![](\"https://raw.githubusercontent.com/Azure/Azure-Sentinel/master/Workbooks/Images/Logos/Azure_Sentinel.svg\"width=\"75px\"height=\"75px\")
",
- "Description": "The [Microsoft Defender for IoT](https://azure.microsoft.com/services/iot-defender/) solution for Microsoft Sentinel allows you to ingest Security alerts reported in Microsoft Defender for IoT on assessing your Internet of Things (IoT)/Operational Technology (OT) infrastructure. \n\n ** Underlying Microsoft Technologies used: ** \n\n This solution takes a dependency on the following technologies, and some of these dependencies either may be in [Preview](https://azure.microsoft.com/support/legal/preview-supplemental-terms/) state or might result in additional ingestion or operational costs: \n\n a. [Codeless Connector Platform/Native Sentinel Polling](https://docs.microsoft.com/azure/sentinel/create-codeless-connector?tabs=deploy-via-arm-template%2Cconnect-via-the-azure-portal)",
+ "Description": "The [Microsoft Defender for IoT](https://azure.microsoft.com/services/iot-defender/) solution for Microsoft Sentinel allows you to ingest Security alerts reported in Microsoft Defender for IoT on assessing your Internet of Things (IoT)/Operational Technology (OT) infrastructure. \n\n ** Underlying Microsoft Technologies used: ** \n\n This solution takes a dependency on the following technologies, and some of these dependencies either may be in [Preview](https://azure.microsoft.com/support/legal/preview-supplemental-terms/) state or might result in additional ingestion or operational costs: \n\n a. [Codeless Connector Platform/Native Microsoft Sentinel Polling](https://docs.microsoft.com/azure/sentinel/create-codeless-connector?tabs=deploy-via-arm-template%2Cconnect-via-the-azure-portal)",
"Workbooks": [
"Workbooks/IoTOTThreatMonitoringwithDefenderforIoT.json"
],
diff --git a/Solutions/IoTOTThreatMonitoringwithDefenderforIoT/Package/3.0.1.zip b/Solutions/IoTOTThreatMonitoringwithDefenderforIoT/Package/3.0.1.zip
new file mode 100644
index 00000000000..7837c66c0dd
Binary files /dev/null and b/Solutions/IoTOTThreatMonitoringwithDefenderforIoT/Package/3.0.1.zip differ
diff --git a/Solutions/IoTOTThreatMonitoringwithDefenderforIoT/Package/createUiDefinition.json b/Solutions/IoTOTThreatMonitoringwithDefenderforIoT/Package/createUiDefinition.json
index 645a279bded..027455f1956 100644
--- a/Solutions/IoTOTThreatMonitoringwithDefenderforIoT/Package/createUiDefinition.json
+++ b/Solutions/IoTOTThreatMonitoringwithDefenderforIoT/Package/createUiDefinition.json
@@ -6,7 +6,7 @@
"config": {
"isWizard": false,
"basics": {
- "description": "\n\n**Note:** Please refer to the following before installing the solution: \r \n • Review the solution [Release Notes](https://github.com/Azure/Azure-Sentinel/tree/master/Solutions/IoTOTThreatMonitoringwithDefenderforIoT/ReleaseNotes.md)\r \n • There may be [known issues](https://aka.ms/sentinelsolutionsknownissues) pertaining to this Solution, please refer to them before installing.\n\nThe [Microsoft Defender for IoT](https://azure.microsoft.com/services/iot-defender/) solution for Microsoft Sentinel allows you to ingest Security alerts reported in Microsoft Defender for IoT on assessing your Internet of Things (IoT)/Operational Technology (OT) infrastructure. \n\n ** Underlying Microsoft Technologies used: ** \n\n This solution takes a dependency on the following technologies, and some of these dependencies either may be in [Preview](https://azure.microsoft.com/support/legal/preview-supplemental-terms/) state or might result in additional ingestion or operational costs: \n\n a. [Codeless Connector Platform/Native Microsoft Sentinel Polling](https://docs.microsoft.com/azure/sentinel/create-codeless-connector?tabs=deploy-via-arm-template%2Cconnect-via-the-azure-portal)\n\n**Data Connectors:** 1, **Workbooks:** 1, **Analytic Rules:** 15, **Playbooks:** 7\n\n[Learn more about Microsoft Sentinel](https://aka.ms/azuresentinel) | [Learn more about Solutions](https://aka.ms/azuresentinelsolutionsdoc)",
+ "description": "\n\n**Note:** Please refer to the following before installing the solution: \n\n• Review the solution [Release Notes](https://github.com/Azure/Azure-Sentinel/tree/master/Solutions/IoTOTThreatMonitoringwithDefenderforIoT/ReleaseNotes.md)\n\n • There may be [known issues](https://aka.ms/sentinelsolutionsknownissues) pertaining to this Solution, please refer to them before installing.\n\nThe [Microsoft Defender for IoT](https://azure.microsoft.com/services/iot-defender/) solution for Microsoft Sentinel allows you to ingest Security alerts reported in Microsoft Defender for IoT on assessing your Internet of Things (IoT)/Operational Technology (OT) infrastructure. \n\n ** Underlying Microsoft Technologies used: ** \n\n This solution takes a dependency on the following technologies, and some of these dependencies either may be in [Preview](https://azure.microsoft.com/support/legal/preview-supplemental-terms/) state or might result in additional ingestion or operational costs: \n\n a. [Codeless Connector Platform/Native Microsoft Sentinel Polling](https://docs.microsoft.com/azure/sentinel/create-codeless-connector?tabs=deploy-via-arm-template%2Cconnect-via-the-azure-portal)\n\n**Data Connectors:** 1, **Workbooks:** 1, **Analytic Rules:** 15, **Playbooks:** 7\n\n[Learn more about Microsoft Sentinel](https://aka.ms/azuresentinel) | [Learn more about Solutions](https://aka.ms/azuresentinelsolutionsdoc)",
"subscription": {
"resourceProviders": [
"Microsoft.OperationsManagement/solutions",
diff --git a/Solutions/IoTOTThreatMonitoringwithDefenderforIoT/Package/mainTemplate.json b/Solutions/IoTOTThreatMonitoringwithDefenderforIoT/Package/mainTemplate.json
index 0d0203f6f95..56bdf50b88b 100644
--- a/Solutions/IoTOTThreatMonitoringwithDefenderforIoT/Package/mainTemplate.json
+++ b/Solutions/IoTOTThreatMonitoringwithDefenderforIoT/Package/mainTemplate.json
@@ -41,7 +41,7 @@
"email": "support@microsoft.com",
"_email": "[variables('email')]",
"_solutionName": "IoTOTThreatMonitoringwithDefenderforIoT",
- "_solutionVersion": "3.0.0",
+ "_solutionVersion": "3.0.1",
"solutionId": "azuresentinel.azure-sentinel-solution-unifiedmicrosoftsocforot",
"_solutionId": "[variables('solutionId')]",
"workbookVersion1": "1.0.0",
@@ -52,109 +52,109 @@
"workspaceResourceId": "[resourceId('microsoft.OperationalInsights/Workspaces', parameters('workspace'))]",
"_workbookcontentProductId1": "[concat(take(variables('_solutionId'),50),'-','wb','-', uniqueString(concat(variables('_solutionId'),'-','Workbook','-',variables('_workbookContentId1'),'-', variables('workbookVersion1'))))]",
"analyticRuleObject1": {
- "analyticRuleVersion1": "1.0.2",
+ "analyticRuleVersion1": "1.0.3",
"_analyticRulecontentId1": "e068187a-01f5-4737-bc13-25db4027b7ea",
"analyticRuleId1": "[resourceId('Microsoft.SecurityInsights/AlertRuleTemplates', 'e068187a-01f5-4737-bc13-25db4027b7ea')]",
"analyticRuleTemplateSpecName1": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat(parameters('workspace'),'-ar-',uniquestring('e068187a-01f5-4737-bc13-25db4027b7ea')))]",
- "_analyticRulecontentProductId1": "[concat(take(variables('_solutionId'),50),'-','ar','-', uniqueString(concat(variables('_solutionId'),'-','AnalyticsRule','-','e068187a-01f5-4737-bc13-25db4027b7ea','-', '1.0.2')))]"
+ "_analyticRulecontentProductId1": "[concat(take(variables('_solutionId'),50),'-','ar','-', uniqueString(concat(variables('_solutionId'),'-','AnalyticsRule','-','e068187a-01f5-4737-bc13-25db4027b7ea','-', '1.0.3')))]"
