From 164e009032eeb54c2c77981ee28115764814bb28 Mon Sep 17 00:00:00 2001 From: "jaspreet.ss" Date: Fri, 3 Jan 2025 11:50:21 -0800 Subject: [PATCH 1/3] Update Samsung Knox Asset Intelligence Solution offerId --- .../Data/Solution_Samsung.json | 2 +- .../Package/3.0.1.zip | Bin 0 -> 13261 bytes .../Package/mainTemplate.json | 94 +++++++++--------- .../ReleaseNotes.md | 8 +- .../SolutionMetadata.json | 2 +- 5 files changed, 54 insertions(+), 52 deletions(-) create mode 100644 Solutions/Samsung Knox Asset Intelligence/Package/3.0.1.zip diff --git a/Solutions/Samsung Knox Asset Intelligence/Data/Solution_Samsung.json b/Solutions/Samsung Knox Asset Intelligence/Data/Solution_Samsung.json index b4e1732af31..af39c31483b 100644 --- a/Solutions/Samsung Knox Asset Intelligence/Data/Solution_Samsung.json +++ b/Solutions/Samsung Knox Asset Intelligence/Data/Solution_Samsung.json @@ -19,7 +19,7 @@ "Solutions/Samsung Knox Asset Intelligence/Analytic Rules/SamsungKnoxSuspiciousURLs.yaml" ], "BasePath": "C:\\GitHub\\Azure-Sentinel\\Solutions\\Samsung Knox Asset Intelligence", - "Version": "3.0.0", + "Version": "3.0.1", "Metadata": "SolutionMetadata.json", "TemplateSpec": true, "Is1PConnector": false diff --git a/Solutions/Samsung Knox Asset Intelligence/Package/3.0.1.zip b/Solutions/Samsung Knox Asset Intelligence/Package/3.0.1.zip new file mode 100644 index 0000000000000000000000000000000000000000..22a2fa5f005b130040bd3d3568b6aed5bd72a8a0 GIT binary patch literal 13261 zcmZ{LbBrfW@Z}ggwr$(CZQHiZ&)CL}Jv+AT*|BZgy8Zs{ue-~2chc!jr&8T7)p@DB zQj`G&Lj?i?f&yyMBhjV>alxhk1q1|30|bQeZ`Z`x%*fSD%}UhF+{)g{)yl!1-rB{% z{!0789%mHo`=$)Dj!yJf*O)XehIp=E{ibTrxNdD_H?2@+-72+Sl;+MKz( z$3!%1<(_VZf5e=Z*;tc5!(08?Rd5k2BtYy_BP-N#=)Q|#f5Gl6}oG!qGX zRErr7YxpeT2QSx9k(@ZIPa4tDxg5ldoPw8K3t87cznml8X9UW}EAUB)6g1J(*tRz0 z0Y6)2C!F){Ecp?xCtMh!pr$9lFE58;VdO%f@-e zW;3yYvP8z$&{$at7OyKSsU=S8J-a)s0R zKjo`v_0n=sV7h!mVu1H<|DIRZPZk|p)LX~_$Plp?GXia-v?$%%UOJL`iDLDN3*|1* z{6~Gbw`ItTr>xPM(W%gKrIC9)q}M#jNsL|D^%lj2iDBB!f?W%C$$fgLRW0N_4g;b3 zX+Dpa2`voLRQ=K0_JvcX%3M9a&6pZdMrH-!l; zlCryw?m7N0*ohI$A^zG^2YqUVOL6d|mJnll^!2dtuxNTXnVUJFlk7a7+w%7yoLZJmQ&0*gGJi=86s(0Yo|N55{NJqKnVX<$GO!Bxnq+fXfWOm9#oOreh>5ZC4X%aofhp zd&wc)QgCRgdlJLR0kfzG>rH~iUank_H<6C3i6)l$-6SKBKuT%ijaJ|eVhM1~b}2=A z8LnuOk9m;`Z3O_*Dr~5fJYb$YO^0zhrwDCA_E3|1#lm~F^$X^6K-1rX*o#1=J=5Fk zs!3x98ODdG3v|y`E0@%1YM4GECNf4*B$x;?rn;sy84>H_d43r+0zq}2FHp~n*g8Pm z*4p5N(>gSiPZcTCGFUuldrRSw-gRI>GoQI6K{Ml`f!kQ2RNjtsr+wLD?`ThX(%i%m zJ}+J0oa=EHm~;W|QiE#|6Q=fLQz=4^xJT@QlUml|ikd`ZRLAA6(yM^0{4JC(`3hqt zjz(lYwyQauo_-qm-w_jOH4N?SHNAe3^U{(xIWuZ|9~uZ2nVw^ybwIgoHS05|jkKg+ zRTV4AZB@%rIsSTE4R4&_>|(Z7s zRE;Bqsxzh{wOx2GIt&!*SQ0evzdaB^ERCft6SnjhWtO)UmpKcSo#HIfoh4Sqt*FXX z?BWYqITkscia%SmDbdt~#Z(LM%sqqig;XCU!{;H%<-xdrptErkdS4}-cA^pf3S>h6 zM<*FeUF;gYlSZV=;M?unqiWfNaOd%7ZQo@a{qg3wyTI|T{9@d0wY5Xy)O4r2wv1rB zM~`AF+K(r!6X!#nnUC>99XQw(icl3J&n-+xdc;*6ygqUcLB}W@wuUrNUItndKfWWR zj56QL+9*Jvm*@Of0k^QHsjAWeiat>s(#24Di6friL+Mki!H=0HacF?SOqJh5@03^1 zzkeNLWx8ndd#8&ZZ*;rlF`s}W*GRqOsH79Q*S2SCol+uAd;d%(*=+YjL#^yQHr3s=T=E7y+-^ig`0L27Bn5jtavk{64BKt^)!YISnF z^WqH;*=nn_R`?OsE&X)3$!D|z<^h~SJrxyKD)b5rL{!8ji1i$>8Z|G;%_Kph!YERXJ-CJIdBWI2* zvLar}8k0*{u5F6A8IRE^T{z6=*#I2=6+yjf5F!RbcmxH`2&i`H*=@^Ll%JR?AfvA24?zF8HmcgvOJ<<(?oDWW*BhVFO5bnI}>IGT8w!- zkA5(O@Q^?L4!E@aKpXbxpay>An2t++*o844e}?)OruTPASt=fjCtyGBmW+bHHFrxo zN7raU^8DYkdisFAtmC~L&r@kOf46ro6xh!%QvNRd!>%Bp_DCbp!>_uK zhLpoBK?2^Q0LrE1GGOu5Oy z-ggpC_-f}s?nUu4>255AX0z)2{?*IxexAnZMZ0sc;7z)7MY;NO-eIOZz(Y`ldxqLy zKxnzk%k|+@K=J>em`Jvl#RZf=K(Z>pKuG^6rk#XDg3C`U$+b4UPK>IxrrP;eH%(&$m2G%gWwP_==#&Bc$NvDH9kf zEU^jtaiM&Zbdg2w{DmeaV{fnHZ@a;q# z{g)ncW|f(Btg_o|9r7Hz19a`XUTO?OTz2CDi!Fir4l?HRVB5)|8)+%CG~*Mpogm{q zFaw_{!)9A3k#7a-{*dB>bWAbPR^YxjzM+x)49#lA6lP{s-arVfpzf&|X8B}b50R*0 zNaen;V~8Y6oHsl;a3BOtC1$`R`s~%J2K(2sOPPWyZd!x;Q_3X3aQ%B)J+M@|Y0=L~YeaN0R zYRGKF{V;XJYRCo7)LMG_S1ixo6lF-e=u2$9G0Wi0!WIGl_$@Gbdt7Z=Oeg0@Jy;9=Skb2&gi1+ zk(N@dJHvhdsI9>I#Rd=tf64Us6enipTJXi(6PKe_woo!uIjC(NOczy~n@^U5RbT^_ zV{ux`?GCmLnLDkAT#o=&u;dDo@1!U;RBoDp$Zd}YQP$MEa_>@(n-wazc(vRI)89s|pFe-=`O} z&HbfOr3)ro8|AHQGqv(;Tc_vRHa?xTZXO+QH7YhsJ{z(tJl*z^l+qLivE+vyJI1x~ zZz6o1gD_*3e^AZe7C&&gA(4awLGmn1I|!@x2+Twok`3rHA(rR%8yAS-QkfcIhC z7pXNn*~BezqqQR{pRHy2&WaoBSiJ7qX4v&5_bfI&ljdBz?#>OX6`p3=H9K1RPO&Hk z+Rj+Car=5{)by>9bF)^(RP(g0W7IV}^fbM^1_`YQHXgTF<`z&{cAq}e?pikND|WkP ztHxzJ^Kp9@=mwqNuLBJmx~Z4wm7-2-cHbZkI>pi~llC@Imo2|0?PXTC^#6!^@M!zB zE&!4H@L*qEo@y6u%?tIrb9Yv!lXcdZt!|wSW29{@Ph8q3{^!Ip17W9FC2QklOWBxx zXWiv}O2?eN?TdD}x$9c(a%HP~GoE(QI{kuJo})}#HOZnT z?R}mabjts^as7+6c!^&1?EsMBQNNN0iT8VEqtJ9kr#1I)W zM^a{fTe>^x)u2utvl>CfuIK)jLUjPT-rE{>`%JEtAeT-<1qdDh>U%7P7Kq(CwluQ& zuQ+`t%bH(?GX1DI!=CJ}3lm&4?Vv_a>3I-3y`#iEmhF)3AWvfm#9q8cFMsJ!{CR8B zY!ZyA5)oATMKAbLa1U^cFG~X@Z557=MP5UOOdV)st#{yN_BSD{R67cuOyOilR{{~6 z-I7lIem=i61*HYEHib%^aP_B7jyP}3G1D`B%PD>UTZPH_iNvLj>L~`xPa|Ef_(ZF0(7Mcq)WdvnzxE^!U8TN zb;sn6*L+*Ph1P%EH{r=;4jAXmRs5jV%o`LvmR?2yOX*eRd>eblk7#%_RU6qAJu&w* z5z=DHMA>qsNf3ewObQa%rNZnxIk5mV9_y|+6xlrj*e-M(qCTf5qM}||l)$HlB@`E5 z+}bHI2tl;Q4}jY-`FA3t1)hu~lm00~sBbq^NRac{CrIp`ePQGG&HUVMK#UNjva9k} zu^Y=QoHEpW@qj@sZoc*aeTS?CCP$h!<*YT6r5wrnc0S*663HCxD(RY6eaqN`2tB zzn`(1i)OiRvA-9@PwRzGBQu>KEbJ1wsoil8oY-2Wbuz0oYx9D91W)I}6LR7=BjrNf zBmzIg+n$_Y*`OWnX7E^RBqHyAcmmEvklcp0q>Yh+TnmkOizq)q6gy*xZUZ0;fYF4R^csQ(*HswO}W?xO+q3_YYXFm zh5EbGpyC@AV_0nmA-Dp?A;Q+V#`TN0uaD-r4yi_)vhU``D9JNKQe@5zFet&c!&?H(74aQxQ0y) zTz~_7J*FC{Q09=u=CP)XfrqC;t(>RxE#~waSZ%#PPX!K0d^ANF3-^H<`Gk@;LFQK7 zA?h1R$QceV$WXG~U?m7hx=7rsfY73qR>H?iq95cfE+r%hj~p(3Nd@O@n`5Fy0U<{u z4LR7Iu98ogw>maJZT87zZppjwl2* zWY$AY2(t+lnL_4L4uvZSRBQKVbdz=s0X*AAP`DwpCbpXnzQ@)n6fB&J4$%$~{R@4B zePu-z)Y6sp-6P+vtJQ0kc#e_pH>OAYr*X?m zIPzVFg>VRYB<3C(2W-T$!0+j!wqt;Guh-K#N?Xq#{ciF<<0Sy__f=%T!~WfKCyND07ODTsIkbLFomH&G#L z;j^@AyQ}!H8w#>dANVLk|0RDh>QJr)?TkwT$YXXq+6|3>$HRJ0OF@5}!t5-4?X!TM zQI+02PyZuYBh_DR0Wh3cyXQKgIE1Ro$froB0gRk}&%29zh8>GGqPFoMND@XCLcVKKtr8FIks7Y3Nk)Es)N;9%Hnd*268AqM-C&v2c zt}!V0l#440k95Y<_>e>kle6r$6r==>+NExSx&(|*hOSg#7EO><5m`y0ZT5DiAAJG* zTh@s95S-A_Z*^0&i$8i8xUel~*pA>nKRO3^)*<+Rof8*(9VDkV+mC8M&`?vE`*Uu) z3pN{yh;K*#=+_Lh3uAXw*$vFDS7{6=itOwVJI5tO4WS|uSh0o#y_k5tDbp7xJ-G7X z#`)=f2s)+d0g0Khc`HfT2a@JHNzlrn!w-9#3Vtavevu;U?TFGiIO9CC$(UC#v0gc< zqVf?)2kYXjrF4hn4ubEeW$~V*2~F1ov6vR#6$(F}FA+UK=tXq==9(IvdDicKmy05g ztj*XG{upcv@jKulnHDPuhHw@t1S}lP&T=XItq2X}rk*D1Y4s#)C&Le1D&ii99qZ51 zw$eSAs>!_v*RI=+q9YQ%orv_9)ON)VykA@uHK7nyL?R>P4Z`(q2;R>CO(o8#^X!`Y zKw1G^xZ{UL7BPU{v$Ger)^D^56<5T=jL7jP&{ndBET2!D&Sn$)B+g8=?x$&LB+=D! zmFuCUcO61~Oxck4CU5McSc1BjJSF#nR7)rlH!YUL!KoAkACKUwS9zX#xz?sz`^!dg2H0Xw~gqIk-=Yhr;C7OIfGfUygt6&a4s8X$*1FI1|# ziuR83m1DO|Lp{DVh1)AL-XO)6uayfX+AVM(tcxxzsDQ*DQjQ#coUylST`R?_X&rQ} zSt@s9U0*-zr&u?l8?kQM7`N=0(A!r`t9GRpB}9)(NY&hR=1RT{%&~sY94WZ<%_tP~ z-tK1@j!xbFpgqD58)Xg@wO1bpeZ#};r62-wNM zG|KEQq1M*)r^qMEAL^yh_9X7G2-3_Hv?`6bG!HEpltk2u#)FMTMSrqayiu_;?Z8s3$y!i6k>+OaQsxTV9%dhb%idoe zwNZ^9}t)h0R+F=ASA)j{*JKAW_(RghvS{Z8(m-%(}`kcO6x%Z*COv#WFzZ;-@s z91qb$fh1p2MxL>uRsD`vu@xJR{9`(WQd2$=H9Bk2!0Ti!6#S49IGK4rYyI?%oGMJ^ zHVKuQkGXmRo%r(vaX-cR?kh}{c<}&nZz0yz%Qi^1bE(Gu0?#c)SJ7nOu zb}1an7jb=U4W7>E?X)X=OKZ%wyVkQ^dm4*1o{iC;jn$5K(3puNko^sm$GS6ef<T|l!E6VqGKPV2C(|=AyiP5_yu9jRj%Z;ZrY%z`yx)zL(E1lY!Pvo}BcS1+j zG~&t!R>9T{p*p_pCk`Ezh>ghrPA@=!7D0y9XPR^fY#-23&gFUJC`Pgfp9&}6E zqEy_#Qg&2o%RXoezlDdG!bZ9c#vO}|rlSr8zVXBhdI;O>Eaq^3leAs;fO2^ZGhwgS z@df$G#dgYv0?tKjyG35ACUnwm8wi9yP>hs58g2eX*IC=uGh!2frMy<@uv|;CbP)xe zHXfp3Kt$9+;JX<%I*;7f3KkR}pm`EiWip0?_{%GG@t>=f9vfTw(O1?RvDb0S#@*rK zTCEjKTb51kK3iAs@)0PMs=t#Q{fVh*MN#O$M~PKqVbAn)_d|}|;R5ih#xZy{YGODxnwRBAs>FR-l~8VafMtIB z&vcg;9zGypg=staJn6a1inp&Aw=Ooe?+Yo*|wX|%2qggVWczATiT9n;P z%{5K9Q;Vcq?oFPWtaZV?Vq%eba?e56bJaW+&bdnfian-$CeM^LKKUAvTxo18x1A!PcovX04~^!Oo!+AnNb&_@ds5`Wu*M$bc8 z@LiloK+QzMh;Y@6q__Ig_c-+&4&fH9ivw=B50nVa{65hchkvsp z?>f-xHudEZ`{3g0?7TYRg%=k~SVg|X_x3~P@m;Q;vFBmm&W;NL03r z3DuP&Lk0}U6a*6ClKgP(_$2M3BIe zv0{9VGkE#r_%Jl6t%h6S-{G%_7V|KL|J_jU zO-U3QKvBa#;gGlxCOCqT^`;MN<2x^|w}75;b6>PpT99=A&P$Do6i3&$1oI8E1%FJ5 zQuV@#DUAIW%%PX#9$c6PD$cJ~g0j; zWE*e3-99Md4Uj27JQaw2B?Kt0F%Rdn-S^Iq+zcH=5inLfELzIkL0mJ1E(&aT`553x zC+7e{{;TZq%pu|Sl&4V7qU9+NMf;obJd|NBaVRt5EEWl&u>bM5jGiA52;rwJlFIWi z>t~Q42(k+jl1mj*&|k+0To;@MOjHSFBBcP-$`es|O|IyQT9C zKV`|V?=vLmWy3;=(dhW$CB%1u{!U`ft{~zJ+F(aaX;#&0&3s{(k*iAt0_78gc|AWz zPR&=3oQYIZhueKqAAG4G%=TD~d-$!e?wiy=X#=Y3PUG0{ z*UJ`HAd$IZnluxzb1TGe35WJLgZ9Sm3`2cnwmh|TU24H};Yl<~Dy5@IVYFURjnk3f zcXLS$h10PdybRO9>Y|REb?bv!M9^Viye1PnM;+qh6LXAcoMPMFj@BtB-hI*XdNX?f zY)Qo~qs{k(=cl9__slZ;=R9XM0Gj6QzIs>&Us^5{V*+x|8|NH69mVn_Q~YW#TBFEC zXWQO^W@j)4wc7w?Fs8=yW`bskHD~b2KDFQ&V*HGf?HL6E4N~S)8b3-w0icBiDzW!~ zBupqUdhWWs{Ea6pYt>oBA|!APsan$2xM|WEK79Agk2ng9vp&87g(rEmDpVrG!fS|y zX(D=_y)5uAd-%~okJ?o$7t3e4o#X|Hx9j=K4ReGXk_`lX4gxPSr>#9Yg6#q5jEF`S z-$(dCyu{SercCATG$ysmm3_)D5KM0_Im$BVBi4c(^3P2x5D&Av8kohtJA%v@5^>V= zCJvUIXT!O7Gw#bSqNIA^wzV%XG0MFc07no*ng#d4<)F1by?8CMl zY1j|yL3yRnMC;GfIMuI(tF%P;03X))qec-j2Y_1=oCF)7IT z$Ty#2<&oK;!nXlpxtqf>*LX;ikDnNqSS5m){mARMipNQTWGW~5d59X!xV-4ZFgou_ z2Kb*LWM+bbEEvfl#zst7lFL)WIXQlBSi`=Y{y%#ZPqSxpd-v}azoaQR63i7r^U*_; z^iICPK%JG?M0EqAiaN8;PV6T$)Hi{u+{5v3ka^H?LYlhl>~px<`Q%QcHuIM`zWUoH zTZ_PbVq1u>!%Erht@_srbo3_A?BS@c-&1{7gZ1=$Td{AwbKM(-_NlWjH&Dpq>EWw2 z+mx70Y~bpq-{UwfW!dDu3ut>s)X3mAsozolP%CX^`n9#6FNobxNL_k;#1ll_N<7!4 zQ#9#j_z#+Z=6LK9{Kja+$iFg-%hp7{sr|tLq_k<+*X#77ckW0!x?U6Qc*EAffnP$e z_&-!fZ=bI?5Nmmcy83HZV2z4wQdNTyljSxs`+T-k?F>t!+FH5VB43|p9ruv_Ig`HAKjzOfdT-XHe!=B%Mw{jinS9!u;VisYN8&A3Y`aj5ojzRv zEW}SV#;18cE1iPpbROpdJgRW-?95+Jr}!`lDcy^%{R`6CKFItrrY5<_tvXn#^*+Gk z6tWQU{oS=y&3@&TrRZN|pC0sauBi0ovBLZv8?IUO{5adUemh~Gj^x`@rxzY3RW@dK zW!*1Rx@QS^GlDwL5wd?uE*0E94wlC40%E^ zNy-=zhnIq7O$wz307WZKutvoY;9HgRz$z;j8?+&Mw~^`^97?obUnO2lybZ7Q&mA32 zzYX8*#3{sW6Kvt?;a}!o8sO#ob<~D(EzaXObX`oSb#JZrznqQYLH{GcZ$S6iSrEqo zzlkZeBJKq-_*=Uw12U36Ev-esID}N6m$XW~AV)@d2b)4R?-1)i&nda{!AS0?r zIo8Z~aY=6)DkKZ5+oi4Fr8L;4OXS)!d-hE-YV(Gr$jn|d4hd6hwHKyIr;o}pncy4l zzk*7)G%nIIDL!95=uvJ>cP&M{qn$*wVcirFPlX;~XRASmnf6ARWynriqI#-@ks8Dv z^U9pDFvUOmoO#VfGsY%^BX~Xfu>h3@JaTWI=R~!@petol1e{%bFLW1BvxgEUx{~*K zgK+l(K3e3rEsmr!`q`P+U46IRU2NG_6ocfxL*ph$E`8U+YMF3g27ku^oOJcq8NfvO zEA1(&GKai*<)Sl_GKa}){`8D&tx{4T>RRY#UM!&%jOuqCp_EIgo;F5FGId3>1n@Sp zL4(+2xGlV#mn1%?@f9|>S@<61J3+nt?oJwg`IsOw(!ZxxJ=YL5NfuH#^l`!5ZE-jY zZ~Ms3T@qk!BK8>J-^0UIA-fP0E+EgKhi`AIm9b+Ds9{~H)JUXPB30SD9LzIU)3m)6 z#9C^fcXoVv-#O#p4h~;Xo?2M3csl)z)g-k4QY$W4k88avG zCTwN9n$yUm+W2v969<|@wO6fipmCpwk+5<%v$zwfDT0~xZw*e>=A}>eJ)F4F5zbYeBVt0cOFB<%6FAl>YYPX{?z(t*Jf|+flFMKjHt1V zc_sa7g#2W>Y6EIyx@z$!