Revert "solution migration threat analysis response"

Solutions/Threat Analysis Response/Package/createUiDefinition.json

@@ -1,89 +0,0 @@
-{
-  "$schema": "https://schema.management.azure.com/schemas/0.1.2-preview/CreateUIDefinition.MultiVm.json#",
-  "handler": "Microsoft.Azure.CreateUIDef",
-  "version": "0.1.2-preview",
-  "parameters": {
-    "config": {
-      "isWizard": false,
-      "basics": {
-        "description": "<img src=\"https://raw.githubusercontent.com/Azure/Azure-Sentinel/master/Workbooks/Images/Logos/Azure_Sentinel.svg\" width=\"75px\" height=\"75px\">\n\n**Note:** _There may be [known issues](https://aka.ms/sentinelsolutionsknownissues) pertaining to this Solution, please refer to them before installing._\n\nMITRE ATT&CK® is a globally-accessible knowledge base of adversary tactics and techniques based on real-world observations. The ATT&CK knowledge base is used as a foundation for the development of specific threat models and methodologies in the private sector, in government, and in the cybersecurity product and service community. The MITRE ATT&CK Cloud Matrix provides tactics and techniques representing the MITRE ATT&CK® Matrix for Enterprise covering cloud-based techniques. The Matrix contains information for the following platforms: Azure AD, Office 365, SaaS, IaaS. For more information, see the 💡 [MITRE ATT&CK: Cloud Matrix](https://attack.mitre.org/matrices/enterprise/cloud/)\n\n**Workbooks:** 2\n\n[Learn more about Microsoft Sentinel](https://aka.ms/azuresentinel) | [Learn more about Solutions](https://aka.ms/azuresentinelsolutionsdoc)",
-        "subscription": {
-          "resourceProviders": [
-            "Microsoft.OperationsManagement/solutions",
-            "Microsoft.OperationalInsights/workspaces/providers/alertRules",
-            "Microsoft.Insights/workbooks",
-            "Microsoft.Logic/workflows"
-          ]
-        },
-        "location": {
-          "metadata": {
-            "hidden": "Hiding location, we get it from the log analytics workspace"
-          },
-          "visible": false
-        },
-        "resourceGroup": {
-          "allowExisting": true
-        }
-      }
-    },
-    "basics": [
-      {
-        "name": "getLAWorkspace",
-        "type": "Microsoft.Solutions.ArmApiControl",
-        "toolTip": "This filters by workspaces that exist in the Resource Group selected",
-        "condition": "[greater(length(resourceGroup().name),0)]",
-        "request": {
-          "method": "GET",
-          "path": "[concat(subscription().id,'/providers/Microsoft.OperationalInsights/workspaces?api-version=2020-08-01')]"
-        }
-      },
-      {
-        "name": "workspace",
-        "type": "Microsoft.Common.DropDown",
-        "label": "Workspace",
-        "placeholder": "Select a workspace",
-        "toolTip": "This dropdown will list only workspace that exists in the Resource Group selected",
-        "constraints": {
-          "allowedValues": "[map(filter(basics('getLAWorkspace').value, (filter) => contains(toLower(filter.id), toLower(resourceGroup().name))), (item) => parse(concat('{\"label\":\"', item.name, '\",\"value\":\"', item.name, '\"}')))]",
-          "required": true
-        },
-        "visible": true
-      }
-    ],
-    "steps": [
-      {
-        "name": "workbooks",
-        "label": "Workbooks",
-        "subLabel": {
-          "preValidation": "Configure the workbooks",
-          "postValidation": "Done"
-        },
-        "bladeTitle": "Workbooks",
-        "elements": [
-          {
-            "name": "workbooks-text",
-            "type": "Microsoft.Common.TextBlock",
-            "options": {
-              "text": "This solution installs workbook(s) to help you gain insights into the telemetry collected in Microsoft Sentinel. After installing the solution, start using the workbook in Manage solution view."
-            }
-          },
-          {
-            "name": "workbooks-link",
-            "type": "Microsoft.Common.TextBlock",
-            "options": {
-              "link": {
-                "label": "Learn more",
-                "uri": "https://docs.microsoft.com/azure/sentinel/tutorial-monitor-your-data"
-              }
-            }
-          }
-        ]
-      }
-    ],
-    "outputs": {
-      "workspace-location": "[first(map(filter(basics('getLAWorkspace').value, (filter) => and(contains(toLower(filter.id), toLower(resourceGroup().name)),equals(filter.name,basics('workspace')))), (item) => item.location))]",
-      "location": "[location()]",
-      "workspace": "[basics('workspace')]"
-    }
-  }
-}