},
"analyticRuleObject2": {
- "analyticRuleVersion2": "1.0.2",
+ "analyticRuleVersion2": "1.0.3",
"_analyticRulecontentId2": "f5217b4c-3f1f-4d89-b4f3-5d7581da1c1c",
"analyticRuleId2": "[resourceId('Microsoft.SecurityInsights/AlertRuleTemplates', 'f5217b4c-3f1f-4d89-b4f3-5d7581da1c1c')]",
"analyticRuleTemplateSpecName2": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat(parameters('workspace'),'-ar-',uniquestring('f5217b4c-3f1f-4d89-b4f3-5d7581da1c1c')))]",
- "_analyticRulecontentProductId2": "[concat(take(variables('_solutionId'),50),'-','ar','-', uniqueString(concat(variables('_solutionId'),'-','AnalyticsRule','-','f5217b4c-3f1f-4d89-b4f3-5d7581da1c1c','-', '1.0.2')))]"
+ "_analyticRulecontentProductId2": "[concat(take(variables('_solutionId'),50),'-','ar','-', uniqueString(concat(variables('_solutionId'),'-','AnalyticsRule','-','f5217b4c-3f1f-4d89-b4f3-5d7581da1c1c','-', '1.0.3')))]"
},
"analyticRuleObject3": {
- "analyticRuleVersion3": "1.0.2",
+ "analyticRuleVersion3": "1.0.3",
"_analyticRulecontentId3": "7cad4b66-5e83-4756-8de4-f21315ab1e77",
"analyticRuleId3": "[resourceId('Microsoft.SecurityInsights/AlertRuleTemplates', '7cad4b66-5e83-4756-8de4-f21315ab1e77')]",
"analyticRuleTemplateSpecName3": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat(parameters('workspace'),'-ar-',uniquestring('7cad4b66-5e83-4756-8de4-f21315ab1e77')))]",
- "_analyticRulecontentProductId3": "[concat(take(variables('_solutionId'),50),'-','ar','-', uniqueString(concat(variables('_solutionId'),'-','AnalyticsRule','-','7cad4b66-5e83-4756-8de4-f21315ab1e77','-', '1.0.2')))]"
+ "_analyticRulecontentProductId3": "[concat(take(variables('_solutionId'),50),'-','ar','-', uniqueString(concat(variables('_solutionId'),'-','AnalyticsRule','-','7cad4b66-5e83-4756-8de4-f21315ab1e77','-', '1.0.3')))]"
},
"analyticRuleObject4": {
- "analyticRuleVersion4": "1.0.2",
+ "analyticRuleVersion4": "1.0.3",
"_analyticRulecontentId4": "caa4665f-21fa-462d-bb31-92226e746c68",
"analyticRuleId4": "[resourceId('Microsoft.SecurityInsights/AlertRuleTemplates', 'caa4665f-21fa-462d-bb31-92226e746c68')]",
"analyticRuleTemplateSpecName4": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat(parameters('workspace'),'-ar-',uniquestring('caa4665f-21fa-462d-bb31-92226e746c68')))]",
- "_analyticRulecontentProductId4": "[concat(take(variables('_solutionId'),50),'-','ar','-', uniqueString(concat(variables('_solutionId'),'-','AnalyticsRule','-','caa4665f-21fa-462d-bb31-92226e746c68','-', '1.0.2')))]"
+ "_analyticRulecontentProductId4": "[concat(take(variables('_solutionId'),50),'-','ar','-', uniqueString(concat(variables('_solutionId'),'-','AnalyticsRule','-','caa4665f-21fa-462d-bb31-92226e746c68','-', '1.0.3')))]"
},
"analyticRuleObject5": {
- "analyticRuleVersion5": "1.0.2",
+ "analyticRuleVersion5": "1.0.3",
"_analyticRulecontentId5": "208c3f5b-3ba2-49b5-9bca-c44e58cd5fd3",
"analyticRuleId5": "[resourceId('Microsoft.SecurityInsights/AlertRuleTemplates', '208c3f5b-3ba2-49b5-9bca-c44e58cd5fd3')]",
"analyticRuleTemplateSpecName5": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat(parameters('workspace'),'-ar-',uniquestring('208c3f5b-3ba2-49b5-9bca-c44e58cd5fd3')))]",
- "_analyticRulecontentProductId5": "[concat(take(variables('_solutionId'),50),'-','ar','-', uniqueString(concat(variables('_solutionId'),'-','AnalyticsRule','-','208c3f5b-3ba2-49b5-9bca-c44e58cd5fd3','-', '1.0.2')))]"
+ "_analyticRulecontentProductId5": "[concat(take(variables('_solutionId'),50),'-','ar','-', uniqueString(concat(variables('_solutionId'),'-','AnalyticsRule','-','208c3f5b-3ba2-49b5-9bca-c44e58cd5fd3','-', '1.0.3')))]"
},
"analyticRuleObject6": {
- "analyticRuleVersion6": "1.0.2",
+ "analyticRuleVersion6": "1.0.3",
"_analyticRulecontentId6": "70be4a31-9d2b-433b-bdc7-da8928988069",
"analyticRuleId6": "[resourceId('Microsoft.SecurityInsights/AlertRuleTemplates', '70be4a31-9d2b-433b-bdc7-da8928988069')]",
"analyticRuleTemplateSpecName6": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat(parameters('workspace'),'-ar-',uniquestring('70be4a31-9d2b-433b-bdc7-da8928988069')))]",
- "_analyticRulecontentProductId6": "[concat(take(variables('_solutionId'),50),'-','ar','-', uniqueString(concat(variables('_solutionId'),'-','AnalyticsRule','-','70be4a31-9d2b-433b-bdc7-da8928988069','-', '1.0.2')))]"
+ "_analyticRulecontentProductId6": "[concat(take(variables('_solutionId'),50),'-','ar','-', uniqueString(concat(variables('_solutionId'),'-','AnalyticsRule','-','70be4a31-9d2b-433b-bdc7-da8928988069','-', '1.0.3')))]"
},
"analyticRuleObject7": {
- "analyticRuleVersion7": "1.0.2",
+ "analyticRuleVersion7": "1.0.3",
"_analyticRulecontentId7": "f9df500a-e2a4-4104-a517-dc1d85bb654f",
"analyticRuleId7": "[resourceId('Microsoft.SecurityInsights/AlertRuleTemplates', 'f9df500a-e2a4-4104-a517-dc1d85bb654f')]",
"analyticRuleTemplateSpecName7": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat(parameters('workspace'),'-ar-',uniquestring('f9df500a-e2a4-4104-a517-dc1d85bb654f')))]",
- "_analyticRulecontentProductId7": "[concat(take(variables('_solutionId'),50),'-','ar','-', uniqueString(concat(variables('_solutionId'),'-','AnalyticsRule','-','f9df500a-e2a4-4104-a517-dc1d85bb654f','-', '1.0.2')))]"
+ "_analyticRulecontentProductId7": "[concat(take(variables('_solutionId'),50),'-','ar','-', uniqueString(concat(variables('_solutionId'),'-','AnalyticsRule','-','f9df500a-e2a4-4104-a517-dc1d85bb654f','-', '1.0.3')))]"
},
"analyticRuleObject8": {
- "analyticRuleVersion8": "1.0.2",
+ "analyticRuleVersion8": "1.0.3",
"_analyticRulecontentId8": "9ff3b13b-287a-4ed0-8f6b-7e7b66cbbcbd",
"analyticRuleId8": "[resourceId('Microsoft.SecurityInsights/AlertRuleTemplates', '9ff3b13b-287a-4ed0-8f6b-7e7b66cbbcbd')]",
"analyticRuleTemplateSpecName8": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat(parameters('workspace'),'-ar-',uniquestring('9ff3b13b-287a-4ed0-8f6b-7e7b66cbbcbd')))]",
- "_analyticRulecontentProductId8": "[concat(take(variables('_solutionId'),50),'-','ar','-', uniqueString(concat(variables('_solutionId'),'-','AnalyticsRule','-','9ff3b13b-287a-4ed0-8f6b-7e7b66cbbcbd','-', '1.0.2')))]"
+ "_analyticRulecontentProductId8": "[concat(take(variables('_solutionId'),50),'-','ar','-', uniqueString(concat(variables('_solutionId'),'-','AnalyticsRule','-','9ff3b13b-287a-4ed0-8f6b-7e7b66cbbcbd','-', '1.0.3')))]"
},
"analyticRuleObject9": {
- "analyticRuleVersion9": "1.0.2",
+ "analyticRuleVersion9": "1.0.3",
"_analyticRulecontentId9": "6fb1acd5-356d-40f7-9b97-78d993c6a183",
"analyticRuleId9": "[resourceId('Microsoft.SecurityInsights/AlertRuleTemplates', '6fb1acd5-356d-40f7-9b97-78d993c6a183')]",
"analyticRuleTemplateSpecName9": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat(parameters('workspace'),'-ar-',uniquestring('6fb1acd5-356d-40f7-9b97-78d993c6a183')))]",
- "_analyticRulecontentProductId9": "[concat(take(variables('_solutionId'),50),'-','ar','-', uniqueString(concat(variables('_solutionId'),'-','AnalyticsRule','-','6fb1acd5-356d-40f7-9b97-78d993c6a183','-', '1.0.2')))]"
+ "_analyticRulecontentProductId9": "[concat(take(variables('_solutionId'),50),'-','ar','-', uniqueString(concat(variables('_solutionId'),'-','AnalyticsRule','-','6fb1acd5-356d-40f7-9b97-78d993c6a183','-', '1.0.3')))]"
},
"analyticRuleObject10": {
- "analyticRuleVersion10": "1.0.2",
+ "analyticRuleVersion10": "1.0.3",
"_analyticRulecontentId10": "493916d5-a094-4bfa-bdd1-d983a063ea3d",
"analyticRuleId10": "[resourceId('Microsoft.SecurityInsights/AlertRuleTemplates', '493916d5-a094-4bfa-bdd1-d983a063ea3d')]",