(GBs&7oEM0O_{M z(5j?0bvO+)Rw|f&HL)@fmp(PEOGwfzmO(X^B;DXM-)~1Xn_s$1)O(dj{c0zR4}mcuR`FP1lMwy=?1|rkvWr)#S zG6~ap`-uH|_r8yg(i@`(vy&S`;w|$3FcZ~qZ?7r}YYQOFE1$%D>Iz-}X+yG&g} zODY1aQ_Ix>*3;qEWM8P56&m5z&FCV{%9Rb2m2AlZ52WSlOajWvbV@azg~&_PN;Re} zYDL=MaudSk>T#U{kO`^7PJ)GOED8T1t~q&vVA@;;q;-WnrcImxt}=rpYre#LgvfcE zj^oet)eo%NR}x_CNJACHZ1Q0iqH`rXx#gd^tBzVT-#+!g(#RV>$gT$=1zU^ZNi+de zTJ#mv6(qf{5(&9BgmVF!I`B?<2#gncy$N&G)!R1#$xsbME=e4kbsCgaN%j{tQ0_r)P<7jG zlxf=N0)Jp4%hN+S)@zn?yE3$O>hEP2kmjUXDA*Ai(B>8l(EmZKoGp3sp7ggmlZKKq zozQ=XEm8~phgiseh$RWt=sE0B+)F?Cp%}uIZu5wG=w$4I$zR)eflqM%U5LcW|DvF5A(`OHH&ut zi`&I2(e8h78|(dF+!pAEQ2@E@>S=vKl5(>g==}%Wm9KG^3^3C}pWZ{TiWcRJp02G) zg3L^$qV6*ah^FsmdCZ6&jQPM6pDYE_bei~9EW&rf#{7DPcS?A5|fxCB{8P^LZ+D!w#ys#Y3v3DO0Z~w~#Gf?JSwhd0?Pw&sWz+te5 z7A^1_9{IJP_YHSlr(ecQeCOu+H3>7BzfC$6=<3w^y-{#48yH7yyG|u&7oFBifX!kZ z@E(GL@GFkpPz}roO$gf~d&G#_QLL}W{3Sn|& zOA;kIO!l6P4bNK)Y?s3<#p^pXfedKf&F6OxzLXQE52KAb?E%9%x=h; z1gjmQX@27-lqGgMW0rI4+v#~Dvy!WFqRyi<9jhi@QOI+(C3G z{=kXCwE?XANv z9!#mvL(1gyoGIkOC}if0=P4vyWTT=K!ksCE9u)lXP3*yIAA}-g_i@o8;t9H}Xg>1c zQ6?n}S+Sb79-pwu=$XnrksZd-ElINO2;2I2-Ns1}vl2FWyVh@?-X+O$nPZC@`a5ga2Kw7*I#rc7wl9ygH!;U*OCBvO2I(Ft zvz6yO8%%_g8&WNm?=vk(W?n(!{~b$&nFP%;^(zxD<6C(8bODaWjpD=vi(ZdJUD{yk zRWp)@HXymZ3bsgO`}=E~V8>$ttrA-1c&Vmu%7*n>Om^A;|L6V(SWyNT1QqoEUo`Vi)c8NGIOxCW|5HNqe;fI~ mWs(2e1Q1YhkjcM#oc~88sVD;u@!t`Ue?9cy%);{D>VE-VQ>B~$ literal 0 HcmV?d00001 diff --git a/Solutions/Samsung Knox Asset Intelligence/Package/mainTemplate.json b/Solutions/Samsung Knox Asset Intelligence/Package/mainTemplate.json index a727b21552f..85938351c36 100644 --- a/Solutions/Samsung Knox Asset Intelligence/Package/mainTemplate.json +++ b/Solutions/Samsung Knox Asset Intelligence/Package/mainTemplate.json @@ -41,8 +41,8 @@ "email": "kai.sme@samsung.com", "_email": "[variables('email')]", "_solutionName": "Samsung Knox Asset Intelligence", - "_solutionVersion": "3.0.0", - "solutionId": "samsungelectronics1734042706970.azure-sentinel-solution-samsung-knox-asset-intelligence", + "_solutionVersion": "3.0.1", + "solutionId": "samsungelectronics1734042706970.azure-sentinel-solution-samsung-knox-kai", "_solutionId": "[variables('solutionId')]", "uiConfigId1": "SamsungDCDefinition", "_uiConfigId1": "[variables('uiConfigId1')]", @@ -121,7 +121,7 @@ "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]" ], "properties": { - "description": "Samsung Knox Asset Intelligence data connector with template version 3.0.0", + "description": "Samsung Knox Asset Intelligence data connector with template version 3.0.1", "mainTemplate": { "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", "contentVersion": "[variables('dataConnectorVersion1')]", @@ -451,7 +451,7 @@ "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]" ], "properties": { - "description": "SamsungKnoxAssetIntelligence Workbook with template version 3.0.0", + "description": "SamsungKnoxAssetIntelligence Workbook with template version 3.0.1", "mainTemplate": { "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", "contentVersion": "[variables('workbookVersion1')]", @@ -559,7 +559,7 @@ "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]" ], "properties": { - "description": "SamsungKnoxApplicationPrivilegeEscalationOrChange_AnalyticalRules Analytics Rule with template version 3.0.0", + "description": "SamsungKnoxApplicationPrivilegeEscalationOrChange_AnalyticalRules Analytics Rule with template version 3.0.1", "mainTemplate": { "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", "contentVersion": "[variables('analyticRuleObject1').analyticRuleVersion1]", @@ -583,10 +583,10 @@ "status": "Available", "requiredDataConnectors": [ { + "connectorId": "SamsungDCDefinition", "dataTypes": [ "Samsung_Knox_Process_CL" - ], - "connectorId": "SamsungDCDefinition" + ] } ], "tactics": [ @@ -599,13 +599,13 @@ "aggregationKind": "SingleAlert" }, "incidentConfiguration": { + "createIncident": true, "groupingConfiguration": { "enabled": false, - "lookbackDuration": "5H", "reopenClosedIncident": false, + "lookbackDuration": "5H", "matchingMethod": "AllEntities" - }, - "createIncident": true + } } } }, @@ -660,7 +660,7 @@ "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]" ], "properties": { - "description": "SamsungKnoxKeyguardDisabledFeatureSet_AnalyticalRules Analytics Rule with template version 3.0.0", + "description": "SamsungKnoxKeyguardDisabledFeatureSet_AnalyticalRules Analytics Rule with template version 3.0.1", "mainTemplate": { "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", "contentVersion": "[variables('analyticRuleObject2').analyticRuleVersion2]", @@ -684,10 +684,10 @@ "status": "Available", "requiredDataConnectors": [ { + "connectorId": "SamsungDCDefinition", "dataTypes": [ "Samsung_Knox_Audit_CL" - ], - "connectorId": "SamsungDCDefinition" + ] } ], "tactics": [ @@ -700,13 +700,13 @@ "aggregationKind": "SingleAlert" }, "incidentConfiguration": { + "createIncident": true, "groupingConfiguration": { "enabled": false, - "lookbackDuration": "5H", "reopenClosedIncident": false, + "lookbackDuration": "5H", "matchingMethod": "AllEntities" - }, - "createIncident": true + } } } }, @@ -761,7 +761,7 @@ "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]" ], "properties": { - "description": "SamsungKnoxMobileDeviceBootCompromise_AnalyticalRules Analytics Rule with template version 3.0.0", + "description": "SamsungKnoxMobileDeviceBootCompromise_AnalyticalRules Analytics Rule with template version 3.0.1", "mainTemplate": { "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", "contentVersion": "[variables('analyticRuleObject3').analyticRuleVersion3]", @@ -785,10 +785,10 @@ "status": "Available", "requiredDataConnectors": [ { + "connectorId": "SamsungDCDefinition", "dataTypes": [ "Samsung_Knox_System_CL" - ], - "connectorId": "SamsungDCDefinition" + ] } ], "tactics": [ @@ -801,13 +801,13 @@ "aggregationKind": "SingleAlert" }, "incidentConfiguration": { + "createIncident": true, "groupingConfiguration": { "enabled": false, - "lookbackDuration": "5H", "reopenClosedIncident": false, + "lookbackDuration": "5H", "matchingMethod": "AllEntities" - }, - "createIncident": true + } } } }, @@ -862,7 +862,7 @@ "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]" ], "properties": { - "description": "SamsungKnoxPasswordLockout_AnalyticalRules Analytics Rule with template version 3.0.0", + "description": "SamsungKnoxPasswordLockout_AnalyticalRules Analytics Rule with template version 3.0.1", "mainTemplate": { "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", "contentVersion": "[variables('analyticRuleObject4').analyticRuleVersion4]", @@ -886,10 +886,10 @@ "status": "Available", "requiredDataConnectors": [ { + "connectorId": "SamsungDCDefinition", "dataTypes": [ "Samsung_Knox_User_CL" - ], - "connectorId": "SamsungDCDefinition" + ] } ], "tactics": [ @@ -902,13 +902,13 @@ "aggregationKind": "SingleAlert" }, "incidentConfiguration": { + "createIncident": true, "groupingConfiguration": { "enabled": false, - "lookbackDuration": "5H", "reopenClosedIncident": false, + "lookbackDuration": "5H", "matchingMethod": "AllEntities" - }, - "createIncident": true + } } } }, @@ -963,7 +963,7 @@ "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]" ], "properties": { - "description": "SamsungKnoxPeripheralAccessDetectionWithCamera_AnalyticalRules Analytics Rule with template version 3.0.0", + "description": "SamsungKnoxPeripheralAccessDetectionWithCamera_AnalyticalRules Analytics Rule with template version 3.0.1", "mainTemplate": { "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", "contentVersion": "[variables('analyticRuleObject5').analyticRuleVersion5]", @@ -987,23 +987,23 @@ "status": "Available", "requiredDataConnectors": [ { + "connectorId": "SamsungDCDefinition", "dataTypes": [ "Samsung_Knox_System_CL" - ], - "connectorId": "SamsungDCDefinition" + ] } ], "eventGroupingSettings": { "aggregationKind": "SingleAlert" }, "incidentConfiguration": { + "createIncident": true, "groupingConfiguration": { "enabled": false, - "lookbackDuration": "5H", "reopenClosedIncident": false, + "lookbackDuration": "5H", "matchingMethod": "AllEntities" - }, - "createIncident": true + } } } }, @@ -1058,7 +1058,7 @@ "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]" ], "properties": { - "description": "SamsungKnoxPeripheralAccessDetectionWithMic_AnalyticalRules Analytics Rule with template version 3.0.0", + "description": "SamsungKnoxPeripheralAccessDetectionWithMic_AnalyticalRules Analytics Rule with template version 3.0.1", "mainTemplate": { "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", "contentVersion": "[variables('analyticRuleObject6').analyticRuleVersion6]", @@ -1082,10 +1082,10 @@ "status": "Available", "requiredDataConnectors": [ { + "connectorId": "SamsungDCDefinition", "dataTypes": [ "Samsung_Knox_System_CL" - ], - "connectorId": "SamsungDCDefinition" + ] } ], "eventGroupingSettings": { @@ -1095,13 +1095,13 @@ "alertDynamicProperties": [] }, "incidentConfiguration": { + "createIncident": true, "groupingConfiguration": { "enabled": false, - "lookbackDuration": "5H", "reopenClosedIncident": false, + "lookbackDuration": "5H", "matchingMethod": "AllEntities" - }, - "createIncident": true + } } } }, @@ -1156,7 +1156,7 @@ "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]" ], "properties": { - "description": "SamsungKnoxSuspiciousURLs_AnalyticalRules Analytics Rule with template version 3.0.0", + "description": "SamsungKnoxSuspiciousURLs_AnalyticalRules Analytics Rule with template version 3.0.1", "mainTemplate": { "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", "contentVersion": "[variables('analyticRuleObject7').analyticRuleVersion7]", @@ -1180,10 +1180,10 @@ "status": "Available", "requiredDataConnectors": [ { + "connectorId": "SamsungDCDefinition", "dataTypes": [ "Samsung_Knox_User_CL" - ], - "connectorId": "SamsungDCDefinition" + ] } ], "tactics": [ @@ -1196,13 +1196,13 @@ "aggregationKind": "SingleAlert" }, "incidentConfiguration": { + "createIncident": true, "groupingConfiguration": { "enabled": false, - "lookbackDuration": "5H", "reopenClosedIncident": false, + "lookbackDuration": "5H", "matchingMethod": "AllEntities" - }, - "createIncident": true + } } } }, @@ -1253,7 +1253,7 @@ "apiVersion": "2023-04-01-preview", "location": "[parameters('workspace-location')]", "properties": { - "version": "3.0.0", + "version": "3.0.1", "kind": "Solution", "contentSchemaVersion": "3.0.0", "displayName": "Samsung Knox Asset Intelligence", diff --git a/Solutions/Samsung Knox Asset Intelligence/ReleaseNotes.md b/Solutions/Samsung Knox Asset Intelligence/ReleaseNotes.md index c27b7456a60..97684650f65 100644 --- a/Solutions/Samsung Knox Asset Intelligence/ReleaseNotes.md +++ b/Solutions/Samsung Knox Asset Intelligence/ReleaseNotes.md @@ -1,3 +1,5 @@ -| **Version** | **Date Modified (DD-MM-YYYY)** | **Change History** | -|-------------|--------------------------------|----------------------------------------------------| -| 3.0.0 | 30-12-2024 | Initial Solution Release | +| **Version** | **Date Modified (DD-MM-YYYY)** | **Change History** | +|-------------|--------------------------------|--------------------------| +| 3.0.0 | 30-12-2024 | Initial Solution Release | +| 3.0.1 | 03-01-2025 | Updated Solution offerId | + diff --git a/Solutions/Samsung Knox Asset Intelligence/SolutionMetadata.json b/Solutions/Samsung Knox Asset Intelligence/SolutionMetadata.json index 0ef51c049f5..6ee043ea5a6 100644 --- a/Solutions/Samsung Knox Asset Intelligence/SolutionMetadata.json +++ b/Solutions/Samsung Knox Asset Intelligence/SolutionMetadata.json @@ -1,6 +1,6 @@ { "publisherId": "samsungelectronics1734042706970", - "offerId": "azure-sentinel-solution-samsung-knox-asset-intelligence", + "offerId": "azure-sentinel-solution-samsung-knox-kai", "firstPublishDate": "2025-01-15", "providers": ["Samsung"], "categories": { From 87e92cbb2ed89fd263e9937a5dbbe5695fa1d508 Mon Sep 17 00:00:00 2001 From: v-prasadboke Date: Thu, 9 Jan 2025 22:53:10 +0530 Subject: [PATCH 2/3] Solution packaged with correct version --- .../Data/Solution_Samsung.json | 2 +- .../Package/3.0.0.zip | Bin 13255 -> 13458 bytes .../Package/mainTemplate.json | 66 +++++++++--------- 3 files changed, 34 insertions(+), 34 deletions(-) diff --git a/Solutions/Samsung Knox Asset Intelligence/Data/Solution_Samsung.json b/Solutions/Samsung Knox Asset Intelligence/Data/Solution_Samsung.json index af39c31483b..b4e1732af31 100644 --- a/Solutions/Samsung Knox Asset Intelligence/Data/Solution_Samsung.json +++ b/Solutions/Samsung Knox Asset Intelligence/Data/Solution_Samsung.json @@ -19,7 +19,7 @@ "Solutions/Samsung Knox Asset Intelligence/Analytic Rules/SamsungKnoxSuspiciousURLs.yaml" ], "BasePath": "C:\\GitHub\\Azure-Sentinel\\Solutions\\Samsung Knox Asset Intelligence", - "Version": "3.0.1", + "Version": "3.0.0", "Metadata": "SolutionMetadata.json", "TemplateSpec": true, "Is1PConnector": false diff --git a/Solutions/Samsung Knox Asset Intelligence/Package/3.0.0.zip b/Solutions/Samsung Knox Asset Intelligence/Package/3.0.0.zip index 7cc3d8a6a1b029bf59bebb786bb6dd4de88c1991..b57bfc18bf75cf17f21ef0aba107b58bb65de800 100644 GIT binary patch literal 13458 zcmZ|0V{oQj6eSv4Z*1GPZQHhO+qP{x>DacDj%{_)(ezh$>fSpuHRt>|&vRY{ttbNuh6)4(1O;T-PNmH={Z%gk0|W$33j~Dm@7BcG%*fSD%}UhF+{)g{)yl!1 z-rB{%{zm)CerF8r+o14{aie{qz7azz>PWZ}WgY;e_sHp+0{b)i2q%k>)RhjhIxR&XO z!owSZI9b3s{H{Kc!l$I=)|IBWHWpjU5nqS9Ntp3{+yVsb;{KZX=vAr>K5UE-=0iCC zK~Y6=7ThJIC+TdL?`&H_1PeYEQ|+E?SCYO-yU#i7kyX}~@mc=_r=hsdJUz{oWgjNw zQurn-i?E4=3_9^Pr`%&fi3)FOR3tegdT1_gm0;E+Rf1eP*!pj>%hi{BrXhU-V}I01 zLDGE8oSgmUarC7QB6r`vq<&!nB19nz>Hz_MS-RvoIlpOW+&MTlrARvgvN2f;Gt}lH zgXYxHE5hW!Inh~5!ILAJ@p|{6dpKxjr3dsSZT?>;zpu+!?5@aqJgFYrtY}FX z0y@UjVU?==v}x6=zAN(Rl=1s>|Gw?A4wP;z-EhW#0Z)!g4zwr=CS)=cA@^ibSSK-B z$*!Ts&I4<+FohA85s$^qK_Y5Wx1In|Wd+xg!PA7{HoLB7K2*bxlcIqcmqNREH1---I%)QXfJfV|NIZ zf()B$k9tu50;0tY#Kqlc5+)491M-c94Ry-C%fm(3ri=--!xFv-q~L6lw}9}Nu)KK2 zWxhxuvyh=kl(n~<1yV9mv&(7}b>tf|Se%&ZOtfF6m`lsaf!uL!Z%7vPG}Y$T*cNH; z@~VIKtzPN%Z_c>4v??3dH@_$3^Ou&<#Wm^y3lBT>t!CbCT8B~8Q>9zvHWX-CRjYn- z`8kHU?0bap3Zy;Enk=6UT!V7+i~?6J=W{Avg^#@wz7TT(vw^t8jvhy2k*&_l>DgmT zl8A^ZGBhWL)m$sZz0WB??$1QR~EYgldJD`=sF2E1wk4tXI37Kq^My0*PCPvJj zDo$*kO6wkRUMAANN-d*tEb*)ygVBH_L`bx!oyUej{iE|)q1$;n34<*+Bs(xv%Hhhp z#nYf_C2f{bg`?b47X0F=Fz!<|ve=?6cB3UNW|7=_o~M+WKN-1^FPG6ainK3mpGBB= zzL4T%fX;3>2NekqKxn(yu?cDO%P3#C#0Z+^a}_|AG931wj{F+TWW|N+fY7KTYki}5 z8*vXJRZX>f?(=h66DM~@$LYpv64+mKz?Zir{W=goV(q;H{u^H5tZFJV@80g-F0K=R zZ)fKqxKDqFaQAe0$cNY2aEK|j7o>gxJkiF+eW(Ihytij91>}cP2gkFXue?V*j4^d0 zg7dpSM}1;2M{A1uYd~WbXYUGzdJ&RFY7K^zf9ym3P~Z=q%mpzid~gwdyg!^fv?30S z8TyJ0N7Q0+7|!>Zr_ve2E_Yl)(Oe$l@d^OZq0e(aa0~?YwGz8u5x%n(8x&d|&6?Ri zP4C^BIe_v;8QHHT+UdTAXYf%-{n_ro(d-Vp2H92~7NlV+wrb)gWrIW$?4d4!TpD=J z8w@F~)>w4l$hLQKwOL?2?Bh&XlXAI}?9BJH3A?a|e72u#mr(C*rtx(-d*>WJKPwD= zpF%xB_<~t^Jh4nbzBj9+eNuq&lH8RXm8Q>dY-jFW{j{C=u4g`d7-?GMfnZ@^K{pi> zJ!u~j(gsP@)3S4W9J6(RVEnCS3#X-@r{pXNt(y;ahV@40hIDv^Og>RMFGW6)NP+M6 zDCu?3DV7r_>4DRDcXbR9Ex7w!lP{O+)@LQ^Pewo&PS(nud=zX-2I^8v1aQQ7n}%0b zQg2pyyHJ^`(aS}TO0+&!>b}1YIoz?he~qtxEYC{Atdl3Mt{cvl7>n}AmIwtR!MCQ) z^ceuh2YO2MZOEiG-FQJ#TalYM+##^-BJ;COs3!CId%iCqw?~U}Ii);vJ!R9zccnMz z*^^HxKewX2yHdprf%-sYqHjx=XE&f`RZm6IFe3=N7@HKqhG;j1Cy=;aUMl zn3HFaHo#+HEsqj_DoK_SNzZk+ibjWHhEJu0-;0g{L5v7pD`8{7*5O4{no+8wnTsg& zKJB^_`^gq_oste;L#GJu4A;}5JVs*>x_Zp+VsQwdB0PkM4PJkkj$5LL@XicR23N-) zTvuz)PcNFO+VS&mcdkjix^;#k9$m>ckDgq`dLuJ{Bvx(fo{p6{%NGSrC?6FqOJev< zDHVkZSm%JhZskI(S8$&(}mTLWb5r21iWVm z^{BsH8IEs>{XAWtAHBj}crQNTpTxhNe%j*ttS<$)2m3;oP|G#w8GLtpEw=l!)6MqF zv(IX=%8?kZ;{~D6IRqM@1~b6z=L(2+?u>sKH}bpJxxSlTd*j38Hm~KuE2yA5o3>_` zph!-qTBISAo<*&6H)D%EiDLfcDk&J@%6)eZkD=Qzo0!rm`aOT*B~U?`NXiLCi>jOO-Hlk98ov7i3qiX`VGY_Z|fYZ`C+Ico<}oL4$IA zpE&nyc6Tk@lU70@irEF-F6szj6!bzm0ivhbi-5{*z++S3FQDA#g2&qy35fnt2_o|1 zhav?6p@tPUPw(`Nf*o%Gr!!$@prug${cAr~LVQ%CpO4x;2;{0B4`ATOAL$4#f=!I| z$sj(u>{fEf%2M@QItBOfaH13hr+FB5CDee2s2~u-T_gzRmovfJ>3O>(aDK-vt=gE4 zjgrc}CVpA*c8#D${`aq?ageU?C5<6ETjNfmkbgEO>;nKKeJ}%sc%FY@K(BE`25iaLAD&+^Su10&0{7kcxUw171m0!>BW&E>q$hA5XZrRAQ8It- z>U#V<1Pm@0x^o=-vsQX2f6hC?R}7REGUIor5`=T*9zcJ-K^6ZO?|B=07bZsq1eBx+ z3{ZR|9BuzO(ErDE>Rl=0$RvOF1D+7jX5@kN+ZND*<_CE&8|5(JU_ECLmnC3eo_W}?8vV3Y9e6@ofzCZ~p zRUFNDvflOayH#wYFkR|#-8|(1?(ZnIa1;a4m?jVO(?&Teh%m(Ym2g-a2uZH|+OKz} z>uyyN2u0fER&Z5ii)f^-^H(fNcxabktMIE6t!!vj5DEK59vnrQrB__xY^iNR>2Oz( z+9D2M4mpD+c?c_27hhs*6|}!KBD!B!7SDag^X1ppu9{OFjI>#1Ni4gvO=Ly$)cH5@ zv$|CqlD=0+(95`2qbyRQF1tnD#-h*kL}EJe-?x(}MY#wzRa7(xYaY|72~;K4Z6{tk zxQPrXnP}Hbs^e9oIEs%QI@(=s7SMvZ&;dF zhx2?t131{3nPghEen;?H-Ccdbio!uQH5RTDrlaJ#(NQ#`60dPGs9~L`WguqI?*==g?{%(F>I{bHlbQVsTjCNt#fTR-uEcI0C;RJrNo($U^uZT+#LzT#6 zQxR9Y4I-~I0=Ajv%E&FaUzR+x*2VU#n~KoVlbca~@F}&15MNSnN$iyOJR^ED1V^<= zrC&;T95ANfu&A{b`^A*P%W6ea`xJhCu;$xj>44F!G^=PLld0x*kX9Hf^I*}Oci^%a z^3?|VvuDftEh~4OzKKiE`aZe7lUM}}a|`h!)w&`9IA(qwPzAv$vnPtVoAveP+5jg0 z#->L#Rsw`Zo>a55F6Ry{7xC80VDmHWu<`4KrCN{JZSH;!}Q!h_} zXsNm+`G_j^(~Kiohob(nX8o1JtQ zK$~U_=zu)36#4JkGhbF}In=m4dR1_CifhYzjbY|W?0Z1N6AO{Ek|(JYHLXxdd-nFN-))ePb_>Y}mfh1Biu zo$N<3RTFioWNce;fx~8kD-1PGO$(Kj{O2E()=I30#GyNtRY)D0T*cN*%WCx&nT~cg zwZ-SYa#wba9O;0X-^$)`@-B^1Y;_#x5tL!jW;M&Pn0MJL4~zvXNY@vu#3vD?bn0Oe zO6;pqG&(}`!g@JNRIpJ^mos!@eH0092ddEzBe1$=AmdoE?|)i|ccxGd)SUq4QjlMB z>K%1vpf$Rm3~mx}hjFb>kQZ z!o0IYLpQttdkhStbl1Wqe7ir{(b5;_s;zv1(d;?WHLEw(dG%ZN&)feP^n;-=DEm91 zItXM!VV#tOL$?(KLu2k)BcMDUMLSh=L$#KK0vIhTxB1Gtc5Q^jAa$a*wwF@XJ4%A; z?Oxh12-QM)rW=RePcSeJ=1Q~tu4(3!Ehrm6vMM8VLh?)_&SGn!#>Rvx)XH@~W^z=hwQw;P&yAsF;#{Y5L9>q8k<)0!Q%<=;E zX#a6g-LP)e1;tyhom1zzmy|vGXp3OALdLzShqQ0ax=I+kI05LD{ha`NzN7&9F)`?W zAHD$kk!4)sooSQhK0O01#WhPR(r@!Mg<2ZV68fjePZU?{iOk9SX3*2a6(t8c0$I+9D>E%Z z*RxXA8eG&Ppxr?iO$8ElhH=1y7&&?aq)f9i(?DvL(yv=B!Tkk86Acz@OBJg_!3}*R z`8{RChdgde7)WZ~n>?VoDFTRZ0BS*_;$g`)O+_#>l{P9?tthLj^UZ;~k@UnA3;7yl zejw}Nqp^Q{tc56(Uf&ss)n1j6R7(jj1N38iF_tRpE#ry9qmoSI-1k8fZLIksE|gn% z!%Kyxq{|va;&Fk{FhlVR96-&^qSY0wLkmh2B>_3Xwxm>*pHkPh=>*4s5ow4`-Hm)} zXOj!XIOB6|=Pud?sUoo#$D9E7DiH+FWy2OzQ}OhsJ&&SKjSUNp9+lnu`q%i+2g1K3 z!AZpegNXntuwYkma=k(?lw}np$AKRU^8%4PcnO0D zL63TvNO|odW0!X}Z%LcNiZFhB`C;RiSoLNlhn^m^@7~%fYw646%DNc#ae^@UCOiYW zpb!!sSag6y?{d3`C~wXIh7vju<@r`RM_EmA5h(8YRFdn8`4nkisRw#jY?jaynclqjT{wcBS~M{{0OlV3EjR zp6a(l>Gl>XfTV93qB2v}jW)AD*tyL?;TIBg>8G7suu9@`9b{5z%PrVBxxEJ!x1;!^ap? zn%H4t5lCi;A=|~Y{88W`WH57uEO_Lco?Gpac?t_XTM68hQGS^11)y~hG2}R`D|TD) zx4HYJ)lfdg$Z;<5fas=YoCDNxI1R_isu36UD3f7StWkUpIlwGyAQT8S!V4-w;QqIG zDJ^vb_h2JbW!nitWlA|jP%MjCBs5oBY87mM&=kb5jv8CLfVc?uCmuB0ttKE5zPHGY=t?jl^Nx#q$Q zbn#d_=4p_Rvsh6ds{{YodyYl}e^ATk<*LnNb}nde#3581;HbdvE7S-q4N}aXJ8L5z z6*iFk-xd!UChGfWC2cZWTxW z0@k`p(8i7+mc4y*mz!&+VUl=FSRKZo5k@@503~2kf6`4qhjxT%pppSWUMhvsG=alt zfTy)C+mt*YkTtK6(#RyCF-XxuZ5ixgBE^$68G4I2!_Y=Ftr_|_6JWT&-1@P%$?ckL zV*}xi-to{9g-GjX93pQV4yt(*f&dZKmR6WC88*>-FlbQ+hTu|x&_rt=Ow008 zg?N2ity!HQm)CPi<^HVg^B%2Zcl}`tex$6Elr{b=5?`kB6f4i6yU=CU%0n1GqKc(m z_$FK`hApgY6=$HGrAs_TIV~cC1|=bAMc+JY^QWw`Ut8Q4QEOaZK2~2H4@ZMb>HPz0 zg(Sn^wkWb8BuiPZ7IG3=#$jS&3aUMb%}8t6pnp?yTj@}PV2SwBIJ~RT;14*2KAff) zUVvl-Gy3s-6?IZP4)_wD60d8$pkf_;7`3VBmq>xEnQF$R!OaTT~f5!%p3UYcc{6 zy!!GnbMv3iCI<@1Ijdj>xsluC_kdxIpP}L~rA$QOEBD`^>%vGy+M&~JKV7gEXo4U1 z-9u@7oe3ogShU#w_F_v-wR;S>dEeEFKF|%Fy9??8E6L^w^`` zcoX|2-hO)3AtQWqe~fh7Vth2BEnn*sOlCOfLD(b%q@0rAAgS4MXUEaLt=Coo*Irrf zsvVbK?A{J>FLkqsPzK-jTgIjz4FH^iG@FSWj|A;2DL0$cTdUQnpy)0%$wbA8T)~K6 z;I$?fl^mvEP<R3ZpvU>f5x~vI`fPy>sr4F z9{^7jbHEO!GAQgRU=CF%n}S@)jkEVfN7bQAAUPAwpz?S!Wy6`!h;T+r&T&&(S+)U? z+BeC^(poIJB5@H@t|x`~u2}OvwG8(>K{*tf22k3dsLUzrNT>ePLNaQ&{-EGKEPDW% zrbx$j75Lx?TQ`1ByRe{hz;@Y>65onO<0KvN&z!NRdSDPANjLi>-k_s;KoX0U!TmhJ zeUOEJTpRfZ9enYxtMjkf$0GMI;v4@N{Y0lV=@9F7o8HxHy1$JC=^^&N+(qK*Av8A% z<#OknY1=OPq>rd%z`r_t_WXX%(=0puQ{cMe&(E#O%>NTLb}~O{q5k=m64z6ZvR?c4 zmjXvafTE%5;YoqT-d~=c|GLD>C&QVpP|lZh2{JTq@yYC zJ>NA&bXp)C{~HZ9DIzcG7$37KY^wL0g(&883G;9_kEjUF`ujC@8HEpS_lLK+|mR zAYG}Q1IYs?-Z5WNQG7#pF|67!&APK8nnW;!2g>fL@CWHBoV403f#^Q?F0KWyaYoWd zbQZdH2$TJIObi!GFi7KB9*AIMi^r7FZR3@0xLZijbi(6l_BNrvz~n=a*4Rz_Hh9`W zWq8-g2u?)WHP?+W=`Mr${>J&_g-m~6Hfct@Wv^4WO0OQMp5OgoRYNk;4vL`TpotOg zo=$xK$luW1E(gNAs4&O=+*yOZ$$Enz1jAO61ByziBPhm)`Mc5RDnf zFM4kBGF?lVT6f{>LWo+J;u!XiJog4ZOG>`FD(bxazOrYvY8t<~8V=T9>((6?xO$55T30Y(T4qDE>)8c9bM#EP6Q~x-z1-Z)(&sDpvq>yVe^ABg)rQRv zCx|_@@0(bb8eVu(h_Z{o3gFy$WJ)@Z_j26ySwkp{sVuY1Y3&9_^veyNHXf>DQE5i9 zjCF?2=MRP)`>zW0BL9FV`48=(S6 z^vso6csjs2(i%LNVm`X|_8<>nV;WF1?$R^_b=Y0EBrgr1!52FE+gF1piypT*Nt_Bm z4>wc|lk$KyfH-n(Nn=x-PWt|3qCnA?3jdH}Km}75Ric|su`u@lMhr5O9rz3QJg9O* z1!