Solutions/ThreatAnalysis&Response/Notebook/MITREATTACKMap/readme.md

@@ -1,10 +1,10 @@
-# Threat Analysis & Response with MITRE ATT&CK Azure Function
-
-This function app will download all the detection and hunting query yaml files from Microsoft Sentinel Github, parse it , convert it into structured tabular dataset and ingest as a customlog table named MITREATTACKMap_CL. For more details about the notebook, workflow, read the blog [Using Jupyter Notebook to analyze and visualize Azure Sentinel Analytics and Hunting Queries](https://techcommunity.microsoft.com/t5/microsoft-sentinel-blog/using-jupyter-notebook-to-analyze-and-visualize-azure-sentinel/ba-p/1770400)
-
-## How it works
-
-The function will be deployed automatically once the solution is deployed. Once the function is deployed , plase set variables WorkspaceId and Workspacekey in the App Settings. For more information, check the docs [Configure App Settings](https://docs.microsoft.com/azure/azure-functions/functions-how-to-use-azure-function-app-settings)".
-
-
-
+# Threat Analysis & Response with MITRE ATT&CK Azure Function
+
+This function app will download all the detection and hunting query yaml files from Microsoft Sentinel Github, parse it , convert it into structured tabular dataset and ingest as a customlog table named MITREATTACKMap_CL. For more details about the notebook, workflow, read the blog [Using Jupyter Notebook to analyze and visualize Azure Sentinel Analytics and Hunting Queries](https://techcommunity.microsoft.com/t5/microsoft-sentinel-blog/using-jupyter-notebook-to-analyze-and-visualize-azure-sentinel/ba-p/1770400)
+
+## How it works
+
+The function will be deployed automatically once the solution is deployed. Once the function is deployed , plase set variables WorkspaceId and Workspacekey in the App Settings. For more information, check the docs [Configure App Settings](https://docs.microsoft.com/azure/azure-functions/functions-how-to-use-azure-function-app-settings)".
+
+
+