"analyticRuleTemplateSpecName10": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat(parameters('workspace'),'-ar-',uniquestring('493916d5-a094-4bfa-bdd1-d983a063ea3d')))]",
- "_analyticRulecontentProductId10": "[concat(take(variables('_solutionId'),50),'-','ar','-', uniqueString(concat(variables('_solutionId'),'-','AnalyticsRule','-','493916d5-a094-4bfa-bdd1-d983a063ea3d','-', '1.0.2')))]"
+ "_analyticRulecontentProductId10": "[concat(take(variables('_solutionId'),50),'-','ar','-', uniqueString(concat(variables('_solutionId'),'-','AnalyticsRule','-','493916d5-a094-4bfa-bdd1-d983a063ea3d','-', '1.0.3')))]"
},
"analyticRuleObject11": {
- "analyticRuleVersion11": "1.0.2",
+ "analyticRuleVersion11": "1.0.3",
"_analyticRulecontentId11": "a7d3f642-15d8-4e83-99ee-83ca3352525d",
"analyticRuleId11": "[resourceId('Microsoft.SecurityInsights/AlertRuleTemplates', 'a7d3f642-15d8-4e83-99ee-83ca3352525d')]",
"analyticRuleTemplateSpecName11": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat(parameters('workspace'),'-ar-',uniquestring('a7d3f642-15d8-4e83-99ee-83ca3352525d')))]",
- "_analyticRulecontentProductId11": "[concat(take(variables('_solutionId'),50),'-','ar','-', uniqueString(concat(variables('_solutionId'),'-','AnalyticsRule','-','a7d3f642-15d8-4e83-99ee-83ca3352525d','-', '1.0.2')))]"
+ "_analyticRulecontentProductId11": "[concat(take(variables('_solutionId'),50),'-','ar','-', uniqueString(concat(variables('_solutionId'),'-','AnalyticsRule','-','a7d3f642-15d8-4e83-99ee-83ca3352525d','-', '1.0.3')))]"
},
"analyticRuleObject12": {
- "analyticRuleVersion12": "1.0.2",
+ "analyticRuleVersion12": "1.0.3",
"_analyticRulecontentId12": "f4c71e55-6192-47ca-92e2-0856ae502a46",
"analyticRuleId12": "[resourceId('Microsoft.SecurityInsights/AlertRuleTemplates', 'f4c71e55-6192-47ca-92e2-0856ae502a46')]",
"analyticRuleTemplateSpecName12": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat(parameters('workspace'),'-ar-',uniquestring('f4c71e55-6192-47ca-92e2-0856ae502a46')))]",
- "_analyticRulecontentProductId12": "[concat(take(variables('_solutionId'),50),'-','ar','-', uniqueString(concat(variables('_solutionId'),'-','AnalyticsRule','-','f4c71e55-6192-47ca-92e2-0856ae502a46','-', '1.0.2')))]"
+ "_analyticRulecontentProductId12": "[concat(take(variables('_solutionId'),50),'-','ar','-', uniqueString(concat(variables('_solutionId'),'-','AnalyticsRule','-','f4c71e55-6192-47ca-92e2-0856ae502a46','-', '1.0.3')))]"
},
"analyticRuleObject13": {
- "analyticRuleVersion13": "1.0.2",
+ "analyticRuleVersion13": "1.0.3",
"_analyticRulecontentId13": "c52ec521-9188-4a9e-a4cd-34a3dfbc3d27",
"analyticRuleId13": "[resourceId('Microsoft.SecurityInsights/AlertRuleTemplates', 'c52ec521-9188-4a9e-a4cd-34a3dfbc3d27')]",
"analyticRuleTemplateSpecName13": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat(parameters('workspace'),'-ar-',uniquestring('c52ec521-9188-4a9e-a4cd-34a3dfbc3d27')))]",
- "_analyticRulecontentProductId13": "[concat(take(variables('_solutionId'),50),'-','ar','-', uniqueString(concat(variables('_solutionId'),'-','AnalyticsRule','-','c52ec521-9188-4a9e-a4cd-34a3dfbc3d27','-', '1.0.2')))]"
+ "_analyticRulecontentProductId13": "[concat(take(variables('_solutionId'),50),'-','ar','-', uniqueString(concat(variables('_solutionId'),'-','AnalyticsRule','-','c52ec521-9188-4a9e-a4cd-34a3dfbc3d27','-', '1.0.3')))]"
},
"analyticRuleObject14": {
- "analyticRuleVersion14": "1.0.2",
+ "analyticRuleVersion14": "1.0.3",
"_analyticRulecontentId14": "c2fb27c7-5f67-49c4-aaf3-d82934234a69",
"analyticRuleId14": "[resourceId('Microsoft.SecurityInsights/AlertRuleTemplates', 'c2fb27c7-5f67-49c4-aaf3-d82934234a69')]",
"analyticRuleTemplateSpecName14": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat(parameters('workspace'),'-ar-',uniquestring('c2fb27c7-5f67-49c4-aaf3-d82934234a69')))]",
- "_analyticRulecontentProductId14": "[concat(take(variables('_solutionId'),50),'-','ar','-', uniqueString(concat(variables('_solutionId'),'-','AnalyticsRule','-','c2fb27c7-5f67-49c4-aaf3-d82934234a69','-', '1.0.2')))]"
+ "_analyticRulecontentProductId14": "[concat(take(variables('_solutionId'),50),'-','ar','-', uniqueString(concat(variables('_solutionId'),'-','AnalyticsRule','-','c2fb27c7-5f67-49c4-aaf3-d82934234a69','-', '1.0.3')))]"
},
"analyticRuleObject15": {
- "analyticRuleVersion15": "1.0.2",
+ "analyticRuleVersion15": "1.0.3",
"_analyticRulecontentId15": "1ff4fa3d-150b-4c87-b733-26c289af0d49",
"analyticRuleId15": "[resourceId('Microsoft.SecurityInsights/AlertRuleTemplates', '1ff4fa3d-150b-4c87-b733-26c289af0d49')]",
"analyticRuleTemplateSpecName15": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat(parameters('workspace'),'-ar-',uniquestring('1ff4fa3d-150b-4c87-b733-26c289af0d49')))]",
- "_analyticRulecontentProductId15": "[concat(take(variables('_solutionId'),50),'-','ar','-', uniqueString(concat(variables('_solutionId'),'-','AnalyticsRule','-','1ff4fa3d-150b-4c87-b733-26c289af0d49','-', '1.0.2')))]"
+ "_analyticRulecontentProductId15": "[concat(take(variables('_solutionId'),50),'-','ar','-', uniqueString(concat(variables('_solutionId'),'-','AnalyticsRule','-','1ff4fa3d-150b-4c87-b733-26c289af0d49','-', '1.0.3')))]"
},
"AutoCloseIncidents": "AutoCloseIncidents",
"_AutoCloseIncidents": "[variables('AutoCloseIncidents')]",
@@ -236,7 +236,7 @@
"[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]"
],
"properties": {
- "description": "IoTOTThreatMonitoringwithDefenderforIoT Workbook with template version 3.0.0",
+ "description": "IoTOTThreatMonitoringwithDefenderforIoT Workbook with template version 3.0.1",
"mainTemplate": {
"$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
"contentVersion": "[variables('workbookVersion1')]",
@@ -324,7 +324,7 @@
"[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]"
],
"properties": {
- "description": "IoTDenialofService_AnalyticalRules Analytics Rule with template version 3.0.0",
+ "description": "IoTDenialofService_AnalyticalRules Analytics Rule with template version 3.0.1",
"mainTemplate": {
"$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
"contentVersion": "[variables('analyticRuleObject1').analyticRuleVersion1]",
@@ -334,7 +334,7 @@
{
"type": "Microsoft.SecurityInsights/AlertRuleTemplates",
"name": "[variables('analyticRuleObject1')._analyticRulecontentId1]",
- "apiVersion": "2022-04-01-preview",
+ "apiVersion": "2023-02-01-preview",
"kind": "Scheduled",
"location": "[parameters('workspace-location')]",
"properties": {
@@ -352,10 +352,10 @@
"status": "Available",
"requiredDataConnectors": [
{
- "connectorId": "IoT",
"dataTypes": [
"SecurityAlert (ASC for IoT)"
- ]
+ ],
+ "connectorId": "IoT"
}
],
"tactics": [
@@ -364,36 +364,18 @@
"techniques": [
"T0814"
],
- "entityMappings": [
- {
- "fieldMappings": [
- {
- "identifier": "Address",
- "columnName": "SourceDeviceAddress"
- }
- ],
- "entityType": "IP"
- },
- {
- "fieldMappings": [
- {
- "identifier": "Address",
- "columnName": "DestDeviceAddress"
- }
- ],
- "entityType": "IP"
- }
- ],
"eventGroupingSettings": {
"aggregationKind": "AlertPerResult"
},
"customDetails": {
"Protocol": "Protocol",
+ "AlertManagementUri": "AlertManagementUri",
"Sensor": "DeviceId",
- "VendorOriginalId": "[variables('VendorOriginalId')]",
- "AlertManagementUri": "AlertManagementUri"
+ "VendorOriginalId": "[variables('VendorOriginalId')]"
},
"alertDetailsOverride": {
+ "alertDisplayNameFormat": "(MDIoT) {{AlertName}}",
+ "alertDescriptionFormat": "(MDIoT) {{Description}}",
"alertDynamicProperties": [
{
"value": "ProductName",
@@ -417,9 +399,10 @@
}
],
