Merge pull request #10842 from Azure/origins/users/rahul/workbook-bug…

…-SOCProcessFramework Updated SOCProcessFramework Workbook - Table markdown from "| : |" to "| - |"
Azure · Jul 24, 2024 · d86a637 · d86a637
2 parents cba5474 + d4728eb
commit d86a637
Show file tree

Hide file tree

Showing 8 changed files with 252 additions and 75 deletions.
diff --git a/Solutions/SOC-Process-Framework/Package/3.0.1.zip b/Solutions/SOC-Process-Framework/Package/3.0.1.zip
diff --git a/Solutions/SOC-Process-Framework/Package/createUiDefinition.json b/Solutions/SOC-Process-Framework/Package/createUiDefinition.json
@@ -6,7 +6,7 @@
     "config": {
       "isWizard": false,
       "basics": {
-        "description": "<img src=\"https://raw.githubusercontent.com/Azure/Azure-Sentinel/master/Logos/Azure_Sentinel.svg\" width=\"75px\" height=\"75px\">\n\n**Note:** Please refer to the following before installing the solution: \r \n • Review the solution [Release Notes](https://github.com/Azure/Azure-Sentinel/blob/master/Solutions/SOC-Process-Framework/ReleaseNotes.md)\r \n • There may be [known issues](https://aka.ms/sentinelsolutionsknownissues) pertaining to this Solution.\n\nThe Get-SOCActions Playbook with SocRA Watchlist gives SOCs the ability to onboard SOC Actions for their Analysts to follow that snap to the SOC Process Framework Workbook.\n\n**Workbooks:** 7, **Watchlists:** 12, **Playbooks:** 1\n\n[Learn more about Microsoft Sentinel](https://aka.ms/azuresentinel) | [Learn more about Solutions](https://aka.ms/azuresentinelsolutionsdoc)",
+        "description": "<img src=\"https://raw.githubusercontent.com/Azure/Azure-Sentinel/master/Logos/Azure_Sentinel.svg\" width=\"75px\" height=\"75px\">\n\n**Note:** Please refer to the following before installing the solution: \n\n• Review the solution [Release Notes](https://github.com/Azure/Azure-Sentinel/tree/master/Solutions/SOC-Process-Framework/ReleaseNotes.md)\n\n • There may be [known issues](https://aka.ms/sentinelsolutionsknownissues) pertaining to this Solution, please refer to them before installing.\n\nThe Get-SOCActions Playbook with SocRA Watchlist gives SOCs the ability to onboard SOC Actions for their Analysts to follow that snap to the SOC Process Framework Workbook.\n\n**Workbooks:** 7, **Watchlists:** 12, **Playbooks:** 1\n\n[Learn more about Microsoft Sentinel](https://aka.ms/azuresentinel) | [Learn more about Solutions](https://aka.ms/azuresentinelsolutionsdoc)",
         "subscription": {
           "resourceProviders": [
             "Microsoft.OperationsManagement/solutions",
@@ -298,7 +298,7 @@
           {
             "name": "watchlist8",
             "type": "Microsoft.Common.Section",
-            "label": "SOC Maturity Assessment (CMMI)",
+            "label": "SOC Maturity Assessment",
             "elements": [
               {
                 "name": "watchlist8-text",