Solutions/ThreatAnalysis&Response/Package/createUiDefinition.json

@@ -0,0 +1,137 @@
+{
+  "$schema": "https://schema.management.azure.com/schemas/0.1.2-preview/CreateUIDefinition.MultiVm.json#",
+  "handler": "Microsoft.Azure.CreateUIDef",
+  "version": "0.1.2-preview",
+  "parameters": {
+    "config": {
+      "isWizard": false,
+      "basics": {
+        "description": "<img src=\"https://raw.githubusercontent.com/Azure/Azure-Sentinel/master/Workbooks/Images/Logos/Azure_Sentinel.svg\" width=\"75px\" height=\"75px\">\n\n**Important:** _This Microsoft Sentinel Solution is currently in public preview. This feature is provided without a service level agreement, and it's not recommended for production workloads. Certain features might not be supported or might have constrained capabilities. For more information, see [Supplemental Terms of Use for Microsoft Azure Previews](https://azure.microsoft.com/support/legal/preview-supplemental-terms/)._\n\n**Note:** _There may be [known issues](https://aka.ms/sentinelsolutionsknownissues) pertaining to this Solution, please refer to them before installing._\n\nMITRE ATT&CK® is a globally-accessible knowledge base of adversary tactics and techniques based on real-world observations. The ATT&CK knowledge base is used as a foundation for the development of specific threat models and methodologies in the private sector, in government, and in the cybersecurity product and service community. The MITRE ATT&CK Cloud Matrix provides tactics and techniques representing the MITRE ATT&CK® Matrix for Enterprise covering cloud-based techniques. The Matrix contains information for the following platforms: Azure AD, Office 365, SaaS, IaaS. For more information, see the 💡 [MITRE ATT&CK: Cloud Matrix](https://attack.mitre.org/matrices/enterprise/cloud/)\n\nMicrosoft Sentinel Solutions provide a consolidated way to acquire Microsoft Sentinel content like data connectors, workbooks, analytics, and automations in your workspace with a single deployment step.\n\n**Workbooks:** 2\n\n[Learn more about Microsoft Sentinel](https://aka.ms/azuresentinel) | [Learn more about Solutions](https://aka.ms/azuresentinelsolutionsdoc)",
+        "subscription": {
+          "resourceProviders": [
+            "Microsoft.OperationsManagement/solutions",
+            "Microsoft.OperationalInsights/workspaces/providers/alertRules",
+            "Microsoft.Insights/workbooks",
+            "Microsoft.Logic/workflows"
+          ]
+        },
+        "location": {
+          "metadata": {
+            "hidden": "Hiding location, we get it from the log analytics workspace"
+          },
+          "visible": false
+        },
+        "resourceGroup": {
+          "allowExisting": true
+        }
+      }
+    },
+    "basics": [
+      {
+        "name": "getLAWorkspace",
+        "type": "Microsoft.Solutions.ArmApiControl",
+        "toolTip": "This filters by workspaces that exist in the Resource Group selected",
+        "condition": "[greater(length(resourceGroup().name),0)]",
+        "request": {
+          "method": "GET",
+          "path": "[concat(subscription().id,'/providers/Microsoft.OperationalInsights/workspaces?api-version=2020-08-01')]"
+        }
+      },
+      {
+        "name": "workspace",
+        "type": "Microsoft.Common.DropDown",
+        "label": "Workspace",
+        "placeholder": "Select a workspace",
+        "toolTip": "This dropdown will list only workspace that exists in the Resource Group selected",
+        "constraints": {
+          "allowedValues": "[map(filter(basics('getLAWorkspace').value, (filter) => contains(toLower(filter.id), toLower(resourceGroup().name))), (item) => parse(concat('{\"label\":\"', item.name, '\",\"value\":\"', item.name, '\"}')))]",
+          "required": true
+        },
+        "visible": true
+      }
+    ],
+    "steps": [
+      {
+        "name": "workbooks",
+        "label": "Workbooks",
+        "subLabel": {
+          "preValidation": "Configure the workbooks",
+          "postValidation": "Done"
+        },
+        "bladeTitle": "Workbooks",
+        "elements": [
+          {
+            "name": "workbooks-text",
+            "type": "Microsoft.Common.TextBlock",
+            "options": {
+              "text": "This Microsoft Sentinel Solution installs workbooks. Workbooks provide a flexible canvas for data monitoring, analysis, and the creation of rich visual reports within the Azure portal. They allow you to tap into one or many data sources from Microsoft Sentinel and combine them into unified interactive experiences.",
+              "link": {
+                "label": "Learn more",
+                "uri": "https://docs.microsoft.com/azure/sentinel/tutorial-monitor-your-data"
+              }
+            }
+          },
+          {
+            "name": "workbook1",
+            "type": "Microsoft.Common.Section",
+            "label": "ThreatAnalysis&Response",
+            "elements": [
+              {
+                "name": "workbook1-text",
+                "type": "Microsoft.Common.TextBlock",
+                "options": {
+                  "text": "Workbook to showcase MITRE ATT&CK Coverage for Microsoft Sentinel"
+                }
+              },
+              {
+                "name": "workbook1-name",
+                "type": "Microsoft.Common.TextBox",
+                "label": "Display Name",
+                "defaultValue": "Threat Analysis & Response",
+                "toolTip": "Display name for the workbook.",
+                "constraints": {
+                  "required": true,
+                  "regex": "[a-z0-9A-Z]{1,256}$",
+                  "validationMessage": "Please enter a workbook name"
+                }
+              }
+            ]
+          },
+          {
+            "name": "workbook2",
+            "type": "Microsoft.Common.Section",
+            "label": "ThreatAnalysis&Response",
+            "elements": [
+              {
+                "name": "workbook2-text",
+                "type": "Microsoft.Common.TextBlock",
+                "options": {
+                  "text": "Workbook to showcase MITRE ATT&CK Coverage for Microsoft Sentinel"
+                }
+              },
+              {
+                "name": "workbook2-name",
+                "type": "Microsoft.Common.TextBox",
+                "label": "Display Name",
+                "defaultValue": "Dynamic Threat Modeling & Response",
+                "toolTip": "Display name for the workbook.",
+                "constraints": {
+                  "required": true,
+                  "regex": "[a-z0-9A-Z]{1,256}$",
+                  "validationMessage": "Please enter a workbook name"
+                }
+              }
+            ]
+          }
+        ]
+      }
+    ],
+    "outputs": {
+      "workspace-location": "[first(map(filter(basics('getLAWorkspace').value, (filter) => and(contains(toLower(filter.id), toLower(resourceGroup().name)),equals(filter.name,basics('workspace')))), (item) => item.location))]",
+      "location": "[location()]",
+      "workspace": "[basics('workspace')]",
+      "workbook1-name": "[steps('workbooks').workbook1.workbook1-name]",
+      "workbook2-name": "[steps('workbooks').workbook2.workbook2-name]"
+    }
+  }
+}

