 33 -67 37 l-39 6 63 -119z"></path>
+        <path d="M527 573 c-19 -38 -91 -179 -160 -314 -70 -135 -127 -249 -127 -252 0 -4 95 -7 210 -7 169 0 217 3 240 15 48 25 60 61 60 175 l0 100 -91 175 c-50 96 -93 175 -95 175 -2 0 -19 -30 -37 -67z"></path>
+        <path d="M1 167 c-1 -90 14 -129 59 -152 31 -16 60 -20 59 -7 0 4 -27 59 -59 122 l-59 115 0 -78z"></path>
+    </g>
 </svg>
--- a/Workbooks/Images/Logos/infoblox_logo.svg
+++ b/Workbooks/Images/Logos/infoblox_logo.svg
@ -1 +1,12 @@
-<svg xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink" viewBox="0 0 56 66" fill="#fff" fill-rule="evenodd" stroke="#000" stroke-linecap="round" stroke-linejoin="round"><use xlink:href="#A" x=".5" y=".5"/><symbol id="A" overflow="visible"><g stroke="none" fill-rule="nonzero"><path d="M10.095 27.966l-9.68-7.26c-.27-.27-.403-.538-.403-.672a.74.74 0 0 1 .403-.672l9.68-7.26c.672-.538 2.017-.538 2.824 0l9.68 7.26c.27.27.403.538.403.672a.74.74 0 0 1-.403.672l-9.68 7.26c-.807.538-2.15.538-2.824 0" fill="#95c840"/><path d="M10.095 51.36L.403 44.1C.133 43.83 0 43.56 0 43.427a.74.74 0 0 1 .403-.672l9.68-7.26c.672-.538 2.017-.538 2.824 0l9.68 7.26c.27.27.403.538.403.672a.74.74 0 0 1-.403.672l-9.68 7.26c-.807.672-2.15.672-2.824 0" fill="#59c9e6"/><use xlink:href="#C" fill="#ebe719"/><path d="M25.69 39.798l-9.68-7.26c-.27-.27-.403-.538-.403-.672a.74.74 0 0 1 .403-.672l9.68-7.26c.807-.538 2.017-.538 2.824 0l9.68 7.26c.27.27.403.538.403.672a.74.74 0 0 1-.403.672l-9.68 7.26c-.807.538-2.017.538-2.824 0" fill="#50c0af"/><use xlink:href="#C" y="47.194" fill="#0377bb"/><path d="M41.288 27.966l-9.68-7.26c-.27-.27-.403-.538-.403-.672a.74.74 0 0 1 .403-.672l9.68-7.26c.672-.538 2.017-.538 2.824 0l9.68 7.26c.27.27.403.538.403.672a.74.74 0 0 1-.403.672l-9.68 7.26c-.672.538-2.017.538-2.824 0" fill="#78bc43"/><path d="M41.288 51.36l-9.68-7.26c-.27-.27-.403-.538-.403-.672a.74.74 0 0 1 .403-.672l9.68-7.26c.672-.538 2.017-.538 2.824 0l9.68 7.26c.27.27.403.538.403.672a.74.74 0 0 1-.403.672l-9.68 7.26c-.672.672-2.017.672-2.824 0" fill="#109fda"/></g></symbol><defs><path id="C" d="M25.69 16.403l-9.68-7.26c-.27-.27-.403-.538-.403-.807a.74.74 0 0 1 .403-.672l9.68-7.26c.807-.538 2.017-.538 2.824 0l9.68 7.26c.27.27.403.538.403.672 0 .27-.134.538-.403.807l-9.68 7.26c-.807.538-2.017.538-2.824 0"/></defs></svg>
+<svg xmlns="http://www.w3.org/2000/svg" id="32de6b2b-4165-4947-9b45-8b5aa59ef5d4"
+    xmlns:xlink="http://www.w3.org/1999/xlink" viewBox="0 0 56 66" fill="#fff" fill-rule="evenodd" stroke="#000" stroke-linecap="round" stroke-linejoin="round">