diff --git a/Solutions/SOC-Process-Framework/Package/mainTemplate.json b/Solutions/SOC-Process-Framework/Package/mainTemplate.json
diff --git a/Solutions/SOC-Process-Framework/Package/testParameters.json b/Solutions/SOC-Process-Framework/Package/testParameters.json
@@ -0,0 +1,176 @@
+{
+  "location": {
+    "type": "string",
+    "minLength": 1,
+    "defaultValue": "[resourceGroup().location]",
+    "metadata": {
+      "description": "Not used, but needed to pass arm-ttk test `Location-Should-Not-Be-Hardcoded`.  We instead use the `workspace-location` which is derived from the LA workspace"
+    }
+  },
+  "workspace-location": {
+    "type": "string",
+    "defaultValue": "",
+    "metadata": {
+      "description": "[concat('Region to deploy solution resources -- separate from location selection',parameters('location'))]"
+    }
+  },
+  "workspace": {
+    "defaultValue": "",
+    "type": "string",
+    "metadata": {
+      "description": "Workspace name for Log Analytics where Microsoft Sentinel is setup"
+    }
+  },
+  "workbook1-name": {
+    "type": "string",
+    "defaultValue": "SOC Process Framework",
+    "minLength": 1,
+    "metadata": {
+      "description": "Name for the workbook"
+    }
+  },
+  "workbook2-name": {
+    "type": "string",
+    "defaultValue": "SOC Large Staff",
+    "minLength": 1,
+    "metadata": {
+      "description": "Name for the workbook"
+    }
+  },
+  "workbook3-name": {
+    "type": "string",
+    "defaultValue": "SOC Medium Staff",
+    "minLength": 1,
+    "metadata": {
+      "description": "Name for the workbook"
+    }
+  },
+  "workbook4-name": {
+    "type": "string",
+    "defaultValue": "SOC Small Staff",
+    "minLength": 1,
+    "metadata": {
+      "description": "Name for the workbook"
+    }
+  },
+  "workbook5-name": {
+    "type": "string",
+    "defaultValue": "SOC Part Time Staff",
+    "minLength": 1,
+    "metadata": {
+      "description": "Name for the workbook"
+    }
+  },
+  "workbook6-name": {
+    "type": "string",
+    "defaultValue": "SOC IR Planning",
+    "minLength": 1,
+    "metadata": {
+      "description": "Name for the workbook"
+    }
+  },
+  "workbook7-name": {
+    "type": "string",
+    "defaultValue": "Update SOC Maturity Score",
+    "minLength": 1,
+    "metadata": {
+      "description": "Name for the workbook"
+    }
+  },
+  "watchlist1-id": {
+    "type": "string",
+    "defaultValue": "SOCcontacts",
+    "minLength": 1,
+    "metadata": {
+      "description": "Unique id for the watchlist"
+    }
+  },
+  "watchlist2-id": {
+    "type": "string",
+    "defaultValue": "SOCDepartmental",
+    "minLength": 1,
+    "metadata": {
+      "description": "Unique id for the watchlist"
+    }
+  },
+  "watchlist3-id": {
+    "type": "string",
+    "defaultValue": "SOCEmailDistribution",
+    "minLength": 1,
+    "metadata": {
+      "description": "Unique id for the watchlist"
+    }
+  },
+  "watchlist4-id": {
+    "type": "string",
+    "defaultValue": "SOCExternalContacts",
+    "minLength": 1,
+    "metadata": {
+      "description": "Unique id for the watchlist"
+    }
+  },
+  "watchlist5-id": {
+    "type": "string",
+    "defaultValue": "SOCgeneralIT",
+    "minLength": 1,
+    "metadata": {
+      "description": "Unique id for the watchlist"
+    }
+  },
+  "watchlist6-id": {
+    "type": "string",
+    "defaultValue": "SOCIRP",
+    "minLength": 1,
+    "metadata": {
+      "description": "Unique id for the watchlist"
+    }
+  },
+  "watchlist7-id": {
+    "type": "string",
+    "defaultValue": "SOCInternalContacts",
+    "minLength": 1,
+    "metadata": {
+      "description": "Unique id for the watchlist"
+    }
+  },
+  "watchlist8-id": {
+    "type": "string",
+    "defaultValue": "SOCMA",
+    "minLength": 1,
+    "metadata": {
+      "description": "Unique id for the watchlist"
+    }
+  },
+  "watchlist9-id": {
+    "type": "string",
+    "defaultValue": "SOCPager",
+    "minLength": 1,
+    "metadata": {
+      "description": "Unique id for the watchlist"
+    }
+  },
+  "watchlist10-id": {
+    "type": "string",
+    "defaultValue": "SocRA",
+    "minLength": 1,
+    "metadata": {
+      "description": "Unique id for the watchlist"
+    }
+  },
+  "watchlist11-id": {
+    "type": "string",
+    "defaultValue": "SOCUseCase",
+    "minLength": 1,
+    "metadata": {
+      "description": "Unique id for the watchlist"
+    }
+  },
+  "watchlist12-id": {
+    "type": "string",
+    "defaultValue": "SOCworkstations",
+    "minLength": 1,
+    "metadata": {
+      "description": "Unique id for the watchlist"
+    }
+  }
+}
diff --git a/Solutions/SOC-Process-Framework/ReleaseNotes.md b/Solutions/SOC-Process-Framework/ReleaseNotes.md
@@ -1,3 +1,4 @@
 | **Version** | **Date Modified (DD-MM-YYYY)** | **Change History**                          |
 |-------------|--------------------------------|---------------------------------------------|
+| 3.0.1       | 24-07-2023                     | Update Table markdown from "| : |" to "| - |" in SOCProcessFramework **Workbook** . |
 | 3.0.0       | 12-07-2023                     | Correction of **Logo** in the solution. |
diff --git a/Solutions/SOC-Process-Framework/Watchlists/SOC-Maturity-Assessment/SOCMA.json b/Solutions/SOC-Process-Framework/Watchlists/SOC-Maturity-Assessment/SOCMA.json
@@ -15,7 +15,7 @@
           "type": "Microsoft.OperationalInsights/workspaces/providers/Watchlists",
           "kind": "",
           "properties": {
-              "displayName": "SOC Maturity Assessment (CMMI)",
+              "displayName": "SOC Maturity Assessment",
               "watchlistAlias": "SOCMA",
               "source": "SOCMA.csv",
               "description": "The SOC CMMI model was created by evaluating scientific and non-scientific literature to determine characteristics and features of SOCs, such as specific technologies or processes. These characteristics and features were then aggregated into respective domains. Then, a survey was held among SOCs to determine the existence of identified theoretical elements in practical situations. The outcome of that survey, combined with the initial literature review and augmented with literature review on maturity models was used to create the SOC CMMI model.",

diff --git a/Solutions/SOC-Process-Framework/Watchlists/SOC-Recommended-Actions/SocRA.json b/Solutions/SOC-Process-Framework/Watchlists/SOC-Recommended-Actions/SocRA.json
diff --git a/Solutions/SOC-Process-Framework/Workbooks/SOCProcessFramework.json b/Solutions/SOC-Process-Framework/Workbooks/SOCProcessFramework.json