*8yWxeg?E<>nO#`zpFAm9hq*KjkWezpPtUjU~xgeW;{=9eo&3FReS$aLVGCPRw) zoFNFV&@n+qBr=2isH5xaA{9FHU`%(FgTYP`jK6dzxCLi-bM>e3r0b_0|9Br1xJ4%l z%QRY%9LjTu3Kn#sDV03FfL}~EXp{*{-#5X_xnWbLzngKdoGetspIPtMaP}ZChKj+( zm|>s}&#kμ47iazn9EP@M8Czcta@2M^|cgwQV*L1^Q5K3`ie9(({O1LMx2Y`wT3X>n5k8xiT1tZx{m7be@?v=X7J zjS^EBI}D7e*S#tQs=mH0;f{W4aRk8{@Aj&yirbnn!}^zOaV)TC?|`ZYg}5n6_43bB ztXT-05=etFHF;;9Ytd4emY(3IAO}c4)OtD{kK=fT9n}FL%Aa&QSGa`1KwwaAI9f`3=2)rl}yY)mqu3| z{NqK;7U;nq0S#>KJ1q}}2BhAk+diz}C~X>KHkb4#oygl z;ov<7+R%>PTL~gdJvz;K6LYaWwiXbo)6$i;lijHeYuQlMGiaj3LjNih{HGA87`%%* zYAS>+ffO!LJN)K|M^i04WsQy&Vqe{paPsX8+4w(%oOLHQBC+g{T#FJ7m_ zTh(SrhkK@AVE2_Oi{V#38hm0XQ-1t!F5i^7J|z;H)AX}``x3kT zD+Gtldvw_W-Q2u`5)V&#di4{2t8y?;^GDSx==oukd~n8R>+Jg{kh@jZqHJ>BIo6=A z=C?Iq>-{$cxG5wOWcRIYD*2v%%P(d;_cf#kO`;vqfY3g}nY$wgUjtg3S?2B;0{yiE z6Djnn#L=kaq$~P&($d|SQ;QhB_bd^2j%tLjUbbo0rj!R7RamiCPvJ79LWrG z_e%R_j{^-js8EgVM>*e}yOD6eETbAqVQe9hGYMoG(fd)j7nd&Yw1E4-7)t@*cuiX; z9en9wg}+hs#=}1CeeeNfXrD8Ot*=_099->0y0KyEL6T1v*MRb2V9flX>y^-hm#LTg z=)|@S4cQUlU&PU8kbwt3SJx;iLmMiv5QO*8l?F9O!!a$O&cL^^W`Rs(5g#_U-L?6b zoR@g%F%&%bIQb$By;5|MC@A1jE$J6B-JmBaTQKj=}C*-`JHrcw3)PESvl^^C#%(=(prwNga(7`EmmB zdhU0J8Vw`tgJ17Gq+dyUH>OgIDYXXo16m(=oUrFh*P;{^nMc&gqrb4eg@ws(Ref&p zjpp%OgLnr$3i8$w{XoI59R>RRmn7C-t~l~(IXAd@>J;OLnK&)#Q6ocLhxV=;KYsZi zKoUuJNp1T`iPA7De9_(d)rQqJ#YOqWbd~O;`e>p~bM^T!UaN8WzL}s^RSP;p zP@x}H;x#x0{%5^(h4I4a`t5AQbydu4y0emY{Uz$RQu^`xOu&Z7cb+Np2k&|k+MLdi ziBCQSb=6@zYA;RL$Jc-?->2(oZJEP#Co9FvZIeX*h0GLKKOv+4>iTeQD=H^KMZ6Q} zQxg%Nq0YwrVpI!<@W74qo^46?r+Ln~90$XtV!3ZqYV{vg1e@$668B&o&7kP~z0{cx zwYMgR_M_{H>`--fa&pL11q%#BCwWyZLs*VDKpF|$AriUfDiO&l8GhhAQY9R;QCcKk zXRWaEKq7@LRk$p?Ur6_xPhdYFKneObH9Smkx&{C>t$J^1Lvq3#xDh!j6u-dL+ZUWH zC<5p^;Lesz*4AXPHE=%{QBFRlApyC|1dGYiWZAI>Dx$EU@PRx#)2OhB2;k!7_6%@z zbL{KzY4vgPe1t}a`oeY2OKAIjG9}is9V8f!8mU#^W@N@6NJ>Ew{7!lf8@o<}k%j?8H+%nruNRvu!x0aks z%ocCtC4bBDbCe!}S(j7o2o{eZ3qdot17i~?-9)y+^eh6xz6x&6T9{wHRAFlW*@dSp*f#99#+#oi z@oE3K#<%MEx=5kHlTHpNb-J}}I_KiV=u~tI3Zan~=GGx=hM}1O%<0kzA{i*ugIqz3DWUqX_C#O}lt|4-U~d0QFDF(xYy6~YiO^esV&4gfC9^ysfWK$M zFW}{2zu`{cF8{{hh9Lj0kB@t!-`k_n=i&W&|MT*5|Iitn*;scSE_iLzRvl^!1WJ2K z>{S6zfajRv>!vyJq>R{tP!Y{poyY>sxt-A&-NVrE-e2^%wvEs^ePDKILW_&z%qX!X z*uI=l=RXX3S|kh?EO<$w0*=HWIj=t%k>e#KiG^6*tnq}_fz&9jp%ykIf0VjcV=e70 z8Rl9BNP3&gK(jk|Ivoxzk2w>kufvDVb~yMmlOh(*tpa}P|NA7gHWgbh|DJ@3k}lK} z5D8?y4pKRXr_YWElx@BV%yc2*^fmE!0_>Lc6Ms> zaE3cD8;>{xipneK?RjhVad&)qyJy#{A$f^fi^7@zcJMGTI>c&GeJhkqDNRbpz{ z>n=m%{}g9x9$<~)W@`SY*xgI^e<}`+a&u;Ek`Ifb!$ILu)5G|yH@@9{bD@CGhMpnt zFZ}Kd=ulUs*iZkoLPMeakxz_L1P$z0?B>JRFT|0?tq#6Fh|=Wd$z_Sn0aiC}rn!Ya zm&$xA-I&g?!t zF;F1sxVtw0c{qL&qqbig*=DW2$#gj~e{4)Y3(LOYO3fqsLwI0HsEp>SE@Xk`+Ro^T z{>Ro(H9+*dwuR93zvwS$as8Yb6}AL_R}kv_hxsr1+&=URT1qx8n6Bw;HkqJwGBvFV z#VYu8G%_yG?ayU}X1lnpwK_#+G7{62yb;jNxi{CK;)C=ppCFwZ_^n+f-#bv+y5wSG zjg)Oa1Oj=VKEKq8Y#11+>$nALxdmwx!!LoFa05Wb zmLx{%x?vC1p?7Fwb<&==@gX{>&tIUM(d^X@)Rm$t9c#{lb+^q#RT*RSs(7(B z(fz0c)otOxgggluZJ21U-W(aoBx{G7jCb`9G-Gf>8;p$=VOAM;Q80aR@3oTCb`^Xf z*X9@GhuaUXI)X>l&Ti*frQB}6mw7z|Zo395zakqqPlFq^{^jnl`N?NaM9?hE-;7{e z@Eo;9t$(?@aosgw{x5f%jasg;hH(?Muu1r%W*-x^w6bLy8yLWuuTBKbf59;8u$#K` zyHSLjZ>aov+D!Uz0X21cK*1VT{$mW>tY0ma(DIWE)I4GIZhEO4VHxP9*OKzAM09VD z@hr0gL^`bU=2u2!gR*^uGd9D+jDr$sQ3B?UR0f#63?qs?KbeBov zA{|gzr^&-aE1ZXLzsLV){HB=q$JgJx)5G)e{S)Sr2&py1Phj6>{_IA#h3E`tsnS6s zhbo|XHWkr>F~Gy6WlKuyrnJ^wnI5ig)DIu?jsT#2MF&+!=Gem6sy@f!jcHj|XhA)p zzMu_WCq`Bryp|8!s=l&C3sHwwATa}6UDmXpa-IgcI<=%5Z1x3QxJ8xG&BfH_RWWnH zxG0y7G;MUFOF5F;jf66e3rSR6y4(kiVtaW_vCIk7bdS3&>|s1#zdn(K0j~({LqX8n z6qOZ_*ZaOYsyob4U`YM*cOCvAE;n1%?O~x5cmO1S7J&zQqulEEA!@$@Bxeg7?RrR; z0RP~hC2gRr$s8Hj$e-Tm#h-6?-fbXPWm>HZl^xNLA=Y8E^hJp7yvM+HImA@FJpkuHhh=O}fga#Swjt@0 z2TdHlHDVRySIt!E(Ue+i$V?E)7)jf_ucTdd0VfF;Ar9t0jSzI+nXF6c@E9nDTtG?% zv+||3iZTqChVn3!Ek$)tBJd;Y8Jq7nWcA_nd%E^gTq4 z>WVNDFEE{!5F(re;It=TE1^L*h$(E

2XY36-!lr*Bg>(0*xD7x8Q-Wios6ik2$h zEi}9rmVfKv0b@q2!zETp^3gh{a8QgLY7tc{j96;Yo^7?{Vvn zOn>w>QZ}Qv&nn8oPJnosEa6h`Fi9$5!gX?4Exohh7LY~X1#1zNr1am_L^K((M)1Y` zx&u|;)PSSzUFs3dzN8{BzZ<~IT6_*#^FgV$)8&vSd~o<4<_<laYA?~=WJGZ& z`Yu`kQ3EJtpo=UBIwBGzmJ$1OCgK(uWC0!4jKXTJ^^U4>i0d~EV_uFdu)?Thp};4~ z=SP5|3@`{P(Eok%=U)Tn|8M8L|%78=s2LbuFL;sy` IEdTxe57AqjF#rGn literal 13255 zcmZ|0Wl$wd%qEHsFbwYQ?(R0Y9NZla?(Xgm2X}WH++l#h-QC^Y2HknT-9LA4ZRbb2 zySh?&(v?&yl_<(WLZO3!fx&|Dsb*=>Lpb9zeg^~lK?eqg_3swwWNPGMs%9x>YG!F? z>0)Vb$7tnjZ+EGEZihFF@p)Z_UB@8yy=z1UA4?)fxPC)5VgWW4wI~6~sEuzU$HLv5 zjg2nT4f=rNwKYDK>eSur`d}`VUcxQQJ}GxyRY;?-dHLTL_m4o#k2p*gdnh zz@H^|2XdT1BaF}_cbnKY(~c3qz?z;gF@N{y;*)7^OEnhsEP!s^8xHnmNs4Szrr0l{ zZ@4S-cyCl1CGryGr9Frwf&)krNGs44nYncxx7gVvOm}0h8RBKG^V0ffI!ywNSYXh$ zjG%zIGG?shJwUO{o=b}+#DB93 z*S>qj)?gN@z7?-jD}N|-@)h$7X1~7J;2J99pUUG8e+C=?$#*QN^Cc&+6eDx=D6Dds zE#;QbV+_D+%#6Q_$cV>eOSi=P^00WZ754i<72>9gsphdN2eq z82V4rS~SivH=Bz0mw}jHLSmH}91r?vL^Ta-pGB=SiSja1-TM3jx;89X3^(FQ+Ul_t z*AjfDESngSl+DIWIg6!OLlKo5``_C~>NCfrn2F?{4b7h}A=b1|W~9?qE=g-i3LIg? zXqjzF)wiLY((n%k6Dqj9SPAQfO_|~on^Bv?~OX^6DmMn$wgcU|JCJjc83~G(ythy0FV$vGVf# z6W`~%rcjXua!!}wU5EUF?HJ)~(vMwr$j4TMWP1-TK$ty8oTq9ytP~NgT)f7!kRVXq_9tQyc?b1TMhtGgYi~? zz*nXcK?IuIcBSY=d9?Y>Ggyd5jO$Ok061Su@rx%BX=}0Hy;Dn__ZwTs-R8&L49vu( z?P{Veu3LDy&)MXg3id5^kK%aQQ05h(zY~ApE>+IU17+fBqDf`*n`DI&$f=B31aKuUG${i;$gqF^$X^*A=CZ_ zauz|#c%-%0Rg=g5VHzEvEzmt(sa#a2t6_NyA4?xblVl-EpXi#WMlvBrq&uSjNZPXe4|v0N53In-WxuoG`H~mqHbC$U9^kl-RNwSJWgbt2zp}OsfK~ z@-tVy5Gah5JRFjJ+p6YreEeza$?r@Ixr9}GC9M-=zw+I zY}RK|8)`|rtSVLlY*quPa{4zJK&q?)4&VQ-gf)(Fcd?pJl~6_lYY%lmR7Hg>x^`gA zQYqgml(}2)0J9>jp>t5)X$Ly=#0f=}ps`;n>Sj@5O5+9CQlp&^v(6S~PSSVsaUdGK zI2PnkG2B9tYCI8ioe>r3t-?F8L9h^qlE68?t^ROQ860id(8U?FY5rDx)=YFxs#A~~ zTday}QI(7M`3I_UENU8!V3ukV$OOn{q80hXJB9awQXeHN;4a1E&b+s;vwj_NS0$5r ztP%DC24wuDlZ2x#eudddC)#E3>H6tjwFD&Ie)wA5a~{QfxIXGGaJVf$AGKX+?T|b% z+3v0_BO2||quPx2V182v4|0JeR>jJ74b_nua*=?pkC;W$F$()pLmnV6 z3#UmK-w|9!o#$y~y(#KYVFH=p@5PyTI zD&PCx6P`W);yTvyWYNawc9$T*@K(t~9uZlNk$TBtNhj)Wo1V=zYROcIZG6e21yCty z!k&G#K6Sa5PP--T+sz~l=(|A(KOE;kMhb3T7@I*j#O;EYX#ae2C_a9Xr||~B7$*hY zE0;?7T-$)X1I_48K$>C^xRn8*aXaqGS#t@)5`ysW5sM+Rw?oCJU!-Od^)I9xE zLXzV9q!EyzxhGa#yz|!X|2*IJMSKf)aj3_}lfKo;^Q8iJm=)$b072wlfoYPu0Ec z-`pMt?rb?!MS|p27U$3$n`8-7KBE(cF!=Y=egwixqI%UpWGtkxa4NhZNUuV4U--&t z0S7EEs*sLJjibd2c-Z{EW{!6UY>_V0r$?IW*lCMp5Gr@d^2mx!V?hZSq2Q_CH5z$r zfvimQSaSsKeNaeY!N2_M@#*`(*6lDM4SXrF9Tt6Y3uE4X4fM@V?(LAXRXh}r{dl`w zGzx^)+$rfCUZsb~^?S|i=>_|+iuZIlOQGAyZ||Hhu$x<;&M*AMsUW2GKqu7XHyc!v zACu7GTU|&;&Sjb)iD+H`<>rH8L2^e+nlXzo=NsL>cuw-H)dPY~E73ZCbo;3EUwAQ< zy|$rjuK$Sl8AteexxEi~R(wyq9Z9C!s5-lQ@$|i$qjP-L?p!GNE7Q5GT>U<0KUMDU zF08^kMe8Rdvef12a(^PE`2R^UXSYOJv#7zqbX35>Q2wQuwnmnAs;0IMHvbaM|D9a= zeyFdHH5`8((|G-z&=Vel@HZaWI?#t8H-d(MJTRFGp_kXOTJIQ1Y$X@v=BaiiGF{>y z`$waykKsM^T6ZvxhS50)Eem>jn|f+`ALnORME)ejcia5FyxT>l?e?L3gq_H4+$p!^cjUc?5qJ5%0) z;YMh$$Ip2Ua=eAg{fk5vHt5-7z2-X#yENFOkiPj0bJIY`&!HI~$M9vpfP1fNpm)Rr z)G)u+Gw0XdUQreIiB^sC)P!;46#POaePrO>8;skzUi?~iedF21OS#b2$ zI)j?4@aaezJ;MkywZh6iQrT^~26Kkn0lE5FFFk@KA-8^y!;wIH3lsCczvXD(jk1_g zn*I*cPL%!{kWR>wZoMS}5?IE$JD_?aA5jF^2;KdTZ)l`E#jsp9fuCBDHxPj;sC#UN zUpnsJMJ8z&P`NAY7$D1(;13H5=nuwFiRlMMpT1bu;C>%_&Gh=+Qh&=(HaFX0woIea z5w-9bO&h(^OM>--G@hl@dbYNdTv?-b?_?cTTcbAI@^?5L?!HmK`V|i+B|%05sVn)xERk`t{Tv%8 zkU%+FqhPNU6I))Yy3TRnUDIK9V*L(@a$)fOi6VC5g8$qo8B3%@v02*^LTXWp-ECt@96;cXn6#=!R!XNJ2W0mAIY*VDDO>SJM(m-74 z;az=}oi-x~V83^$jD1xekO16u{=jIzo~j`=AjeBu11;&IMS+rEJ<1eM<@910+?GBR zW^%n2NTPbCl<{mTEqDc%x?{bvE-%hh=VNPYn_F7XwcX3sXLy^{yIUt+y64ZsLJD0< zt7b#quXH9JS@M(-E)JSW2g6xYcMK_HBsPl^F{%e7ns6-z8WO-%-0i>-@!bx@6=~Ed zly-2jIF){<6A96D#^SHqqNnQRHZ0p-Hf6omF0IU-Ymeva*_LU|bEvPcE_HV1xOJKDXW{LDb$ReH3q_N z(W?I`aXezz`JWOUvvxMm+F@octF=p&t!~W(+C^)O^E!ZT>CVkpw|_FQ(l$x|Q{ySh zq*e1jHM}1ibjoGe#;@GsF6^-W86&aTYEoiac(by(S-o*-rh}ln^f9wr+qrBAchakL zx~{wJ0+Xhv?!xYulv}h~VcWmW|1rho!H8X1-9=O~pTxMuW9HfuCu`)zmEE76y7`&& z9IvXDs^v%e)k}KDPVuOJFmfABhOj{LGoJ_c=X|;ayR32+NYbZcN$?XN8 zSxT?zRA``n!KWey9~zfWYUuAq9?lff3F(k6x3eKoo6B;l<&&ZG5oLfLdnIaS(F?HF zMoir)JCRhz7FRDQvf+FfON~Hkf5()-*3;Bhm&8FK2o2w zoC4`-p?1$cTJyDMxO!9VC6*#gU4i3MJl361d;uqwFeBZkNd2%We6#h%IBe@}djNpW zqk8pA8PXcuSjLa7QS@qLx-ZN!l=w=|nC|GBzF`BvS^Dc=ls8O_*TIP|8`(0@9o0f( z?P8|o8P0)bugrjk50&(EMZd_W&is+Yt3YFh^;up#Rgy`$xT+PDciy3lpB1Z=g?tFc zMls_jmCp1-4XFr*$%n2>uLN(-Y@2n)R)Bc${A(Y4{au6KiRW=%`ewtbiFZGq;f(a@>c$A*gHef%Bx(h5dyHh#ZBUqbg*% zIpG|P9>iW@kxn;UmRc9hIFAzsD#09U)c&D8AJOt`9^ZZ-#SYIY?WSMNaQBWp>KDA} z+9<>+_jR;WoS6B@a(LRhV0KH*j+fP`hblUnfpBKI7UO_(TrWpV&xlfzAXGjmOu6-|xl4}0Rr(yOdcT%_1o=I6$Hxsn`G7P$i#^0z>F z{wVhR_(7B4dY!D{F&7|`kDfT9_E|^*X3j({v5oB0Rm8K%uihkk6Lw?Xd$yMF#A$II z(u+6qeRmP|`;{Exm`qFcb_02oOJo zIx)T@G0#P_U-!cBf=R-D)8rjCEYiIMD)1UtinHR~$cNFFVGSfrSQshf%gSf>oPmDE zexD-!=||qrbs($kC2Fy)Wxo^?a}+kDSBG~(z`<}@ZuW9}0{wS^$a^;8QVe1~sfWAx zRB0SYGpfu{451QRaJqXz>)X+XRqo)RlV`6IG^uk&SioJtK4( z9`)~4x~U3fAw^U%TlyeGR0iDqL8j1jVYi9p%H6ja{~^hzx(GwDL2xtgAj)>=!um}F z<045p{gGu^%BL&rI6(;yNgI7|TFjzagd|z4DQJt_ez8U>dW)eY5v`m}UL5M%lT_{L;^+K6Z9w7lg5ubjj@d%)3#Fj58-E z&b*xxK?ROx?xR~8-zRD=HT{%74k1zyfjBcwVNw%(&$g&0Dri(aB{A@ZSQORvLBjz~ z5oXcun4CmD#~w%8W2vMAle&$3L(Gpg7EvmQ-#iXWyI~Wivr%n`*I)H(s7cK_z7xI+3Xj2619=|8QueIDth&C1o$&q=G4&OUot{Ji6%B%;0D; zA5q^0VYI%r0~xo{1o0T+^mP&Bn0hu@0|R0Oj>I|hc9)ufozwhV*l)+fGu{hSMfF_i z0l($&aJj`tUMRcyiRHmRvc?@J(H8yg&lag1d=0w20QyO?Xz&m96sRf3I+R8Ob%UG$ zdwyJ=TB7SG7p-G2@X5aFaN&*i8;$n1coamupi@N)BEcA0w8ugS@feocf?JoLVwPf; zDdkS5F;VA~3M#1<*>S`$GDElEy+`+ed%ZCO%mky#1Y|w;1KnGPt&dOA{ zJje{#>I9jor8xgWNHH5anav3}Ct@XSGd*%FzmjBUdLgA1MUzZp;^|)0zhH?COZO zn@WoB#2a*LM_)#>yJ)P3u} z$?+0$P|FP*J!SDkoT42((PxODo?VL@{Tu}TDBAasB<13ZR@3#bJg`ikQ8F~s^hZhQ z!G{{o$<{>W3DFG^D?-QWE?egtN9(t#gvg=j@2gcB;R|>!1ZP1<%tUN1!7q<>Q5fj`>B(P*Kmy*~4G9_EHW~J;2oC&tSPoVXUo6 z9Anv9-Nvvi`n>2`LjKkC$hH`)XDz|TRDfu)Imja7$pJS|PA8+^qg0SoqYV4^ZY8cI zb&=$T-^itY_)>(lw!>9;PTs-B=JPTm@_Yz36)qqumXKv}Sx3Eyv(haFX;_#`wl$n& z`e^B%M9`ejwB|g>nFT6Tq8xx`0C$L$#FDWiQXo!F)xhs@Su@&Ftj1{(lEKbDW>A6x zcl-im9ju^62$ysO+ir@0%1QWtgm$+EAg+y6rcVW{k;* z$*dmF7CZPMcU;r`_7~|)OtO$r^Z$@#FE|g)$C1NAm(bQQHGwz$z+kfap2b}rEz#G) zbVhT>v6`=?oc<@6GbAs{Hpzm!of9rBAiO8AmoX}=G}j+lmIQO2ud{j6EX%EF3vs?# zy=ZCH!nzD5&mz1TyK2^ss_2x~J(5kkVXgu>P?P$nx^dt*Aj1UaKy`ka9Wiux5FL81 zEC*7hOY^jQTKP)JLk3dnz$_*EMFp&fG+e3p;0^$;nGh?MkGdJQ&i&&jfG4nkkr#hm8csMaAW;DlPoB^|g{*y41Qz%6ZD zY5Id(39a=ZKfADnLBNH=i(FV;_n=jJQlUO_e$pXv(#1^~X{jAfeu-va$fdC>Kst95 zAB%M`I%^kyANMaNL@+27GOJeJ-YBD83dT zOL&p#=%>uS+cos_@GBiiM=Rk&0nD`!S5xQr6HGdcRDnm$E`!pYO7>T;dQK}xm#NT^ zD1RU56;z0L|HYMHJ~XR9m5kahXiw~~KJXTOkB`X-;hEbHLHM)7oOzQheH<-)6*2-5 zzk=*@0n~E?OT<9wE0zZ&XA%rjAZR}(swXPb{)1s_Ox@$T3&+VYVO!e3MPs5}*9Cx! zzM>u32Hco$i8K2?