+	<g stroke="none" fill-rule="nonzero"  transform='translate(0.5 0.5)'>
+		<path d="M10.095 27.966l-9.68-7.26c-.27-.27-.403-.538-.403-.672a.74.74 0 0 1 .403-.672l9.68-7.26c.672-.538 2.017-.538 2.824 0l9.68 7.26c.27.27.403.538.403.672a.74.74 0 0 1-.403.672l-9.68 7.26c-.807.538-2.15.538-2.824 0" fill="#95c840"/>
+		<path d="M10.095 51.36L.403 44.1C.133 43.83 0 43.56 0 43.427a.74.74 0 0 1 .403-.672l9.68-7.26c.672-.538 2.017-.538 2.824 0l9.68 7.26c.27.27.403.538.403.672a.74.74 0 0 1-.403.672l-9.68 7.26c-.807.672-2.15.672-2.824 0" fill="#59c9e6"/>
+		<path d="M25.69 16.403l-9.68-7.26c-.27-.27-.403-.538-.403-.807a.74.74 0 0 1 .403-.672l9.68-7.26c.807-.538 2.017-.538 2.824 0l9.68 7.26c.27.27.403.538.403.672 0 .27-.134.538-.403.807l-9.68 7.26c-.807.538-2.017.538-2.824 0" fill="#ebe719"/>
+		<path d="M25.69 39.798l-9.68-7.26c-.27-.27-.403-.538-.403-.672a.74.74 0 0 1 .403-.672l9.68-7.26c.807-.538 2.017-.538 2.824 0l9.68 7.26c.27.27.403.538.403.672a.74.74 0 0 1-.403.672l-9.68 7.26c-.807.538-2.017.538-2.824 0" fill="#50c0af"/>
+		<path transform="translate(0,47.194)" d="M25.69 16.403l-9.68-7.26c-.27-.27-.403-.538-.403-.807a.74.74 0 0 1 .403-.672l9.68-7.26c.807-.538 2.017-.538 2.824 0l9.68 7.26c.27.27.403.538.403.672 0 .27-.134.538-.403.807l-9.68 7.26c-.807.538-2.017.538-2.824 0" fill="#0377bb"/>
+		<path d="M41.288 27.966l-9.68-7.26c-.27-.27-.403-.538-.403-.672a.74.74 0 0 1 .403-.672l9.68-7.26c.672-.538 2.017-.538 2.824 0l9.68 7.26c.27.27.403.538.403.672a.74.74 0 0 1-.403.672l-9.68 7.26c-.672.538-2.017.538-2.824 0" fill="#78bc43"/>
+		<path d="M41.288 51.36l-9.68-7.26c-.27-.27-.403-.538-.403-.672a.74.74 0 0 1 .403-.672l9.68-7.26c.672-.538 2.017-.538 2.824 0l9.68 7.26c.27.27.403.538.403.672a.74.74 0 0 1-.403.672l-9.68 7.26c-.672.672-2.017.672-2.824 0" fill="#109fda"/>
+	</g>
+</svg>
--- a/Workbooks/Images/Logos/proofpointlogo.svg
+++ b/Workbooks/Images/Logos/proofpointlogo.svg
@ -1,42 +1,22 @@
 <?xml version="1.0" encoding="utf-8"?>
 <!-- Generator: Adobe Illustrator 19.2.1, SVG Export Plug-In . SVG Version: 6.00 Build 0)  -->
-<svg version="1.1" id="layer" xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink" x="0px" y="0px"
-	 viewBox="0 0 652 652" style="enable-background:new 0 0 652 652;" xml:space="preserve">
-<style type="text/css">
-	.st0{fill:#231F20;}
-</style>
-<g id="Layer_2">
-	<g id="Layer_1-2">
-		<path class="st0" d="M597.7,352.5v-12.8h-4.4c-4.8,0-5.9-0.7-5.9-4.1v-35.2h10.4v-11.9h-10.4v-17.3h-17.8v17.3h-8.9v11.9h8.9v34.3