Solutions/ThreatAnalysis&Response/data/Solution_ThreatAnalysis&Response.json

@@ -1,15 +1,14 @@
 {
-  "Name": "Threat Analysis Response",
-  "Author": "Microsoft - support@microsoft.com",
+  "Name": "ThreatAnalysis&Response",
+  "Author": "Sanmit Biraj - v-sabiraj@microsoft.com",
   "Logo": "<img src=\"https://raw.githubusercontent.com/Azure/Azure-Sentinel/master/Workbooks/Images/Logos/Azure_Sentinel.svg\" width=\"75px\" height=\"75px\">",
   "Description": "MITRE ATT&CK® is a globally-accessible knowledge base of adversary tactics and techniques based on real-world observations. The ATT&CK knowledge base is used as a foundation for the development of specific threat models and methodologies in the private sector, in government, and in the cybersecurity product and service community. The MITRE ATT&CK Cloud Matrix provides tactics and techniques representing the MITRE ATT&CK® Matrix for Enterprise covering cloud-based techniques. The Matrix contains information for the following platforms: Azure AD, Office 365, SaaS, IaaS. For more information, see the 💡 [MITRE ATT&CK: Cloud Matrix](https://attack.mitre.org/matrices/enterprise/cloud/)",
+  "WorkbookDescription": "Workbook to showcase MITRE ATT&CK Coverage for Azure Sentinel",
   "Workbooks": [
     "Workbooks/ThreatAnalysis&Response.json",
     "Workbooks/DynamicThreatModeling&Response.json"
   ],
   "Metadata": "SolutionMetadata.json",
-  "BasePath": "C:\\GitHub\\azure\\Solutions\\Threat Analysis Response",
-   "Version": "2.0.0",
-  "TemplateSpec": true,
-  "Is1PConnector": true
+  "BasePath": "C:\\GitHub\\azure\\Solutions\\ThreatAnalysis&Response",
+  "Version": "1.0.14"
 }