"alertSeverityColumnName": "AlertSeverity",
- "alertTacticsColumnName": "Tactics",
- "alertDescriptionFormat": "(MDIoT) {{Description}}",
- "alertDisplayNameFormat": "(MDIoT) {{AlertName}}"
+ "alertTacticsColumnName": "Tactics"
+ },
+ "sentinelEntitiesMappings": {
+ "columnName": "Entities"
}
}
},
@@ -474,7 +457,7 @@
"[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]"
],
"properties": {
- "description": "IoTExcessiveLoginAttempts_AnalyticalRules Analytics Rule with template version 3.0.0",
+ "description": "IoTExcessiveLoginAttempts_AnalyticalRules Analytics Rule with template version 3.0.1",
"mainTemplate": {
"$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
"contentVersion": "[variables('analyticRuleObject2').analyticRuleVersion2]",
@@ -484,7 +467,7 @@
{
"type": "Microsoft.SecurityInsights/AlertRuleTemplates",
"name": "[variables('analyticRuleObject2')._analyticRulecontentId2]",
- "apiVersion": "2022-04-01-preview",
+ "apiVersion": "2023-02-01-preview",
"kind": "Scheduled",
"location": "[parameters('workspace-location')]",
"properties": {
@@ -502,10 +485,10 @@
"status": "Available",
"requiredDataConnectors": [
{
- "connectorId": "IoT",
"dataTypes": [
"SecurityAlert (ASC for IoT)"
- ]
+ ],
+ "connectorId": "IoT"
}
],
"tactics": [
@@ -514,36 +497,18 @@
"techniques": [
"T0806"
],
- "entityMappings": [
- {
- "fieldMappings": [
- {
- "identifier": "Address",
- "columnName": "SourceDeviceAddress"
- }
- ],
- "entityType": "IP"
- },
- {
- "fieldMappings": [
- {
- "identifier": "Address",
- "columnName": "DestDeviceAddress"
- }
- ],
- "entityType": "IP"
- }
- ],
"eventGroupingSettings": {
"aggregationKind": "AlertPerResult"
},
"customDetails": {
"Protocol": "Protocol",
+ "AlertManagementUri": "AlertManagementUri",
"Sensor": "DeviceId",
- "VendorOriginalId": "[variables('VendorOriginalId')]",
- "AlertManagementUri": "AlertManagementUri"
+ "VendorOriginalId": "[variables('VendorOriginalId')]"
},
"alertDetailsOverride": {
+ "alertDisplayNameFormat": "(MDIoT) {{AlertName}}",
+ "alertDescriptionFormat": "(MDIoT) {{Description}}",
"alertDynamicProperties": [
{
"value": "ProductName",
@@ -567,9 +532,10 @@
}
],
"alertSeverityColumnName": "AlertSeverity",
- "alertTacticsColumnName": "Tactics",
- "alertDescriptionFormat": "(MDIoT) {{Description}}",
- "alertDisplayNameFormat": "(MDIoT) {{AlertName}}"
+ "alertTacticsColumnName": "Tactics"
+ },
+ "sentinelEntitiesMappings": {
+ "columnName": "Entities"
}
}
},
@@ -624,7 +590,7 @@
"[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]"
],
"properties": {
- "description": "IoTFirmwareUpdates_AnalyticalRules Analytics Rule with template version 3.0.0",
+ "description": "IoTFirmwareUpdates_AnalyticalRules Analytics Rule with template version 3.0.1",
"mainTemplate": {
"$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
"contentVersion": "[variables('analyticRuleObject3').analyticRuleVersion3]",
@@ -634,7 +600,7 @@
{
"type": "Microsoft.SecurityInsights/AlertRuleTemplates",
"name": "[variables('analyticRuleObject3')._analyticRulecontentId3]",
- "apiVersion": "2022-04-01-preview",
+ "apiVersion": "2023-02-01-preview",
"kind": "Scheduled",
"location": "[parameters('workspace-location')]",
"properties": {
@@ -652,10 +618,10 @@
"status": "Available",
"requiredDataConnectors": [
{
- "connectorId": "IoT",
"dataTypes": [
"SecurityAlert (ASC for IoT)"
- ]
+ ],
+ "connectorId": "IoT"
}
],
"tactics": [
@@ -664,36 +630,18 @@
"techniques": [
"T0857"
],
- "entityMappings": [
- {
- "fieldMappings": [
- {
- "identifier": "Address",
- "columnName": "SourceDeviceAddress"
- }
- ],
- "entityType": "IP"
- },
- {
- "fieldMappings": [
- {
- "identifier": "Address",
- "columnName": "DestDeviceAddress"
- }
- ],
- "entityType": "IP"
- }
- ],
"eventGroupingSettings": {
"aggregationKind": "AlertPerResult"
},
"customDetails": {
"Protocol": "Protocol",
+ "AlertManagementUri": "AlertManagementUri",
"Sensor": "DeviceId",
- "VendorOriginalId": "[variables('VendorOriginalId')]",
- "AlertManagementUri": "AlertManagementUri"
+ "VendorOriginalId": "[variables('VendorOriginalId')]"
},
"alertDetailsOverride": {
+ "alertDisplayNameFormat": "(MDIoT) {{AlertName}}",
+ "alertDescriptionFormat": "(MDIoT) {{Description}}",
"alertDynamicProperties": [
{
"value": "ProductName",
@@ -717,9 +665,10 @@
}
],
"alertSeverityColumnName": "AlertSeverity",
- "alertTacticsColumnName": "Tactics",
- "alertDescriptionFormat": "(MDIoT) {{Description}}",
- "alertDisplayNameFormat": "(MDIoT) {{AlertName}}"
+ "alertTacticsColumnName": "Tactics"
+ },
+ "sentinelEntitiesMappings": {
+ "columnName": "Entities"
}
}
},
@@ -774,7 +723,7 @@
"[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]"
],
"properties": {
- "description": "IoTHighBandwidth_AnalyticalRules Analytics Rule with template version 3.0.0",
+ "description": "IoTHighBandwidth_AnalyticalRules Analytics Rule with template version 3.0.1",
"mainTemplate": {
"$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
"contentVersion": "[variables('analyticRuleObject4').analyticRuleVersion4]",
@@ -784,7 +733,7 @@
{
"type": "Microsoft.SecurityInsights/AlertRuleTemplates",
"name": "[variables('analyticRuleObject4')._analyticRulecontentId4]",
- "apiVersion": "2022-04-01-preview",
+ "apiVersion": "2023-02-01-preview",
"kind": "Scheduled",
"location": "[parameters('workspace-location')]",
"properties": {
@@ -802,10 +751,10 @@
"status": "Available",
"requiredDataConnectors": [
{
- "connectorId": "IoT",
"dataTypes": [
"SecurityAlert (ASC for IoT)"
- ]
+ ],
+ "connectorId": "IoT"
}
],
"tactics": [
@@ -814,36 +763,18 @@
"techniques": [
"T0842"
],
- "entityMappings": [
- {
- "fieldMappings": [
- {
- "identifier": "Address",
- "columnName": "SourceDeviceAddress"
- }
- ],
- "entityType": "IP"
- },
- {
- "fieldMappings": [
- {
- "identifier": "Address",
- "columnName": "DestDeviceAddress"
- }
- ],
- "entityType": "IP"
- }
- ],
"eventGroupingSettings": {
"aggregationKind": "AlertPerResult"
},
"customDetails": {
"Protocol": "Protocol",
+ "AlertManagementUri": "AlertManagementUri",
"Sensor": "DeviceId",
- "VendorOriginalId": "[variables('VendorOriginalId')]",
- "AlertManagementUri": "AlertManagementUri"
+ "VendorOriginalId": "[variables('VendorOriginalId')]"
},
"alertDetailsOverride": {
+ "alertDisplayNameFormat": "(MDIoT) {{AlertName}}",
+ "alertDescriptionFormat": "(MDIoT) {{Description}}",
"alertDynamicProperties": [
{
"value": "ProductName",
@@ -867,9 +798,10 @@
}
],
"alertSeverityColumnName": "AlertSeverity",
- "alertTacticsColumnName": "Tactics",
- "alertDescriptionFormat": "(MDIoT) {{Description}}",
- "alertDisplayNameFormat": "(MDIoT) {{AlertName}}"
+ "alertTacticsColumnName": "Tactics"
+ },
+ "sentinelEntitiesMappings": {
+ "columnName": "Entities"
}
}
},
@@ -924,7 +856,7 @@
"[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]"
],
"properties": {
- "description": "IoTINoSensorTrafficDetected_AnalyticalRules Analytics Rule with template version 3.0.0",
+ "description": "IoTINoSensorTrafficDetected_AnalyticalRules Analytics Rule with template version 3.0.1",
"mainTemplate": {
"$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
"contentVersion": "[variables('analyticRuleObject5').analyticRuleVersion5]",
@@ -934,7 +866,7 @@
{
"type": "Microsoft.SecurityInsights/AlertRuleTemplates",
"name": "[variables('analyticRuleObject5')._analyticRulecontentId5]",
- "apiVersion": "2022-04-01-preview",
+ "apiVersion": "2023-02-01-preview",
"kind": "Scheduled",
"location": "[parameters('workspace-location')]",
"properties": {
@@ -952,10 +884,10 @@
"status": "Available",
"requiredDataConnectors": [
{