-			c0,13.3,3.2,18.1,18,18.1C589.4,352.9,592.8,352.6,597.7,352.5"/>
-		<path class="st0" d="M495.5,352.1h18v-37.7c0-8.4,5.4-13.4,13.8-13.4c7.7,0,10.4,4.1,10.4,12.7v38.4h18v-43.3
-			c0-14.6-7.3-21.9-22.1-21.9c-8.5,0-15.3,3.1-20.4,9.2v-7.5h-17.6V352.1z"/>
-		<rect x="466.5" y="266.1" class="st0" width="18" height="15.4"/>
-		<rect x="466.5" y="288.5" class="st0" width="18" height="63.5"/>
-		<path class="st0" d="M409.7,320.2c0-12.7,5.8-19.6,15.8-19.6c10,0,15.7,6.9,15.7,19.6c0,12.7-5.7,19.7-15.7,19.7
-			S409.7,332.9,409.7,320.2 M391.5,320.2c0,21.2,12.9,34,34,34s34-12.8,34-34c0-21.2-12.9-34-34-34S391.5,299,391.5,320.2"/>
-		<path class="st0" d="M367.9,320.7c0,11.8-5.7,18.8-14.5,18.8c-9.5,0-15-6.7-15-18.8c0-13,5.2-19.7,14.7-19.7
-			C362.4,301,367.9,307.8,367.9,320.7 M320.8,377.5h17.5v-33.4c4.4,6.6,11.3,10,19.9,10c15.7,0,27.6-13.3,27.6-34.2
-			c0-20.3-11.6-33.6-27.8-33.6c-8.7,0-14.8,3.4-20,10.8v-8.6h-17.1V377.5z"/>
-		<path class="st0" d="M284.3,352.1h17.6v-51.6H313v-11.9h-11.3v-4.4c0-4.1,1.6-4.8,6.6-4.8h4.7v-13.5c-3.2-0.2-5.9-0.4-8.6-0.4
-			c-13.8,0-20.1,5.3-20.1,17.2v5.9h-9.6v11.9h9.6L284.3,352.1z"/>
-		<path class="st0" d="M223.8,320.2c0-12.7,5.8-19.6,15.8-19.6c10,0,15.7,6.9,15.7,19.6c0,12.7-5.7,19.7-15.7,19.7
-			C229.6,340,223.8,332.9,223.8,320.2 M205.6,320.2c0,21.2,12.9,34,34,34c21.1,0,34-12.8,34-34c0-21.2-12.9-34-34-34
-			C218.4,286.3,205.5,299.1,205.6,320.2"/>
-		<path class="st0" d="M151.6,320.2c0-12.7,5.8-19.6,15.8-19.6s15.7,6.9,15.7,19.6c0,12.7-5.7,19.7-15.7,19.7
-			S151.6,332.9,151.6,320.2 M133.4,320.2c0,21.2,12.9,34,34,34s34-12.8,34-34s-12.9-34-34-34S133.4,299.1,133.4,320.2"/>
-		<path class="st0" d="M92.7,352.1h18v-33.6c0-9.6,5.1-14.4,14.8-14.4h5.9v-17.2c-0.9-0.1-1.8-0.1-2.7-0.1
-			c-8.6,0-14.7,3.9-19.4,12.7v-10.9H92.7V352.1z"/>
-		<path class="st0" d="M67.6,320.7c0,11.8-5.7,18.8-14.5,18.8c-9.5,0-15-6.7-15-18.8c0-13,5.2-19.7,14.7-19.7S67.7,307.8,67.6,320.7
-			 M20.6,377.5H38v-33.4c4.4,6.6,11.3,10,19.9,10c15.7,0,27.6-13.3,27.6-34.2c0-20.3-11.6-33.6-27.8-33.6c-8.7,0-14.8,3.4-20,10.8
-			v-8.6H20.6V377.5z"/>
-		<path class="st0" d="M620.6,346.8c0.1,3.9-2.9,7.1-6.8,7.2c-3.9,0.1-7.1-2.9-7.2-6.8c-0.1-3.9,2.9-7.1,6.8-7.2c0.1,0,0.2,0,0.3,0
-			C617.4,339.9,620.5,343,620.6,346.8C620.6,346.8,620.6,346.8,620.6,346.8z M608.3,346.8c-0.1,2.9,2.2,5.4,5.1,5.5
-			c0.1,0,0.1,0,0.2,0c2.9,0,5.2-2.4,5.2-5.2c0-0.1,0-0.1,0-0.2c0.1-2.9-2.1-5.4-5-5.5c-2.9-0.1-5.4,2.1-5.5,5
-			C608.3,346.5,608.3,346.7,608.3,346.8L608.3,346.8z M612.5,350.4h-1.6v-6.8c0.9-0.2,1.7-0.2,2.6-0.2c0.8-0.1,1.6,0.1,2.4,0.5
