WorkbooksMetadata.json

[
  {
    "workbookKey": "1PasswordWorkbook",
    "logoFileName": "1password.svg",
    "description": "Gain insights and comprehensive monitoring into 1Password events data by analyzing traffic and user activities.\nThis workbook provides insights into various 1Password events types.\nYou can use this workbook to get visibility in to your 1Password Security Events and quickly identify threats, anamolies, traffic patterns, application usage, blocked IP addresses and more.",
    "dataTypesDependencies": [
      "OnePasswordEventLogs_CL"
    ],
    "dataConnectorsDependencies": [
      "1Password"
    ],
    "previewImagesFileNames": [
      "1PasswordLogsBlack1.png",
      "1PasswordLogsBlack2.png",
      "1PasswordLogsBlack3.png",
      "1PasswordLogsBlack4.png",
      "1PasswordLogsWhite1.png",
      "1PasswordLogsWhite2.png",
      "1PasswordLogsWhite3.png",
      "1PasswordLogsWhite4.png"
    ],
    "version": "1.0.0",
    "title": "1Password Events Workbook",
    "templateRelativePath": "1Password.json",
    "subtitle": "",
    "provider": "1Password"
  },
  {
    "workbookKey": "42CrunchAPIProtectionWorkbook",
    "logoFileName": "42CrunchLogo.svg",
    "description": "Monitor and protect APIs using the 42Crunch API microfirewall",
    "dataTypesDependencies": [
      "apifirewall_log_1_CL"
    ],
    "dataConnectorsDependencies": [
      "42CrunchAPIProtection"
    ],
    "previewImagesFileNames": [
      "42CrunchInstancesBlack.png",
      "42CrunchInstancesWhite.png",
      "42CrunchRequestsBlack.png",
      "42CrunchRequestsWhite.png",
      "42CrunchStatusBlack.png",
      "42CrunchStatusWhite.png"
    ],
    "version": "1.0.0",
    "title": "42Crunch API Protection Workbook",
    "templateRelativePath": "42CrunchAPIProtectionWorkbook.json",
    "subtitle": "",
    "provider": "42Crunch"
  },
  {
    "workbookKey": "AttackSurfaceReduction",
    "logoFileName": "M365securityposturelogo.svg",
    "description": "This workbook helps you implement the ASR rules of Windows/Defender, and to monitor them over time. The workbook can filter on ASR rules in Audit mode and Block mode.",
    "dataTypesDependencies": [
      "DeviceEvents"
    ],
    "dataConnectorsDependencies": [
      "MicrosoftThreatProtection"
    ],
    "previewImagesFileNames": [
      "AttackSurfaceReductionWhite.png",
      "AttackSurfaceReductionBlack.png"
    ],
    "version": "1.0.0",
    "title": "Attack Surface Reduction Dashboard",
    "templateRelativePath": "AttackSurfaceReduction.json",
    "subtitle": "",
    "provider": "Microsoft Sentinel community"
  },
  {
    "workbookKey": "ForcepointNGFWAdvanced",
    "logoFileName": "FPAdvLogo.svg",
    "description": "Gain threat intelligence correlated security and application insights on Forcepoint NGFW (Next Generation Firewall). Monitor Forcepoint logging servers health.",
    "dataTypesDependencies": [
      "CommonSecurityLog",
      "ThreatIntelligenceIndicator"
    ],
    "dataConnectorsDependencies": [
      "ThreatIntelligence",
      "CefAma"
    ],
    "previewImagesFileNames": [
      "ForcepointNGFWAdvancedWhite.png",
      "ForcepointNGFWAdvancedBlack.png"
    ],
    "version": "1.0.0",
    "title": "Forcepoint Next Generation Firewall (NGFW) Advanced Workbook",
    "templateRelativePath": "ForcepointNGFWAdvanced.json",
    "subtitle": "",
    "provider": "Forcepoint"
  },
  {
    "workbookKey": "AzureActivityWorkbook",
    "logoFileName": "azureactivity_logo.svg",
    "description": "Gain extensive insight into your organization's Azure Activity by analyzing, and correlating all user operations and events.\nYou can learn about all user operations, trends, and anomalous changes over time.\nThis workbook gives you the ability to drill down into caller activities and summarize detected failure and warning events.",
    "dataTypesDependencies": [
      "AzureActivity"
    ],
    "dataConnectorsDependencies": [
      "AzureActivity"
    ],
    "previewImagesFileNames": [
      "AzureActivityWhite1.png",
      "AzureActivityBlack1.png"
    ],
    "version": "2.0.0",
    "title": "Azure Activity",
    "templateRelativePath": "AzureActivity.json",
    "subtitle": "",
    "provider": "Microsoft"
  },
  {
    "workbookKey": "IdentityAndAccessWorkbook",
    "logoFileName": "Microsoft_logo.svg",
    "description": "Gain insights into Identity and access operations by collecting and analyzing security logs, using the audit and sign-in logs to gather insights into use of Microsoft products.\nYou can view anomalies and trends across login events from all users and machines. This workbook also identifies suspicious entities from login and access events.",
    "dataTypesDependencies": [
      "SecurityEvent"
    ],
    "dataConnectorsDependencies": [
      "SecurityEvents",
      "WindowsSecurityEvents"
    ],
    "previewImagesFileNames": [
      "IdentityAndAccessWhite.png",
      "IdentityAndAccessBlack.png"
    ],
    "version": "1.1.0",
    "title": "Identity & Access",
    "templateRelativePath": "IdentityAndAccess.json",
    "subtitle": "",
    "provider": "Microsoft"
  },
  {
    "workbookKey": "CheckPointWorkbook",
    "logoFileName": "checkpoint_logo.svg",
    "description": "Gain insights into Check Point network activities, including number of gateways and servers, security incidents, and identify infected hosts.",
    "dataTypesDependencies": [
      "CommonSecurityLog"
    ],
    "dataConnectorsDependencies": [
      "CheckPoint"
    ],
    "previewImagesFileNames": [
      "CheckPointWhite.png",
      "CheckPointBlack.png"
    ],
    "version": "1.0.0",
    "title": "Check Point Software Technologies",
    "templateRelativePath": "CheckPoint.json",
    "subtitle": "",
    "provider": "Check Point"
  },
  {
    "workbookKey": "CiscoWorkbook",
    "logoFileName": "cisco_logo.svg",
    "description": "Gain insights into your Cisco ASA firewalls by analyzing traffic, events, and firewall operations.\nThis workbook analyzes Cisco ASA threat events and identifies suspicious ports, users, protocols and IP addresses.\nYou can learn about trends across user and data traffic directions, and drill down into the Cisco filter results.\nEasily detect attacks on your organization by monitoring management operations, such as configuration and logins.",
    "dataTypesDependencies": [
      "CommonSecurityLog"
    ],
    "dataConnectorsDependencies": [
      "CiscoASA"
    ],
    "previewImagesFileNames": [
      "CiscoWhite.png",
      "CiscoBlack.png"
    ],
    "version": "1.1.0",
    "title": "Cisco - ASA",
    "templateRelativePath": "Cisco.json",
    "subtitle": "",
    "provider": "Microsoft"
  },
  {
    "workbookKey": "ExchangeOnlineWorkbook",
    "logoFileName": "office365_logo.svg",
    "description": "Gain insights into Microsoft Exchange online by tracing and analyzing all Exchange operations and user activities.\nThis workbook let you monitor user activities, including logins, account operations, permission changes, and mailbox creations to discover suspicious trends among them.",
    "dataTypesDependencies": [
      "OfficeActivity"
    ],
    "dataConnectorsDependencies": [
      "Office365"
    ],
    "previewImagesFileNames": [
      "ExchangeOnlineWhite.png",
      "ExchangeOnlineBlack.png"
    ],
    "version": "2.0.0",
    "title": "Exchange Online",
    "templateRelativePath": "ExchangeOnline.json",
    "subtitle": "",
    "provider": "Microsoft"
  },
  {
    "workbookKey": "CloudNGFW-OverviewWorkbook",
    "logoFileName": "paloalto_logo.svg",
    "description": "Gain insights and comprehensive monitoring into Azure CloudNGFW by Palo Alto Networks by analyzing traffic and activities.\nThis workbook correlates all Palo Alto data with threat events to identify suspicious entities and relationships.\nYou can learn about trends across user and data traffic, and drill down into Palo Alto Wildfire and filter results.",
    "dataTypesDependencies": [
      "fluentbit_CL"
    ],
    "dataConnectorsDependencies": [
      "AzureCloudNGFWByPaloAltoNetworks"
    ],
    "previewImagesFileNames": [
      "PaloAltoOverviewWhite1.png",
      "PaloAltoOverviewBlack1.png",
      "PaloAltoOverviewWhite2.png",
      "PaloAltoOverviewBlack2.png",
      "PaloAltoOverviewWhite3.png",
      "PaloAltoOverviewBlack3.png"
    ],
    "version": "1.2.0",
    "title": "Azure CloudNGFW By Palo Alto Networks - Overview",
    "templateRelativePath": "CloudNGFW-Overview.json",
    "subtitle": "",
    "provider": "Palo Alto Networks"
  },
  {
    "workbookKey": "CloudNGFW-NetworkThreatWorkbook",
    "logoFileName": "paloalto_logo.svg",
    "description": "Gain insights into Azure CloudNGFW activities by analyzing threat events.\nYou can extract meaningful security information by correlating data between threats, applications, and time.\nThis workbook makes it easy to track malware, vulnerability, and virus log events.",
    "dataTypesDependencies": [
      "fluentbit_CL"
    ],
    "dataConnectorsDependencies": [
      "AzureCloudNGFWByPaloAltoNetworks"
    ],
    "previewImagesFileNames": [
      "PaloAltoNetworkThreatWhite1.png",
      "PaloAltoNetworkThreatBlack1.png",
      "PaloAltoNetworkThreatWhite2.png",
      "PaloAltoNetworkThreatBlack2.png"
    ],
    "version": "1.2.0",
    "title": "Azure CloudNGFW By Palo Alto Networks - Network Threats",
    "templateRelativePath": "CloudNGFW-NetworkThreat.json",
    "subtitle": "",
    "provider": "Palo Alto Networks"
  },
  {
    "workbookKey": "PaloAltoOverviewWorkbook",
    "logoFileName": "paloalto_logo.svg",
    "description": "Gain insights and comprehensive monitoring into Palo Alto firewalls by analyzing traffic and activities.\nThis workbook correlates all Palo Alto data with threat events to identify suspicious entities and relationships.\nYou can learn about trends across user and data traffic, and drill down into Palo Alto Wildfire and filter results.",
    "dataTypesDependencies": [
      "CommonSecurityLog"
    ],
    "dataConnectorsDependencies": [
      "CefAma"
    ],
    "previewImagesFileNames": [
      "PaloAltoOverviewWhite1.png",
      "PaloAltoOverviewBlack1.png",
      "PaloAltoOverviewWhite2.png",
      "PaloAltoOverviewBlack2.png",
      "PaloAltoOverviewWhite3.png",
      "PaloAltoOverviewBlack3.png"
    ],
    "version": "1.2.0",
    "title": "Palo Alto overview",
    "templateRelativePath": "PaloAltoOverview.json",
    "subtitle": "",
    "provider": "Microsoft"
  },
  {
    "workbookKey": "PaloAltoNetworkThreatWorkbook",
    "logoFileName": "paloalto_logo.svg",
    "description": "Gain insights into Palo Alto network activities by analyzing threat events.\nYou can extract meaningful security information by correlating data between threats, applications, and time.\nThis workbook makes it easy to track malware, vulnerability, and virus log events.",
    "dataTypesDependencies": [
      "CommonSecurityLog"
    ],
    "dataConnectorsDependencies": [
      "CefAma"
    ],
    "previewImagesFileNames": [
      "PaloAltoNetworkThreatWhite1.png",
      "PaloAltoNetworkThreatBlack1.png",
      "PaloAltoNetworkThreatWhite2.png",
      "PaloAltoNetworkThreatBlack2.png"
    ],
    "version": "1.1.0",
    "title": "Palo Alto Network Threat",
    "templateRelativePath": "PaloAltoNetworkThreat.json",
    "subtitle": "",
    "provider": "Palo Alto Networks"
  },
  {
    "workbookKey": "EsetSMCWorkbook",
    "logoFileName": "eset-logo.svg",
    "description": "Visualize events and threats from Eset Security Management Center.",
    "dataTypesDependencies": [
      "eset_CL"
    ],
    "dataConnectorsDependencies": [
      "EsetSMC"
    ],
    "previewImagesFileNames": [
      "esetSMCWorkbook-black.png",
      "esetSMCWorkbook-white.png"
    ],
    "version": "1.0.0",
    "title": "Eset Security Management Center Overview",
    "templateRelativePath": "esetSMCWorkbook.json",
    "subtitle": "",
    "provider": "Community",
    "support": {
      "tier": "Community"
    },
    "author": {
      "name": "Tomáš Kubica"
    },
    "source": {
      "kind": "Community"
    },
    "categories": {
      "domains": [
        "Security - Others"
      ]
    }
  },
  {
    "workbookKey": "FortigateWorkbook",
    "logoFileName": "fortinet_logo.svg",
    "description": "Gain insights into Fortigate firewalls by analyzing traffic and activities.\nThis workbook finds correlations in Fortigate threat events and identifies suspicious ports, users, protocols and IP addresses.\nYou can learn about trends across user and data traffic, and drill down into the Fortigate filter results.\nEasily detect attacks on your organization by monitoring management operations such as configuration and logins.",
    "dataTypesDependencies": [
      "CommonSecurityLog"
    ],
    "dataConnectorsDependencies": [
      "CefAma"
    ],
    "previewImagesFileNames": [
      "FortigateWhite.png",
      "FortigateBlack.png"
    ],
    "version": "1.1.0",
    "title": "FortiGate",
    "templateRelativePath": "Fortigate.json",
    "subtitle": "",
    "provider": "Microsoft"
  },
  {
    "workbookKey": "DnsWorkbook",
    "logoFileName": "dns_logo.svg",
    "description": "Gain extensive insight into your organization's DNS by analyzing, collecting and correlating all DNS events.\nThis workbook exposes a variety of information about suspicious queries, malicious IP addresses and domain operations.",
    "dataTypesDependencies": [
      "DnsInventory",
      "DnsEvents"
    ],
    "dataConnectorsDependencies": [
      "DNS"
    ],
    "previewImagesFileNames": [
      "DnsWhite.png",
      "DnsBlack.png"
    ],
    "version": "1.3.0",
    "title": "DNS",
    "templateRelativePath": "Dns.json",
    "subtitle": "",
    "provider": "Microsoft"
  },
  {
    "workbookKey": "Office365Workbook",
    "logoFileName": "office365_logo.svg",
    "description": "Gain insights into Office 365 by tracing and analyzing all operations and activities. You can drill down into your SharePoint, OneDrive, and Exchange.\nThis workbook lets you find usage trends across users, files, folders, and mailboxes, making it easier to identify anomalies in your network.",
    "dataTypesDependencies": [
      "OfficeActivity"
    ],
    "dataConnectorsDependencies": [
      "Office365"
    ],
    "previewImagesFileNames": [
      "Office365White1.png",
      "Office365Black1.png",
      "Office365White2.png",
      "Office365Black2.png",
      "Office365White3.png",
      "Office365Black3.png"
    ],
    "version": "2.0.1",
    "title": "Office 365",
    "templateRelativePath": "Office365.json",
    "subtitle": "",
    "provider": "Microsoft"
  },
  {
    "workbookKey": "SharePointAndOneDriveWorkbook",
