Fix the ids associated with a number of playbooks and fix incorrectly…

… named referenced detections. Check with Playbook SME to understand the full implications of these changes.

playbooks/log4j_investigate.yml

@@ -22,7 +22,7 @@ tags:
   - Curl Download and Bash Execution
   - Wget Download and Bash Execution
   - Linux Java Spawning Shell
-  - Windows Java Spawning Shell
+  - Windows Java Spawning Shells
   - Java Class File download by Java User Agent
   - Outbound Network Connection from Java Using Default Ports
   - Log4Shell JNDI Payload Injection Attempt

playbooks/log4j_respond.yml

@@ -22,7 +22,7 @@ tags:
   - Curl Download and Bash Execution
   - Wget Download and Bash Execution
   - Linux Java Spawning Shell
-  - Windows Java Spawning Shell
+  - Windows Java Spawning Shells
   - Java Class File download by Java User Agent
   - Outbound Network Connection from Java Using Default Ports
   - Log4Shell JNDI Payload Injection Attempt

playbooks/risk_notable_block_indicators.yml

@@ -1,5 +1,5 @@
 name: Risk Notable Block Indicators
-id: rn0edc96-ff2b-48b0-9f6f-83da3783fd63
+id: 000edc96-ff2b-48b0-9f6f-83da3783fd63
 version: 1
 date: "2021-10-22"
 author: Kelby Shelton, Splunk

playbooks/risk_notable_enrich.yml

@@ -1,5 +1,5 @@
 name: Risk Notable Enrich
-id: rn0edc96-ff2b-48b0-9f6f-43da3783fd63
+id: 010edc96-ff2b-48b0-9f6f-43da3783fd63
 version: 1
 date: "2021-10-22"
 author: Kelby Shelton, Splunk

playbooks/risk_notable_import_data.yml

@@ -1,5 +1,5 @@
 name: Risk Notable Import Data
-id: rn0edc96-ff2b-48b0-9f6f-23da3783fd63
+id: 020edc96-ff2b-48b0-9f6f-23da3783fd63
 version: 1
 date: "2021-10-22"
 author: Kelby Shelton, Splunk

playbooks/risk_notable_investigate.yml

@@ -1,5 +1,5 @@
 name: Risk Notable Investigate
-id: rn0edc96-ff2b-48b0-9f6f-03da3783fd63
+id: 030edc96-ff2b-48b0-9f6f-03da3783fd63
 version: 1
 date: "2021-10-22"
 author: Kelby Shelton, Splunk

playbooks/risk_notable_merge_events.yml

@@ -1,5 +1,5 @@
 name: Risk Notable Merge Events
-id: rn0edc96-ff2b-48b0-9f6f-53da3783fd63
+id: 040edc96-ff2b-48b0-9f6f-53da3783fd63
 version: 1
 date: "2021-10-22"
 author: Kelby Shelton, Splunk

playbooks/risk_notable_mitigate.yml

@@ -1,5 +1,5 @@
 name: Risk Notable Mitigate
-id: rn0edc96-ff2b-48b0-9f6f-63da3783fd63
+id: 050edc96-ff2b-48b0-9f6f-63da3783fd63
 version: 1
 date: "2021-10-22"
 author: Kelby Shelton, Splunk

playbooks/risk_notable_preprocess.yml

@@ -1,5 +1,5 @@
 name: Risk Notable Preprocess
-id: rn0edc96-ff2b-48b0-9f6f-13da3783fd63
+id: 060edc96-ff2b-48b0-9f6f-13da3783fd63
 version: 1
 date: "2021-10-22"
 author: Kelby Shelton, Splunk

playbooks/risk_notable_protect_assets_and_users.yml

@@ -1,5 +1,5 @@
 name: Risk Notable Protect Assets and Users
-id: rn0edc96-ff2b-48b0-9f6f-93da3783fd63
+id: 070edc96-ff2b-48b0-9f6f-93da3783fd63
 version: 1
 date: "2021-10-22"
 author: Kelby Shelton, Splunk

playbooks/risk_notable_review_indicators.yml

@@ -1,5 +1,5 @@
 name: Risk Notable Review Indicators
-id: rn0edc96-ff2b-48b0-9f6f-73da3783fd63
+id: 080edc96-ff2b-48b0-9f6f-73da3783fd63
 version: 1
 date: "2021-10-22"
 author: Kelby Shelton, Splunk

playbooks/risk_notable_verdict.yml

@@ -1,5 +1,5 @@
 name: Risk Notable Verdict
-id: rn0edc96-ff2b-48b0-9f6f-33da3783fd63
+id: 090edc96-ff2b-48b0-9f6f-33da3783fd63
 version: 1
 date: "2021-10-22"
 author: Kelby Shelton, Splunk