-			c0.4,0.4,0.7,0.9,0.7,1.5c-0.1,0.8-0.6,1.4-1.4,1.6v0.1c0.7,0.3,1.2,0.9,1.2,1.6c0.1,0.6,0.2,1.2,0.5,1.7h-1.7
-			c-0.3-0.5-0.4-1.1-0.5-1.7c-0.1-0.8-0.5-1.1-1.4-1.1h-0.8L612.5,350.4z M612.5,346.5h0.8c0.9,0,1.6-0.3,1.6-1s-0.5-1-1.5-1
-			c-0.3,0-0.6,0-0.9,0.1V346.5z"/>
+<svg version="1.1" id="4ff5cc45-bc12-48de-9eee-0cfdfcd7ba1c" 
+	xmlns="http://www.w3.org/2000/svg" 
+	xmlns:xlink="http://www.w3.org/1999/xlink" x="0px" y="0px" viewBox="0 0 652 652" style="enable-background:new 0 0 652 652;" xml:space="preserve">
+	<g id="Layer_2">
+		<g id="Layer_1-2">
+			<path style="fill:#231F20;" d="M597.7,352.5v-12.8h-4.4c-4.8,0-5.9-0.7-5.9-4.1v-35.2h10.4v-11.9h-10.4v-17.3h-17.8v17.3h-8.9v11.9h8.9v34.3 c0,13.3,3.2,18.1,18,18.1C589.4,352.9,592.8,352.6,597.7,352.5"/>
+			<path style="fill:#231F20;" d="M495.5,352.1h18v-37.7c0-8.4,5.4-13.4,13.8-13.4c7.7,0,10.4,4.1,10.4,12.7v38.4h18v-43.3 c0-14.6-7.3-21.9-22.1-21.9c-8.5,0-15.3,3.1-20.4,9.2v-7.5h-17.6V352.1z"/>
+			<rect x="466.5" y="266.1" style="fill:#231F20;" width="18" height="15.4"/>
+			<rect x="466.5" y="288.5" style="fill:#231F20;" width="18" height="63.5"/>
+			<path style="fill:#231F20;" d="M409.7,320.2c0-12.7,5.8-19.6,15.8-19.6c10,0,15.7,6.9,15.7,19.6c0,12.7-5.7,19.7-15.7,19.7 S409.7,332.9,409.7,320.2 M391.5,320.2c0,21.2,12.9,34,34,34s34-12.8,34-34c0-21.2-12.9-34-34-34S391.5,299,391.5,320.2"/>
+			<path style="fill:#231F20;" d="M367.9,320.7c0,11.8-5.7,18.8-14.5,18.8c-9.5,0-15-6.7-15-18.8c0-13,5.2-19.7,14.7-19.7 C362.4,301,367.9,307.8,367.9,320.7 M320.8,377.5h17.5v-33.4c4.4,6.6,11.3,10,19.9,10c15.7,0,27.6-13.3,27.6-34.2 c0-20.3-11.6-33.6-27.8-33.6c-8.7,0-14.8,3.4-20,10.8v-8.6h-17.1V377.5z"/>
+			<path style="fill:#231F20;" d="M284.3,352.1h17.6v-51.6H313v-11.9h-11.3v-4.4c0-4.1,1.6-4.8,6.6-4.8h4.7v-13.5c-3.2-0.2-5.9-0.4-8.6-0.4 c-13.8,0-20.1,5.3-20.1,17.2v5.9h-9.6v11.9h9.6L284.3,352.1z"/>
+			<path style="fill:#231F20;" d="M223.8,320.2c0-12.7,5.8-19.6,15.8-19.6c10,0,15.7,6.9,15.7,19.6c0,12.7-5.7,19.7-15.7,19.7 C229.6,340,223.8,332.9,223.8,320.2 M205.6,320.2c0,21.2,12.9,34,34,34c21.1,0,34-12.8,34-34c0-21.2-12.9-34-34-34 C218.4,286.3,205.5,299.1,205.6,320.2"/>
+			<path style="fill:#231F20;" d="M151.6,320.2c0-12.7,5.8-19.6,15.8-19.6s15.7,6.9,15.7,19.6c0,12.7-5.7,19.7-15.7,19.7 S151.6,332.9,151.6,320.2 M133.4,320.2c0,21.2,12.9,34,34,34s34-12.8,34-34s-12.9-34-34-34S133.4,299.1,133.4,320.2"/>
+			<path style="fill:#231F20;" d="M92.7,352.1h18v-33.6c0-9.6,5.1-14.4,14.8-14.4h5.9v-17.2c-0.9-0.1-1.8-0.1-2.7-0.1 c-8.6,0-14.7,3.9-19.4,12.7v-10.9H92.7V352.1z"/>
