Merge pull request Azure#9140 from Azure/v-sabiraj-changingdatatypesf…

…orinsiderriskmanagement Updated workbook datatype to fix duplicates
Accelerynt-Security · Oct 3, 2023 · 6580195 · 6580195
2 parents db0cb72 + 447d1e8
commit 6580195
Show file tree

Hide file tree

Showing 4 changed files with 19 additions and 19 deletions.
diff --git a/Solutions/MicrosoftPurviewInsiderRiskManagement/Package/3.0.2.zip b/Solutions/MicrosoftPurviewInsiderRiskManagement/Package/3.0.2.zip
diff --git a/Solutions/MicrosoftPurviewInsiderRiskManagement/Package/mainTemplate.json b/Solutions/MicrosoftPurviewInsiderRiskManagement/Package/mainTemplate.json
@@ -41,7 +41,7 @@
     "email": "support@microsoft.com",
     "_email": "[variables('email')]",
     "_solutionName": "MicrosoftPurviewInsiderRiskManagement",
-    "_solutionVersion": "3.0.1",
+    "_solutionVersion": "3.0.2",
     "solutionId": "azuresentinel.azure-sentinel-solution-insiderriskmanagement",
     "_solutionId": "[variables('solutionId')]",
     "workbookVersion1": "1.0.0",
@@ -140,7 +140,7 @@
         "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]"
       ],
       "properties": {
-        "description": "InsiderRiskManagementWorkbook Workbook with template version 3.0.1",
+        "description": "InsiderRiskManagementWorkbook Workbook with template version 3.0.2",
         "mainTemplate": {
           "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
           "contentVersion": "[variables('workbookVersion1')]",
@@ -193,7 +193,7 @@
                   "operator": "AND",
                   "criteria": [
                     {
-                      "contentId": "SigninLogsSigninLogs",
+                      "contentId": "SigninLogs",
                       "kind": "DataType"
                     },
                     {
@@ -244,7 +244,7 @@
         "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]"
       ],
       "properties": {
-        "description": "InsiderRiskHighUserAlertsCorrelation_AnalyticalRules Analytics Rule with template version 3.0.1",
+        "description": "InsiderRiskHighUserAlertsCorrelation_AnalyticalRules Analytics Rule with template version 3.0.2",
         "mainTemplate": {
           "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
           "contentVersion": "[variables('analyticRuleVersion1')]",
@@ -384,7 +384,7 @@
         "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]"
       ],
       "properties": {
-        "description": "InsiderRiskHighUserIncidentsCorrelation_AnalyticalRules Analytics Rule with template version 3.0.1",
+        "description": "InsiderRiskHighUserIncidentsCorrelation_AnalyticalRules Analytics Rule with template version 3.0.2",
         "mainTemplate": {
           "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
           "contentVersion": "[variables('analyticRuleVersion2')]",
@@ -539,7 +539,7 @@
         "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]"
       ],
       "properties": {
-        "description": "InsiderRiskM365IRMAlertObserved_AnalyticalRules Analytics Rule with template version 3.0.1",
+        "description": "InsiderRiskM365IRMAlertObserved_AnalyticalRules Analytics Rule with template version 3.0.2",
         "mainTemplate": {
           "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
           "contentVersion": "[variables('analyticRuleVersion3')]",
@@ -658,7 +658,7 @@
         "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]"
       ],
       "properties": {
-        "description": "InsiderRiskSensitiveDataAccessOutsideOrgGeo_AnalyticalRules Analytics Rule with template version 3.0.1",
+        "description": "InsiderRiskSensitiveDataAccessOutsideOrgGeo_AnalyticalRules Analytics Rule with template version 3.0.2",
         "mainTemplate": {
           "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
           "contentVersion": "[variables('analyticRuleVersion4')]",
@@ -783,7 +783,7 @@
         "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]"
       ],
       "properties": {
-        "description": "InsiderRiskyAccessByApplication_AnalyticalRules Analytics Rule with template version 3.0.1",
+        "description": "InsiderRiskyAccessByApplication_AnalyticalRules Analytics Rule with template version 3.0.2",
         "mainTemplate": {
           "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
           "contentVersion": "[variables('analyticRuleVersion5')]",
@@ -902,7 +902,7 @@
         "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]"
       ],
       "properties": {
-        "description": "Notify-InsiderRiskTeam Playbook with template version 3.0.1",
+        "description": "Notify-InsiderRiskTeam Playbook with template version 3.0.2",
         "mainTemplate": {
           "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
           "contentVersion": "[variables('playbookVersion1')]",
@@ -1166,7 +1166,7 @@