_YP$HKW#$XU!bOYx(iQa#kt#>vHKj^m1q@i`yZA+^S_(5oIDw@ zRr=QQ%17#dsTD09R~{#yJQ#4$`qp}xiRXPKDjhp7GV^u3W5v==bB+ua4zu+gZCKpW zDD6#?@V@KxnPvBM+7|vzZOpR0(z988OvfF}#pxF0uoCFe^VClE0-ZdtH~I0*o+zM& z3MxE!)@yF!7`r$ZP23lbI~R^o)h&|8Qar9bl;5&y^Otx=i$^jU?3GFeE5Pid(Y>h@ zcB>pzO1Ze>EPlikb)YpQ^2{Ab*dE7@O*6>wO{Xvv)#tghKiw799j7I;u64w;OvSh8 z`z1fdpz27dq|Gjvvb*8{J|1Qlrb(iB@vcUNG^=+iFPJ>Cfk&e@zjPb#^EAY!r_3@?2ZyL*Ezv`dh)t{ zCqc+k_BITaiQQmv*!Xx{92Q7MQ6khZa_lbS)NL^5(6mxs_Y-?5vZ)^#;F8>myz_z5 zW7~(YGl_5UdA^R-M8AH+30)3G}y*R`or#rv~m}+8KHGER&!g+5n**($iRZ@w- zwW)-l=>ARoVU7@YX2Ye30IUOHJ6#(kk{=$2=djsK2U`@~_2ZJp^F5;JMNIgOk(+yH zFZOl=zNAntKX>~1)Ea{Z9CyD%^2Ugg(54VA(>7gn+`Z!3gPTd2R`qCg)~f!Zqtv8C z()SGwS@FAZ#3GcH1=~i268tpEp{tD}u@|O3P*Y|@$Sv5kb@ygysj}tj;M0zN#Kkq; zEFE$wnq9keZ9V5Bkk417(R9z<3n(gRyKoh`6x?SrV(p{<XhO%2R^(tU_I8az%3SAo_pGKgxUgwu-LhHM=EM1gd$}nA=z9A`ANb1i zTo{!&Eop*oHF&w`zRH4gs2_bel*~>7lMTHpzP_p6IDfI&6sKRNT?M?b&>QL8|EVo=oZwyxjT7w>f9lJOpxDm@X_m+RdihZ6-H{qhUHW|`@^;7>31z%eQ8OJ_OG&YUQJhR$kSh~&6|wn!bv!to$I#ze7@#! zrD`oII2~f}1`;mQU~}Hc+a7~M;+9ir;pYrm*?MUW4IiykOpI5P;Uk` zE&vaXGpKikJ^BU)8sBypcD8BzwnfX4{Q3-txn7R5P7rCnjTRRAj^kd+7eSK>YZ0`{ z;p*8++AlQ|6qz+Ws5fqLYQsO&oV2zbl}p|~Sqc-^2<3@f-->_a50lQ=t(35Sr}YT{ zvF~!>@S_VNi%=U)OWKnjLrZ2H4z1o3(cfB`1Z534-(o|}cKn)^qs~(o3>reNv0MIKi*8k>rnhTGdYETjA)ntJA&ZNh0*fSe8ez|1obXV@zJf|6b1SaS;-7G zT>BUWYGl7`K@hPiBOJzCO5!%=UY0B=Dp{JvYH!y~B=SSTE!dpd*|~wg7{l~_YbTexo{tYmv-AtNep(w>FXL z`k&ak6Df{mjOJyiafqB2PpVkkY^@sS8qICky+vbA1as2!+bfZDpg9&r-1L-J#i&ta(LciFyuIsA`SZcr5}a-@fkzS{TEZ&(I25`tkhFiz;- z7rk`l3S#>qJPCC@M0YU;!}>3WX;ns5L5%aw`g-S=; z_!B1t4CsmtY*>jAvv1tS^1aTi`>H6`#`ee(!)E(;5(#?0x67Y1onwZ#_%X&;K9n1T zNb1G;DX_ebUJ{)=e!>2@wvNl@uf4o9+VTRzf0CHNB!QNjaaV<)$HR!uZ$K))5~;9- zR3gLp<;k#0fBpnTVG@OtkvV{!n8qAiN5t-O#EP0#t1Z(X`^BoDRgnn?Ovm^0dwYwS zS*q_V@B~Wik<3*sRW%<-ZAZmEkf>w);q*_r{j3N#-)=hS?6JnZtyhPt5mVQ68OBAr zR5?3`jKr7Frk9GHQYG_1-gC(AbvW=~?(Z(K>!Ppa(STqK2URJnm53*X())a`ABTmx znL=SM7>{Y?uakw)9CYHT)$Ge4i4G0zIvm;DZyg?%nyO1_lh}B7vPC!b?fE{vEw?>@ zD?Qh~ukDHK>XK;dnL*+BnDekSkfLqBqZx)Jn3@e&kA&9c&NCIqK&>jxinPR^$}DEZ z(_*lz%@dSH`yxaWl&bQcbu*-FvUMbVE+S6~$IV>^qOE?o^zcSD zp9jQ01fZ0EwRh$2R2H?$T2y8DN0CgGMA$vhK<@<&uguCf&4g5myEm1}cnFRS+ z6Bk?dli}>EDepxWNn-uaw$%?Paq8XYNUlI8&PkV{w7*5#v_pxO#iW>2@)8wFf^eqK zdw<)nj?Cj$Ha+}IneU{bf|Uvh+6u;}2@#1RnX!$KlV#a>RG0sDp3ose^;hXVQu182 zqWIduRFD`VzsHuUJe_1QRW&V7lB^eESmyA1+ke)kXd z-;+uAunHCnQs{-Km5=|$7&n5^#?}Hil#EYQ>x~yBaMtkvK0dgQt^n9J)%YyO9g38W zhjaHWN(w;;DsVSeGC$j+c#exO_4O{}7(zK_r9+g))4U zGa-HUC9)FdXGCWN85^|PDsXb8Xs}**zy*W59mPKzVB(B^)5ecF1#$OoO zXU;eoy&}XTIBW&_2k1}e`?Lh}*coeeb$;5DEAQ#I586TNT=qSsOB zzD+hVdQ}12d`=FGk*@))&Dkgu&ym;?6yjkx8 z9xo7~gXHZuFeu(jryShWT81afPs#|qF$MgEWbe(oaLQJ~R!34bOkvI1kf`j#>nHT| zL(vpe^+VZ~)wnCD_Cmu*t7wwphvO&ST+*j<7?D5#fjbO;*6YA%OT&7Vy5O!^9m*Lg z#^bmp8hn6IxR0riX`WmcYicR}bvJ8nLtME&j;PAiHv@2miXvy0p?*63xprC4SKB=; zPmQ#(hLFyVyN$F14n3N!@r_}&1B3Arr)ftrjoE6pHr?sV7&2OWj6Tutp`D0}D=~sO z+#luqZx)f}M4|eUqj&w!e#p(#r=}cw+P#7vkkHd@b&b! zvJLRRE?*8#K4vFp5BokxKNoLT%g$xeMH#wphdOI@7uRbDeDeG@Kwt$4X-LGsD=ZB^ zVQ7OAU8#{=cAdwoUc<8wB-;^CHlUPNHOw>Q`IrTda7qad;)HOXo6QYyFr|66;ALqb=AJLXVl<`wSwi zr1$_r9#(0Aj!j7P!@!~X1A(#tlG+Q1<+2GP?yi(4hI3ejHA%EAN(G#{@3{{IG|q9} z7@yhWtbwheWR6d3ay|DDf1dA_Z0_X4051_q!=&=yo$zX=oX9>RR8)IS10BF`AwK%Y z%E}C&dyhg?9wsJ`g4tVp@4^Np1)Qd-R`TH_vXfEuo-3SECBBEXQKD>J(KHdF^+B&u zEGnW7A^sCc;9+=y0}&A4xpm!ZO3>Lxx1;bQkb*+d%%;l*wi;wPhR1{m!PkO-ujH|V z`p7d9`uxWM8^%{uv=UMucH}YmA;j3jL!Bmehza9cM{*@fiM1Fl-WFG*oQ*6)cNwXU z#@n^MAmPWy$MHw>pR7Oo;~%Y5lHpv}aZkSl4e<50bP4tJG>FNZMJp> z1qdq)XDo_E)P*Q2T9F#m1sO9Pj&ik`VtObmj2wiCK%i+oQG&%p3~*A)39j`1@4n_F zK7N(fp62+UdU;R$=#}P=CC6S65d^5<^dm#GJrR|fjnjZLZgHY%YZ5CQc&k_oi!I(k z{N`cD<4W{WGbrc?xW>GuT!M_Hj?siGNi-)xR;5EdTVzG4GK3eSHFeY8}pdV)~3rSEbc&-n2^dSj6{GYa=^s2U9;T@9$-w@=E=t z5%`kqpa!Rr;;?Arpf-0N;OK7ZpytfdM*9zOzZ#n-l>&qY#{Ktyh-?2L-mOHf{SUG3 z{~*@D$oW12uJJ#Jr+#SsAH;vuYVg}C)%w-OgR7=0j=|l(>7!i6d`;A=OV=mi=rG|G zS(#>DER7G8A3T1`&;5A=m)p&b|CbPFhEKvU^&5owO;Y*|SQ&M(sn@_BR|VQkGN3=c zA;@3vY?q9W`zDgeZ@8%S#=_pi!^=ZPBF^*-DHMgNBu$L=h*gBqGeG>+@6X5hIFmV6 zI2V;U4AHcpf$2|e*RJ}4kS4RRriD|IY3Lc=0L*^iSSnEnG^%Q$Hbtdcp>|_|wzLqm z#92y#cFmw-O>!lDl-1qj4EA*?P9sQNKylGCCA`q9^}Z_ z9yjr9CeBDE=m53)@E)dNjYn9$6RIH<)}$}l87fJOLxBe>?(bokft2`X9`=Sz zRN=&m-|CJ!-@H?+0c9J8c$Ev|{rd#{^nM*6O$0Ug99lnuH6YU3pV&S>@dbTPg!6Xj zRoIlh+Yrgv@rHIroHQAfAWRUN3K#nB3DP;1#2P*(ier3IuzNy!3DnjgVw@8E{pH~7 z=jP;d^PKgksH!Nqs_0Kv@P~?2YV+gGep%yJ`zm$duQZf#H3(UXI#mc+EkTHwL^{aS zwP4^+d7bR?>Z)LvzNB{=$&US-zx%D|E!N>dg?OE(Q4#9o>zO7O_1 ziGcYS@-##7JfWSY97t~4w19a9i0puAA(pk|WYG-AH`5}(dd88@+hGyleQABRw|VJWTVKo{aO=Wz;aCo6VfGa-kMzk7#8oDatVvRD-lB%2Os< ztQ4#ArL|bgITqLRAZNxZ#f6Q%&4jHb{za<%X`-3412F9z)ERBUd{>?)iBdaW;Pw4r z35ZNRc;e(P>1GG^`=VL6-@ z5l_zwo~b~>Z100ZTts`=0;)7;NUkDlz!d~5bEEm*5Bl`az1Y*i>E7>)XcqH)Z|K7d7?7UpuA0jxA+}0HRA=W=5E?+6R5}x8JZfVyE(q!_>+Cd{& z*xK4+e1=Ue*NF6*4D+H8z{dWg5$5HJDcY@E*+6~9kyLh1UarA{q@v8A^y^>9exz0U zWzwQnqz?@k`&q8B3)hS9p@I1Y9yvAPvHai1@#SG(D+^EXJ1lqYsA5JrbBWuO#lQ}l z3Xud14#$pJY&08EPHg;fLG^55KeO|>3ExQl6!g0949|GA7wk)Zd%V`U!{ceie!N-9 zC6wFt4JT@yccve2AFl97dvrjxT4P>@)Zc~c(MSa!iP_R!7k>ZxSpFix>KZqO8@Xn7 zgqibR4&1!_x@;O^OTz9;bw@G7m7u|GYUS-&HdAZ?MEb%-+G7j{br{?4f`SLXKK~F=DU}jKndQyBI+g{VrEvyZf-Z!@3KGVPwCbz7 z9i$%#{ymdUwjAOV|LdhsZih85mcOA^*BrIHp_SxnnoUHIdTJgdz4a?yp*LzkW%Z_x z^31z|v{csESP-2G;k(bsI=MYjew5%jP&$D!zrQS(kg3<{mGHEEin(zPf-_Wo*GW`f z1StUEwD&+lfQ_Yp|8c)>rHjmPG>qHt__o0LMRO*XuON3GxZEi7LO*^X;1DMFhG_YO zQj}BPVu_Zeq!DbNdXy!KNuNvpN`9eG5(*oZfQ%4HZPG2HTF7L$-oY$A=~44dNDvTF zdKxll3dbQCnqm@+o+m6|bHZYwyyiOOCqvQZ@I|MiU`!5a%7QNt>yy7$pe&DbRHnH% z!NPlEkO+siHF2P*%U#B3^L2fMT)etS2H2Z>0~nnmW2U$?#O5}+6A#E6o*#q;mxFUD zA*?)Hy)I)Uu>TI|t_z?o_plk0%!sYhxF~Z}Cx-9A5@(|I+B@Nke zn)E)s{&mY@tMW&-n!q=qOnM;e8s>H!fOeUOrOMaasE!6bJu)jJS$7*%_w{t5*j4TNpZ3mDe`U5A@eDM{0}iEo=s9?#a`YXMF1{ z#N+GIEtRiREhwg*ffD~c1Hq3&W}5gq7tH6LdVRJBh$D*Q{|FMd6^lB%Oy90#E(`gE z^5WLlID%^deI0+zXBTAvL~-)j_sXoSM~sUiI<;pZ}?Xd9-^#aOIW zf1;-=9rHbItS^enecJHvcYj4$a0qnB|M$4ezjns|S;c|>vH!>L%>OOq|89u<-y*=k fiUWcFCUO3M?U9PI(BJ-h0`ZSR{&5Dj|4#o4!ydD7 diff --git a/Solutions/Samsung Knox Asset Intelligence/Package/mainTemplate.json b/Solutions/Samsung Knox Asset Intelligence/Package/mainTemplate.json index 85938351c36..910e1acd79e 100644 --- a/Solutions/Samsung Knox Asset Intelligence/Package/mainTemplate.json +++ b/Solutions/Samsung Knox Asset Intelligence/Package/mainTemplate.json @@ -41,7 +41,7 @@ "email": "kai.sme@samsung.com", "_email": "[variables('email')]", "_solutionName": "Samsung Knox Asset Intelligence", - "_solutionVersion": "3.0.1", + "_solutionVersion": "3.0.0", "solutionId": "samsungelectronics1734042706970.azure-sentinel-solution-samsung-knox-kai", "_solutionId": "[variables('solutionId')]", "uiConfigId1": "SamsungDCDefinition", @@ -121,7 +121,7 @@ "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]" ], "properties": { - "description": "Samsung Knox Asset Intelligence data connector with template version 3.0.1", + "description": "Samsung Knox Asset Intelligence data connector with template version 3.0.0", "mainTemplate": { "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", "contentVersion": "[variables('dataConnectorVersion1')]", @@ -451,7 +451,7 @@ "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]" ], "properties": { - "description": "SamsungKnoxAssetIntelligence Workbook with template version 3.0.1", + "description": "SamsungKnoxAssetIntelligence Workbook with template version 3.0.0", "mainTemplate": { "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", "contentVersion": "[variables('workbookVersion1')]", @@ -469,7 +469,7 @@ }, "properties": { "displayName": "[parameters('workbook1-name')]", - "serializedData": "{\"version\":\"Notebook/1.0\",\"items\":[{\"type\":9,\"content\":{\"version\":\"KqlParameterItem/1.0\",\"parameters\":[{\"id\":\"5b5bf4e9-62b8-4ef2-aeb3-ecd249fb6187\",\"version\":\"KqlParameterItem/1.0\",\"name\":\"CustomTimeRange\",\"label\":\"TimeRange\",\"type\":4,\"isRequired\":true,\"typeSettings\":{\"selectableValues\":[{\"durationMs\":3600000},{\"durationMs\":86400000},{\"durationMs\":604800000},{\"durationMs\":2592000000}],\"allowCustom\":true},\"timeContext\":{\"durationMs\":86400000},\"value\":{\"durationMs\":604800000}},{\"id\":\"6b4373f0-7c1a-47d8-baed-bc5d0cd7233e\",\"version\":\"KqlParameterItem/1.0\",\"name\":\"timebrush\",\"label\":\"Time Filter\",\"type\":4,\"isRequired\":true,\"isHiddenWhenLocked\":true,\"typeSettings\":{\"allowCustom\":true},\"timeContext\":{\"durationMs\":86400000},\"value\":{\"durationMs\":60000,\"endTime\":\"2016-12-12T18:01:00Z\"}},{\"id\":\"a40ffccc-08a0-4e15-9bf2-3ed99658d4d8\",\"version\":\"KqlParameterItem/1.0\",\"name\":\"selectedseverity\",\"label\":\"Severity\",\"type\":2,\"description\":\"Filter on Security Events by Severity\",\"isRequired\":true,\"isGlobal\":true,\"multiSelect\":true,\"quote\":\"'\",\"delimiter\":\",\",\"typeSettings\":{\"additionalResourceOptions\":[\"value::all\"],\"showDefault\":false},\"jsonData\":\"[\\\"high\\\", \\\"med\\\",\\\"low\\\"]\",\"value\":[\"value::all\"]},{\"id\":\"e2572416-ae1f-42db-8c31-8d0d4c4315d4\",\"version\":\"KqlParameterItem/1.0\",\"name\":\"selectedtype\",\"label\":\"Type\",\"type\":2,\"description\":\"Filter on Security Events by Type\",\"isRequired\":true,\"multiSelect\":true,\"quote\":\"'\",\"delimiter\":\",\",\"typeSettings\":{\"additionalResourceOptions\":[\"value::all\"],\"showDefault\":false},\"jsonData\":\"[\\\"Audit\\\",\\\"Application\\\", \\\"Process\\\", \\\"User\\\", \\\"Network\\\", \\\"System\\\"]\",\"defaultValue\":\"value::all\"}],\"style\":\"pills\",\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\"},\"name\":\"parameters - 2\"},{\"type\":12,\"content\":{\"version\":\"NotebookGroup/1.0\",\"groupType\":\"editable\",\"items\":[{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"let audit = view(){\\n Samsung_Knox_Audit_CL\\n };\\nlet application= view(){\\n Samsung_Knox_Application_CL\\n };\\n let system= view(){\\n Samsung_Knox_System_CL\\n };\\n let process= view(){\\n Samsung_Knox_Process_CL\\n };\\n let user= view(){\\n Samsung_Knox_User_CL\\n };\\n let network= view(){\\n Samsung_Knox_Network_CL\\n };\\nlet selectedtables = dynamic([{selectedtype}]);\\nlet severityParam = dynamic([{selectedseverity}]);\\nlet maxdatapoints = 10000;\\nlet starttime = {CustomTimeRange:start};\\nlet endtime = {CustomTimeRange:end};\\nlet day = datetime_diff('day',endtime,starttime);\\nlet initialbinsize = case(day >=30, 1d, day >=7, 1d, day >=1,1h,5m);\\nlet datapoints = (binsize : timespan){\\nunion (audit() | where \\\"Audit\\\" in (selectedtables)), (application() | where \\\"Application\\\" in (selectedtables)),(process() | where \\\"Process\\\" in (selectedtables)),(user() | where \\\"User\\\" in (selectedtables)),(network() | where \\\"Network\\\" in (selectedtables)),(system() | where \\\"System\\\" in (selectedtables))\\n| where TimeGenerated >= {CustomTimeRange:start} and TimeGenerated <={CustomTimeRange:end} \\n| where Severity in (severityParam)\\n| summarize Count=count() by Name, bin(TimeGenerated,binsize)};\\n\\nlet totalpoints = datapoints(initialbinsize) |summarize totalrows = count();\\nlet inttotalpoints = toint(toscalar(totalpoints));\\nlet binsizefactor = inttotalpoints/maxdatapoints +1;\\nlet binsize = binsizefactor * initialbinsize;\\n\\nunion (audit() | where \\\"Audit\\\" in (selectedtables)), (application() | where \\\"Application\\\" in (selectedtables)),(process() | where \\\"Process\\\" in (selectedtables)),(user() | where \\\"User\\\" in (selectedtables)),(network() | where \\\"Network\\\" in (selectedtables)),(system() | where \\\"System\\\" in (selectedtables))\\n| where TimeGenerated >= {CustomTimeRange:start} and TimeGenerated <={CustomTimeRange:end} \\n| where Severity in (severityParam)\\n| summarize Count=count() by Name, bin(TimeGenerated,binsize)\\n\",\"size\":2,\"title\":\"Total events\",\"noDataMessage\":\"No security event data found for the selected time period, severity or type.  Please update the filters applied.\",\"timeBrushParameterName\":\"timebrush\",\"timeBrushExportOnlyWhenBrushed\":true,\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"visualization\":\"barchart\"},\"customWidth\":\"60\",\"name\":\"query - 7\",\"styleSettings\":{\"margin\":\"0px\",\"padding\":\"0px\"}},{\"type\":12,\"content\":{\"version\":\"NotebookGroup/1.0\",\"groupType\":\"editable\",\"items\":[{\"type\":12,\"content\":{\"version\":\"NotebookGroup/1.0\",\"groupType\":\"editable\",\"items\":[{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"\\n\\nlet severityParam = dynamic([{selectedseverity}]);\\nlet audit = view(){\\n Samsung_Knox_Audit_CL\\n };\\nlet application= view(){\\n Samsung_Knox_Application_CL\\n };\\n let system= view(){\\n Samsung_Knox_System_CL\\n };\\n let process= view(){\\n Samsung_Knox_Process_CL\\n };\\n let user= view(){\\n Samsung_Knox_User_CL\\n };\\n let network= view(){\\n Samsung_Knox_Network_CL\\n };\\nlet selectedtables = dynamic([{selectedtype}]);\\nunion (audit() | where \\\"Audit\\\" in (selectedtables)), (application() | where \\\"Application\\\" in (selectedtables)),(process() | where \\\"Process\\\" in (selectedtables)),(user() | where \\\"User\\\" in (selectedtables)),(network() | where \\\"Network\\\" in (selectedtables)),(system() | where \\\"System\\\" in (selectedtables))\\n|where iff('{timebrush:label}'==\\\"12/12/2016 10:00 AM - 10:01 AM\\\" , TimeGenerated >= {CustomTimeRange:start} and TimeGenerated <={CustomTimeRange:end}, TimeGenerated >= {timebrush:start} and TimeGenerated <={timebrush:end})\\n|where Severity in (severityParam)\\n| summarize count() by Severity\\n| where Severity in ('high', 'med','low')\\n|order by case( Severity == 'high',3, Severity == 'med',2, Severity == 'low',1,0)\\n\",\"size\":4,\"title\":\"Events by severity\",\"noDataMessage\":\"No security event data found for the selected time period, severity or type.  Please update the filters applied.\",\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"visualization\":\"tiles\",\"gridSettings\":{\"formatters\":[{\"columnMatch\":\"severity\",\"formatter\":22,\"formatOptions\":{\"compositeBarSettings\":{\"labelText\":\"\",\"columnSettings\":[{\"columnName\":\"severity\",\"color\":\"redBright\"},{\"columnName\":\"severity\",\"color\":\"orange\"},{\"columnName\":\"severity\",\"color\":\"lightBlue\"}]}}},{\"columnMatch\":\"count_\",\"formatter\":22,\"formatOptions\":{\"compositeBarSettings\":{\"labelText\":\"\",\"columnSettings\":[{\"columnName\":\"severity\",\"color\":\"lightBlue\"},{\"columnName\":\"severity\",\"color\":\"lightBlue\"},{\"columnName\":\"severity\",\"color\":\"lightBlue\"}]}}}]},\"tileSettings\":{\"titleContent\":{\"columnMatch\":\"Severity\",\"formatter\":18,\"formatOptions\":{\"thresholdsOptions\":\"colors\",\"thresholdsGrid\":[{\"operator\":\"==\",\"thresholdValue\":\"high\",\"representation\":\"redBright\",\"text\":\"{0}\"},{\"operator\":\"==\",\"thresholdValue\":\"low\",\"representation\":\"yellow\",\"text\":\"{0}\"},{\"operator\":\"==\",\"thresholdValue\":\"med\",\"representation\":\"orange\",\"text\":\"{0}\"},{\"operator\":\"Default\",\"representation\":\"lightBlue\",\"text\":\"{0}\"}]}},\"leftContent\":{\"columnMatch\":\"count_\",\"formatter\":12,\"formatOptions\":{\"palette\":\"none\"},\"numberFormat\":{\"unit\":17,\"options\":{\"style\":\"decimal\",\"maximumFractionDigits\":2,\"maximumSignificantDigits\":3}}},\"showBorder\":true,\"sortOrderField\":1}},\"customWidth\":\"100\",\"name\":\"query - 10\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"let severityParam = dynamic([{selectedseverity}]);\\nlet audit = view(){\\n Samsung_Knox_Audit_CL\\n };\\nlet application= view(){\\n Samsung_Knox_Application_CL\\n };\\n let system= view(){\\n Samsung_Knox_System_CL\\n };\\n let process= view(){\\n Samsung_Knox_Process_CL\\n };\\n let user= view(){\\n Samsung_Knox_User_CL\\n };\\n let network= view(){\\n Samsung_Knox_Network_CL\\n };\\nlet selectedtables = dynamic([{selectedtype}]);\\nunion (audit() | where \\\"Audit\\\" in (selectedtables)), (application() | where \\\"Application\\\" in (selectedtables)),(process() | where \\\"Process\\\" in (selectedtables)),(user() | where \\\"User\\\" in (selectedtables)),(network() | where \\\"Network\\\" in (selectedtables)),(system() | where \\\"System\\\" in (selectedtables))\\n|where iff('{timebrush:label}'==\\\"12/12/2016 10:00 AM - 10:01 AM\\\" , TimeGenerated >= {CustomTimeRange:start} and TimeGenerated <={CustomTimeRange:end}, TimeGenerated >= {timebrush:start} and TimeGenerated <={timebrush:end})\\n|where Severity in (severityParam)\\n| summarize count() by Type\\n| render piechart \",\"size\":3,\"title\":\"Events by type\",\"noDataMessage\":\"No security event data found for the selected time period, severity or type.  Please update the filters applied.\",\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"chartSettings\":{\"seriesLabelSettings\":[{\"seriesName\":\"Samsung_Knox_Application_CL\",\"label\":\"Application\"},{\"seriesName\":\"Samsung_Knox_Network_CL\",\"label\":\"Network\"},{\"seriesName\":\"Samsung_Knox_User_CL\",\"label\":\"User\"},{\"seriesName\":\"Samsung_Knox_Process_CL\",\"label\":\"Process\"},{\"seriesName\":\"Samsung_Knox_Audit_CL\",\"label\":\"Audit\"},{\"seriesName\":\"Samsung_Knox_System_CL\",\"label\":\"System\"}]}},\"name\":\"query - 11\"}]},\"name\":\"group - 9\"}]},\"customWidth\":\"40\",\"name\":\"group - 8\",\"styleSettings\":{\"margin\":\"0px\"}},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"\\nlet audit = view(){\\n Samsung_Knox_Audit_CL\\n };\\nlet application= view(){\\n Samsung_Knox_Application_CL\\n };\\n let system= view(){\\n Samsung_Knox_System_CL\\n };\\n let process= view(){\\n Samsung_Knox_Process_CL\\n };\\n let user= view(){\\n Samsung_Knox_User_CL\\n };\\n let network= view(){\\n Samsung_Knox_Network_CL\\n };\\nlet selectedtables = dynamic([{selectedtype}]);\\nlet severityParam = dynamic([{selectedseverity}]);\\nunion (audit() | where \\\"Audit\\\" in (selectedtables)), (application() | where \\\"Application\\\" in (selectedtables)),(process() | where \\\"Process\\\" in (selectedtables)),(user() | where \\\"User\\\" in (selectedtables)),(network() | where \\\"Network\\\" in (selectedtables)),(system() | where \\\"System\\\" in (selectedtables))\\n| where iff('{timebrush:label}'==\\\"12/12/2016 10:00 AM - 10:01 AM\\\" , TimeGenerated >= {CustomTimeRange:start} and TimeGenerated <={CustomTimeRange:end}, TimeGenerated >= {timebrush:start} and TimeGenerated <={timebrush:end})\\n| where Severity in (severityParam)\\n|project Time =TimeGenerated,\\nName,\\nSeverity,\\n[\\\"Device Model\\\"] = DeviceModel,\\nType = replace_string(replace_string(Type,\\\"Samsung_Knox_\\\",\\\"\\\"),\\\"_CL\\\",\\\"\\\"),\\nProfile,\\n[\\\"MITRE Technique ID(s)\\\"] = array_strcat(MitreTtp,\\\", \\\")\\n| sort by Time desc\\n\\n\\n\",\"size\":2,\"title\":\"Event list\",\"noDataMessage\":\"No security event data found for the selected time period, severity or type.  Please update the filters applied.\",\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"visualization\":\"table\",\"gridSettings\":{\"formatters\":[{\"columnMatch\":\"Severity\",\"formatter\":18,\"formatOptions\":{\"thresholdsOptions\":\"icons\",\"thresholdsGrid\":[{\"operator\":\"==\",\"thresholdValue\":\"high\",\"representation\":\"dot-redBright\",\"text\":\"{0}{1}\"},{\"operator\":\"==\",\"thresholdValue\":\"med\",\"representation\":\"dot-orange\",\"text\":\"{0}{1}\"},{\"operator\":\"==\",\"thresholdValue\":\"low\",\"representation\":\"dot-yellow\",\"text\":\"{0}{1}\"},{\"operator\":\"==\",\"thresholdValue\":\"LOW\",\"representation\":\"dot-yellow\",\"text\":\"{0}{1}\"},{\"operator\":\"==\",\"thresholdValue\":\"HIGH\",\"representation\":\"dot-redBright\",\"text\":\"{0}{1}\"},{\"operator\":\"==\",\"thresholdValue\":\"MED\",\"representation\":\"dot-orange\",\"text\":\"{0}{1}\"},{\"operator\":\"Default\",\"representation\":\"success\",\"text\":\"{0}{1}\"}]}}],\"rowLimit\":1000}},\"name\":\"query - 9\"}]},\"name\":\"group - 6\"}],\"fromTemplateId\":\"sentinel-SamsungKnoxAssetIntelligence\",\"$schema\":\"https://github.com/Microsoft/Application-Insights-Workbooks/blob/master/schema/workbook.json\"}\n", + "serializedData": "{\"version\":\"Notebook/1.0\",\"items\":[{\"type\":9,\"content\":{\"version\":\"KqlParameterItem/1.0\",\"parameters\":[{\"id\":\"5b5bf4e9-62b8-4ef2-aeb3-ecd249fb6187\",\"version\":\"KqlParameterItem/1.0\",\"name\":\"CustomTimeRange\",\"label\":\"TimeRange\",\"type\":4,\"isRequired\":true,\"typeSettings\":{\"selectableValues\":[{\"durationMs\":3600000},{\"durationMs\":86400000},{\"durationMs\":604800000},{\"durationMs\":2592000000}],\"allowCustom\":true},\"timeContext\":{\"durationMs\":86400000},\"value\":{\"durationMs\":604800000}},{\"id\":\"6b4373f0-7c1a-47d8-baed-bc5d0cd7233e\",\"version\":\"KqlParameterItem/1.0\",\"name\":\"timebrush\",\"label\":\"Time