    "logoFileName": "office365_logo.svg",
    "description": "Gain insights into SharePoint and OneDrive by tracing and analyzing all operations and activities.\nYou can view trends across user operation, find correlations between users and files, and identify interesting information such as user IP addresses.",
    "dataTypesDependencies": [
      "OfficeActivity"
    ],
    "dataConnectorsDependencies": [
      "Office365"
    ],
    "previewImagesFileNames": [
      "SharePointAndOneDriveBlack1.png",
      "SharePointAndOneDriveBlack2.png",
      "SharePointAndOneDriveWhite1.png",
      "SharePointAndOneDriveWhite2.png"
    ],
    "version": "2.0.0",
    "title": "SharePoint & OneDrive",
    "templateRelativePath": "SharePointAndOneDrive.json",
    "subtitle": "",
    "provider": "Microsoft"
  },
  {
    "workbookKey": "AzureActiveDirectorySigninLogsWorkbook",
    "logoFileName": "azureactivedirectory_logo.svg",
    "description": "Gain insights into Microsoft Entra ID by connecting Microsoft Sentinel and using the sign-in logs to gather insights around Microsoft Entra ID scenarios. \nYou can learn about sign-in operations, such as user sign-ins and locations, email addresses, and  IP addresses of your users, as well as failed activities and the errors that triggered the failures.",
    "dataTypesDependencies": [
      "SigninLogs"
    ],
    "dataConnectorsDependencies": [
      "AzureActiveDirectory"
    ],
    "previewImagesFileNames": [
      "AADsigninBlack1.png",
      "AADsigninBlack2.png",
      "AADsigninWhite1.png",
      "AADsigninWhite2.png"
    ],
    "version": "2.4.0",
    "title": "Microsoft Entra ID Sign-in logs",
    "templateRelativePath": "AzureActiveDirectorySignins.json",
    "subtitle": "",
    "provider": "Microsoft"
  },
  {
    "workbookKey": "VirtualMachinesInsightsWorkbook",
    "logoFileName": "azurevirtualmachine_logo.svg",
    "description": "Gain rich insight into your organization's virtual machines from Azure Monitor, which analyzes and correlates data in your VM network. \nYou will get visibility on your VM parameters and behavior, and will be able to trace sent and received data. \nIdentify malicious attackers and their targets, and drill down into the protocols, source and destination IP addresses,  countries, and ports the attacks occur across.",
    "dataTypesDependencies": [
      "VMConnection",
      "ServiceMapComputer_CL",
      "ServiceMapProcess_CL"
    ],
    "dataConnectorsDependencies": [],
    "previewImagesFileNames": [
      "VMInsightBlack1.png",
      "VMInsightWhite1.png"
    ],
    "version": "1.3.0",
    "title": "VM insights",
    "templateRelativePath": "VirtualMachinesInsights.json",
    "subtitle": "",
    "provider": "Microsoft",
    "support": {
      "tier": "Microsoft"
    },
    "author": {
      "name": "Microsoft Corporation"
    },
    "source": {
      "kind": "Community"
    },
    "categories": {
      "domains": [
        "IT Operations",
        "Platform"
      ]
    }
  },
  {
    "workbookKey": "AzureActiveDirectoryAuditLogsWorkbook",
    "logoFileName": "azureactivedirectory_logo.svg",
    "description": "Gain insights into Microsoft Entra ID by connecting Microsoft Sentinel and using the audit logs to gather insights around Microsoft Entra ID scenarios. \nYou can learn about user operations, including password and group management, device activities, and top active users and apps.",
    "dataTypesDependencies": [
      "AuditLogs"
    ],
    "dataConnectorsDependencies": [
      "AzureActiveDirectory"
    ],
    "previewImagesFileNames": [
      "AzureADAuditLogsBlack1.png",
      "AzureADAuditLogsWhite1.png"
    ],
    "version": "1.2.0",
    "title": "Microsoft Entra ID Audit logs",
    "templateRelativePath": "AzureActiveDirectoryAuditLogs.json",
    "subtitle": "",
    "provider": "Microsoft"
  },
  {
    "workbookKey": "ThreatIntelligenceWorkbook",
    "logoFileName": "Azure_Sentinel.svg",
    "description": "Gain insights into threat indicators ingestion and search for indicators at scale across Microsoft 1st Party, 3rd Party, On-Premises, Hybrid, and Multi-Cloud Workloads. Indicators Search facilitates a simple interface for finding IP, File, Hash, Sender and more across your data. Seamless pivots to correlate indicators with Microsoft Sentinel: Incidents to make your threat intelligence actionable.",
    "dataTypesDependencies": [
      "ThreatIntelligenceIndicator",
      "SecurityIncident"
    ],
    "dataConnectorsDependencies": [
      "ThreatIntelligence",
      "ThreatIntelligenceTaxii",
      "MicrosoftDefenderThreatIntelligence",
      "ThreatIntelligenceUploadIndicatorsAPI"
    ],
    "previewImagesFileNames": [
      "ThreatIntelligenceWhite.png",
      "ThreatIntelligenceBlack.png"
    ],
    "version": "5.0.0",
    "title": "Threat Intelligence",
    "templateRelativePath": "ThreatIntelligence.json",
    "subtitle": "",
    "provider": "Microsoft"
  },
  {
    "workbookKey": "WebApplicationFirewallOverviewWorkbook",
    "logoFileName": "waf_logo.svg",
    "description": "Gain insights into your organization's Azure web application firewall (WAF). You will get a general overview of your application gateway firewall and application gateway access events.",
    "dataTypesDependencies": [
      "AzureDiagnostics"
    ],
    "dataConnectorsDependencies": [
      "WAF"
    ],
    "previewImagesFileNames": [
      "WAFOverviewBlack.png",
      "WAFOverviewWhite.png"
    ],
    "version": "1.1.0",
    "title": "Microsoft Web Application Firewall (WAF) - overview",
    "templateRelativePath": "WebApplicationFirewallOverview.json",
    "subtitle": "",
    "provider": "Microsoft"
  },
  {
    "workbookKey": "WebApplicationFirewallFirewallEventsWorkbook",
    "logoFileName": "waf_logo.svg",
    "description": "Gain insights into your organization's Azure web application firewall (WAF). You will get visibility in to your application gateway firewall. You can view anomalies and trends across all firewall event triggers, attack events, blocked URL addresses and more.",
    "dataTypesDependencies": [
      "AzureDiagnostics"
    ],
    "dataConnectorsDependencies": [
      "WAF"
    ],
    "previewImagesFileNames": [
      "WAFFirewallEventsBlack1.png",
      "WAFFirewallEventsBlack2.png",
      "WAFFirewallEventsWhite1.png",
      "WAFFirewallEventsWhite2.png"
    ],
    "version": "1.1.0",
    "title": "Microsoft Web Application Firewall (WAF) - firewall events",
    "templateRelativePath": "WebApplicationFirewallFirewallEvents.json",
    "subtitle": "",
    "provider": "Microsoft"
  },
  {
    "workbookKey": "SilverfortWorkbook",
    "logoFileName": "silverfort-logo.svg",
    "description": "The [Silverfort](https://silverfort.com) ITDR Admin Console connector solution allows ingestion of Silverfort events and logging into Microsoft Sentinel.\n Silverfort provides syslog based events and logging using Common Event Format (CEF). By forwarding your Silverfort ITDR Admin Console CEF data into Microsoft Sentinel, you can take advantage of Sentinels's search & correlation, alerting, and threat intelligence enrichment on Silverfort data. \n Please contact Silverfort or consult the Silverfort documentation for more information.",
    "dataTypesDependencies": [
      "CommonSecurityLog"
    ],
    "dataConnectorsDependencies": [
      "SilverfortAma"
    ],
    "previewImagesFileNames": [
      "SilverfortWhite.png",
      "SilverfortBlack.png"
    ],
    "version": "1.0.0",
    "title": "Silverfort Admin Console",
    "templateRelativePath": "SilverfortWorkbook.json",
    "subtitle": "",
    "provider": "Silverfort"
  },
  {
    "workbookKey": "WebApplicationFirewallGatewayAccessEventsWorkbook",
    "logoFileName": "waf_logo.svg",
    "description": "Gain insights into your organization's Azure web application firewall (WAF). You will get visibility in to your application gateway access events. You can view anomalies and trends across received and sent data, client IP addresses, URL addresses and more, and drill down into details.",
    "dataTypesDependencies": [
      "AzureDiagnostics"
    ],
    "dataConnectorsDependencies": [
      "WAF"
    ],
    "previewImagesFileNames": [
      "WAFGatewayAccessEventsBlack1.png",
      "WAFGatewayAccessEventsBlack2.png",
      "WAFGatewayAccessEventsWhite1.png",
      "WAFGatewayAccessEventsWhite2.png"
    ],
    "version": "1.2.0",
    "title": "Microsoft Web Application Firewall (WAF) - gateway access events",
    "templateRelativePath": "WebApplicationFirewallGatewayAccessEvents.json",
    "subtitle": "",
    "provider": "Microsoft"
  },
  {
    "workbookKey": "LinuxMachinesWorkbook",
    "logoFileName": "azurevirtualmachine_logo.svg",
    "description": "Gain insights into your workspaces' Linux machines by connecting Microsoft Sentinel and using the logs to gather insights around Linux events and errors.",
    "dataTypesDependencies": [
      "Syslog"
    ],
    "dataConnectorsDependencies": [
      "Syslog"
    ],
    "previewImagesFileNames": [
      "LinuxMachinesWhite.png",
      "LinuxMachinesBlack.png"
    ],
    "version": "1.1.0",
    "title": "Linux machines",
    "templateRelativePath": "LinuxMachines.json",
    "subtitle": "",
    "provider": "Microsoft"
  },
  {
    "workbookKey": "AzureFirewallWorkbook",
    "logoFileName": "AzFirewalls.svg",
    "description": "Gain insights into Azure Firewall events. You can learn about your application and network rules, see metrics for firewall activities across URLs, ports, and addresses across multiple workspaces.",
    "dataTypesDependencies": [
      "AzureDiagnostics"
    ],
    "dataConnectorsDependencies": [
      "AzureFirewall"
    ],
    "previewImagesFileNames": [
      "AzureFirewallWorkbookWhite1.PNG",
      "AzureFirewallWorkbookBlack1.PNG",
      "AzureFirewallWorkbookWhite2.PNG",
      "AzureFirewallWorkbookBlack2.PNG",
      "AzureFirewallWorkbookWhite3.PNG",
      "AzureFirewallWorkbookBlack3.PNG",
      "AzureFirewallWorkbookWhite4.PNG",
      "AzureFirewallWorkbookBlack4.PNG",
      "AzureFirewallWorkbookWhite5.PNG",
      "AzureFirewallWorkbookBlack5.PNG"
    ],
    "version": "1.3.0",
    "title": "Azure Firewall",
    "templateRelativePath": "AzureFirewallWorkbook.json",
    "subtitle": "",
    "provider": "Microsoft"
  },
  {
    "workbookKey": "AzureFirewallWorkbook-StructuredLogs",
    "logoFileName": "AzFirewalls.svg",
    "description": "Gain insights into Azure Firewall events using the new Structured Logs for Azure Firewall. You can learn about your application and network rules, see metrics for firewall activities across URLs, ports, and addresses across multiple workspaces.",
    "dataTypesDependencies": [
      "AZFWNetworkRule",
      "AZFWApplicationRule",
      "AZFWDnsQuery",
      "AZFWThreatIntel"
    ],
    "dataConnectorsDependencies": [
      "AzureFirewall"
    ],
    "previewImagesFileNames": [
      "AzureFirewallWorkbookWhite1.PNG",
      "AzureFirewallWorkbookBlack1.PNG",
      "AzureFirewallWorkbookWhite2.PNG",
      "AzureFirewallWorkbookBlack2.PNG",
      "AzureFirewallWorkbookWhite3.PNG",
      "AzureFirewallWorkbookBlack3.PNG",
      "AzureFirewallWorkbookWhite4.PNG",
      "AzureFirewallWorkbookBlack4.PNG",
      "AzureFirewallWorkbookWhite5.PNG",
      "AzureFirewallWorkbookBlack5.PNG"
    ],
    "version": "1.0.0",
    "title": "Azure Firewall Structured Logs",
    "templateRelativePath": "AzureFirewallWorkbook-StructuredLogs.json",
    "subtitle": "",
    "provider": "Microsoft"
  },
  {
    "workbookKey": "AzureDDoSStandardProtection",
    "logoFileName": "AzDDoS.svg",
    "description": "This workbook visualizes security-relevant Azure DDoS events across several filterable panels. Offering a summary tab, metrics and a investigate tabs across multiple workspaces.",
    "dataTypesDependencies": [
      "AzureDiagnostics"
    ],
    "dataConnectorsDependencies": [
      "DDOS"
    ],
    "previewImagesFileNames": [
      "AzureDDoSWhite1.PNG",
      "AzureDDoSBlack1.PNG",
      "AzureDDoSWhite2.PNG",
      "AzureDDoSBlack2.PNG",
      "AzureDDoSWhite2.PNG",
      "AzureDDoSBlack2.PNG"
    ],
    "version": "1.0.2",
    "title": "Azure DDoS Protection Workbook",
    "templateRelativePath": "AzDDoSStandardWorkbook.json",
    "subtitle": "",
    "provider": "Microsoft"
  },
  {
    "workbookKey": "MicrosoftCloudAppSecurityWorkbook",
    "logoFileName": "Microsoft_logo.svg",
    "description": "Using this workbook, you can identify which cloud apps are being used in your organization, gain insights from usage trends and drill down to a specific user and application.",
    "dataTypesDependencies": [
      "McasShadowItReporting"
    ],
    "dataConnectorsDependencies": [
      "MicrosoftCloudAppSecurity"
    ],
    "previewImagesFileNames": [
      "McasDiscoveryBlack.png",
      "McasDiscoveryWhite.png"
    ],
    "version": "1.2.0",
    "title": "Microsoft Cloud App Security - discovery logs",
    "templateRelativePath": "MicrosoftCloudAppSecurity.json",
    "subtitle": "",
    "provider": "Microsoft"
  },
  {
    "workbookKey": "F5BIGIPSytemMetricsWorkbook",
    "logoFileName": "f5_logo.svg",
    "description": "Gain insight into F5 BIG-IP health and performance.  This workbook provides visibility of various metrics including CPU, memory, connectivity, throughput and disk utilization.",
    "dataTypesDependencies": [
      "F5Telemetry_system_CL",
      "F5Telemetry_AVR_CL"
    ],
    "dataConnectorsDependencies": [
      "F5BigIp"
    ],
    "previewImagesFileNames": [
      "F5SMBlack.png",
      "F5SMWhite.png"
    ],
    "version": "1.1.0",
    "title": "F5 BIG-IP System Metrics",
    "templateRelativePath": "F5BIGIPSystemMetrics.json",
    "subtitle": "",
    "provider": "F5 Networks"
  },
  {
    "workbookKey": "F5NetworksWorkbook",
    "logoFileName": "f5_logo.svg",
    "description": "Gain insights into F5 BIG-IP Application Security Manager (ASM), by analyzing traffic and activities.\nThis workbook provides insight into F5's web application firewall events and identifies attack traffic patterns across multiple ASM instances as well as overall BIG-IP health.",
    "dataTypesDependencies": [
      "F5Telemetry_LTM_CL",
      "F5Telemetry_system_CL",
      "F5Telemetry_ASM_CL"
    ],
    "dataConnectorsDependencies": [
      "F5BigIp"
    ],
    "previewImagesFileNames": [
      "F5White.png",
      "F5Black.png"
    ],
    "version": "1.1.0",
    "title": "F5 BIG-IP ASM",
    "templateRelativePath": "F5Networks.json",
    "subtitle": "",
    "provider": "F5 Networks"
  },
  {
    "workbookKey": "AzureNetworkWatcherWorkbook",