- "connectorId": "IoT",
"dataTypes": [
"SecurityAlert (ASC for IoT)"
- ]
+ ],
+ "connectorId": "IoT"
}
],
"tactics": [
@@ -964,36 +896,18 @@
"techniques": [
"T0881"
],
- "entityMappings": [
- {
- "fieldMappings": [
- {
- "identifier": "Address",
- "columnName": "SourceDeviceAddress"
- }
- ],
- "entityType": "IP"
- },
- {
- "fieldMappings": [
- {
- "identifier": "Address",
- "columnName": "DestDeviceAddress"
- }
- ],
- "entityType": "IP"
- }
- ],
"eventGroupingSettings": {
"aggregationKind": "AlertPerResult"
},
"customDetails": {
"Protocol": "Protocol",
+ "AlertManagementUri": "AlertManagementUri",
"Sensor": "DeviceId",
- "VendorOriginalId": "[variables('VendorOriginalId')]",
- "AlertManagementUri": "AlertManagementUri"
+ "VendorOriginalId": "[variables('VendorOriginalId')]"
},
"alertDetailsOverride": {
+ "alertDisplayNameFormat": "(MDIoT) {{AlertName}}",
+ "alertDescriptionFormat": "(MDIoT) {{Description}}",
"alertDynamicProperties": [
{
"value": "ProductName",
@@ -1017,9 +931,10 @@
}
],
"alertSeverityColumnName": "AlertSeverity",
- "alertTacticsColumnName": "Tactics",
- "alertDescriptionFormat": "(MDIoT) {{Description}}",
- "alertDisplayNameFormat": "(MDIoT) {{AlertName}}"
+ "alertTacticsColumnName": "Tactics"
+ },
+ "sentinelEntitiesMappings": {
+ "columnName": "Entities"
}
}
},
@@ -1074,7 +989,7 @@
"[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]"
],
"properties": {
- "description": "IoTIllegalFunctionCodes_AnalyticalRules Analytics Rule with template version 3.0.0",
+ "description": "IoTIllegalFunctionCodes_AnalyticalRules Analytics Rule with template version 3.0.1",
"mainTemplate": {
"$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
"contentVersion": "[variables('analyticRuleObject6').analyticRuleVersion6]",
@@ -1084,7 +999,7 @@
{
"type": "Microsoft.SecurityInsights/AlertRuleTemplates",
"name": "[variables('analyticRuleObject6')._analyticRulecontentId6]",
- "apiVersion": "2022-04-01-preview",
+ "apiVersion": "2023-02-01-preview",
"kind": "Scheduled",
"location": "[parameters('workspace-location')]",
"properties": {
@@ -1102,10 +1017,10 @@
"status": "Available",
"requiredDataConnectors": [
{
- "connectorId": "IoT",
"dataTypes": [
"SecurityAlert (ASC for IoT)"
- ]
+ ],
+ "connectorId": "IoT"
}
],
"tactics": [
@@ -1114,36 +1029,18 @@
"techniques": [
"T0855"
],
- "entityMappings": [
- {
- "fieldMappings": [
- {
- "identifier": "Address",
- "columnName": "SourceDeviceAddress"
- }
- ],
- "entityType": "IP"
- },
- {
- "fieldMappings": [
- {
- "identifier": "Address",
- "columnName": "DestDeviceAddress"
- }
- ],
- "entityType": "IP"
- }
- ],
"eventGroupingSettings": {
"aggregationKind": "AlertPerResult"
},
"customDetails": {
"Protocol": "Protocol",
+ "AlertManagementUri": "AlertManagementUri",
"Sensor": "DeviceId",
- "VendorOriginalId": "[variables('VendorOriginalId')]",
- "AlertManagementUri": "AlertManagementUri"
+ "VendorOriginalId": "[variables('VendorOriginalId')]"
},
"alertDetailsOverride": {
+ "alertDisplayNameFormat": "(MDIoT) {{AlertName}}",
+ "alertDescriptionFormat": "(MDIoT) {{Description}}",
"alertDynamicProperties": [
{
"value": "ProductName",
@@ -1167,9 +1064,10 @@
}
],
"alertSeverityColumnName": "AlertSeverity",
- "alertTacticsColumnName": "Tactics",
- "alertDescriptionFormat": "(MDIoT) {{Description}}",
- "alertDisplayNameFormat": "(MDIoT) {{AlertName}}"
+ "alertTacticsColumnName": "Tactics"
+ },
+ "sentinelEntitiesMappings": {
+ "columnName": "Entities"
}
}
},
@@ -1224,7 +1122,7 @@
"[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]"
],
"properties": {
- "description": "IoTInsecurePLC_AnalyticalRules Analytics Rule with template version 3.0.0",
+ "description": "IoTInsecurePLC_AnalyticalRules Analytics Rule with template version 3.0.1",
"mainTemplate": {
"$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
"contentVersion": "[variables('analyticRuleObject7').analyticRuleVersion7]",
@@ -1234,7 +1132,7 @@
{
"type": "Microsoft.SecurityInsights/AlertRuleTemplates",
"name": "[variables('analyticRuleObject7')._analyticRulecontentId7]",
- "apiVersion": "2022-04-01-preview",
+ "apiVersion": "2023-02-01-preview",
"kind": "Scheduled",
"location": "[parameters('workspace-location')]",
"properties": {
@@ -1252,10 +1150,10 @@
"status": "Available",
"requiredDataConnectors": [
{
- "connectorId": "IoT",
"dataTypes": [
"SecurityAlert (ASC for IoT)"
- ]
+ ],
+ "connectorId": "IoT"
}
],
"tactics": [
@@ -1264,36 +1162,18 @@
"techniques": [
"T0858"
],
- "entityMappings": [
- {
- "fieldMappings": [
- {
- "identifier": "Address",
- "columnName": "SourceDeviceAddress"
- }
- ],
- "entityType": "IP"
- },
- {
- "fieldMappings": [
- {
- "identifier": "Address",
- "columnName": "DestDeviceAddress"
- }
- ],
- "entityType": "IP"
- }
- ],
"eventGroupingSettings": {
"aggregationKind": "AlertPerResult"
},
"customDetails": {
"Protocol": "Protocol",
+ "AlertManagementUri": "AlertManagementUri",
"Sensor": "DeviceId",
- "VendorOriginalId": "[variables('VendorOriginalId')]",
- "AlertManagementUri": "AlertManagementUri"
+ "VendorOriginalId": "[variables('VendorOriginalId')]"
},
"alertDetailsOverride": {
+ "alertDisplayNameFormat": "(MDIoT) {{AlertName}}",
+ "alertDescriptionFormat": "(MDIoT) {{Description}}",
"alertDynamicProperties": [
{
"value": "ProductName",
@@ -1317,9 +1197,10 @@
}
],
"alertSeverityColumnName": "AlertSeverity",
- "alertTacticsColumnName": "Tactics",
- "alertDescriptionFormat": "(MDIoT) {{Description}}",
- "alertDisplayNameFormat": "(MDIoT) {{AlertName}}"
+ "alertTacticsColumnName": "Tactics"
+ },
+ "sentinelEntitiesMappings": {
+ "columnName": "Entities"
}
}
},
@@ -1374,7 +1255,7 @@
"[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]"
],
"properties": {
- "description": "IoTInternetAccess_AnalyticalRules Analytics Rule with template version 3.0.0",
+ "description": "IoTInternetAccess_AnalyticalRules Analytics Rule with template version 3.0.1",
"mainTemplate": {
"$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
"contentVersion": "[variables('analyticRuleObject8').analyticRuleVersion8]",
@@ -1384,7 +1265,7 @@
{
"type": "Microsoft.SecurityInsights/AlertRuleTemplates",
"name": "[variables('analyticRuleObject8')._analyticRulecontentId8]",
- "apiVersion": "2022-04-01-preview",
+ "apiVersion": "2023-02-01-preview",
"kind": "Scheduled",
"location": "[parameters('workspace-location')]",
"properties": {
@@ -1402,10 +1283,10 @@
"status": "Available",
"requiredDataConnectors": [
{
- "connectorId": "IoT",
"dataTypes": [
"SecurityAlert (ASC for IoT)"
- ]
+ ],
+ "connectorId": "IoT"
}
],
"tactics": [
@@ -1414,36 +1295,18 @@
"techniques": [
"T0886"
],
- "entityMappings": [
- {
- "fieldMappings": [
- {
- "identifier": "Address",
- "columnName": "SourceDeviceAddress"
- }
- ],
- "entityType": "IP"
- },
- {
- "fieldMappings": [
- {
- "identifier": "Address",
- "columnName": "DestDeviceAddress"
- }
- ],
- "entityType": "IP"
- }
- ],
"eventGroupingSettings": {
"aggregationKind": "AlertPerResult"
},
"customDetails": {
"Protocol": "Protocol",
+ "AlertManagementUri": "AlertManagementUri",
"Sensor": "DeviceId",
- "VendorOriginalId": "[variables('VendorOriginalId')]",
- "AlertManagementUri": "AlertManagementUri"
+ "VendorOriginalId": "[variables('VendorOriginalId')]"
},
"alertDetailsOverride": {
+ "alertDisplayNameFormat": "(MDIoT) {{AlertName}}",
+ "alertDescriptionFormat": "(MDIoT) {{Description}}",
"alertDynamicProperties": [
{
"value": "ProductName",
@@ -1467,9 +1330,10 @@
}
],
"alertSeverityColumnName": "AlertSeverity",
- "alertTacticsColumnName": "Tactics",
- "alertDescriptionFormat": "(MDIoT) {{Description}}",