+			<path style="fill:#231F20;" d="M67.6,320.7c0,11.8-5.7,18.8-14.5,18.8c-9.5,0-15-6.7-15-18.8c0-13,5.2-19.7,14.7-19.7S67.7,307.8,67.6,320.7 M20.6,377.5H38v-33.4c4.4,6.6,11.3,10,19.9,10c15.7,0,27.6-13.3,27.6-34.2c0-20.3-11.6-33.6-27.8-33.6c-8.7,0-14.8,3.4-20,10.8 v-8.6H20.6V377.5z"/>
+			<path style="fill:#231F20;" d="M620.6,346.8c0.1,3.9-2.9,7.1-6.8,7.2c-3.9,0.1-7.1-2.9-7.2-6.8c-0.1-3.9,2.9-7.1,6.8-7.2c0.1,0,0.2,0,0.3,0 C617.4,339.9,620.5,343,620.6,346.8C620.6,346.8,620.6,346.8,620.6,346.8z M608.3,346.8c-0.1,2.9,2.2,5.4,5.1,5.5 c0.1,0,0.1,0,0.2,0c2.9,0,5.2-2.4,5.2-5.2c0-0.1,0-0.1,0-0.2c0.1-2.9-2.1-5.4-5-5.5c-2.9-0.1-5.4,2.1-5.5,5 C608.3,346.5,608.3,346.7,608.3,346.8L608.3,346.8z M612.5,350.4h-1.6v-6.8c0.9-0.2,1.7-0.2,2.6-0.2c0.8-0.1,1.6,0.1,2.4,0.5 c0.4,0.4,0.7,0.9,0.7,1.5c-0.1,0.8-0.6,1.4-1.4,1.6v0.1c0.7,0.3,1.2,0.9,1.2,1.6c0.1,0.6,0.2,1.2,0.5,1.7h-1.7 c-0.3-0.5-0.4-1.1-0.5-1.7c-0.1-0.8-0.5-1.1-1.4-1.1h-0.8L612.5,350.4z M612.5,346.5h0.8c0.9,0,1.6-0.3,1.6-1s-0.5-1-1.5-1 c-0.3,0-0.6,0-0.9,0.1V346.5z"/>
+		</g>
 	</g>
-</g>
 </svg>
--- a/Workbooks/Images/Logos/qualys_logo.svg
+++ b/Workbooks/Images/Logos/qualys_logo.svg
--- a/Workbooks/Images/Logos/symantecvip_logo.svg
+++ b/Workbooks/Images/Logos/symantecvip_logo.svg
@ -1 +1,10 @@
-<svg xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink" viewBox="0 0 62 65" fill="#fff" fill-rule="evenodd" stroke="#000" stroke-linecap="round" stroke-linejoin="round"><use xlink:href="#A" x=".5" y=".5"/><symbol id="A" overflow="visible"><g stroke="none" fill-rule="nonzero"><path d="M27.7 64C12.396 64 0 51.594 0 36.3S12.406 8.6 27.7 8.6s27.7 12.406 27.7 27.7S42.9 64 27.7 64zm0-46.725c-5.1 0-9.855 1.97-13.333 5.565a18.85 18.85 0 0 0-5.565 13.45c0 5.102 1.97 9.855 5.565 13.45s8.348 5.565 13.333 5.565a18.85 18.85 0 0 0 13.45-5.565c3.595-3.595 5.565-8.348 5.565-13.45s-1.97-9.855-5.565-13.45c-3.7-3.594-8.464-5.565-13.45-5.565zM57.846 4.3h2.203v2.203h-2.203zm0-4.3h2.203v2.203h-2.203zM51.7 6.377h1.97v2.087H51.7z" fill="#ffb71b"/><g fill="#231f20"><path d="M47.76 10.55h2.087v1.97H47.76zm6.028-1.97h2.32v2.087h-2.32zm-8 0h1.97v1.97h-1.97zm5.912 1.97h1.97v1.97H51.7zm3.943-8.463h2.077v2.087h-2.087zM51.7 4.3h3.942v2.203H51.7z"/><path d="M49.846 6.377h1.97v4.174h-1.97zm0 6.145v2.087H47.76v-2.087h-3.362v1.507h-1.855v1.855h1.97v1.97h-1.97v-1.97h-2.087v3.13H38.37v1.97h-1.4v2.087h-1.5c-1.623 2.435-5.797 10.203-7.072 13.333-4.522-6.377-8.116-8.812-10.9-9.74-1.507-.464-3.362 1.16-.812 3.7 5.68 6.26 7.536 11.478 9.275 15.652.928 2.203 4.986 2.55 5.913.348 1.74-4.754 4.3-10.087 7.304-14.377v-2.203H40.8V27.7h1.74v-2.32h1.97v-2.32h-2.087v-2.087h2.087v2.087h1.97v-2.087h1.74V18.55h1.855v-1.623H51.7v-4.3h-1.855z"/></g></g></symbol></svg>