    "logoFileName": "networkwatcher_logo.svg",
    "description": "Gain deeper understanding of your organization's Azure network traffic by analyzing, and correlating Network Security Group flow logs. \nYou can trace malicious traffic flows, and drill down into their protocols, source and destination IP addresses, machines, countries, and subnets. \nThis workbook also helps you protect your network by identifying weak NSG rules.",
    "dataTypesDependencies": [
      "AzureNetworkAnalytics_CL"
    ],
    "dataConnectorsDependencies": [],
    "previewImagesFileNames": [
      "AzureNetworkWatcherWhite.png",
      "AzureNetworkWatcherBlack.png"
    ],
    "version": "1.1.0",
    "title": "Azure Network Watcher",
    "templateRelativePath": "AzureNetworkWatcher.json",
    "subtitle": "",
    "provider": "Microsoft",
    "support": {
      "tier": "Microsoft"
    },
    "author": {
      "name": "Microsoft Corporation"
    },
    "source": {
      "kind": "Community"
    },
    "categories": {
      "domains": [
        "Security - Network"
      ]
    }
  },
  {
    "workbookKey": "ZscalerFirewallWorkbook",
    "logoFileName": "zscaler_logo.svg",
    "description": "Gain insights into your ZIA cloud firewall logs by connecting to Microsoft Sentinel.\nThe Zscaler firewall overview workbook provides an overview and ability to drill down into all cloud firewall activity in your Zscaler instance including non-web related networking events, security events, firewall rules, and bandwidth consumption",
    "dataTypesDependencies": [
      "CommonSecurityLog"
    ],
    "dataConnectorsDependencies": [
      "CefAma"
    ],
    "previewImagesFileNames": [
      "ZscalerFirewallWhite1.png",
      "ZscalerFirewallBlack1.png",
      "ZscalerFirewallWhite2.png",
      "ZscalerFirewallBlack2.png"
    ],
    "version": "1.1.0",
    "title": "Zscaler Firewall",
    "templateRelativePath": "ZscalerFirewall.json",
    "subtitle": "",
    "provider": "Zscaler"
  },
  {
    "workbookKey": "ZscalerWebOverviewWorkbook",
    "logoFileName": "zscaler_logo.svg",
    "description": "Gain insights into your ZIA web logs by connecting to Microsoft Sentinel.\nThe Zscaler web overview workbook provides a bird's eye view and ability to drill down into all the security and networking events related to web transactions, types of devices, and bandwidth consumption.",
    "dataTypesDependencies": [
      "CommonSecurityLog"
    ],
    "dataConnectorsDependencies": [
      "CefAma"
    ],
    "previewImagesFileNames": [
      "ZscalerWebOverviewWhite.png",
      "ZscalerWebOverviewBlack.png"
    ],
    "version": "1.1.0",
    "title": "Zscaler Web Overview",
    "templateRelativePath": "ZscalerWebOverview.json",
    "subtitle": "",
    "provider": "Zscaler"
  },
  {
    "workbookKey": "ZscalerThreatsOverviewWorkbook",
    "logoFileName": "zscaler_logo.svg",
    "description": "Gain insights into threats blocked by Zscaler Internet access on your network.\nThe Zscaler threat overview workbook shows your entire threat landscape including blocked malware, IPS/AV rules, and blocked cloud apps. Threats are displayed by threat categories, filetypes, inbound vs outbound threats, usernames, user location, and more.",
    "dataTypesDependencies": [
      "CommonSecurityLog"
    ],
    "dataConnectorsDependencies": [
      "CefAma"
    ],
    "previewImagesFileNames": [
      "ZscalerThreatsWhite.png",
      "ZscalerThreatsBlack.png"
    ],
    "version": "1.2.0",
    "title": "Zscaler Threats",
    "templateRelativePath": "ZscalerThreats.json",
    "subtitle": "",
    "provider": "Zscaler"
  },
  {
    "workbookKey": "ZscalerOffice365AppsWorkbook",
    "logoFileName": "zscaler_logo.svg",
    "description": "Gain insights into Office 365 use on your network.\nThe Zscaler Office 365 overview workbook shows you the Microsoft apps running on your network and their individual bandwidth consumption. It also helps identify phishing attempts in which attackers disguised themselves as Microsoft services.",
    "dataTypesDependencies": [
      "CommonSecurityLog"
    ],
    "dataConnectorsDependencies": [
      "CefAma"
    ],
    "previewImagesFileNames": [
      "ZscalerOffice365White.png",
      "ZscalerOffice365Black.png"
    ],
    "version": "1.1.0",
    "title": "Zscaler Office365 Apps",
    "templateRelativePath": "ZscalerOffice365Apps.json",
    "subtitle": "",
    "provider": "Zscaler"
  },
  {
    "workbookKey": "InsecureProtocolsWorkbook",
    "logoFileName": "Microsoft_logo.svg",
    "description": "Gain insights into insecure protocol traffic by collecting and analyzing security events from Microsoft products.\nYou can view analytics and quickly identify use of weak authentication as well as sources of legacy protocol traffic, like NTLM and SMBv1.\nYou will also have the ability to monitor use of weak ciphers, allowing you to find weak spots in your organization's security.",
    "dataTypesDependencies": [
      "SecurityEvent",
      "Event",
      "SigninLogs"
    ],
    "dataConnectorsDependencies": [
      "SecurityEvents",
      "AzureActiveDirectory",
      "WindowsSecurityEvents"
    ],
    "previewImagesFileNames": [
      "InsecureProtocolsWhite1.png",
      "InsecureProtocolsBlack1.png",
      "InsecureProtocolsWhite2.png",
      "InsecureProtocolsBlack2.png"
    ],
    "version": "2.1.0",
    "title": "Insecure Protocols",
    "templateRelativePath": "InsecureProtocols.json",
    "subtitle": "",
    "provider": "Microsoft",
    "support": {
      "tier": "Microsoft"
    },
    "author": {
      "name": "Microsoft Corporation"
    },
    "source": {
      "kind": "Community"
    },
    "categories": {
      "domains": [
        "Security - Others"
      ]
    }
  },
  {
    "workbookKey": "SummaryRulesWorkbook",
    "logoFileName": "ucasemapper.svg",
    "description": "The Summary Rules workbook provides a comprehensive analysis of the Summary Rules configured in Microsoft Sentinel. It enables users to monitor rule execution, evaluate performance, and assess overall efficiency. By offering insights into rule behavior and effectiveness, this workbook supports optimization of threat detection strategies and helps ensure that security operations are both responsive and resource-efficient. This workbook is designed to provide insights into the Summary Rules configured in Microsoft Sentinel.",
    "previewImagesFileNames": [
      "SummaryRulesWhite1.png",
      "SummaryRulesWhite2.png",
      "SummaryRulesBlack1.png",
      "SummaryRulesBlack2.png"
    ],
    "version": "1.0.0",
    "title": "Summary Rules Workbook",
    "templateRelativePath": "SummaryRulesWorkbook.json",
    "dataTypesDependencies": [],
    "dataConnectorsDependencies": [],
    "subtitle": "",
    "provider": "Microsoft Sentinel community",
    "support": {
      "tier": "Community"
    },
    "author": {
      "name": "Microsoft Sentinel Community"
    },
    "source": {
      "kind": "Community"
    },
    "categories": {
      "domains": [
        "Security - Cloud Security"
      ]
    }
  },
  {
    "workbookKey": "usecasemapper",
    "logoFileName": "ucasemapper.svg",
    "description": "A simple tool to map Use Cases to Content Hub relevant Microsoft Sentinel solutions",
    "previewImagesFileNames": [
      "useCaseMapperWhite1.png",
      "useCaseMapperWhite2.png",
      "useCaseMapperWhite3.png",
      "useCaseMapperBlack1.png",
      "useCaseMapperBlack2.png",
      "useCaseMapperBlack3.png"
    ],
    "version": "1.0.0",
    "title": "Use Case Mapper",
    "templateRelativePath": "usecasemapper.json",
    "dataTypesDependencies": [],
    "dataConnectorsDependencies": [],
    "subtitle": "",
    "provider": "Microsoft Sentinel community",
    "support": {
      "tier": "Community"
    },
    "author": {
      "name": "Microsoft Sentinel Community"
    },
    "source": {
      "kind": "Community"
    },
    "categories": {
      "domains": [
        "Security - Cloud Security"
      ]
    }
  },
  {
    "workbookKey": "AmazonWebServicesNetworkActivitiesWorkbook",
    "logoFileName": "amazon_web_services_Logo.svg",
    "description": "Gain insights into AWS network related resource activities, including the creation, update, and deletions of security groups, network ACLs and routes, gateways, elastic load balancers, VPCs, subnets, and network interfaces.",
    "dataTypesDependencies": [
      "AWSCloudTrail"
    ],
    "dataConnectorsDependencies": [
      "AWS"
    ],
    "previewImagesFileNames": [
      "AwsNetworkActivitiesWhite.png",
      "AwsNetworkActivitiesBlack.png"
    ],
    "version": "1.0.0",
    "title": "AWS Network Activities",
    "templateRelativePath": "AmazonWebServicesNetworkActivities.json",
    "subtitle": "",
    "provider": "Microsoft"
  },
  {
    "workbookKey": "AmazonWebServicesUserActivitiesWorkbook",
    "logoFileName": "amazon_web_services_Logo.svg",
    "description": "Gain insights into AWS user activities, including failed sign-in attempts, IP addresses, regions, user agents, and identity types, as well as potential malicious user activities with assumed roles.",
    "dataTypesDependencies": [
      "AWSCloudTrail"
    ],
    "dataConnectorsDependencies": [
      "AWS"
    ],
    "previewImagesFileNames": [
      "AwsUserActivitiesWhite.png",
      "AwsUserActivitiesBlack.png"
    ],
    "version": "1.0.0",
    "title": "AWS User Activities",
    "templateRelativePath": "AmazonWebServicesUserActivities.json",
    "subtitle": "",
    "provider": "Microsoft"
  },
  {
    "workbookKey": "TrendMicroDeepSecurityAttackActivityWorkbook",
    "logoFileName": "trendmicro_logo.svg",
    "description": "Visualize and gain insights into the MITRE ATT&CK related activity detected by Trend Micro Deep Security.",
    "dataTypesDependencies": [
      "CommonSecurityLog"
    ],
    "dataConnectorsDependencies": [
      "CefAma"
    ],
    "previewImagesFileNames": [
      "TrendMicroDeepSecurityAttackActivityWhite.png",
      "TrendMicroDeepSecurityAttackActivityBlack.png"
    ],
    "version": "1.0.0",
    "title": "Trend Micro Deep Security ATT&CK Related Activity",
    "templateRelativePath": "TrendMicroDeepSecurityAttackActivity.json",
    "subtitle": "",
    "provider": "Trend Micro"
  },
  {
    "workbookKey": "TrendMicroDeepSecurityOverviewWorkbook",
    "logoFileName": "trendmicro_logo.svg",
    "description": "Gain insights into your Trend Micro Deep Security security event data by visualizing your Deep Security Anti-Malware, Firewall, Integrity Monitoring, Intrusion Prevention, Log Inspection, and Web Reputation event data.",
    "dataTypesDependencies": [
      "CommonSecurityLog"
    ],
    "dataConnectorsDependencies": [
      "CefAma"
    ],
    "previewImagesFileNames": [
      "TrendMicroDeepSecurityOverviewWhite1.png",
      "TrendMicroDeepSecurityOverviewBlack1.png",
      "TrendMicroDeepSecurityOverviewWhite2.png",
      "TrendMicroDeepSecurityOverviewBlack2.png"
    ],
    "version": "1.0.0",
    "title": "Trend Micro Deep Security Events",
    "templateRelativePath": "TrendMicroDeepSecurityOverview.json",
    "subtitle": "",
    "provider": "Trend Micro"
  },
  {
    "workbookKey": "ExtraHopDetectionSummaryWorkbook",
    "logoFileName": "extrahop_logo.svg",
    "description": "Gain insights into ExtraHop Reveal(x) detections by analyzing traffic and activities.\nThis workbook provides an overview of security detections in your organization's network, including high-risk detections and top participants.",
    "dataTypesDependencies": [
      "CommonSecurityLog"
    ],
    "dataConnectorsDependencies": [
      "ExtraHopNetworks",
      "ExtraHopNetworksAma",
      "CefAma"
    ],
    "previewImagesFileNames": [
      "ExtrahopWhite.png",
      "ExtrahopBlack.png"
    ],
    "version": "1.0.0",
    "title": "ExtraHop",
    "templateRelativePath": "ExtraHopDetectionSummary.json",
    "subtitle": "",
    "provider": "ExtraHop Networks"
  },
  {
    "workbookKey": "BarracudaCloudFirewallWorkbook",
    "logoFileName": "barracuda_logo.svg",
    "description": "Gain insights into your Barracuda CloudGen Firewall by analyzing firewall operations and events.\nThis workbook provides insights into rule enforcement, network activities, including number of connections, top users, and helps you identify applications that are popular on your network.",
    "dataTypesDependencies": [
      "CommonSecurityLog",
      "Syslog"
    ],
    "dataConnectorsDependencies": [
      "SyslogAma"
    ],
    "previewImagesFileNames": [
      "BarracudaWhite1.png",
      "BarracudaBlack1.png",
      "BarracudaWhite2.png",
      "BarracudaBlack2.png"
    ],
    "version": "1.0.0",
    "title": "Barracuda CloudGen FW",
    "templateRelativePath": "Barracuda.json",
    "subtitle": "",
    "provider": "Barracuda"
  },
  {
    "workbookKey": "CitrixWorkbook",
    "logoFileName": "citrix_logo.svg",
    "description": "Citrix Analytics for Security aggregates and correlates information across network traffic, users, files and endpoints in Citrix environments. This generates actionable insights that enable Citrix administrators and security teams to remediate user security threats through automation while optimizing IT operations. Machine learning and artificial intelligence empowers Citrix Analytics for Security to identify and take automated action to prevent data exfiltration. While delivered as a cloud service, Citrix Analytics for Security can generate insights from resources located on-premises, in the cloud, or in hybrid architectures. The Citrix Analytics Workbook further enhances the value of both your Citrix Analytics for Security and Microsoft Sentinel. The Workbook enables you to integrate data sources together, helping you gain even richer insights. It also gives Security Operations (SOC) teams the ability to correlate data from disparate logs, helping you identify and proactively remediate security risk quickly. Additionally, valuable dashboards that were unique to the Citrix Analytics for Security can now be implemented in Sentinel. You can also create new custom Workbooks that were not previously available, helping extend the value of both investments.",
    "dataTypesDependencies": [
      "CitrixAnalytics_userProfile_CL",
      "CitrixAnalytics_riskScoreChange_CL",
      "CitrixAnalytics_indicatorSummary_CL",
      "CitrixAnalytics_indicatorEventDetails_CL"
    ],
    "dataConnectorsDependencies": [
      "Citrix"
    ],
    "previewImagesFileNames": [
      "CitrixWhite.png",
      "CitrixBlack.png"
    ],
    "version": "2.1.0",
    "title": "Citrix Analytics",
    "templateRelativePath": "Citrix.json",
    "subtitle": "",
    "provider": "Citrix Systems Inc."