- "alertDisplayNameFormat": "(MDIoT) {{AlertName}}"
+ "alertTacticsColumnName": "Tactics"
+ },
+ "sentinelEntitiesMappings": {
+ "columnName": "Entities"
}
}
},
@@ -1524,7 +1388,7 @@
"[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]"
],
"properties": {
- "description": "IoTMalware_AnalyticalRules Analytics Rule with template version 3.0.0",
+ "description": "IoTMalware_AnalyticalRules Analytics Rule with template version 3.0.1",
"mainTemplate": {
"$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
"contentVersion": "[variables('analyticRuleObject9').analyticRuleVersion9]",
@@ -1534,7 +1398,7 @@
{
"type": "Microsoft.SecurityInsights/AlertRuleTemplates",
"name": "[variables('analyticRuleObject9')._analyticRulecontentId9]",
- "apiVersion": "2022-04-01-preview",
+ "apiVersion": "2023-02-01-preview",
"kind": "Scheduled",
"location": "[parameters('workspace-location')]",
"properties": {
@@ -1552,10 +1416,10 @@
"status": "Available",
"requiredDataConnectors": [
{
- "connectorId": "IoT",
"dataTypes": [
"SecurityAlert (ASC for IoT)"
- ]
+ ],
+ "connectorId": "IoT"
}
],
"tactics": [
@@ -1564,36 +1428,18 @@
"techniques": [
"T0882"
],
- "entityMappings": [
- {
- "fieldMappings": [
- {
- "identifier": "Address",
- "columnName": "SourceDeviceAddress"
- }
- ],
- "entityType": "IP"
- },
- {
- "fieldMappings": [
- {
- "identifier": "Address",
- "columnName": "DestDeviceAddress"
- }
- ],
- "entityType": "IP"
- }
- ],
"eventGroupingSettings": {
"aggregationKind": "AlertPerResult"
},
"customDetails": {
"Protocol": "Protocol",
+ "AlertManagementUri": "AlertManagementUri",
"Sensor": "DeviceId",
- "VendorOriginalId": "[variables('VendorOriginalId')]",
- "AlertManagementUri": "AlertManagementUri"
+ "VendorOriginalId": "[variables('VendorOriginalId')]"
},
"alertDetailsOverride": {
+ "alertDisplayNameFormat": "(MDIoT) {{AlertName}}",
+ "alertDescriptionFormat": "(MDIoT) {{Description}}",
"alertDynamicProperties": [
{
"value": "ProductName",
@@ -1617,9 +1463,10 @@
}
],
"alertSeverityColumnName": "AlertSeverity",
- "alertTacticsColumnName": "Tactics",
- "alertDescriptionFormat": "(MDIoT) {{Description}}",
- "alertDisplayNameFormat": "(MDIoT) {{AlertName}}"
+ "alertTacticsColumnName": "Tactics"
+ },
+ "sentinelEntitiesMappings": {
+ "columnName": "Entities"
}
}
},
@@ -1674,7 +1521,7 @@
"[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]"
],
"properties": {
- "description": "IoTNetworkScanning_AnalyticalRules Analytics Rule with template version 3.0.0",
+ "description": "IoTNetworkScanning_AnalyticalRules Analytics Rule with template version 3.0.1",
"mainTemplate": {
"$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
"contentVersion": "[variables('analyticRuleObject10').analyticRuleVersion10]",
@@ -1684,7 +1531,7 @@
{
"type": "Microsoft.SecurityInsights/AlertRuleTemplates",
"name": "[variables('analyticRuleObject10')._analyticRulecontentId10]",
- "apiVersion": "2022-04-01-preview",
+ "apiVersion": "2023-02-01-preview",
"kind": "Scheduled",
"location": "[parameters('workspace-location')]",
"properties": {
@@ -1702,10 +1549,10 @@
"status": "Available",
"requiredDataConnectors": [
{
- "connectorId": "IoT",
"dataTypes": [
"SecurityAlert (ASC for IoT)"
- ]
+ ],
+ "connectorId": "IoT"
}
],
"tactics": [
@@ -1714,36 +1561,18 @@
"techniques": [
"T0842"
],
- "entityMappings": [
- {
- "fieldMappings": [
- {
- "identifier": "Address",
- "columnName": "SourceDeviceAddress"
- }
- ],
- "entityType": "IP"
- },
- {
- "fieldMappings": [
- {
- "identifier": "Address",
- "columnName": "DestDeviceAddress"
- }
- ],
- "entityType": "IP"
- }
- ],
"eventGroupingSettings": {
"aggregationKind": "AlertPerResult"
},
"customDetails": {
"Protocol": "Protocol",
+ "AlertManagementUri": "AlertManagementUri",
"Sensor": "DeviceId",
- "VendorOriginalId": "[variables('VendorOriginalId')]",
- "AlertManagementUri": "AlertManagementUri"
+ "VendorOriginalId": "[variables('VendorOriginalId')]"
},
"alertDetailsOverride": {
+ "alertDisplayNameFormat": "(MDIoT) {{AlertName}}",
+ "alertDescriptionFormat": "(MDIoT) {{Description}}",
"alertDynamicProperties": [
{
"value": "ProductName",
@@ -1767,9 +1596,10 @@
}
],
"alertSeverityColumnName": "AlertSeverity",
- "alertTacticsColumnName": "Tactics",
- "alertDescriptionFormat": "(MDIoT) {{Description}}",
- "alertDisplayNameFormat": "(MDIoT) {{AlertName}}"
+ "alertTacticsColumnName": "Tactics"
+ },
+ "sentinelEntitiesMappings": {
+ "columnName": "Entities"
}
}
},
@@ -1824,7 +1654,7 @@
"[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]"
],
"properties": {
- "description": "IoTPLCStopCommand_AnalyticalRules Analytics Rule with template version 3.0.0",
+ "description": "IoTPLCStopCommand_AnalyticalRules Analytics Rule with template version 3.0.1",
"mainTemplate": {
"$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
"contentVersion": "[variables('analyticRuleObject11').analyticRuleVersion11]",
@@ -1834,7 +1664,7 @@
{
"type": "Microsoft.SecurityInsights/AlertRuleTemplates",
"name": "[variables('analyticRuleObject11')._analyticRulecontentId11]",
- "apiVersion": "2022-04-01-preview",
+ "apiVersion": "2023-02-01-preview",
"kind": "Scheduled",
"location": "[parameters('workspace-location')]",
"properties": {
@@ -1852,10 +1682,10 @@
"status": "Available",
"requiredDataConnectors": [
{
- "connectorId": "IoT",
"dataTypes": [
"SecurityAlert (ASC for IoT)"
- ]
+ ],
+ "connectorId": "IoT"
}
],
"tactics": [
@@ -1864,36 +1694,18 @@
"techniques": [
"T0858"
],
- "entityMappings": [
- {
- "fieldMappings": [
- {
- "identifier": "Address",
- "columnName": "SourceDeviceAddress"
- }
- ],
- "entityType": "IP"
- },
- {
- "fieldMappings": [
- {
- "identifier": "Address",
- "columnName": "DestDeviceAddress"
- }
- ],
- "entityType": "IP"
- }
- ],
"eventGroupingSettings": {
"aggregationKind": "AlertPerResult"
},
"customDetails": {
"Protocol": "Protocol",
+ "AlertManagementUri": "AlertManagementUri",
"Sensor": "DeviceId",
- "VendorOriginalId": "[variables('VendorOriginalId')]",
- "AlertManagementUri": "AlertManagementUri"
+ "VendorOriginalId": "[variables('VendorOriginalId')]"
},
"alertDetailsOverride": {
+ "alertDisplayNameFormat": "(MDIoT) {{AlertName}}",
+ "alertDescriptionFormat": "(MDIoT) {{Description}}",
"alertDynamicProperties": [
{
"value": "ProductName",
@@ -1917,9 +1729,10 @@
}
],
"alertSeverityColumnName": "AlertSeverity",
- "alertTacticsColumnName": "Tactics",
- "alertDescriptionFormat": "(MDIoT) {{Description}}",
- "alertDisplayNameFormat": "(MDIoT) {{AlertName}}"
+ "alertTacticsColumnName": "Tactics"
+ },
+ "sentinelEntitiesMappings": {
+ "columnName": "Entities"
}
}
},
@@ -1974,7 +1787,7 @@
"[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]"
],
"properties": {
- "description": "IoTUnauthorizedDevice_AnalyticalRules Analytics Rule with template version 3.0.0",
+ "description": "IoTUnauthorizedDevice_AnalyticalRules Analytics Rule with template version 3.0.1",
"mainTemplate": {
"$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
"contentVersion": "[variables('analyticRuleObject12').analyticRuleVersion12]",
@@ -1984,7 +1797,7 @@
{
"type": "Microsoft.SecurityInsights/AlertRuleTemplates",
"name": "[variables('analyticRuleObject12')._analyticRulecontentId12]",
- "apiVersion": "2022-04-01-preview",
+ "apiVersion": "2023-02-01-preview",
"kind": "Scheduled",
"location": "[parameters('workspace-location')]",
"properties": {
@@ -2002,10 +1815,10 @@
"status": "Available",
"requiredDataConnectors": [
{
- "connectorId": "IoT",
"dataTypes": [
"SecurityAlert (ASC for IoT)"
- ]
+ ],
+ "connectorId": "IoT"