+<svg xmlns="http://www.w3.org/2000/svg" id="d9ea0856-ca6b-43ff-9513-56cc72f7d9ec"
+    xmlns:xlink="http://www.w3.org/1999/xlink" viewBox="0 0 62 65" fill="#fff" fill-rule="evenodd" stroke="#000" stroke-linecap="round" stroke-linejoin="round">
+    <g stroke="none" fill-rule="nonzero" transform='translate(0.5 0.5)'>
+        <path d="M27.7 64C12.396 64 0 51.594 0 36.3S12.406 8.6 27.7 8.6s27.7 12.406 27.7 27.7S42.9 64 27.7 64zm0-46.725c-5.1 0-9.855 1.97-13.333 5.565a18.85 18.85 0 0 0-5.565 13.45c0 5.102 1.97 9.855 5.565 13.45s8.348 5.565 13.333 5.565a18.85 18.85 0 0 0 13.45-5.565c3.595-3.595 5.565-8.348 5.565-13.45s-1.97-9.855-5.565-13.45c-3.7-3.594-8.464-5.565-13.45-5.565zM57.846 4.3h2.203v2.203h-2.203zm0-4.3h2.203v2.203h-2.203zM51.7 6.377h1.97v2.087H51.7z" fill="#ffb71b"/>
+        <g fill="#231f20">
+            <path d="M47.76 10.55h2.087v1.97H47.76zm6.028-1.97h2.32v2.087h-2.32zm-8 0h1.97v1.97h-1.97zm5.912 1.97h1.97v1.97H51.7zm3.943-8.463h2.077v2.087h-2.087zM51.7 4.3h3.942v2.203H51.7z"/>
+            <path d="M49.846 6.377h1.97v4.174h-1.97zm0 6.145v2.087H47.76v-2.087h-3.362v1.507h-1.855v1.855h1.97v1.97h-1.97v-1.97h-2.087v3.13H38.37v1.97h-1.4v2.087h-1.5c-1.623 2.435-5.797 10.203-7.072 13.333-4.522-6.377-8.116-8.812-10.9-9.74-1.507-.464-3.362 1.16-.812 3.7 5.68 6.26 7.536 11.478 9.275 15.652.928 2.203 4.986 2.55 5.913.348 1.74-4.754 4.3-10.087 7.304-14.377v-2.203H40.8V27.7h1.74v-2.32h1.97v-2.32h-2.087v-2.087h2.087v2.087h1.97v-2.087h1.74V18.55h1.855v-1.623H51.7v-4.3h-1.855z"/>
+        </g>
+    </g>
+</svg>
--- a/Workbooks/Images/Logos/vmwarecarbonblack_logo.svg
+++ b/Workbooks/Images/Logos/vmwarecarbonblack_logo.svg
@ -3,10 +3,7 @@
 <svg version="1.1" id="270b7627-20d2-458b-b4b4-f2f44dd07df0" 
 	xmlns="http://www.w3.org/2000/svg" 
 	xmlns:xlink="http://www.w3.org/1999/xlink" x="0px" y="0px" viewBox="0 0 652 652" style="enable-background:new 0 0 652 652;" xml:space="preserve">
-	<style type="text/css">
-	.st0{fill:#0A0A0A;}
-	</style>
-	<path class="st0" d="M620,339.1h-10.2l-5.1,8.8l5.1,8.8H620l5.1-8.8L620,339.1 M598.5,308.2h-12.7l-8.9,15.3c-1.1,1.6-1.5,2.6-4,2.7
+	<path style="fill:#0A0A0A;" d="M620,339.1h-10.2l-5.1,8.8l5.1,8.8H620l5.1-8.8L620,339.1 M598.5,308.2h-12.7l-8.9,15.3c-1.1,1.6-1.5,2.6-4,2.7
 	h-6.1v-33.9h-11.4v64.4h11.4v-20.1h5c2.4,0.1,2.9,1,3.8,2.5l10.1,17.6h12.8l-14-24.3L598.5,308.2z M547.1,312.8