  },
  {
    "workbookKey": "OneIdentityWorkbook",
    "logoFileName": "oneIdentity_logo.svg",
    "description": "This simple workbook gives an overview of sessions going through your SafeGuard for Privileged Sessions device.",
    "dataTypesDependencies": [
      "CommonSecurityLog"
    ],
    "dataConnectorsDependencies": [
      "OneIdentity"
    ],
    "previewImagesFileNames": [
      "OneIdentityWhite.png",
      "OneIdentityBlack.png"
    ],
    "version": "1.0.0",
    "title": "One Identity",
    "templateRelativePath": "OneIdentity.json",
    "subtitle": "",
    "provider": "One Identity LLC.",
    "support": {
      "tier": "Community"
    },
    "author": {
      "name": "Amit Bergman"
    },
    "source": {
      "kind": "Community"
    },
    "categories": {
      "domains": [
        "Identity"
      ]
    }
  },
  {
    "workbookKey": "SecurityStatusWorkbook",
    "logoFileName": "Azure_Sentinel.svg",
    "description": "This workbook gives an overview of Security Settings for VMs and Azure Arc.",
    "dataTypesDependencies": [
      "CommonSecurityLog",
      "SecurityEvent",
      "Syslog"
    ],
    "dataConnectorsDependencies": [],
    "previewImagesFileNames": [
      "AzureSentinelSecurityStatusBlack.png",
      "AzureSentinelSecurityStatusWhite.png"
    ],
    "version": "1.3.0",
    "title": "Security Status",
    "templateRelativePath": "SecurityStatus.json",
    "subtitle": "",
    "provider": "Microsoft",
    "author": {
      "name": "Microsoft"
    },
    "support": {
      "tier": "Microsoft"
    },
    "categories": {
      "verticals": [],
      "domains": [
        "IT Operations",
        "Security - Others",
        "Compliance"
      ]
    }
  },
  {
    "workbookKey": "AzureSentinelSecurityAlertsWorkbook",
    "logoFileName": "Azure_Sentinel.svg",
    "description": "Security Alerts dashboard for alerts in your Microsoft Sentinel environment.",
    "dataTypesDependencies": [
      "SecurityAlert"
    ],
    "dataConnectorsDependencies": [],
    "previewImagesFileNames": [
      "AzureSentinelSecurityAlertsWhite.png",
      "AzureSentinelSecurityAlertsBlack.png"
    ],
    "version": "1.1.0",
    "title": "Security Alerts",
    "templateRelativePath": "AzureSentinelSecurityAlerts.json",
    "subtitle": "",
    "provider": "Microsoft"
  },
  {
    "workbookKey": "SquadraTechnologiesSecRMMWorkbook",
    "logoFileName": "SquadraTechnologiesLogo.svg",
    "description": "This workbook gives an overview of security data for removable storage activity such as USB thumb drives and USB connected mobile devices.",
    "dataTypesDependencies": [
      "secRMM_CL"
    ],
    "dataConnectorsDependencies": [
      "SquadraTechnologiesSecRMM"
    ],
    "previewImagesFileNames": [
      "SquadraTechnologiesSecRMMWhite.PNG",
      "SquadraTechnologiesSecRMMBlack.PNG"
    ],
    "version": "3.0.0",
    "title": "Squadra Technologies SecRMM - USB removable storage security",
    "templateRelativePath": "AzureSentinelWorkbookForRemovableStorageSecurityEvents.json",
    "subtitle": "",
    "provider": "Squadra Technologies"
  },
  {
    "workbookKey": "IoT-Alerts",
    "logoFileName": "IoTIcon.svg",
    "description": "Gain insights into your IoT data workloads from Azure IoT Hub managed deployments, monitor alerts across all your IoT Hub deployments, detect devices at risk and act upon potential threats.",
    "dataTypesDependencies": [
      "SecurityAlert"
    ],
    "dataConnectorsDependencies": [
      "IoT"
    ],
    "previewImagesFileNames": [
      "IOTBlack1.png",
      "IOTWhite1.png"
    ],
    "version": "1.2.0",
    "title": "Azure Defender for IoT Alerts",
    "templateRelativePath": "IOT_Alerts.json",
    "subtitle": "",
    "provider": "Microsoft",
    "support": {
      "tier": "Community"
    },
    "author": {
      "name": "morshabi"
    },
    "source": {
      "kind": "Community"
    },
    "categories": {
      "domains": [
        "Internet of Things (IoT)"
      ]
    }
  },
  {
    "workbookKey": "IoTAssetDiscovery",
    "logoFileName": "IoTIcon.svg",
    "description": "IoT Devices asset discovery from Firewall logs By Azure Defender for IoT",
    "dataTypesDependencies": [
      "CommonSecurityLog"
    ],
    "dataConnectorsDependencies": [
      "CefAma"
    ],
    "previewImagesFileNames": [
      "workbook-iotassetdiscovery-screenshot-Black.PNG",
      "workbook-iotassetdiscovery-screenshot-White.PNG"
    ],
    "version": "1.0.0",
    "title": "IoT Asset Discovery",
    "templateRelativePath": "IoTAssetDiscovery.json",
    "subtitle": "",
    "provider": "Microsoft",
    "support": {
      "tier": "Community"
    },
    "author": {
      "name": "jomeczyk"
    },
    "source": {
      "kind": "Community"
    },
    "categories": {
      "domains": [
        "Internet of Things (IoT)"
      ]
    }
  },
  {
    "workbookKey": "ForcepointCASBWorkbook",
    "logoFileName": "FP_Green_Emblem_RGB-01.svg",
    "description": "Get insights on user risk with the Forcepoint CASB (Cloud Access Security Broker) workbook.",
    "dataTypesDependencies": [
      "CommonSecurityLog"
    ],
    "dataConnectorsDependencies": [
      "CefAma"
    ],
    "previewImagesFileNames": [
      "ForcepointCASBWhite.png",
      "ForcepointCASBBlack.png"
    ],
    "version": "1.0.0",
    "title": "Forcepoint Cloud Access Security Broker (CASB)",
    "templateRelativePath": "ForcepointCASB.json",
    "subtitle": "",
    "provider": "Forcepoint"
  },
  {
    "workbookKey": "ForcepointNGFWWorkbook",
    "logoFileName": "FP_Green_Emblem_RGB-01.svg",
    "description": "Get insights on firewall activities with the Forcepoint NGFW (Next Generation Firewall) workbook.",
    "dataTypesDependencies": [
      "CommonSecurityLog"
    ],
    "dataConnectorsDependencies": [
      "CefAma"
    ],
    "previewImagesFileNames": [
      "ForcepointNGFWWhite.png",
      "ForcepointNGFWBlack.png"
    ],
    "version": "1.0.0",
    "title": "Forcepoint Next Generation Firewall (NGFW)",
    "templateRelativePath": "ForcepointNGFW.json",
    "subtitle": "",
    "provider": "Forcepoint"
  },
  {
    "workbookKey": "ForcepointDLPWorkbook",
    "logoFileName": "FP_Green_Emblem_RGB-01.svg",
    "description": "Get insights on DLP incidents with the Forcepoint DLP (Data Loss Prevention) workbook.",
    "dataTypesDependencies": [
      "ForcepointDLPEvents_CL"
    ],
    "dataConnectorsDependencies": [
      "ForcepointDlp"
    ],
    "previewImagesFileNames": [
      "ForcepointDLPWhite.png",
      "ForcepointDLPBlack.png"
    ],
    "version": "1.0.0",
    "title": "Forcepoint Data Loss Prevention (DLP)",
    "templateRelativePath": "ForcepointDLP.json",
    "subtitle": "",
    "provider": "Forcepoint"
  },
  {
    "workbookKey": "ZimperiumMTDWorkbook",
    "logoFileName": "ZIMPERIUM-logo_square2.svg",
    "description": "This workbook provides insights on Zimperium Mobile Threat Defense (MTD) threats and mitigations.",
    "dataTypesDependencies": [
      "ZimperiumThreatLog_CL",
      "ZimperiumMitigationLog_CL"
    ],
    "dataConnectorsDependencies": [
      "ZimperiumMtdAlerts"
    ],
    "previewImagesFileNames": [
      "ZimperiumWhite.png",
      "ZimperiumBlack.png"
    ],
    "version": "1.0.0",
    "title": "Zimperium Mobile Threat Defense (MTD)",
    "templateRelativePath": "ZimperiumWorkbooks.json",
    "subtitle": "",
    "provider": "Zimperium"
  },
  {
    "workbookKey": "AzureAuditActivityAndSigninWorkbook",
    "logoFileName": "azureactivedirectory_logo.svg",
    "description": "Gain insights into Microsoft Entra ID Audit, Activity and Signins with one workbook. This workbook can be used by Security and Azure administrators.",
    "dataTypesDependencies": [
      "AzureActivity",
      "AuditLogs",
      "SigninLogs"
    ],
    "dataConnectorsDependencies": [
      "AzureActiveDirectory"
    ],
    "previewImagesFileNames": [
      "AzureAuditActivityAndSigninWhite1.png",
      "AzureAuditActivityAndSigninWhite2.png",
      "AzureAuditActivityAndSigninBlack1.png",
      "AzureAuditActivityAndSigninBlack2.png"
    ],
    "version": "1.3.0",
    "title": "Azure AD Audit, Activity and Sign-in logs",
    "templateRelativePath": "AzureAuditActivityAndSignin.json",
    "subtitle": "",
    "provider": "Microsoft Sentinel community",
    "support": {
      "tier": "Community"
    },
    "author": {
      "name": "Sem Tijsseling"
    },
    "source": {
      "kind": "Community"
    },
    "categories": {
      "domains": [
        "Identity"
      ]
    }
  },
  {
    "workbookKey": "WindowsFirewall",
    "logoFileName": "Microsoft_logo.svg",
    "description": "Gain insights into Windows Firewall logs in combination with security and Azure signin logs",
    "dataTypesDependencies": [
      "WindowsFirewall",
      "SecurityEvent",
      "SigninLogs"
    ],
    "dataConnectorsDependencies": [
      "SecurityEvents",
      "WindowsFirewall",
      "WindowsSecurityEvents"
    ],
    "previewImagesFileNames": [
      "WindowsFirewallWhite1.png",
      "WindowsFirewallWhite2.png",
      "WindowsFirewallBlack1.png",
      "WindowsFirewallBlack2.png"
    ],
    "version": "1.0.0",
    "title": "Windows Firewall",
    "templateRelativePath": "WindowsFirewall.json",
    "subtitle": "",
    "provider": "Microsoft Sentinel community"
  },
  {
    "workbookKey": "EventAnalyzerwWorkbook",
    "logoFileName": "Azure_Sentinel.svg",
    "description": "The Event Analyzer workbook allows to explore, audit and speed up analysis of Windows Event Logs, including all event details and attributes, such as security, application, system, setup, directory service, DNS and others.",
    "dataTypesDependencies": [
      "SecurityEvent"
    ],
    "dataConnectorsDependencies": [
      "SecurityEvents",
      "WindowsSecurityEvents"
    ],
    "previewImagesFileNames": [
      "EventAnalyzer-Workbook-White.png",
      "EventAnalyzer-Workbook-Black.png"
    ],
    "version": "1.0.0",
    "title": "Event Analyzer",
    "templateRelativePath": "EventAnalyzer.json",
    "subtitle": "",
    "provider": "Microsoft Sentinel community"
  },
  {
    "workbookKey": "ASC-ComplianceandProtection",
    "logoFileName": "Azure_Sentinel.svg",
    "description": "Gain insight into regulatory compliance, alert trends, security posture, and more with this workbook based on Azure Security Center data.",
    "dataTypesDependencies": [
      "SecurityAlert",
      "ProtectionStatus",
      "SecurityRecommendation",
      "SecurityBaseline",
      "SecurityBaselineSummary",
      "Update",
      "ConfigurationChange"
    ],
    "dataConnectorsDependencies": [
      "AzureSecurityCenter"
    ],
    "previewImagesFileNames": [
      "ASCCaPBlack.png",
      "ASCCaPWhite.png"
    ],
    "version": "1.2.0",
    "title": "ASC Compliance and Protection",
    "templateRelativePath": "ASC-ComplianceandProtection.json",
    "subtitle": "",
    "provider": "Microsoft Sentinel community",
    "support": {
      "tier": "Community"
    },
    "author": {
      "name": "Matt Lowe"
    },
    "source": {
      "kind": "Community"
    },
    "categories": {
      "domains": [
        "Security - Cloud Security"
      ]
    }
  },
  {
    "workbookKey": "AIVectraDetectWorkbook",
    "logoFileName": "AIVectraDetect.svg",
    "description": "Start investigating network attacks surfaced by Vectra Detect directly from Sentinel. View critical hosts, accounts, campaigns and detections. Also monitor Vectra system health and audit logs.",
    "dataTypesDependencies": [
      "CommonSecurityLog"
    ],
    "dataConnectorsDependencies": [
      "CefAma"
    ],
    "previewImagesFileNames": [
      "AIVectraDetectWhite1.png",
      "AIVectraDetectBlack1.png"
    ],
    "version": "1.1.1",
    "title": "Vectra AI Detect",
    "templateRelativePath": "AIVectraDetectWorkbook.json",
    "subtitle": "",
    "provider": "Vectra AI"
  },
  {
    "workbookKey": "Perimeter81OverviewWorkbook",
    "logoFileName": "Perimeter81_Logo.svg",
    "description": "Gain insights and comprehensive monitoring into your Perimeter 81 account by analyzing activities.",
    "dataTypesDependencies": [
      "Perimeter81_CL"
    ],
    "dataConnectorsDependencies": [
      "Perimeter81ActivityLogs"
    ],
    "previewImagesFileNames": [
      "Perimeter81OverviewWhite1.png",
      "Perimeter81OverviewBlack1.png",
      "Perimeter81OverviewWhite2.png",
      "Perimeter81OverviewBlack2.png"
    ],
    "version": "1.0.0",
    "title": "Perimeter 81 Overview",
    "templateRelativePath": "Perimeter81OverviewWorkbook.json",
    "subtitle": "",
    "provider": "Perimeter 81"
  },
  {
    "workbookKey": "SymantecProxySGWorkbook",
    "logoFileName": "symantec_logo.svg",
    "description": "Gain insight into Symantec ProxySG by analyzing, collecting and correlating proxy data.\nThis workbook provides visibility into ProxySG Access logs",
    "dataTypesDependencies": [
      "Syslog"
    ],
    "dataConnectorsDependencies": [
      "SyslogAma"
    ],
    "previewImagesFileNames": [
      "SymantecProxySGWhite.png",
      "SymantecProxySGBlack.png"
    ],
    "version": "1.0.0",
    "title": "Symantec ProxySG",
    "templateRelativePath": "SymantecProxySG.json",
    "subtitle": "",
    "provider": "Symantec"
  },
  {
    "workbookKey": "IllusiveASMWorkbook",
    "logoFileName": "illusive_logo_workbook.svg",
    "description": "Gain insights into your organization's Cyber Hygiene and Attack Surface risk.\nIllusive ASM automates discovery and clean-up of credential violations, allows drill-down inspection of pathways to critical assets, and provides risk insights that inform intelligent decision-making to reduce attacker mobility.",
    "dataTypesDependencies": [