}
],
"tactics": [
@@ -2014,36 +1827,18 @@
"techniques": [
"T0842"
],
- "entityMappings": [
- {
- "fieldMappings": [
- {
- "identifier": "Address",
- "columnName": "SourceDeviceAddress"
- }
- ],
- "entityType": "IP"
- },
- {
- "fieldMappings": [
- {
- "identifier": "Address",
- "columnName": "DestDeviceAddress"
- }
- ],
- "entityType": "IP"
- }
- ],
"eventGroupingSettings": {
"aggregationKind": "AlertPerResult"
},
"customDetails": {
"Protocol": "Protocol",
+ "AlertManagementUri": "AlertManagementUri",
"Sensor": "DeviceId",
- "VendorOriginalId": "[variables('VendorOriginalId')]",
- "AlertManagementUri": "AlertManagementUri"
+ "VendorOriginalId": "[variables('VendorOriginalId')]"
},
"alertDetailsOverride": {
+ "alertDisplayNameFormat": "(MDIoT) {{AlertName}}",
+ "alertDescriptionFormat": "(MDIoT) {{Description}}",
"alertDynamicProperties": [
{
"value": "ProductName",
@@ -2067,9 +1862,10 @@
}
],
"alertSeverityColumnName": "AlertSeverity",
- "alertTacticsColumnName": "Tactics",
- "alertDescriptionFormat": "(MDIoT) {{Description}}",
- "alertDisplayNameFormat": "(MDIoT) {{AlertName}}"
+ "alertTacticsColumnName": "Tactics"
+ },
+ "sentinelEntitiesMappings": {
+ "columnName": "Entities"
}
}
},
@@ -2124,7 +1920,7 @@
"[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]"
],
"properties": {
- "description": "IoTUnauthorizedNetworkConfiguration_AnalyticalRules Analytics Rule with template version 3.0.0",
+ "description": "IoTUnauthorizedNetworkConfiguration_AnalyticalRules Analytics Rule with template version 3.0.1",
"mainTemplate": {
"$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
"contentVersion": "[variables('analyticRuleObject13').analyticRuleVersion13]",
@@ -2134,7 +1930,7 @@
{
"type": "Microsoft.SecurityInsights/AlertRuleTemplates",
"name": "[variables('analyticRuleObject13')._analyticRulecontentId13]",
- "apiVersion": "2022-04-01-preview",
+ "apiVersion": "2023-02-01-preview",
"kind": "Scheduled",
"location": "[parameters('workspace-location')]",
"properties": {
@@ -2152,10 +1948,10 @@
"status": "Available",
"requiredDataConnectors": [
{
- "connectorId": "IoT",
"dataTypes": [
"SecurityAlert (ASC for IoT)"
- ]
+ ],
+ "connectorId": "IoT"
}
],
"tactics": [
@@ -2164,36 +1960,18 @@
"techniques": [
"T0842"
],
- "entityMappings": [
- {
- "fieldMappings": [
- {
- "identifier": "Address",
- "columnName": "SourceDeviceAddress"
- }
- ],
- "entityType": "IP"
- },
- {
- "fieldMappings": [
- {
- "identifier": "Address",
- "columnName": "DestDeviceAddress"
- }
- ],
- "entityType": "IP"
- }
- ],
"eventGroupingSettings": {
"aggregationKind": "AlertPerResult"
},
"customDetails": {
"Protocol": "Protocol",
+ "AlertManagementUri": "AlertManagementUri",
"Sensor": "DeviceId",
- "VendorOriginalId": "[variables('VendorOriginalId')]",
- "AlertManagementUri": "AlertManagementUri"
+ "VendorOriginalId": "[variables('VendorOriginalId')]"
},
"alertDetailsOverride": {
+ "alertDisplayNameFormat": "(MDIoT) {{AlertName}}",
+ "alertDescriptionFormat": "(MDIoT) {{Description}}",
"alertDynamicProperties": [
{
"value": "ProductName",
@@ -2217,9 +1995,10 @@
}
],
"alertSeverityColumnName": "AlertSeverity",
- "alertTacticsColumnName": "Tactics",
- "alertDescriptionFormat": "(MDIoT) {{Description}}",
- "alertDisplayNameFormat": "(MDIoT) {{AlertName}}"
+ "alertTacticsColumnName": "Tactics"
+ },
+ "sentinelEntitiesMappings": {
+ "columnName": "Entities"
}
}
},
@@ -2274,7 +2053,7 @@
"[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]"
],
"properties": {
- "description": "IoTUnauthorizedPLCModifications_AnalyticalRules Analytics Rule with template version 3.0.0",
+ "description": "IoTUnauthorizedPLCModifications_AnalyticalRules Analytics Rule with template version 3.0.1",
"mainTemplate": {
"$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
"contentVersion": "[variables('analyticRuleObject14').analyticRuleVersion14]",
@@ -2284,7 +2063,7 @@
{
"type": "Microsoft.SecurityInsights/AlertRuleTemplates",
"name": "[variables('analyticRuleObject14')._analyticRulecontentId14]",
- "apiVersion": "2022-04-01-preview",
+ "apiVersion": "2023-02-01-preview",
"kind": "Scheduled",
"location": "[parameters('workspace-location')]",
"properties": {
@@ -2302,10 +2081,10 @@
"status": "Available",
"requiredDataConnectors": [
{
- "connectorId": "IoT",
"dataTypes": [
"SecurityAlert (ASC for IoT)"
- ]
+ ],
+ "connectorId": "IoT"
}
],
"tactics": [
@@ -2314,36 +2093,18 @@
"techniques": [
"T0839"
],
- "entityMappings": [
- {
- "fieldMappings": [
- {
- "identifier": "Address",
- "columnName": "SourceDeviceAddress"
- }
- ],
- "entityType": "IP"
- },
- {
- "fieldMappings": [
- {
- "identifier": "Address",
- "columnName": "DestDeviceAddress"
- }
- ],
- "entityType": "IP"
- }
- ],
"eventGroupingSettings": {
"aggregationKind": "AlertPerResult"
},
"customDetails": {
"Protocol": "Protocol",
+ "AlertManagementUri": "AlertManagementUri",
"Sensor": "DeviceId",
- "VendorOriginalId": "[variables('VendorOriginalId')]",
- "AlertManagementUri": "AlertManagementUri"
+ "VendorOriginalId": "[variables('VendorOriginalId')]"
},
"alertDetailsOverride": {
+ "alertDisplayNameFormat": "(MDIoT) {{AlertName}}",
+ "alertDescriptionFormat": "(MDIoT) {{Description}}",
"alertDynamicProperties": [
{
"value": "ProductName",
@@ -2367,9 +2128,10 @@
}
],
"alertSeverityColumnName": "AlertSeverity",
- "alertTacticsColumnName": "Tactics",
- "alertDescriptionFormat": "(MDIoT) {{Description}}",
- "alertDisplayNameFormat": "(MDIoT) {{AlertName}}"
+ "alertTacticsColumnName": "Tactics"
+ },
+ "sentinelEntitiesMappings": {
+ "columnName": "Entities"
}
}
},
@@ -2424,7 +2186,7 @@
"[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]"
],
"properties": {
- "description": "IoTUnauthorizedRemoteAccess_AnalyticalRules Analytics Rule with template version 3.0.0",
+ "description": "IoTUnauthorizedRemoteAccess_AnalyticalRules Analytics Rule with template version 3.0.1",
"mainTemplate": {
"$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
"contentVersion": "[variables('analyticRuleObject15').analyticRuleVersion15]",
@@ -2434,7 +2196,7 @@
{
"type": "Microsoft.SecurityInsights/AlertRuleTemplates",
"name": "[variables('analyticRuleObject15')._analyticRulecontentId15]",
- "apiVersion": "2022-04-01-preview",
+ "apiVersion": "2023-02-01-preview",
"kind": "Scheduled",
"location": "[parameters('workspace-location')]",
"properties": {
@@ -2452,10 +2214,10 @@
"status": "Available",
"requiredDataConnectors": [
{
- "connectorId": "IoT",
"dataTypes": [
"SecurityAlert (ASC for IoT)"
- ]
+ ],
+ "connectorId": "IoT"
}
],
"tactics": [
@@ -2464,36 +2226,18 @@
"techniques": [
"T0886"
],
- "entityMappings": [
- {
- "fieldMappings": [
- {
- "identifier": "Address",
- "columnName": "SourceDeviceAddress"
- }
- ],
- "entityType": "IP"
- },
- {
- "fieldMappings": [
- {
- "identifier": "Address",
- "columnName": "DestDeviceAddress"
- }
- ],
- "entityType": "IP"
- }
- ],
"eventGroupingSettings": {
"aggregationKind": "AlertPerResult"
},
"customDetails": {
"Protocol": "Protocol",
+ "AlertManagementUri": "AlertManagementUri",
"Sensor": "DeviceId",
- "VendorOriginalId": "[variables('VendorOriginalId')]",
- "AlertManagementUri": "AlertManagementUri"
+ "VendorOriginalId": "[variables('VendorOriginalId')]"
},
"alertDetailsOverride": {
+ "alertDisplayNameFormat": "(MDIoT) {{AlertName}}",
+ "alertDescriptionFormat": "(MDIoT) {{Description}}",
"alertDynamicProperties": [
{
"value": "ProductName",
@@ -2517,9 +2261,10 @@
}
],
"alertSeverityColumnName": "AlertSeverity",
- "alertTacticsColumnName": "Tactics",
- "alertDescriptionFormat": "(MDIoT) {{Description}}",