Filter\",\"type\":4,\"isRequired\":true,\"isHiddenWhenLocked\":true,\"typeSettings\":{\"allowCustom\":true},\"timeContext\":{\"durationMs\":86400000},\"value\":{\"durationMs\":60000,\"endTime\":\"2016-12-12T18:01:00Z\"}},{\"id\":\"a40ffccc-08a0-4e15-9bf2-3ed99658d4d8\",\"version\":\"KqlParameterItem/1.0\",\"name\":\"selectedseverity\",\"label\":\"Severity\",\"type\":2,\"description\":\"Filter on Security Events by Severity\",\"isRequired\":true,\"isGlobal\":true,\"multiSelect\":true,\"quote\":\"'\",\"delimiter\":\",\",\"typeSettings\":{\"additionalResourceOptions\":[\"value::all\"],\"showDefault\":false},\"jsonData\":\"[\\\"high\\\", \\\"med\\\",\\\"low\\\"]\",\"value\":[\"value::all\"]},{\"id\":\"e2572416-ae1f-42db-8c31-8d0d4c4315d4\",\"version\":\"KqlParameterItem/1.0\",\"name\":\"selectedtype\",\"label\":\"Type\",\"type\":2,\"description\":\"Filter on Security Events by Type\",\"isRequired\":true,\"multiSelect\":true,\"quote\":\"'\",\"delimiter\":\",\",\"typeSettings\":{\"additionalResourceOptions\":[\"value::all\"],\"showDefault\":false},\"jsonData\":\"[\\\"Audit\\\",\\\"Application\\\", \\\"Process\\\", \\\"User\\\", \\\"Network\\\", \\\"System\\\"]\",\"defaultValue\":\"value::all\"}],\"style\":\"pills\",\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\"},\"name\":\"parameters - 2\"},{\"type\":12,\"content\":{\"version\":\"NotebookGroup/1.0\",\"groupType\":\"editable\",\"items\":[{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"let audit = view(){\\n Samsung_Knox_Audit_CL\\n };\\nlet application= view(){\\n Samsung_Knox_Application_CL\\n };\\n let system= view(){\\n Samsung_Knox_System_CL\\n };\\n let process= view(){\\n Samsung_Knox_Process_CL\\n };\\n let user= view(){\\n Samsung_Knox_User_CL\\n };\\n let network= view(){\\n Samsung_Knox_Network_CL\\n };\\nlet selectedtables = dynamic([{selectedtype}]);\\nlet severityParam = dynamic([{selectedseverity}]);\\nlet maxdatapoints = 10000;\\nlet starttime = {CustomTimeRange:start};\\nlet endtime = {CustomTimeRange:end};\\nlet day = datetime_diff('day',endtime,starttime);\\nlet initialbinsize = case(day >=30, 1d, day >=7, 1d, day >=1,1h,5m);\\nlet datapoints = (binsize : timespan){\\nunion (audit() | where \\\"Audit\\\" in (selectedtables)), (application() | where \\\"Application\\\" in (selectedtables)),(process() | where \\\"Process\\\" in (selectedtables)),(user() | where \\\"User\\\" in (selectedtables)),(network() | where \\\"Network\\\" in (selectedtables)),(system() | where \\\"System\\\" in (selectedtables))\\n| where TimeGenerated >= {CustomTimeRange:start} and TimeGenerated <={CustomTimeRange:end} \\n| where Severity in (severityParam)\\n| summarize Count=count() by Name, bin(TimeGenerated,binsize)};\\n\\nlet totalpoints = datapoints(initialbinsize) |summarize totalrows = count();\\nlet inttotalpoints = toint(toscalar(totalpoints));\\nlet binsizefactor = inttotalpoints/maxdatapoints +1;\\nlet binsize = binsizefactor * initialbinsize;\\n\\nunion (audit() | where \\\"Audit\\\" in (selectedtables)), (application() | where \\\"Application\\\" in (selectedtables)),(process() | where \\\"Process\\\" in (selectedtables)),(user() | where \\\"User\\\" in (selectedtables)),(network() | where \\\"Network\\\" in (selectedtables)),(system() | where \\\"System\\\" in (selectedtables))\\n| where TimeGenerated >= {CustomTimeRange:start} and TimeGenerated <={CustomTimeRange:end} \\n| where Severity in (severityParam)\\n| summarize Count=count() by Name, bin(TimeGenerated,binsize)\\n\",\"size\":2,\"title\":\"Total events\",\"noDataMessage\":\"No security event data found for the selected time period, severity or type.  Please update the filters applied.\",\"timeBrushParameterName\":\"timebrush\",\"timeBrushExportOnlyWhenBrushed\":true,\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"visualization\":\"barchart\"},\"customWidth\":\"60\",\"name\":\"query - 7\",\"styleSettings\":{\"margin\":\"0px\",\"padding\":\"0px\"}},{\"type\":12,\"content\":{\"version\":\"NotebookGroup/1.0\",\"groupType\":\"editable\",\"items\":[{\"type\":12,\"content\":{\"version\":\"NotebookGroup/1.0\",\"groupType\":\"editable\",\"items\":[{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"\\n\\nlet severityParam = dynamic([{selectedseverity}]);\\nlet audit = view(){\\n Samsung_Knox_Audit_CL\\n };\\nlet application= view(){\\n Samsung_Knox_Application_CL\\n };\\n let system= view(){\\n Samsung_Knox_System_CL\\n };\\n let process= view(){\\n Samsung_Knox_Process_CL\\n };\\n let user= view(){\\n Samsung_Knox_User_CL\\n };\\n let network= view(){\\n Samsung_Knox_Network_CL\\n };\\nlet selectedtables = dynamic([{selectedtype}]);\\nunion (audit() | where \\\"Audit\\\" in (selectedtables)), (application() | where \\\"Application\\\" in (selectedtables)),(process() | where \\\"Process\\\" in (selectedtables)),(user() | where \\\"User\\\" in (selectedtables)),(network() | where \\\"Network\\\" in (selectedtables)),(system() | where \\\"System\\\" in (selectedtables))\\n|where iff('{timebrush:label}'==\\\"12/12/2016 10:00 AM - 10:01 AM\\\" , TimeGenerated >= {CustomTimeRange:start} and TimeGenerated <={CustomTimeRange:end}, TimeGenerated >= {timebrush:start} and TimeGenerated <={timebrush:end})\\n|where Severity in (severityParam)\\n| summarize count() by Severity\\n| where Severity in ('high', 'med','low')\\n|order by case( Severity == 'high',3, Severity == 'med',2, Severity == 'low',1,0)\\n\",\"size\":4,\"title\":\"Events by severity\",\"noDataMessage\":\"No security event data found for the selected time period, severity or type.  Please update the filters applied.\",\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"visualization\":\"tiles\",\"gridSettings\":{\"formatters\":[{\"columnMatch\":\"severity\",\"formatter\":22,\"formatOptions\":{\"compositeBarSettings\":{\"labelText\":\"\",\"columnSettings\":[{\"columnName\":\"severity\",\"color\":\"redBright\"},{\"columnName\":\"severity\",\"color\":\"orange\"},{\"columnName\":\"severity\",\"color\":\"lightBlue\"}]}}},{\"columnMatch\":\"count_\",\"formatter\":22,\"formatOptions\":{\"compositeBarSettings\":{\"labelText\":\"\",\"columnSettings\":[{\"columnName\":\"severity\",\"color\":\"lightBlue\"},{\"columnName\":\"severity\",\"color\":\"lightBlue\"},{\"columnName\":\"severity\",\"color\":\"lightBlue\"}]}}}]},\"tileSettings\":{\"titleContent\":{\"columnMatch\":\"Severity\",\"formatter\":18,\"formatOptions\":{\"thresholdsOptions\":\"colors\",\"thresholdsGrid\":[{\"operator\":\"==\",\"thresholdValue\":\"high\",\"representation\":\"redBright\",\"text\":\"{0}\"},{\"operator\":\"==\",\"thresholdValue\":\"low\",\"representation\":\"yellow\",\"text\":\"{0}\"},{\"operator\":\"==\",\"thresholdValue\":\"med\",\"representation\":\"orange\",\"text\":\"{0}\"},{\"operator\":\"Default\",\"representation\":\"lightBlue\",\"text\":\"{0}\"}]}},\"leftContent\":{\"columnMatch\":\"count_\",\"formatter\":12,\"formatOptions\":{\"palette\":\"none\"},\"numberFormat\":{\"unit\":17,\"options\":{\"style\":\"decimal\",\"maximumFractionDigits\":2,\"maximumSignificantDigits\":3}}},\"showBorder\":true,\"sortOrderField\":1}},\"customWidth\":\"100\",\"name\":\"query - 10\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"let severityParam = dynamic([{selectedseverity}]);\\nlet audit = view(){\\n Samsung_Knox_Audit_CL\\n };\\nlet application= view(){\\n Samsung_Knox_Application_CL\\n };\\n let system= view(){\\n Samsung_Knox_System_CL\\n };\\n let process= view(){\\n Samsung_Knox_Process_CL\\n };\\n let user= view(){\\n Samsung_Knox_User_CL\\n };\\n let network= view(){\\n Samsung_Knox_Network_CL\\n };\\nlet selectedtables = dynamic([{selectedtype}]);\\nunion (audit() | where \\\"Audit\\\" in (selectedtables)), (application() | where \\\"Application\\\" in (selectedtables)),(process() | where \\\"Process\\\" in (selectedtables)),(user() | where \\\"User\\\" in (selectedtables)),(network() | where \\\"Network\\\" in (selectedtables)),(system() | where \\\"System\\\" in (selectedtables))\\n|where iff('{timebrush:label}'==\\\"12/12/2016 10:00 AM - 10:01 AM\\\" , TimeGenerated >= {CustomTimeRange:start} and TimeGenerated <={CustomTimeRange:end}, TimeGenerated >= {timebrush:start} and TimeGenerated <={timebrush:end})\\n|where Severity in (severityParam)\\n| summarize count() by Type\\n| render piechart \",\"size\":3,\"title\":\"Events by type\",\"noDataMessage\":\"No security event data found for the selected time period, severity or type.  Please update the filters applied.\",\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"chartSettings\":{\"seriesLabelSettings\":[{\"seriesName\":\"Samsung_Knox_Application_CL\",\"label\":\"Application\"},{\"seriesName\":\"Samsung_Knox_Network_CL\",\"label\":\"Network\"},{\"seriesName\":\"Samsung_Knox_User_CL\",\"label\":\"User\"},{\"seriesName\":\"Samsung_Knox_Process_CL\",\"label\":\"Process\"},{\"seriesName\":\"Samsung_Knox_Audit_CL\",\"label\":\"Audit\"},{\"seriesName\":\"Samsung_Knox_System_CL\",\"label\":\"System\"}]}},\"name\":\"query - 11\"}]},\"name\":\"group - 9\"}]},\"customWidth\":\"40\",\"name\":\"group - 8\",\"styleSettings\":{\"margin\":\"0px\"}},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"\\nlet audit = view(){\\n Samsung_Knox_Audit_CL\\n };\\nlet application= view(){\\n Samsung_Knox_Application_CL\\n };\\n let system= view(){\\n Samsung_Knox_System_CL\\n };\\n let process= view(){\\n Samsung_Knox_Process_CL\\n };\\n let user= view(){\\n Samsung_Knox_User_CL\\n };\\n let network= view(){\\n Samsung_Knox_Network_CL\\n };\\nlet selectedtables = dynamic([{selectedtype}]);\\nlet severityParam = dynamic([{selectedseverity}]);\\nunion (audit() | where \\\"Audit\\\" in (selectedtables)), (application() | where \\\"Application\\\" in (selectedtables)),(process() | where \\\"Process\\\" in (selectedtables)),(user() | where \\\"User\\\" in (selectedtables)),(network() | where \\\"Network\\\" in (selectedtables)),(system() | where \\\"System\\\" in (selectedtables))\\n| where iff('{timebrush:label}'==\\\"12/12/2016 10:00 AM - 10:01 AM\\\" , TimeGenerated >= {CustomTimeRange:start} and TimeGenerated <={CustomTimeRange:end}, TimeGenerated >= {timebrush:start} and TimeGenerated <={timebrush:end})\\n| where Severity in (severityParam)\\n|project Time =TimeGenerated,\\nName,\\nSeverity,\\n[\\\"Device Model\\\"] = DeviceModel,\\nType = replace_string(replace_string(Type,\\\"Samsung_Knox_\\\",\\\"\\\"),\\\"_CL\\\",\\\"\\\"),\\nProfile,\\n[\\\"MITRE Technique ID(s)\\\"] = array_strcat(MitreTtp,\\\", \\\")\\n| sort by Time desc\\n\\n\\n\",\"size\":2,\"title\":\"Event list\",\"noDataMessage\":\"No security event data found for the selected time period, severity or type.  