      "CommonSecurityLog"
    ],
    "dataConnectorsDependencies": [
      "illusiveAttackManagementSystem",
      "illusiveAttackManagementSystemAma",
      "CefAma"
    ],
    "previewImagesFileNames": [
      "IllusiveASMWhite.png",
      "IllusiveASMBlack.png"
    ],
    "version": "1.0.0",
    "title": "Illusive ASM Dashboard",
    "templateRelativePath": "IllusiveASM.json",
    "subtitle": "",
    "provider": "Illusive"
  },
  {
    "workbookKey": "IllusiveADSWorkbook",
    "logoFileName": "illusive_logo_workbook.svg",
    "description": "Gain insights into unauthorized lateral movement in your organization's network.\nIllusive ADS is designed to paralyzes attackers and eradicates in-network threats by creating a hostile environment for the attackers across all the layers of the attack surface.",
    "dataTypesDependencies": [
      "CommonSecurityLog"
    ],
    "dataConnectorsDependencies": [
      "illusiveAttackManagementSystem",
      "illusiveAttackManagementSystemAma",
      "CefAma"
    ],
    "previewImagesFileNames": [
      "IllusiveADSWhite.png",
      "IllusiveADSBlack.png"
    ],
    "version": "1.0.0",
    "title": "Illusive ADS Dashboard",
    "templateRelativePath": "IllusiveADS.json",
    "subtitle": "",
    "provider": "Illusive"
  },
  {
    "workbookKey": "PulseConnectSecureWorkbook",
    "logoFileName": "Azure_Sentinel.svg",
    "description": "Gain insight into Pulse Secure VPN by analyzing, collecting and correlating vulnerability data.\nThis workbook provides visibility into user VPN activities",
    "dataTypesDependencies": [
      "Syslog"
    ],
    "dataConnectorsDependencies": [
      "SyslogAma"
    ],
    "previewImagesFileNames": [
      "PulseConnectSecureWhite.png",
      "PulseConnectSecureBlack.png"
    ],
    "version": "1.0.0",
    "title": "Pulse Connect Secure",
    "templateRelativePath": "PulseConnectSecure.json",
    "subtitle": "",
    "provider": "Pulse Secure"
  },
  {
    "workbookKey": "InfobloxNIOSWorkbook",
    "logoFileName": "infoblox_logo.svg",
    "description": "Gain insight into Infoblox NIOS by analyzing, collecting and correlating DHCP and DNS data.\nThis workbook provides visibility into DHCP and DNS traffic",
    "dataTypesDependencies": [
      "Syslog"
    ],
    "dataConnectorsDependencies": [
      "SyslogAma"
    ],
    "previewImagesFileNames": [
      "InfobloxNIOSWhite.png",
      "InfobloxNIOSBlack.png"
    ],
    "version": "1.1.0",
    "title": "Infoblox NIOS",
    "templateRelativePath": "Infoblox-Workbook-V2.json",
    "subtitle": "",
    "provider": "Infoblox"
  },
  {
    "workbookKey": "SymantecVIPWorkbook",
    "logoFileName": "symantec_logo.svg",
    "description": "Gain insight into Symantec VIP by analyzing, collecting and correlating strong authentication data.\nThis workbook provides visibility into user authentications",
    "dataTypesDependencies": [
      "Syslog"
    ],
    "dataConnectorsDependencies": [
      "SyslogAma"
    ],
    "previewImagesFileNames": [
      "SymantecVIPWhite.png",
      "SymantecVIPBlack.png"
    ],
    "version": "1.0.0",
    "title": "Symantec VIP",
    "templateRelativePath": "SymantecVIP.json",
    "subtitle": "",
    "provider": "Symantec"
  },
  {
    "workbookKey": "ProofPointTAPWorkbook",
    "logoFileName": "proofpointlogo.svg",
    "description": "Gain extensive insight into Proofpoint Targeted Attack Protection (TAP) by analyzing, collecting and correlating TAP log events.\nThis workbook provides visibility into message and click events that were permitted, delivered, or blocked",
    "dataTypesDependencies": [
      "ProofPointTAPMessagesBlocked_CL",
      "ProofPointTAPMessagesDelivered_CL",
      "ProofPointTAPClicksPermitted_CL",
      "ProofPointTAPClicksBlocked_CL"
    ],
    "dataConnectorsDependencies": [
      "ProofpointTAPv2"
    ],
    "previewImagesFileNames": [
      "ProofpointTAPWhite.png",
      "ProofpointTAPBlack.png"
    ],
    "version": "1.0.0",
    "title": "Proofpoint TAP",
    "templateRelativePath": "ProofpointTAP.json",
    "subtitle": "",
    "provider": "Proofpoint"
  },
  {
    "workbookKey": "QualysVMWorkbook",
    "logoFileName": "qualys_logo.svg",
    "description": "Gain insight into Qualys Vulnerability Management by analyzing, collecting and correlating vulnerability data.\nThis workbook provides visibility into vulnerabilities detected from vulnerability scans",
    "dataTypesDependencies": [
      "QualysHostDetectionV3_CL"
    ],
    "dataConnectorsDependencies": [
      "QualysVMLogsCCPDefinition"
    ],
    "previewImagesFileNames": [
      "QualysVMWhite.png",
      "QualysVMBlack.png"
    ],
    "version": "1.0.1",
    "title": "Qualys Vulnerability Management",
    "templateRelativePath": "QualysVM.json",
    "subtitle": "",
    "provider": "Qualys"
  },
  {
    "workbookKey": "QualysVMV2Workbook",
    "logoFileName": "qualys_logo.svg",
    "description": "Gain insight into Qualys Vulnerability Management by analyzing, collecting and correlating vulnerability data.\nThis workbook provides visibility into vulnerabilities detected from vulnerability scans",
    "dataTypesDependencies": [
      "QualysHostDetectionV3_CL"
    ],
    "dataConnectorsDependencies": [
      "QualysVMLogsCCPDefinition"
    ],
    "previewImagesFileNames": [
      "QualysVMWhite.png",
      "QualysVMBlack.png"
    ],
    "version": "1.0.1",
    "title": "Qualys Vulnerability Management",
    "templateRelativePath": "QualysVMv2.json",
    "subtitle": "",
    "provider": "Qualys"
  },
  {
    "workbookKey": "QscoutWorkbook",
    "logoFileName": "quokka_logo.svg",
    "description": "Gain insights into your organization's mobile apps security using Qscout through analysis findings.",
    "dataTypesDependencies": [
      "QscoutAppEvents_CL"
    ],
    "dataConnectorsDependencies": [
      "QscoutAppEventsCCFDefinition"
    ],
    "previewImagesFileNames": [
      "QscoutDashboardsWhite.png",
      "QscoutDashboardsBlack.png"
    ],
    "version": "1.0.0",
    "title": "Qscout Dashboards",
    "templateRelativePath": "QscoutDashboards.json",
    "subtitle": "",
    "provider": "Quokka"
  },
  {
    "workbookKey": "GitHubSecurity",
    "logoFileName": "GitHub.svg",
    "description": "Gain insights to GitHub activities that may be interesting for security.",
    "dataTypesDependencies": [
      "Github_CL",
      "GitHubRepoLogs_CL"
    ],
    "dataConnectorsDependencies": [],
    "previewImagesFileNames": [
      "GitHubSecurityWhite.png",
      "GitHubSecurityBlack.png"
    ],
    "version": "1.0.0",
    "title": "GitHub Security",
    "templateRelativePath": "GitHubSecurityWorkbook.json",
    "subtitle": "",
    "provider": "Microsoft Sentinel community"
  },
  {
    "workbookKey": "VisualizationDemo",
    "logoFileName": "Azure_Sentinel.svg",
    "description": "Learn and explore the many ways of displaying information within Microsoft Sentinel workbooks",
    "dataTypesDependencies": [
      "SecurityAlert"
    ],
    "dataConnectorsDependencies": [],
    "previewImagesFileNames": [
      "VisualizationDemoBlack.png",
      "VisualizationDemoWhite.png"
    ],
    "version": "1.0.0",
    "title": "Visualizations Demo",
    "templateRelativePath": "VisualizationDemo.json",
    "subtitle": "",
    "provider": "Microsoft Sentinel Community",
    "support": {
      "tier": "Community"
    },
    "author": {
      "name": "Matt Lowe"
    },
    "source": {
      "kind": "Community"
    },
    "categories": {
      "domains": [
        "Platform"
      ]
    }
  },
  {
    "workbookKey": "SophosXGFirewallWorkbook",
    "logoFileName": "sophos_logo.svg",
    "description": "Gain insight into Sophos XG Firewall by analyzing, collecting and correlating firewall data.\nThis workbook provides visibility into network traffic",
    "dataTypesDependencies": [
      "Syslog"
    ],
    "dataConnectorsDependencies": [
      "SyslogAma"
    ],
    "previewImagesFileNames": [
      "SophosXGFirewallWhite.png",
      "SophosXGFirewallBlack.png"
    ],
    "version": "1.0.0",
    "title": "Sophos XG Firewall",
    "templateRelativePath": "SophosXGFirewall.json",
    "subtitle": "",
    "provider": "Sophos"
  },
  {
    "workbookKey": "SysmonThreatHuntingWorkbook",
    "logoFileName": "sysmonthreathunting_logo.svg",
    "description": "Simplify your threat hunts using Sysmon data mapped to MITRE ATT&CK data. This workbook gives you the ability to drilldown into system activity based on known ATT&CK techniques as well as other threat hunting entry points such as user activity, network connections or virtual machine Sysmon events.\nPlease note that for this workbook to work you must have deployed Sysmon on your virtual machines in line with the instructions at https://github.com/BlueTeamLabs/sentinel-attack/wiki/Onboarding-sysmon-data-to-Azure-Sentinel",
    "dataTypesDependencies": [
      "Event"
    ],
    "dataConnectorsDependencies": [],
    "previewImagesFileNames": [
      "SysmonThreatHuntingWhite1.png",
      "SysmonThreatHuntingBlack1.png"
    ],
    "version": "1.4.0",
    "title": "Sysmon Threat Hunting",
    "templateRelativePath": "SysmonThreatHunting.json",
    "subtitle": "",
    "provider": "Microsoft Sentinel community",
    "support": {
      "tier": "Community"
    },
    "author": {
      "name": "Edoardo Gerosa"
    },
    "source": {
      "kind": "Community"
    },
    "categories": {
      "domains": [
        "Security - Threat Protection",
        "Application"
      ]
    }
  },
  {
    "workbookKey": "WebApplicationFirewallWAFTypeEventsWorkbook",
    "logoFileName": "webapplicationfirewall(WAF)_logo.svg",
    "description": "Gain insights into your organization's Azure web application firewall (WAF) across various services such as Azure Front Door Service and Application Gateway. You can view event triggers, full messages, attacks over time, among other data. Several aspects of the workbook are interactable to allow users to further understand their data",
    "dataTypesDependencies": [
      "AzureDiagnostics"
    ],
    "dataConnectorsDependencies": [
      "WAF"
    ],
    "previewImagesFileNames": [
      "WAFFirewallWAFTypeEventsBlack1.PNG",
      "WAFFirewallWAFTypeEventsBlack2.PNG",
      "WAFFirewallWAFTypeEventsBlack3.PNG",
      "WAFFirewallWAFTypeEventsBlack4.PNG",
      "WAFFirewallWAFTypeEventsWhite1.png",
      "WAFFirewallWAFTypeEventsWhite2.PNG",
      "WAFFirewallWAFTypeEventsWhite3.PNG",
      "WAFFirewallWAFTypeEventsWhite4.PNG"
    ],
    "version": "1.1.0",
    "title": "Microsoft Web Application Firewall (WAF) - Azure WAF",
    "templateRelativePath": "WebApplicationFirewallWAFTypeEvents.json",
    "subtitle": "",
    "provider": "Microsoft"
  },
  {
    "workbookKey": "OrcaAlertsOverviewWorkbook",
    "logoFileName": "Orca_logo.svg",
    "description": "A visualized overview of Orca security alerts.\nExplore, analize and learn about your security posture using Orca alerts Overview",
    "dataTypesDependencies": [
      "OrcaAlerts_CL"
    ],
    "dataConnectorsDependencies": [
      "OrcaSecurityAlerts"
    ],
    "previewImagesFileNames": [
      "OrcaAlertsWhite.png",
      "OrcaAlertsBlack.png"
    ],
    "version": "1.1.0",
    "title": "Orca alerts overview",
    "templateRelativePath": "OrcaAlerts.json",
    "subtitle": "",
    "provider": "Orca Security"
  },
  {
    "workbookKey": "CyberArkWorkbook",
    "logoFileName": "CyberArk_Logo.svg",
    "description": "The CyberArk Syslog connector allows you to easily connect all your CyberArk security solution logs with your Microsoft Sentinel, to view dashboards, create custom alerts, and improve investigation. Integration between CyberArk and Microsoft Sentinel makes use of the CEF Data Connector to properly parse and display CyberArk Syslog messages.",
    "dataTypesDependencies": [
      "CommonSecurityLog"
    ],
    "dataConnectorsDependencies": [
      "CefAma"
    ],
    "previewImagesFileNames": [
      "CyberArkActivitiesWhite.PNG",
      "CyberArkActivitiesBlack.PNG"
    ],
    "version": "1.1.0",
    "title": "CyberArk EPV Events",
    "templateRelativePath": "CyberArkEPV.json",
    "subtitle": "",
    "provider": "CyberArk"
  },
  {
    "workbookKey": "UserEntityBehaviorAnalyticsWorkbook",
    "logoFileName": "Azure_Sentinel.svg",
    "description": "Identify compromised users and insider threats using User and Entity Behavior Analytics. Gain insights into anomalous user behavior from baselines learned from behavior patterns",
    "dataTypesDependencies": [
      "Anomalies"
    ],
    "dataConnectorsDependencies": [],
    "previewImagesFileNames": [
      "UserEntityBehaviorAnalyticsBlack2.png",
      "UserEntityBehaviorAnalyticsWhite2.png"
    ],
    "version": "2.0",
    "title": "User And Entity Behavior Analytics",
    "templateRelativePath": "UserEntityBehaviorAnalytics.json",
    "subtitle": "",
    "provider": "Microsoft",
    "support": {
      "tier": "Microsoft"
    },
    "author": {
      "name": "Microsoft Corporation"
    },
    "source": {
      "kind": "Community"
    },
    "categories": {
      "domains": [
        "User Behavior (UEBA)"
      ]
    }
  },
  {
    "workbookKey": "CitrixWAF",
    "logoFileName": "citrix_logo.svg",
    "description": "Gain insight into the Citrix WAF logs",
    "dataTypesDependencies": [
      "CommonSecurityLog"
    ],
    "dataConnectorsDependencies": [
      "CefAma"
    ],
    "previewImagesFileNames": [
      "CitrixWAFBlack.png",
      "CitrixWAFWhite.png"
    ],
    "version": "1.0.0",
    "title": "Citrix WAF (Web App Firewall)",
    "templateRelativePath": "CitrixWAF.json",
    "subtitle": "",
    "provider": "Citrix Systems Inc."