- "alertDisplayNameFormat": "(MDIoT) {{AlertName}}"
+ "alertTacticsColumnName": "Tactics"
+ },
+ "sentinelEntitiesMappings": {
+ "columnName": "Entities"
}
}
},
@@ -2574,7 +2319,7 @@
"[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]"
],
"properties": {
- "description": "AD4IoT-AutoCloseIncidents Playbook with template version 3.0.0",
+ "description": "AD4IoT-AutoCloseIncidents Playbook with template version 3.0.1",
"mainTemplate": {
"$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
"contentVersion": "[variables('playbookVersion1')]",
@@ -2877,7 +2622,7 @@
"[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]"
],
"properties": {
- "description": "AD4IoT-MailByProductionLine Playbook with template version 3.0.0",
+ "description": "AD4IoT-MailByProductionLine Playbook with template version 3.0.1",
"mainTemplate": {
"$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
"contentVersion": "[variables('playbookVersion2')]",
@@ -3195,7 +2940,7 @@
"[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]"
],
"properties": {
- "description": "AD4IoT-NewAssetServiceNowTicket Playbook with template version 3.0.0",
+ "description": "AD4IoT-NewAssetServiceNowTicket Playbook with template version 3.0.1",
"mainTemplate": {
"$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
"contentVersion": "[variables('playbookVersion3')]",
@@ -3441,7 +3186,7 @@
"[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]"
],
"properties": {
- "description": "AD4IoT-AutoAlertStatusSync Playbook with template version 3.0.0",
+ "description": "AD4IoT-AutoAlertStatusSync Playbook with template version 3.0.1",
"mainTemplate": {
"$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
"contentVersion": "[variables('playbookVersion4')]",
@@ -3911,7 +3656,7 @@
"[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]"
],
"properties": {
- "description": "AD4IoT-SendEmailtoIoTOwner Playbook with template version 3.0.0",
+ "description": "AD4IoT-SendEmailtoIoTOwner Playbook with template version 3.0.1",
"mainTemplate": {
"$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
"contentVersion": "[variables('playbookVersion5')]",
@@ -4540,7 +4285,7 @@
"[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]"
],
"properties": {
- "description": "AD4IoT-AutoTriageIncident Playbook with template version 3.0.0",
+ "description": "AD4IoT-AutoTriageIncident Playbook with template version 3.0.1",
"mainTemplate": {
"$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
"contentVersion": "[variables('playbookVersion6')]",
@@ -5007,7 +4752,7 @@
"[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]"
],
"properties": {
- "description": "AD4IoT-CVEAutoWorkflow Playbook with template version 3.0.0",
+ "description": "AD4IoT-CVEAutoWorkflow Playbook with template version 3.0.1",
"mainTemplate": {
"$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
"contentVersion": "[variables('playbookVersion7')]",
@@ -5443,7 +5188,6 @@
"name": "ARGEndPoint",
"type": "string",
"value": "[[uri(variables('azure'),'providers/Microsoft.ResourceGraph/resources?api-version=2021-03-01')]"
-
}
]
}
@@ -5581,7 +5325,7 @@
"[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]"
],
"properties": {
- "description": "IoTOTThreatMonitoringwithDefenderforIoT data connector with template version 3.0.0",
+ "description": "IoTOTThreatMonitoringwithDefenderforIoT data connector with template version 3.0.1",
"mainTemplate": {
"$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
"contentVersion": "[variables('dataConnectorVersion1')]",
@@ -5736,12 +5480,12 @@
"apiVersion": "2023-04-01-preview",
"location": "[parameters('workspace-location')]",
"properties": {
- "version": "3.0.0",
+ "version": "3.0.1",
"kind": "Solution",
"contentSchemaVersion": "3.0.0",
"displayName": "IoTOTThreatMonitoringwithDefenderforIoT",
"publisherDisplayName": "Microsoft Sentinel, Microsoft Corporation",
- "descriptionHtml": "Note: There may be known issues pertaining to this Solution, please refer to them before installing.
\nThe Microsoft Defender for IoT solution for Microsoft Sentinel allows you to ingest Security alerts reported in Microsoft Defender for IoT on assessing your Internet of Things (IoT)/Operational Technology (OT) infrastructure.
\n** Underlying Microsoft Technologies used: **
\nThis solution takes a dependency on the following technologies, and some of these dependencies either may be in Preview state or might result in additional ingestion or operational costs:
\n\nData Connectors: 1, Workbooks: 1, Analytic Rules: 15, Playbooks: 7
\nLearn more about Microsoft Sentinel | Learn more about Solutions
\n", + "descriptionHtml": "Note: Please refer to the following before installing the solution:
\n• Review the solution Release Notes
\n• There may be known issues pertaining to this Solution, please refer to them before installing.
\nThe Microsoft Defender for IoT solution for Microsoft Sentinel allows you to ingest Security alerts reported in Microsoft Defender for IoT on assessing your Internet of Things (IoT)/Operational Technology (OT) infrastructure.
\n** Underlying Microsoft Technologies used: **
\nThis solution takes a dependency on the following technologies, and some of these dependencies either may be in Preview state or might result in additional ingestion or operational costs:
\n\nData Connectors: 1, Workbooks: 1, Analytic Rules: 15, Playbooks: 7
\nLearn more about Microsoft Sentinel | Learn more about Solutions
\n", "contentKind": "Solution", "contentProductId": "[variables('_solutioncontentProductId')]", "id": "[variables('_solutioncontentProductId')]", diff --git a/Solutions/IoTOTThreatMonitoringwithDefenderforIoT/Package/testParameters.json b/Solutions/IoTOTThreatMonitoringwithDefenderforIoT/Package/testParameters.json new file mode 100644 index 00000000000..9a4c4a185a5 --- /dev/null +++ b/Solutions/IoTOTThreatMonitoringwithDefenderforIoT/Package/testParameters.json @@ -0,0 +1,32 @@ +{ + "location": { + "type": "string", + "minLength": 1, + "defaultValue": "[resourceGroup().location]", + "metadata": { + "description": "Not used, but needed to pass arm-ttk test `Location-Should-Not-Be-Hardcoded`. We instead use the `workspace-location` which is derived from the LA workspace" + } + }, + "workspace-location": { + "type": "string", + "defaultValue": "", + "metadata": { + "description": "[concat('Region to deploy solution resources -- separate from location selection',parameters('location'))]" + } + }, + "workspace": { + "defaultValue": "", + "type": "string", + "metadata": { + "description": "Workspace name for Log Analytics where Microsoft Sentinel is setup" + } + }, + "workbook1-name": { + "type": "string", + "defaultValue": "Microsoft Defender for IoT", + "minLength": 1, + "metadata": { + "description": "Name for the workbook" + } + } +} diff --git a/Solutions/IoTOTThreatMonitoringwithDefenderforIoT/ReleaseNotes.md b/Solutions/IoTOTThreatMonitoringwithDefenderforIoT/ReleaseNotes.md index a5b4a97e041..16e22fc4ff2 100644 --- a/Solutions/IoTOTThreatMonitoringwithDefenderforIoT/ReleaseNotes.md +++ b/Solutions/IoTOTThreatMonitoringwithDefenderforIoT/ReleaseNotes.md @@ -1,3 +1,4 @@ | **Version** | **Date Modified (DD-MM-YYYY)** | **Change History** | |-------------|--------------------------------|--------------------------------------------------------------------| +| 3.0.1 | 10-01-2025 | Reverted Entity Mappings of **Analytic Rules** to earlier version | | 3.0.0 | 30-11-2023 | Added new Entity Mapping to **Analytic Rules** | \ No newline at end of file