 	c-1.8-1.4-3.7-2.6-5.8-3.5c-3.2-1.4-6.6-2.1-10.1-2.1c-4.5,0-9,1.2-12.9,3.5c-3.9,2.2-7.2,5.4-9.5,9.3c-2.3,3.8-3.6,8.1-3.6,12.5
 	c0,4.4,1.2,8.8,3.6,12.6c2.3,3.9,5.6,7.1,9.5,9.3c7.1,4.1,15.7,4.6,23.2,1.3c2-0.9,4-2.1,5.7-3.5l-5.1-8.9c-1.4,1.5-3,2.7-4.8,3.5
--- a/Workbooks/WorkbooksMetadata.json
+++ b/Workbooks/WorkbooksMetadata.json
@ -689,6 +689,90 @@
    "provider": "Symantec"
  },
  {
+    "workbookKey": "PulseConnectSecureWorkbook",
+    "logoFileName": "",
+    "description": "Gain insight into Pulse Secure VPN by analyzing, collecting and correlating vulnerability data.\nThis workbook provides visibility into user VPN activities",
+    "dataTypesDependencies": ["Syslog"],
+    "dataConnectorsDependencies": [ "PulseConnectSecure" ],
+    "previewImagesFileNames": [ "PulseConnectSecureWhite.png", "PulseConnectSecureBlack.png" ],
+    "version": "1.0",
+    "title": "Pulse Connect Secure",
+    "templateRelativePath": "PulseConnectSecure.json",
+    "subtitle": "",
+    "provider": "Pulse Secure",
+    "featureFlag": "PulseConnectSecureConnector"
+  },
+  {
+    "workbookKey": "InfobloxNIOSWorkbook",
+    "logoFileName": "infoblox_logo.svg",
+    "description": "Gain insight into Infoblox NIOS by analyzing, collecting and correlating DHCP and DNS data.\nThis workbook provides visibility into DHCP and DNS traffic",
+    "dataTypesDependencies": ["Syslog"],
+    "dataConnectorsDependencies": [ "InfobloxNIOS" ],
+    "previewImagesFileNames": [ "InfobloxNIOSWhite.png", "InfobloxNIOSBlack.png" ],
+    "version": "1.0",
+    "title": "Infoblox NIOS",
+    "templateRelativePath": "InfobloxNIOS.json",
+    "subtitle": "",
+    "provider": "Infoblox",
+    "featureFlag": "InfobloxNIOSConnector"
+  },
+  {
+    "workbookKey": "SymantecVIPWorkbook",
+    "logoFileName": "symantecVIP_logo.svg",
+    "description": "Gain insight into Symantec VIP by analyzing, collecting and correlating strong authentication data.\nThis workbook provides visibility into user authentications",
+    "dataTypesDependencies": ["Syslog"],
+    "dataConnectorsDependencies": [ "SymantecVIP" ],
+    "previewImagesFileNames": [ "SymantecVIPWhite.png", "SymantecVIPBlack.png" ],
+    "version": "1.0",
+    "title": "Symantec VIP",
+    "templateRelativePath": "SymantecVIP.json",
+    "subtitle": "",
+    "provider": "Symantec",
+    "featureFlag": "SymantecVIPConnector"
+  },
+  {
+    "workbookKey": "VMwareCarbonBlackWorkbook",
+    "logoFileName": "vmwarecarbonblack_logo.svg",