  },
  {
    "workbookKey": "UnifiSGWorkbook",
    "logoFileName": "Azure_Sentinel.svg",
    "description": "Gain insights into Unifi Security Gateways analyzing traffic and activities.",
    "dataTypesDependencies": [
      "CommonSecurityLog"
    ],
    "dataConnectorsDependencies": [],
    "previewImagesFileNames": [
      "UnifiSGBlack.png",
      "UnifiSGWhite.png"
    ],
    "version": "1.0.0",
    "title": "Unifi Security Gateway",
    "templateRelativePath": "UnifiSG.json",
    "subtitle": "",
    "provider": "Microsoft Sentinel community",
    "support": {
      "tier": "Community"
    },
    "author": {
      "name": "SecurityJedi"
    },
    "source": {
      "kind": "Community"
    },
    "categories": {
      "domains": [
        "Security - Network"
      ]
    }
  },
  {
    "workbookKey": "UnifiSGNetflowWorkbook",
    "logoFileName": "Azure_Sentinel.svg",
    "description": "Gain insights into Unifi Security Gateways analyzing traffic and activities using Netflow.",
    "dataTypesDependencies": [
      "netflow_CL"
    ],
    "dataConnectorsDependencies": [],
    "previewImagesFileNames": [
      "UnifiSGNetflowBlack.png",
      "UnifiSGNetflowWhite.png"
    ],
    "version": "1.0.0",
    "title": "Unifi Security Gateway - NetFlow",
    "templateRelativePath": "UnifiSGNetflow.json",
    "subtitle": "",
    "provider": "Microsoft Sentinel community",
    "support": {
      "tier": "Community"
    },
    "author": {
      "name": "SecurityJedi"
    },
    "source": {
      "kind": "Community"
    },
    "categories": {
      "domains": [
        "Security - Network"
      ]
    }
  },
  {
    "workbookKey": "NormalizedNetworkEventsWorkbook",
    "logoFileName": "Azure_Sentinel.svg",
    "description": "See insights on multiple networking appliances and other network sessions, that have been parsed or mapped to the normalized networking sessions table. Note this requires enabling parsers for the different products - to learn more, visit https://aka.ms/sentinelnormalizationdocs",
    "dataTypesDependencies": [],
    "dataConnectorsDependencies": [],
    "previewImagesFileNames": [
      "NormalizedNetworkEventsWhite.png",
      "NormalizedNetworkEventsBlack.png"
    ],
    "version": "1.0.0",
    "title": "Normalized network events",
    "templateRelativePath": "NormalizedNetworkEvents.json",
    "subtitle": "",
    "provider": "Microsoft",
    "support": {
      "tier": "Community"
    },
    "author": {
      "name": "yoav fransis"
    },
    "source": {
      "kind": "Community"
    },
    "categories": {
      "domains": [
        "Networking"
      ]
    }
  },
  {
    "workbookKey": "WorkspaceAuditingWorkbook",
    "logoFileName": "Azure_Sentinel.svg",
    "description": "Workspace auditing report\r\nUse this report to understand query runs across your workspace.",
    "dataTypesDependencies": [
      "LAQueryLogs"
    ],
    "dataConnectorsDependencies": [],
    "previewImagesFileNames": [
      "WorkspaceAuditingWhite.png",
      "WorkspaceAuditingBlack.png"
    ],
    "version": "1.0.0",
    "title": "Workspace audit",
    "templateRelativePath": "WorkspaceAuditing.json",
    "subtitle": "",
    "provider": "Microsoft Sentinel community",
    "support": {
      "tier": "Community"
    },
    "author": {
      "name": "Sarah Young"
    },
    "source": {
      "kind": "Community"
    },
    "categories": {
      "domains": [
        "IT Operations"
      ]
    }
  },
  {
    "workbookKey": "MITREATTACKWorkbook",
    "logoFileName": "Azure_Sentinel.svg",
    "description": "Workbook to showcase MITRE ATT&CK Coverage for Microsoft Sentinel",
    "dataTypesDependencies": [
      "SecurityAlert"
    ],
    "dataConnectorsDependencies": [],
    "previewImagesFileNames": [
      "MITREATTACKWhite1.PNG",
      "MITREATTACKWhite2.PNG",
      "MITREATTACKBlack1.PNG",
      "MITREATTACKBlack2.PNG"
    ],
    "version": "1.0.2",
    "title": "MITRE ATT&CK Workbook",
    "templateRelativePath": "MITREAttack.json",
    "subtitle": "",
    "provider": "Microsoft Sentinel community"
  },
  {
    "workbookKey": "BETTERMTDWorkbook",
    "logoFileName": "BETTER_MTD_logo.svg",
    "description": "Workbook using the BETTER Mobile Threat Defense (MTD) connector, to give insights into your mobile devices, installed application and overall device security posture.",
    "dataTypesDependencies": [
      "BetterMTDDeviceLog_CL",
      "BetterMTDAppLog_CL",
      "BetterMTDIncidentLog_CL",
      "BetterMTDNetflowLog_CL"
    ],
    "dataConnectorsDependencies": [
      "BetterMTD"
    ],
    "previewImagesFileNames": [
      "BetterMTDWorkbookPreviewWhite1.png",
      "BetterMTDWorkbookPreviewWhite2.png",
      "BetterMTDWorkbookPreviewWhite3.png",
      "BetterMTDWorkbookPreviewBlack1.png",
      "BetterMTDWorkbookPreviewBlack2.png",
      "BetterMTDWorkbookPreviewBlack3.png"
    ],
    "version": "1.1.0",
    "title": "BETTER Mobile Threat Defense (MTD)",
    "templateRelativePath": "BETTER_MTD_Workbook.json",
    "subtitle": "",
    "provider": "BETTER Mobile"
  },
  {
    "workbookKey": "BeyondTrustPMCloudWorkbook",
    "logoFileName": "BeyondTrustLogo.svg",
    "description": "Gain insights into BeyondTrust Privilege Management Cloud activity audits and client events. Monitor user activities, event types, top hosts, and security events to maintain visibility into privileged access management.",
    "dataTypesDependencies": [
      "BeyondTrustPM_ActivityAudits_CL",
      "BeyondTrustPM_ClientEvents_CL"
    ],
    "dataConnectorsDependencies": [
      "BeyondTrustPMCloud"
    ],
    "previewImagesFileNames": [
      "BeyondTrustPMCloudWhite01.png",
      "BeyondTrustPMCloudWhite02.png",
      "BeyondTrustPMCloudWhite03.png",
      "BeyondTrustPMCloudBlack01.png",
      "BeyondTrustPMCloudBlack02.png",
      "BeyondTrustPMCloudBlack03.png"
    ],
    "version": "1.0.0",
    "title": "BeyondTrust Privilege Management Cloud",
    "templateRelativePath": "BeyondTrustPMCloud.json",
    "subtitle": "",
    "provider": "BeyondTrust"
  },
  {
    "workbookKey": "AlsidIoEWorkbook",
    "logoFileName": "Alsid.svg",
    "description": "Workbook showcasing the state and evolution of your Alsid for AD Indicators of Exposures alerts.",
    "dataTypesDependencies": [
      "AlsidForADLog_CL"
    ],
    "dataConnectorsDependencies": [
      "AlsidForAD"
    ],
    "previewImagesFileNames": [
      "AlsidIoEBlack1.png",
      "AlsidIoEBlack2.png",
      "AlsidIoEBlack3.png",
      "AlsidIoEWhite1.png",
      "AlsidIoEWhite2.png",
      "AlsidIoEWhite3.png"
    ],
    "version": "1.0.0",
    "title": "Alsid for AD | Indicators of Exposure",
    "templateRelativePath": "AlsidIoE.json",
    "subtitle": "",
    "provider": "Alsid"
  },
  {
    "workbookKey": "AlsidIoAWorkbook",
    "logoFileName": "Alsid.svg",
    "description": "Workbook showcasing the state and evolution of your Alsid for AD Indicators of Attack alerts.",
    "dataTypesDependencies": [
      "AlsidForADLog_CL"
    ],
    "dataConnectorsDependencies": [
      "AlsidForAD"
    ],
    "previewImagesFileNames": [
      "AlsidIoABlack1.png",
      "AlsidIoABlack2.png",
      "AlsidIoABlack3.png",
      "AlsidIoAWhite1.png",
      "AlsidIoAWhite2.png",
      "AlsidIoAWhite3.png"
    ],
    "version": "1.0.0",
    "title": "Alsid for AD | Indicators of Attack",
    "templateRelativePath": "AlsidIoA.json",
    "subtitle": "",
    "provider": "Alsid"
  },
  {
    "workbookKey": "InvestigationInsightsWorkbook",
    "logoFileName": "Microsoft_logo.svg",
    "description": "Help analysts gain insight into incident, bookmark and entity data through the Investigation Insights Workbook. This workbook provides common queries and detailed visualizations to help an analyst investigate suspicious activities quickly with an easy to use interface. Analysts can start their investigation from a Microsoft Sentinel incident, bookmark, or by simply entering the entity data into the workbook manually.",
    "dataTypesDependencies": [
      "AuditLogs",
      "AzureActivity",
      "CommonSecurityLog",
      "OfficeActivity",
      "SecurityEvent",
      "SigninLogs",
      "ThreatIntelligenceIndicator"
    ],
    "dataConnectorsDependencies": [
      "AzureActivity",
      "SecurityEvents",
      "Office365",
      "AzureActiveDirectory",
      "ThreatIntelligence",
      "ThreatIntelligenceTaxii",
      "WindowsSecurityEvents"
    ],
    "previewImagesFileNames": [
      "InvestigationInsightsWhite1.png",
      "InvestigationInsightsBlack1.png",
      "InvestigationInsightsWhite2.png",
      "InvestigationInsightsBlack2.png"
    ],
    "version": "1.4.1",
    "title": "Investigation Insights",
    "templateRelativePath": "InvestigationInsights.json",
    "subtitle": "",
    "provider": "Microsoft Sentinel community"
  },
  {
    "workbookKey": "AksSecurityWorkbook",
    "logoFileName": "Kubernetes_services.svg",
    "description": "See insights about the security of your AKS clusters. The workbook helps to identify sensitive operations in the clusters and get insights based on Azure Defender alerts.",
    "dataTypesDependencies": [
      "SecurityAlert",
      "AzureDiagnostics"
    ],
    "dataConnectorsDependencies": [
      "AzureSecurityCenter",
      "AzureKubernetes"
    ],
    "previewImagesFileNames": [
      "AksSecurityWhite.png",
      "AksSecurityBlack.png"
    ],
    "version": "1.5.0",
    "title": "Azure Kubernetes Service (AKS) Security",
    "templateRelativePath": "AksSecurity.json",
    "subtitle": "",
    "provider": "Microsoft"
  },
  {
    "workbookKey": "AzureKeyVaultWorkbook",
    "logoFileName": "KeyVault.svg",
    "description": "See insights about the security of your Azure key vaults. The workbook helps to identify sensitive operations in the key vaults and get insights based on Azure Defender alerts.",
    "dataTypesDependencies": [
      "SecurityAlert",
      "AzureDiagnostics"
    ],
    "dataConnectorsDependencies": [
      "AzureSecurityCenter",
      "AzureKeyVault"
    ],
    "previewImagesFileNames": [
      "AkvSecurityWhite.png",
      "AkvSecurityBlack.png"
    ],
    "version": "1.1.0",
    "title": "Azure Key Vault Security",
    "templateRelativePath": "AzureKeyVaultWorkbook.json",
    "subtitle": "",
    "provider": "Microsoft"
  },
  {
    "workbookKey": "IncidentOverview",
    "logoFileName": "Azure_Sentinel.svg",
    "description": "The Incident Overview workbook is designed to assist in triaging and investigation by providing in-depth information about the incident, including:\r\n* General information\r\n* Entity data\r\n* Triage time (time between incident creation and first response)\r\n* Mitigation time (time between incident creation and closing)\r\n* Comments\r\n\r\nCustomize this workbook by saving and editing it. \r\nYou can reach this workbook template from the incidents panel as well. Once you have customized it, the link from the incident panel will open the customized workbook instead of the template.\r\n",
    "dataTypesDependencies": [
      "SecurityAlert",
      "SecurityIncident"
    ],
    "dataConnectorsDependencies": [],
    "previewImagesFileNames": [
      "IncidentOverviewBlack1.png",
      "IncidentOverviewWhite1.png",
      "IncidentOverviewBlack2.png",
      "IncidentOverviewWhite2.png"
    ],
    "version": "2.1.0",
    "title": "Incident overview",
    "templateRelativePath": "IncidentOverview.json",
    "subtitle": "",
    "provider": "Microsoft"
  },
  {
    "workbookKey": "SecurityOperationsEfficiency",
    "logoFileName": "Azure_Sentinel.svg",
    "description": "Security operations center managers can view overall efficiency metrics and measures regarding the performance of their team. They can find operations by multiple indicators over time including severity, MITRE tactics, mean time to triage, mean time to resolve and more. The SOC manager can develop a picture of the performance in both general and specific areas over time and use it to improve efficiency.",
    "dataTypesDependencies": [
      "SecurityAlert",
      "SecurityIncident"
    ],
    "dataConnectorsDependencies": [],
    "previewImagesFileNames": [
      "SecurityEfficiencyWhite1.png",
      "SecurityEfficiencyWhite2.png",
      "SecurityEfficiencyBlack1.png",
      "SecurityEfficiencyBlack2.png"
    ],
    "version": "1.5.2",
    "title": "Security Operations Efficiency",
    "templateRelativePath": "SecurityOperationsEfficiency.json",
    "subtitle": "",
    "provider": "Microsoft"
  },
  {
    "workbookKey": "DataCollectionHealthMonitoring",
    "logoFileName": "Azure_Sentinel.svg",
    "description": "Gain insights into your workspace's data ingestion status. In this workbook, you can view additional monitors and detect anomalies that will help you determine your workspace's data collection health.",
    "dataTypesDependencies": [],
    "dataConnectorsDependencies": [],
    "previewImagesFileNames": [
      "HealthMonitoringWhite1.png",
      "HealthMonitoringWhite2.png",
      "HealthMonitoringWhite3.png",
      "HealthMonitoringBlack1.png",
      "HealthMonitoringBlack2.png",
      "HealthMonitoringBlack3.png"
    ],
    "version": "1.0.0",
    "title": "Data collection health monitoring",
    "templateRelativePath": "DataCollectionHealthMonitoring.json",
    "subtitle": "",
    "provider": "Microsoft",
    "support": {
      "tier": "Community"
    },
    "author": {
      "name": "morshabi"
    },
    "source": {
      "kind": "Community"
    },
    "categories": {
      "domains": [
        "IT Operations",
        "Platform"
      ]
    }
  },
  {
    "workbookKey": "OnapsisAlarmsWorkbook",
    "logoFileName": "onapsis_logo.svg",
    "description": "Gain insights into what is going on in your SAP Systems with this overview of the alarms triggered in the Onapsis Platform. Incidents are enriched with context and next steps to help your Security team respond effectively.",
    "dataTypesDependencies": [
      "CommonSecurityLog"
    ],
    "dataConnectorsDependencies": [
      "OnapsisPlatform",
      "CefAma"
    ],
    "previewImagesFileNames": [
      "OnapsisWhite1.PNG",
      "OnapsisBlack1.PNG",
      "OnapsisWhite2.PNG",
      "OnapsisBlack2.PNG"
    ],
    "version": "1.0.0",
    "title": "Onapsis Alarms Overview",
    "templateRelativePath": "OnapsisAlarmsOverview.json",
    "subtitle": "",
    "provider": "Onapsis"
  },
  {
    "workbookKey": "DelineaWorkbook",
    "logoFileName": "DelineaLogo.svg",
    "description": "The Delinea Secret Server Syslog connector",
    "dataTypesDependencies": [
      "CommonSecurityLog"
    ],
    "dataConnectorsDependencies": [
      "DelineaSecretServer_CEF",
      "DelineaSecretServerAma",
      "CefAma"
    ],
    "previewImagesFileNames": [
      "DelineaWorkbookWhite.PNG",
      "DelineaWorkbookBlack.PNG"
    ],
    "version": "1.0.0",
    "title": "Delinea Secret Server Workbook",
    "templateRelativePath": "DelineaWorkbook.json",
    "subtitle": "",
    "provider": "Delinea"
  },
  {
    "workbookKey": "ForcepointCloudSecurityGatewayWorkbook",
    "logoFileName": "Forcepoint_new_logo.svg",
    "description": "Use this report to understand query runs across your workspace.",
    "dataTypesDependencies": [
      "CommonSecurityLog"
    ],
    "dataConnectorsDependencies": [
      "CefAma"
    ],
    "previewImagesFileNames": [
      "ForcepointCloudSecurityGatewayWhite.png",
      "ForcepointCloudSecurityGatewayBlack.png"
    ],
    "version": "1.0.0",
    "title": "Forcepoint Cloud Security Gateway Workbook",