         "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]"
       ],
       "properties": {
-        "description": "InsiderEntityAnomalyFollowedByIRMAlert_HuntingQueries Hunting Query with template version 3.0.1",
+        "description": "InsiderEntityAnomalyFollowedByIRMAlert_HuntingQueries Hunting Query with template version 3.0.2",
         "mainTemplate": {
           "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
           "contentVersion": "[variables('huntingQueryVersion1')]",
@@ -1251,7 +1251,7 @@
         "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]"
       ],
       "properties": {
-        "description": "InsiderISPAnomalyCorrelatedToExfiltrationAlert_HuntingQueries Hunting Query with template version 3.0.1",
+        "description": "InsiderISPAnomalyCorrelatedToExfiltrationAlert_HuntingQueries Hunting Query with template version 3.0.2",
         "mainTemplate": {
           "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
           "contentVersion": "[variables('huntingQueryVersion2')]",
@@ -1336,7 +1336,7 @@
         "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]"
       ],
       "properties": {
-        "description": "InsiderMultipleEntityAnomalies_HuntingQueries Hunting Query with template version 3.0.1",
+        "description": "InsiderMultipleEntityAnomalies_HuntingQueries Hunting Query with template version 3.0.2",
         "mainTemplate": {
           "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
           "contentVersion": "[variables('huntingQueryVersion3')]",
@@ -1421,7 +1421,7 @@
         "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]"
       ],
       "properties": {
-        "description": "InsiderPossibleSabotage_HuntingQueries Hunting Query with template version 3.0.1",
+        "description": "InsiderPossibleSabotage_HuntingQueries Hunting Query with template version 3.0.2",
         "mainTemplate": {
           "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
           "contentVersion": "[variables('huntingQueryVersion4')]",
@@ -1506,7 +1506,7 @@
         "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]"
       ],
       "properties": {
-        "description": "InsiderSignInRiskFollowedBySensitiveDataAccessyaml_HuntingQueries Hunting Query with template version 3.0.1",
+        "description": "InsiderSignInRiskFollowedBySensitiveDataAccessyaml_HuntingQueries Hunting Query with template version 3.0.2",
         "mainTemplate": {
           "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
           "contentVersion": "[variables('huntingQueryVersion5')]",
@@ -1591,7 +1591,7 @@
         "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]"
       ],
       "properties": {
-        "description": "MicrosoftPurviewInsiderRiskManagement data connector with template version 3.0.1",
+        "description": "MicrosoftPurviewInsiderRiskManagement data connector with template version 3.0.2",
         "mainTemplate": {
           "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
           "contentVersion": "[variables('dataConnectorVersion1')]",
@@ -1746,7 +1746,7 @@
       "apiVersion": "2023-04-01-preview",
       "location": "[parameters('workspace-location')]",
       "properties": {
-        "version": "3.0.1",
+        "version": "3.0.2",
         "kind": "Solution",
         "contentSchemaVersion": "3.0.0",
         "displayName": "MicrosoftPurviewInsiderRiskManagement",
@@ -1858,4 +1858,4 @@
     }
   ],
   "outputs": {}
-}
+}
diff --git a/Tools/Create-Azure-Sentinel-Solution/V2/WorkbookMetadata/WorkbooksMetadata.json b/Tools/Create-Azure-Sentinel-Solution/V2/WorkbookMetadata/WorkbooksMetadata.json
@@ -5214,7 +5214,7 @@
     "logoFileName": "Azure_Sentinel.svg",
     "description": "The Microsoft Insider Risk Management Workbook integrates telemetry from 25+ Microsoft security products to provide actionable insights into insider risk management. Reporting tools provide \u201cGo to Alert\u201d links to provide deeper integration between products and a simplified user experience for exploring alerts. ",
     "dataTypesDependencies": [
-      "SigninLogsSigninLogs",
+      "SigninLogs",
       "AuditLogs",
       "AzureActivity",
       "OfficeActivity",

diff --git a/Workbooks/WorkbooksMetadata.json b/Workbooks/WorkbooksMetadata.json
@@ -6323,7 +6323,7 @@
     "logoFileName": "Azure_Sentinel.svg",
     "description": "The Microsoft Insider Risk Management Workbook integrates telemetry from 25+ Microsoft security products to provide actionable insights into insider risk management. Reporting tools provide \u201cGo to Alert\u201d links to provide deeper integration between products and a simplified user experience for exploring alerts. ",
     "dataTypesDependencies": [
-      "SigninLogsSigninLogs",
+      "SigninLogs",
       "AuditLogs",
       "AzureActivity",
       "OfficeActivity",