+    "description": "Gain extensive insight into VMware Carbon Black Cloud - Endpoint Standard by analyzing, collecting and correlating Event logs.\nThis workbook provides visibility into Carbon Black managed endpoints and identified threat event",
+    "dataTypesDependencies": [ "CarbonBlackEvents_CL","CarbonBlackNotifications_CL","CarbonBlackAuditLogs_CL" ],
+    "dataConnectorsDependencies": [ "VMwareCarbonBlack" ],
+    "previewImagesFileNames": [ "VMwareCarbonWhite.png", "VMwareCarbonBlack.png" ],
+    "version": "1.0",
+    "title": "VMware Carbon Black",
+    "templateRelativePath": "VMwareCarbonBlack.json",
+    "subtitle": "",
+    "provider": "VMware",
+    "featureFlag": "VMwareCarbonBlackConnector"
+  },
+  {
+    "workbookKey": "ProofPointTAPWorkbook",
+    "logoFileName": "proofpointlogo.svg",
+    "description": "Gain extensive insight into Proofpoint Targeted Attack Protection (TAP) by analyzing, collecting and correlating TAP log events.\nThis workbook provides visibility into message and click events that were permitted, delivered, or blocked",
+    "dataTypesDependencies": [ "ProofPointTAPMessagesBlocked_CL", "ProofPointTAPMessagesDelivered_CL", "ProofPointTAPClicksPermitted_CL", "ProofPointTAPClicksBlocked_CL" ],
+    "dataConnectorsDependencies": [ "ProofpointTAP" ],
+    "previewImagesFileNames": [ "ProofpointTAPWhite.png", "ProofpointTAPBlack.png" ],
+    "version": "1.0",
+    "title": "Proofpoint TAP",
+    "templateRelativePath": "ProofpointTAP.json",
+    "subtitle": "",
+    "provider": "Proofpoint",
+    "featureFlag": "ProofpointTAPConnector"
+  },
+  {
+    "workbookKey": "QualysVMWorkbook",
+    "logoFileName": "qualys_logo.svg",
+    "description": "Gain insight into Qualys Vulnerability Management by analyzing, collecting and correlating vulnerability data.\nThis workbook provides visibility into vulnerabilities detected from vulnerability scans",
+    "dataTypesDependencies": ["QualysHostDetection_CL"],
+    "dataConnectorsDependencies": [ "QualysVulnerabilityManagement" ],
+    "previewImagesFileNames": [ "QualysVMWhite.png", "QualysVMBlack.png" ],
+    "version": "1.0",
+    "title": "Qualys Vulnerability Management",
+    "templateRelativePath": "QualysVM.json",
+    "subtitle": "",
+    "provider": "Qualys",
+    "featureFlag": "QualysVulnerabilityManagementConnector"
+  },
+  {    
    "workbookKey": "GitHubSecurityWorkbook",
    "logoFileName": "github.svg",
    "description": "Gain insights to GitHub activities that may be interesting for security.",