    "templateRelativePath": "ForcepointCloudSecuirtyGateway.json",
    "subtitle": "",
    "provider": "Forcepoint"
  },
  {
    "workbookKey": "IntsightsIOCWorkbook",
    "logoFileName": "IntSights_logo.svg",
    "description": "This Microsoft Sentinel workbook provides an overview of Indicators of Compromise (IOCs) and their correlations allowing users to analyze and visualize indicators based on severity, type, and other parameters.",
    "dataTypesDependencies": [
      "ThreatIntelligenceIndicator",
      "SecurityAlert"
    ],
    "dataConnectorsDependencies": [
      "ThreatIntelligenceTaxii"
    ],
    "previewImagesFileNames": [
      "IntsightsIOCWhite.png",
      "IntsightsMatchedWhite.png",
      "IntsightsMatchedBlack.png",
      "IntsightsIOCBlack.png"
    ],
    "version": "2.0.0",
    "title": "IntSights IOC Workbook",
    "templateRelativePath": "IntsightsIOCWorkbook.json",
    "subtitle": "",
    "provider": "IntSights Cyber Intelligence"
  },
  {
    "workbookKey": "DarktraceSummaryWorkbook",
    "logoFileName": "Darktrace.svg",
    "description": "A workbook containing relevant KQL queries to help you visualise the data in model breaches from the Darktrace Connector",
    "dataTypesDependencies": [
      "CommonSecurityLog"
    ],
    "dataConnectorsDependencies": [
      "Darktrace",
      "DarktraceAma",
      "CefAma"
    ],
    "previewImagesFileNames": [
      "AIA-DarktraceSummaryWhite.png",
      "AIA-DarktraceSummaryBlack.png"
    ],
    "version": "1.1.0",
    "title": "AI Analyst Darktrace Model Breach Summary",
    "templateRelativePath": "AIA-Darktrace.json",
    "subtitle": "",
    "provider": "Darktrace"
  },
  {
    "workbookKey": "TrendMicroXDR",
    "logoFileName": "trendmicro_logo.svg",
    "description": "Gain insights from Trend Vision One with this overview of the Alerts triggered.",
    "dataTypesDependencies": [
      "TrendMicro_XDR_WORKBENCH_CL"
    ],
    "dataConnectorsDependencies": [
      "TrendMicroXDR"
    ],
    "previewImagesFileNames": [
      "TrendMicroXDROverviewWhite.png",
      "TrendMicroXDROverviewBlack.png"
    ],
    "version": "1.3.0",
    "title": "Trend Vision One Alert Overview",
    "templateRelativePath": "TrendMicroXDROverview.json",
    "subtitle": "",
    "provider": "Trend Micro"
  },
  {
    "workbookKey": "CyberpionOverviewWorkbook",
    "logoFileName": "cyberpion_logo.svg",
    "description": "Use Cyberpion's Security Logs and this workbook, to get an overview of your online assets, gain insights into their current state, and find ways to better secure your ecosystem.",
    "dataTypesDependencies": [
      "CyberpionActionItems_CL"
    ],
    "dataConnectorsDependencies": [
      "CyberpionSecurityLogs"
    ],
    "previewImagesFileNames": [
      "CyberpionActionItemsBlack.png",
      "CyberpionActionItemsWhite.png"
    ],
    "version": "1.0.0",
    "title": "Cyberpion Overview",
    "templateRelativePath": "CyberpionOverviewWorkbook.json",
    "subtitle": "",
    "provider": "Cyberpion"
  },
  {
    "workbookKey": "SolarWindsPostCompromiseHuntingWorkbook",
    "logoFileName": "MSTIC-Logo.svg",
    "description": "This hunting workbook is intended to help identify activity related to the Solorigate compromise and subsequent attacks discovered in December 2020",
    "dataTypesDependencies": [
      "CommonSecurityLog",
      "SigninLogs",
      "AuditLogs",
      "AADServicePrincipalSignInLogs",
      "OfficeActivity",
      "BehaviorAnalytics",
      "SecurityEvent",
      "DeviceProcessEvents",
      "SecurityAlert",
      "DnsEvents"
    ],
    "dataConnectorsDependencies": [
      "AzureActiveDirectory",
      "SecurityEvents",
      "Office365",
      "MicrosoftThreatProtection",
      "DNS",
      "WindowsSecurityEvents"
    ],
    "previewImagesFileNames": [
      "SolarWindsPostCompromiseHuntingWhite.png",
      "SolarWindsPostCompromiseHuntingBlack.png"
    ],
    "version": "1.5.1",
    "title": "SolarWinds Post Compromise Hunting",
    "templateRelativePath": "SolarWindsPostCompromiseHunting.json",
    "subtitle": "",
    "provider": "Microsoft",
    "support": {
      "tier": "Microsoft"
    },
    "author": {
      "name": "Shain"
    },
    "source": {
      "kind": "Community"
    },
    "categories": {
      "domains": [
        "Security - Others"
      ]
    }
  },
  {
    "workbookKey": "ProofpointPODWorkbook",
    "logoFileName": "proofpointlogo.svg",
    "description": "Gain insights into your Proofpoint on Demand Email Security activities, including maillog and messages data. The Workbook provides users with an executive dashboard showing the reporting capabilities, message traceability and monitoring.",
    "dataTypesDependencies": [
      "ProofpointPOD_maillog_CL",
      "ProofpointPOD_message_CL"
    ],
    "dataConnectorsDependencies": [
      "ProofpointPOD"
    ],
    "previewImagesFileNames": [
      "ProofpointPODMainBlack1.png",
      "ProofpointPODMainBlack2.png",
      "ProofpointPODMainWhite1.png",
      "ProofpointPODMainWhite2.png",
      "ProofpointPODMessageSummaryBlack.png",
      "ProofpointPODMessageSummaryWhite.png",
      "ProofpointPODTLSBlack.png",
      "ProofpointPODTLSWhite.png"
    ],
    "version": "1.0.0",
    "title": "Proofpoint On-Demand Email Security",
    "templateRelativePath": "ProofpointPOD.json",
    "subtitle": "",
    "provider": "Proofpoint"
  },
  {
    "workbookKey": "CiscoUmbrellaWorkbook",
    "logoFileName": "cisco_logo.svg",
    "description": "Gain insights into Cisco Umbrella activities, including the DNS, Proxy and Cloud Firewall data. Workbook shows general information along with threat landscape including categories, blocked destinations and URLs.",
    "dataTypesDependencies": [
      "Cisco_Umbrella_dns_CL",
      "Cisco_Umbrella_proxy_CL",
      "Cisco_Umbrella_ip_CL",
      "Cisco_Umbrella_cloudfirewall_CL"
    ],
    "dataConnectorsDependencies": [
      "CiscoUmbrellaDataConnector"
    ],
    "previewImagesFileNames": [
      "CiscoUmbrellaDNSBlack1.png",
      "CiscoUmbrellaDNSBlack2.png",
      "CiscoUmbrellaDNSWhite1.png",
      "CiscoUmbrellaDNSWhite2.png",
      "CiscoUmbrellaFirewallBlack.png",
      "CiscoUmbrellaFirewallWhite.png",
      "CiscoUmbrellaMainBlack1.png",
      "CiscoUmbrellaMainBlack2.png",
      "CiscoUmbrellaMainWhite1.png",
      "CiscoUmbrellaMainWhite2.png",
      "CiscoUmbrellaProxyBlack1.png",
      "CiscoUmbrellaProxyBlack2.png",
      "CiscoUmbrellaProxyWhite1.png",
      "CiscoUmbrellaProxyWhite2.png"
    ],
    "version": "1.0.0",
    "title": "Cisco Umbrella",
    "templateRelativePath": "CiscoUmbrella.json",
    "subtitle": "",
    "provider": "Cisco"
  },
  {
    "workbookKey": "AnalyticsEfficiencyWorkbook",
    "logoFileName": "Azure_Sentinel.svg",
    "description": "Gain insights into the efficacy of your analytics rules. In this workbook you can analyze and monitor the analytics rules found in your workspace to achieve better performance by your SOC.",
    "dataTypesDependencies": [
      "SecurityAlert",
      "SecurityIncident"
    ],
    "dataConnectorsDependencies": [],
    "previewImagesFileNames": [
      "AnalyticsEfficiencyBlack.png",
      "AnalyticsEfficiencyWhite.png"
    ],
    "version": "1.2.0",
    "title": "Analytics Efficiency",
    "templateRelativePath": "AnalyticsEfficiency.json",
    "subtitle": "",
    "provider": "Microsoft"
  },
  {
    "workbookKey": "WorkspaceUsage",
    "logoFileName": "Azure_Sentinel.svg",
    "description": "Gain insights into your workspace's usage. In this workbook, you can view your workspace's data consumption, latency, recommended tasks and Cost and Usage statistics.",
    "dataTypesDependencies": [],
    "dataConnectorsDependencies": [],
    "previewImagesFileNames": [
      "WorkspaceUsageBlack.png",
      "WorkspaceUsageWhite.png"
    ],
    "version": "1.6.0",
    "title": "Workspace Usage Report",
    "templateRelativePath": "WorkspaceUsage.json",
    "subtitle": "",
    "provider": "Microsoft Sentinel community",
    "support": {
      "tier": "Community"
    },
    "author": {
      "name": "Clive Watson"
    },
    "source": {
      "kind": "Community"
    },
    "categories": {
      "domains": [
        "IT Operations"
      ]
    }
  },
  {
    "workbookKey": "SentinelCentral",
    "logoFileName": "Azure_Sentinel.svg",
    "description": "Use this report to view Incident (and Alert data) across many workspaces, this works with Azure Lighthouse and across any subscription you have access to.",
    "dataTypesDependencies": [
      "SecurityIncident"
    ],
    "dataConnectorsDependencies": [],
    "previewImagesFileNames": [
      "SentinelCentralBlack.png",
      "SentinelCentralWhite.png"
    ],
    "version": "2.1.1",
    "title": "Microsoft Sentinel Central",
    "templateRelativePath": "SentinelCentral.json",
    "subtitle": "",
    "provider": "Microsoft Sentinel community"
  },
  {
    "workbookKey": "CognniIncidentsWorkbook",
    "logoFileName": "cognni-logo.svg",
    "description": "Gain intelligent insights into the risks to your important financial, legal, HR, and governance information. This workbook lets you monitor your at-risk information to determine when and why incidents occurred, as well as who was involved. These incidents are broken into high, medium, and low risk incidents for each information category.",
    "dataTypesDependencies": [
      "CognniIncidents_CL"
    ],
    "dataConnectorsDependencies": [
      "CognniSentinelDataConnector"
    ],
    "previewImagesFileNames": [
      "CognniBlack.PNG",
      "CognniWhite.PNG"
    ],
    "version": "1.0.0",
    "title": "Cognni Important Information Incidents",
    "templateRelativePath": "CognniIncidentsWorkbook.json",
    "subtitle": "",
    "provider": "Cognni"
  },
  {
    "workbookKey": "pfsense",
    "logoFileName": "pfsense_logo.svg",
    "description": "Gain insights into pfsense logs from both filterlog and nginx.",
    "dataTypesDependencies": [
      "CommonSecurityLog"
    ],
    "dataConnectorsDependencies": [],
    "previewImagesFileNames": [
      "pfsenseBlack.png",
      "pfsenseWhite.png"
    ],
    "version": "1.0.0",
    "title": "pfsense",
    "templateRelativePath": "pfsense.json",
    "subtitle": "",
    "provider": "Microsoft Sentinel community",
    "support": {
      "tier": "Community"
    },
    "author": {
      "name": "dicolanl"
    },
    "source": {
      "kind": "Community"
    },
    "categories": {
      "domains": [
        "Security - Network"
      ]
    }
  },
  {
    "workbookKey": "ExchangeCompromiseHunting",
    "logoFileName": "MSTIC-Logo.svg",
    "description": "This workbook is intended to help defenders in responding to the Exchange Server vulnerabilities disclosed in March 2021, as well as hunting for potential compromise activity. More details on these vulnearbilities can be found at: https://aka.ms/exchangevulns",
    "dataTypesDependencies": [
      "SecurityEvent",
      "W3CIISLog"
    ],
    "dataConnectorsDependencies": [
      "SecurityEvents",
      "AzureMonitor(IIS)",
      "WindowsSecurityEvents"
    ],
    "previewImagesFileNames": [
      "ExchangeBlack.png",
      "ExchangeWhite.png"
    ],
    "version": "1.0.0",
    "title": "Exchange Compromise Hunting",
    "templateRelativePath": "ExchangeCompromiseHunting.json",
    "subtitle": "",
    "provider": "Microsoft",
    "support": {
      "tier": "Community"
    },
    "author": {
      "name": "Pete Bryan"
    },
    "source": {
      "kind": "Community"
    },
    "categories": {
      "domains": [
        "Security - Threat Protection"
      ]
    }
  },
  {
    "workbookKey": "SOCProcessFramework",
    "logoFileName": "Azure_Sentinel.svg",
    "description": "Built by Microsoft's Sentinel GBB's - This workbook contains years of SOC Best Practices and is intended to help SOCs mature and leverage industry standards in Operationalizing their SOC in using Microsoft Sentinel. It contains Processes and Procedures every SOC should consider and builds a high level of operational excellence.",
    "dataTypesDependencies": [],
    "dataConnectorsDependencies": [],
    "previewImagesFileNames": [
      "SOCProcessFrameworkCoverImage1White.png",
      "SOCProcessFrameworkCoverImage1Black.png",
      "SOCProcessFrameworkCoverImage2White.png",
      "SOCProcessFrameworkCoverImage2Black.png"
    ],
    "version": "1.1.0",
    "title": "SOC Process Framework",
    "templateRelativePath": "SOCProcessFramework.json",
    "subtitle": "",
    "provider": "Microsoft Sentinel Community"
  },
  {
    "workbookKey": "Building_a_SOCLargeStaffWorkbook",
    "logoFileName": "Azure_Sentinel.svg",
    "description": "Built by Microsoft's Sentinel GBB's - This workbook contains years of SOC Best Practices and is intended to help SOCs mature and leverage industry standards in Operationalizing their SOC in using Microsoft Sentinel. It contains Processes and Procedures every SOC should consider and builds a high level of operational excellence.",
    "dataTypesDependencies": [],
    "dataConnectorsDependencies": [],
    "previewImagesFileNames": [
      "SOCProcessFrameworkCoverImage1White.png",
      "SOCProcessFrameworkCoverImage1Black.png",
      "SOCProcessFrameworkCoverImage2White.png",
      "SOCProcessFrameworkCoverImage2Black.png"
    ],
    "version": "1.1.0",
    "title": "SOC Large Staff",
    "templateRelativePath": "Building_a_SOCLargeStaff.json",
    "subtitle": "",
    "provider": "Microsoft Sentinel Community"
  },
  {
    "workbookKey": "Building_a_SOCMediumStaffWorkbook",
    "logoFileName": "Azure_Sentinel.svg",
    "description": "Built by Microsoft's Sentinel GBB's - This workbook contains years of SOC Best Practices and is intended to help SOCs mature and leverage industry standards in Operationalizing their SOC in using Microsoft Sentinel. It contains Processes and Procedures every SOC should consider and builds a high level of operational excellence.",
    "dataTypesDependencies": [],
    "dataConnectorsDependencies": [],
    "previewImagesFileNames": [
      "SOCProcessFrameworkCoverImage1White.png",
      "SOCProcessFrameworkCoverImage1Black.png",
      "SOCProcessFrameworkCoverImage2White.png",
      "SOCProcessFrameworkCoverImage2Black.png"
    ],
    "version": "1.1.0",
    "title": "SOC Medium Staff",
    "templateRelativePath": "Building_a_SOCMediumStaff.json",
    "subtitle": "",
    "provider": "Microsoft Sentinel Community"
  },
  {
    "workbookKey": "Building_a_SOCPartTimeStaffWorkbook",
    "logoFileName": "Azure_Sentinel.svg",
    "description": "Built by Microsoft's Sentinel GBB's - This workbook contains years of SOC Best Practices and is intended to help SOCs mature and leverage industry standards in Operationalizing their SOC in using Microsoft Sentinel. It contains Processes and Procedures every SOC should consider and builds a high level of operational excellence.",
    "dataTypesDependencies": [],
    "dataConnectorsDependencies": [],
    "previewImagesFileNames": [
      "SOCProcessFrameworkCoverImage1White.png",
      "SOCProcessFrameworkCoverImage1Black.png",
      "SOCProcessFrameworkCoverImage2White.png",
      "SOCProcessFrameworkCoverImage2Black.png"
    ],
    "version": "1.1.0",
    "title": "SOC Part Time Staff",
    "templateRelativePath": "Building_a_SOCPartTimeStaff.json",
    "subtitle": "",
    "provider": "Microsoft Sentinel Community"
  },
  {
    "workbookKey": "Building_a_SOCSmallStaffWorkbook",
    "logoFileName": "Azure_Sentinel.svg",