Please update the filters applied.\",\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"visualization\":\"table\",\"gridSettings\":{\"formatters\":[{\"columnMatch\":\"Severity\",\"formatter\":18,\"formatOptions\":{\"thresholdsOptions\":\"icons\",\"thresholdsGrid\":[{\"operator\":\"==\",\"thresholdValue\":\"high\",\"representation\":\"dot-redBright\",\"text\":\"{0}{1}\"},{\"operator\":\"==\",\"thresholdValue\":\"med\",\"representation\":\"dot-orange\",\"text\":\"{0}{1}\"},{\"operator\":\"==\",\"thresholdValue\":\"low\",\"representation\":\"dot-yellow\",\"text\":\"{0}{1}\"},{\"operator\":\"==\",\"thresholdValue\":\"LOW\",\"representation\":\"dot-yellow\",\"text\":\"{0}{1}\"},{\"operator\":\"==\",\"thresholdValue\":\"HIGH\",\"representation\":\"dot-redBright\",\"text\":\"{0}{1}\"},{\"operator\":\"==\",\"thresholdValue\":\"MED\",\"representation\":\"dot-orange\",\"text\":\"{0}{1}\"},{\"operator\":\"Default\",\"representation\":\"success\",\"text\":\"{0}{1}\"}]}}],\"rowLimit\":1000}},\"name\":\"query - 9\"}]},\"name\":\"group - 6\"}],\"fromTemplateId\":\"sentinel-SamsungKnoxAssetIntelligence\",\"$schema\":\"https://github.com/Microsoft/Application-Insights-Workbooks/blob/master/schema/workbook.json\"}\r\n", "version": "1.0", "sourceId": "[variables('workspaceResourceId')]", "category": "sentinel" @@ -559,7 +559,7 @@ "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]" ], "properties": { - "description": "SamsungKnoxApplicationPrivilegeEscalationOrChange_AnalyticalRules Analytics Rule with template version 3.0.1", + "description": "SamsungKnoxApplicationPrivilegeEscalationOrChange_AnalyticalRules Analytics Rule with template version 3.0.0", "mainTemplate": { "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", "contentVersion": "[variables('analyticRuleObject1').analyticRuleVersion1]", @@ -583,10 +583,10 @@ "status": "Available", "requiredDataConnectors": [ { - "connectorId": "SamsungDCDefinition", "dataTypes": [ "Samsung_Knox_Process_CL" - ] + ], + "connectorId": "SamsungDCDefinition" } ], "tactics": [ @@ -601,9 +601,9 @@ "incidentConfiguration": { "createIncident": true, "groupingConfiguration": { - "enabled": false, "reopenClosedIncident": false, "lookbackDuration": "5H", + "enabled": false, "matchingMethod": "AllEntities" } } @@ -660,7 +660,7 @@ "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]" ], "properties": { - "description": "SamsungKnoxKeyguardDisabledFeatureSet_AnalyticalRules Analytics Rule with template version 3.0.1", + "description": "SamsungKnoxKeyguardDisabledFeatureSet_AnalyticalRules Analytics Rule with template version 3.0.0", "mainTemplate": { "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", "contentVersion": "[variables('analyticRuleObject2').analyticRuleVersion2]", @@ -684,10 +684,10 @@ "status": "Available", "requiredDataConnectors": [ { - "connectorId": "SamsungDCDefinition", "dataTypes": [ "Samsung_Knox_Audit_CL" - ] + ], + "connectorId": "SamsungDCDefinition" } ], "tactics": [ @@ -702,9 +702,9 @@ "incidentConfiguration": { "createIncident": true, "groupingConfiguration": { - "enabled": false, "reopenClosedIncident": false, "lookbackDuration": "5H", + "enabled": false, "matchingMethod": "AllEntities" } } @@ -761,7 +761,7 @@ "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]" ], "properties": { - "description": "SamsungKnoxMobileDeviceBootCompromise_AnalyticalRules Analytics Rule with template version 3.0.1", + "description": "SamsungKnoxMobileDeviceBootCompromise_AnalyticalRules Analytics Rule with template version 3.0.0", "mainTemplate": { "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", "contentVersion": "[variables('analyticRuleObject3').analyticRuleVersion3]", @@ -785,10 +785,10 @@ "status": "Available", "requiredDataConnectors": [ { - "connectorId": "SamsungDCDefinition", "dataTypes": [ "Samsung_Knox_System_CL" - ] + ], + "connectorId": "SamsungDCDefinition" } ], "tactics": [ @@ -803,9 +803,9 @@ "incidentConfiguration": { "createIncident": true, "groupingConfiguration": { - "enabled": false, "reopenClosedIncident": false, "lookbackDuration": "5H", + "enabled": false, "matchingMethod": "AllEntities" } } @@ -862,7 +862,7 @@ "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]" ], "properties": { - "description": "SamsungKnoxPasswordLockout_AnalyticalRules Analytics Rule with template version 3.0.1", + "description": "SamsungKnoxPasswordLockout_AnalyticalRules Analytics Rule with template version 3.0.0", "mainTemplate": { "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", "contentVersion": "[variables('analyticRuleObject4').analyticRuleVersion4]", @@ -886,10 +886,10 @@ "status": "Available", "requiredDataConnectors": [ { - "connectorId": "SamsungDCDefinition", "dataTypes": [ "Samsung_Knox_User_CL" - ] + ], + "connectorId": "SamsungDCDefinition" } ], "tactics": [ @@ -904,9 +904,9 @@ "incidentConfiguration": { "createIncident": true, "groupingConfiguration": { - "enabled": false, "reopenClosedIncident": false, "lookbackDuration": "5H", + "enabled": false, "matchingMethod": "AllEntities" } } @@ -963,7 +963,7 @@ "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]" ], "properties": { - "description": "SamsungKnoxPeripheralAccessDetectionWithCamera_AnalyticalRules Analytics Rule with template version 3.0.1", + "description": "SamsungKnoxPeripheralAccessDetectionWithCamera_AnalyticalRules Analytics Rule with template version 3.0.0", "mainTemplate": { "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", "contentVersion": "[variables('analyticRuleObject5').analyticRuleVersion5]", @@ -987,10 +987,10 @@ "status": "Available", "requiredDataConnectors": [ { - "connectorId": "SamsungDCDefinition", "dataTypes": [ "Samsung_Knox_System_CL" - ] + ], + "connectorId": "SamsungDCDefinition" } ], "eventGroupingSettings": { @@ -999,9 +999,9 @@ "incidentConfiguration": { "createIncident": true, "groupingConfiguration": { - "enabled": false, "reopenClosedIncident": false, "lookbackDuration": "5H", + "enabled": false, "matchingMethod": "AllEntities" } } @@ -1058,7 +1058,7 @@ "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]" ], "properties": { - "description": "SamsungKnoxPeripheralAccessDetectionWithMic_AnalyticalRules Analytics Rule with template version 3.0.1", + "description": "SamsungKnoxPeripheralAccessDetectionWithMic_AnalyticalRules Analytics Rule with template version 3.0.0", "mainTemplate": { "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", "contentVersion": "[variables('analyticRuleObject6').analyticRuleVersion6]", @@ -1082,10 +1082,10 @@ "status": "Available", "requiredDataConnectors": [ { - "connectorId": "SamsungDCDefinition", "dataTypes": [ "Samsung_Knox_System_CL" - ] + ], + "connectorId": "SamsungDCDefinition" } ], "eventGroupingSettings": { @@ -1097,9 +1097,9 @@ "incidentConfiguration": { "createIncident": true, "groupingConfiguration": { - "enabled": false, "reopenClosedIncident": false, "lookbackDuration": "5H", + "enabled": false, "matchingMethod": "AllEntities" } } @@ -1156,7 +1156,7 @@ "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]" ], "properties": { - "description": "SamsungKnoxSuspiciousURLs_AnalyticalRules Analytics Rule with template version 3.0.1", + "description": "SamsungKnoxSuspiciousURLs_AnalyticalRules Analytics Rule with template version 3.0.0", "mainTemplate": { "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", "contentVersion": "[variables('analyticRuleObject7').analyticRuleVersion7]", @@ -1180,10 +1180,10 @@ "status": "Available", "requiredDataConnectors": [ { - "connectorId": "SamsungDCDefinition", "dataTypes": [ "Samsung_Knox_User_CL" - ] + ], + "connectorId": "SamsungDCDefinition" } ], "tactics": [ @@ -1198,9 +1198,9 @@ "incidentConfiguration": { "createIncident": true, "groupingConfiguration": { - "enabled": false, "reopenClosedIncident": false, "lookbackDuration": "5H", + "enabled": false, "matchingMethod": "AllEntities" } } @@ -1253,7 +1253,7 @@ "apiVersion": "2023-04-01-preview", "location": "[parameters('workspace-location')]", "properties": { - "version": "3.0.1", + "version": "3.0.0", "kind": "Solution", "contentSchemaVersion": "3.0.0", "displayName": "Samsung Knox Asset Intelligence", From b262f91b185d13be619bda48895ba013e6076cf7 Mon Sep 17 00:00:00 2001 From: v-prasadboke Date: Thu, 9 Jan 2025 22:56:25 +0530 Subject: [PATCH 3/3] Update ReleaseNotes.md --- .../Azure Cloud NGFW by Palo Alto Networks/ReleaseNotes.md | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/Solutions/Azure Cloud NGFW by Palo Alto Networks/ReleaseNotes.md b/Solutions/Azure Cloud NGFW by Palo Alto Networks/ReleaseNotes.md index 82ed96d9093..03a22cab8b3 100644 --- a/Solutions/Azure Cloud NGFW by Palo Alto Networks/ReleaseNotes.md +++ b/Solutions/Azure Cloud NGFW by Palo Alto Networks/ReleaseNotes.md @@ -1,4 +1,5 @@ | **Version** | **Date Modified (DD-MM-YYYY)** | **Change History** | |-------------|--------------------------------|--------------------------------------------------------------------| -| 3.0.1 | 02-12-2024 | Updated Data Connector Ids for dependent content | -| 3.0.0 | 15-02-2024 | Initial Release | +| 3.0.2 | 09-01-2025 | Updated **Analytic RUles** and **Workbooks** | +| 3.0.1 | 02-12-2024 | Updated **Data Connector** Ids for dependent content | +| 3.0.0 | 15-02-2024 | Initial Solution Release |