    "description": "Built by Microsoft's Sentinel GBB's - This workbook contains years of SOC Best Practices and is intended to help SOCs mature and leverage industry standards in Operationalizing their SOC in using Microsoft Sentinel. It contains Processes and Procedures every SOC should consider and builds a high level of operational excellence.",
    "dataTypesDependencies": [],
    "dataConnectorsDependencies": [],
    "previewImagesFileNames": [
      "SOCProcessFrameworkCoverImage1White.png",
      "SOCProcessFrameworkCoverImage1Black.png",
      "SOCProcessFrameworkCoverImage2White.png",
      "SOCProcessFrameworkCoverImage2Black.png"
    ],
    "version": "1.1.0",
    "title": "SOC Small Staff",
    "templateRelativePath": "Building_a_SOCSmallStaff.json",
    "subtitle": "",
    "provider": "Microsoft Sentinel Community"
  },
  {
    "workbookKey": "SOCIRPlanningWorkbook",
    "logoFileName": "Azure_Sentinel.svg",
    "description": "Built by Microsoft's Sentinel GBB's - This workbook contains years of SOC Best Practices and is intended to help SOCs mature and leverage industry standards in Operationalizing their SOC in using Microsoft Sentinel. It contains Processes and Procedures every SOC should consider and builds a high level of operational excellence.",
    "dataTypesDependencies": [],
    "dataConnectorsDependencies": [],
    "previewImagesFileNames": [
      "SOCProcessFrameworkCoverImage1White.png",
      "SOCProcessFrameworkCoverImage1Black.png",
      "SOCProcessFrameworkCoverImage2White.png",
      "SOCProcessFrameworkCoverImage2Black.png"
    ],
    "version": "1.1.0",
    "title": "SOC IR Planning",
    "templateRelativePath": "SOCIRPlanning.json",
    "subtitle": "",
    "provider": "Microsoft Sentinel Community"
  },
  {
    "workbookKey": "UpdateSOCMaturityScoreWorkbook",
    "logoFileName": "Azure_Sentinel.svg",
    "description": "Built by Microsoft's Sentinel GBB's - This workbook contains years of SOC Best Practices and is intended to help SOCs mature and leverage industry standards in Operationalizing their SOC in using Microsoft Sentinel. It contains Processes and Procedures every SOC should consider and builds a high level of operational excellence.",
    "dataTypesDependencies": [],
    "dataConnectorsDependencies": [],
    "previewImagesFileNames": [
      "SOCProcessFrameworkCoverImage1White.png",
      "SOCProcessFrameworkCoverImage1Black.png",
      "SOCProcessFrameworkCoverImage2White.png",
      "SOCProcessFrameworkCoverImage2Black.png"
    ],
    "version": "1.1.0",
    "title": "Update SOC Maturity Score",
    "templateRelativePath": "UpdateSOCMaturityScore.json",
    "subtitle": "",
    "provider": "Microsoft Sentinel Community"
  },
  {
    "workbookKey": "Microsoft365SecurityPosture",
    "logoFileName": "M365securityposturelogo.svg",
    "description": "This workbook presents security posture data collected from Azure Security Center, M365 Defender, Defender for Endpoint, and Microsoft Cloud App Security. This workbook relies on the M365 Security Posture Playbook in order to bring the data in.",
    "dataTypesDependencies": [
      "M365SecureScore_CL",
      "MDfESecureScore_CL",
      "MDfEExposureScore_CL",
      "MDfERecommendations_CL",
      "MDfEVulnerabilitiesList_CL",
      "McasShadowItReporting"
    ],
    "dataConnectorsDependencies": [],
    "previewImagesFileNames": [
      "M365securitypostureblack.png",
      "M365securityposturewhite.png"
    ],
    "version": "1.0.0",
    "title": "Microsoft 365 Security Posture",
    "templateRelativePath": "M365SecurityPosture.json",
    "subtitle": "",
    "provider": "Microsoft Sentinel Community",
    "support": {
      "tier": "Community"
    },
    "author": {
      "name": "Matt Lowe"
    },
    "source": {
      "kind": "Community"
    },
    "categories": {
      "domains": [
        "Security - Others"
      ]
    }
  },
  {
    "workbookKey": "AzureSentinelCost",
    "logoFileName": "Azure_Sentinel.svg",
    "description": "This workbook provides an estimated cost across the main billed items in Microsoft Sentinel: ingestion, retention and automation. It also provides insight about the possible impact of the Microsoft 365 E5 offer.",
    "dataTypesDependencies": [
      "Usage"
    ],
    "dataConnectorsDependencies": [],
    "previewImagesFileNames": [
      "AzureSentinelCostWhite.png",
      "AzureSentinelCostBlack.png"
    ],
    "version": "1.5.1",
    "title": "Microsoft Sentinel Cost",
    "templateRelativePath": "AzureSentinelCost.json",
    "subtitle": "",
    "provider": "Microsoft Sentinel Community"
  },
  {
    "workbookKey": "ADXvsLA",
    "logoFileName": "Azure_Sentinel.svg",
    "description": "This workbook shows the tables from Microsoft Sentinel which are backed up in ADX. It also provides a comparison between the entries in the Microsoft Sentinel tables and the ADX tables. Lastly some general information about the queries and ingestion on ADX is shown.",
    "dataTypesDependencies": [],
    "dataConnectorsDependencies": [],
    "previewImagesFileNames": [
      "ADXvsLABlack.PNG",
      "ADXvsLAWhite.PNG"
    ],
    "version": "1.0.0",
    "title": "ADXvsLA",
    "templateRelativePath": "ADXvsLA.json",
    "subtitle": "",
    "provider": "Microsoft Sentinel Community",
    "support": {
      "tier": "Community"
    },
    "author": {
      "name": "Naomi"
    },
    "source": {
      "kind": "Community"
    },
    "categories": {
      "domains": [
        "Platform"
      ]
    }
  },
  {
    "workbookKey": "MicrosoftDefenderForOffice365",
    "logoFileName": "office365_logo.svg",
    "description": "Gain insights into your Microsoft Defender for Office 365 raw data logs.  This workbook lets you look at trends in email senders, attachments and embedded URL data to find anomalies. You can also search by, sender, recipient, subject, attachment or embedded URL to find where the related messages have been sent.",
    "dataTypesDependencies": [
      "EmailEvents",
      "EmailUrlInfo",
      "EmailAttachmentInfo"
    ],
    "dataConnectorsDependencies": [],
    "previewImagesFileNames": [
      "MDOWhite1.png",
      "MDOBlack1.png",
      "MDOWhite2.png",
      "MDOBlack2.png"
    ],
    "version": "1.0.0",
    "title": "Microsoft Defender For Office 365",
    "templateRelativePath": "MicrosoftDefenderForOffice365.json",
    "subtitle": "",
    "provider": "Microsoft Sentinel Community",
    "support": {
      "tier": "Microsoft"
    },
    "author": {
      "name": "Microsoft"
    },
    "source": {
      "kind": "Microsoft"
    },
    "categories": {
      "domains": [
        "Security - Others"
      ]
    }
  },
  {
    "workbookKey": "ProofPointThreatDashboard",
    "logoFileName": "proofpointlogo.svg",
    "description": "Provides an overview of email threat activity based on log data provided by ProofPoint",
    "dataTypesDependencies": [
      "ProofpointPOD_message_CL",
      "ProofpointPOD_maillog_CL",
      "ProofPointTAPClicksBlocked_CL",
      "ProofPointTAPClicksPermitted_CL",
      "ProofPointTAPMessagesBlocked_CL",
      "ProofPointTAPMessagesDelivered_CL"
    ],
    "dataConnectorsDependencies": [
      "ProofpointTAP",
      "ProofpointPOD"
    ],
    "previewImagesFileNames": [
      "ProofPointThreatDashboardBlack1.png",
      "ProofPointThreatDashboardWhite1.png"
    ],
    "version": "1.0.0",
    "title": "ProofPoint Threat Dashboard",
    "templateRelativePath": "ProofPointThreatDashboard.json",
    "subtitle": "",
    "provider": "Microsoft Sentinel Community",
    "support": {
      "tier": "Community"
    },
    "author": {
      "name": "reprise99"
    },
    "source": {
      "kind": "Community"
    },
    "categories": {
      "domains": [
        "Security - Others"
      ]
    }
  },
  {
    "workbookKey": "AMAmigrationTracker",
    "logoFileName": "Azure_Sentinel.svg",
    "description": "See what Azure and Azure Arc servers have Log Analytics agent or Azure Monitor agent installed. Review what DCR (data collection rules) apply to your machines and whether you are collecting logs from those machines into your selected workspaces.",
    "dataTypesDependencies": [],
    "dataConnectorsDependencies": [],
    "previewImagesFileNames": [
      "AMAtrackingWhite1.png",
      "AMAtrackingWhite2.png",
      "AMAtrackingWhite3.png",
      "AMAtrackingWhite4.png",
      "AMAtrackingBlack1.png",
      "AMAtrackingBlack2.png",
      "AMAtrackingBlack3.png",
      "AMAtrackingBlack4.png"
    ],
    "version": "1.1.0",
    "title": "AMA migration tracker",
    "templateRelativePath": "AMAmigrationTracker.json",
    "subtitle": "",
    "provider": "Microsoft Sentinel Community",
    "support": {
      "tier": "Community"
    },
    "author": {
      "name": "mariavaladas"
    },
    "source": {
      "kind": "Community"
    },
    "categories": {
      "domains": [
        "Platform",
        "Migration"
      ]
    }
  },
  {
    "workbookKey": "AdvancedKQL",
    "logoFileName": "Azure_Sentinel.svg",
    "description": "This interactive Workbook is designed to improve your KQL proficiency by using a use-case driven approach.",
    "dataTypesDependencies": [],
    "dataConnectorsDependencies": [],
    "previewImagesFileNames": [
      "AdvancedKQLWhite.png",
      "AdvancedKQLBlack.png"
    ],
    "version": "1.3.0",
    "title": "Advanced KQL for Microsoft Sentinel",
    "templateRelativePath": "AdvancedKQL.json",
    "subtitle": "",
    "provider": "Microsoft Sentinel Community"
  },
  {
    "workbookKey": "DSTIMWorkbook",
    "logoFileName": "DSTIM.svg",
    "description": "Identify sensitive data blast radius (i.e., who accessed sensitive data, what kinds of sensitive data, from where and when) in a given data security incident investigation or as part of Threat Hunting. Prioritize your investigation based on insights provided with integrations with Watchlists(VIPUsers, TerminatedEmployees and HighValueAssets), Threat Intelligence feed, UEBA baselines and much more.",
    "dataTypesDependencies": [
      "DSMAzureBlobStorageLogs",
      "DSMDataClassificationLogs",
      "DSMDataLabelingLogs",
      "Anomalies",
      "ThreatIntelligenceIndicator",
      "AADManagedIdentitySignInLogs",
      "SecurityAlert",
      "SigninLogs"
    ],
    "dataConnectorsDependencies": [],
    "previewImagesFileNames": [
      "DSTIMWorkbookBlack.png",
      "DSTIMWorkbookWhite.png"
    ],
    "version": "1.9.0",
    "title": "Data Security - Sensitive Data Impact Assessment",
    "templateRelativePath": "DSTIMWorkbook.json",
    "subtitle": "",
    "provider": "Microsoft",
    "featureFlag": "DSTIMWorkbook",
    "support": {
      "tier": "Community"
    },
    "author": {
      "name": "avital-m"
    },
    "source": {
      "kind": "Community"
    },
    "categories": {
      "domains": [
        "Security - Others"
      ]
    }
  },
  {
    "workbookKey": "IntrotoKQLWorkbook",
    "logoFileName": "Azure_Sentinel.svg",
    "description": "Learn and practice the Kusto Query Language. This workbook introduces and provides 100 to 200 level content for new and existing users looking to learn KQL. This workbook will be updated with content over time.",
    "dataTypesDependencies": [],
    "dataConnectorsDependencies": [],
    "previewImagesFileNames": [
      "IntrotoKQL-black.png",
      "IntrotoKQL-white.png"
    ],
    "version": "1.0.0",
    "title": "Intro to KQL",
    "templateRelativePath": "IntrotoKQL.json",
    "subtitle": "",
    "provider": "Microsoft Sentinel Community"
  },
  {
    "workbookKey": "Log4jPostCompromiseHuntingWorkbook",
    "logoFileName": "Log4j.svg",
    "description": "This hunting workbook is intended to help identify activity related to the Log4j compromise discovered in December 2021.",
    "dataTypesDependencies": [
      "SecurityNestedRecommendation",
      "AzureDiagnostics",
      "OfficeActivity",
      "W3CIISLog",
      "AWSCloudTrail",
      "SigninLogs",
      "AADNonInteractiveUserSignInLogs",
      "imWebSessions",
      "imNetworkSession"
    ],
    "dataConnectorsDependencies": [],
    "previewImagesFileNames": [
      "Log4jPostCompromiseHuntingBlack.png",
      "Log4jPostCompromiseHuntingWhite.png"
    ],
    "version": "1.0.0",
    "title": "Log4j Post Compromise Hunting",
    "templateRelativePath": "Log4jPostCompromiseHunting.json",
    "subtitle": "",
    "provider": "Microsoft Sentinel Community"
  },
  {
    "workbookKey": "Log4jImpactAssessmentWorkbook",
    "logoFileName": "Log4j.svg",
    "description": "This hunting workbook is intended to help identify activity related to the Log4j compromise discovered in December 2021.",
    "dataTypesDependencies": [
      "SecurityIncident",
      "SecurityAlert",
      "AzureSecurityCenter",
      "MDfESecureScore_CL",
      "MDfEExposureScore_CL",
      "MDfERecommendations_CL",
      "MDfEVulnerabilitiesList_CL"
    ],
    "dataConnectorsDependencies": [],
    "previewImagesFileNames": [
      "Log4jPostCompromiseHuntingBlack.png",
      "Log4jPostCompromiseHuntingWhite.png"
    ],
    "version": "1.0.0",
    "title": "Log4j Impact Assessment",
    "templateRelativePath": "Log4jImpactAssessment.json",
    "subtitle": "",
    "provider": "Microsoft Sentinel Community"
  },
  {
    "workbookKey": "UserMap",
    "logoFileName": "Azure_Sentinel.svg",
    "description": "This Workbook shows MaliciousIP, User SigninLog Data (this shows user Signin Locations and distance between as well as order visited) and WAF information.",
    "dataTypesDependencies": [
      "SigninLogs",
      "AzureDiagnostics",
      "WireData",
      "VMconnection",
      "CommonSecurityLog",
      "WindowsFirewall",
      "W3CIISLog",
      "DnsEvents"
    ],
    "dataConnectorsDependencies": [
      "AzureActiveDirectory"
    ],
    "previewImagesFileNames": [
      "UserMapBlack.png",
      "UserMapWhite.png"
    ],
    "version": "1.0.1",
    "title": "User Map information",
    "templateRelativePath": "UserMap.json",
    "subtitle": "",
    "provider": "Microsoft Sentinel Community",
    "support": {
      "tier": "Community"
    },
    "author": {
      "name": "Clive Watson"
    },
    "source": {
      "kind": "Community"
    },
    "categories": {
      "domains": [
        "Security - Threat Protection"
      ]
    }
  },
  {
    "workbookKey": "AWSS3",
    "logoFileName": "amazon_web_services_Logo.svg",
    "description": "This workbook shows quick summary of AWS S3 data (AWSCloudTrail, AWSGuardDuty, AWSVPCFlow). To visulaize the data, make sure you configure AWS S3 connector and data geting ingested into Sentinel",
    "dataTypesDependencies": [
      "AWSCloudTrail",
      "AWSGuardDuty",
      "AWSVPCFlow"
    ],
    "dataConnectorsDependencies": [
      "AWSS3"
    ],
    "previewImagesFileNames": [
      "AWSS3Black.png",
      "AWSS3White.png",
      "AWSS3White1.png"
    ],
    "version": "1.0.0",
    "title": "AWS S3 Workbook",
    "templateRelativePath": "AWSS3.json",
    "subtitle": "",
    "provider": "Microsoft Sentinel Community",
    "support": {
      "tier": "Community"
    },
    "author": {
      "name": "Clive Watson"
    },
    "source": {
      "kind": "Community"
    },
    "categories": {
      "domains": [
        "Security - Cloud Security"
      ]
    }
  },
  {
    "workbookKey": "LogSourcesAndAnalyticRulesCoverageWorkbook",
    "logoFileName": "Azure_Sentinel.svg",
    "description": "This workbook is intended to show how the different tables in a Log Analytics workspace are being used by the different Microsoft Sentinel features, like analytics, hunting queries, playbooks and queries in general.",
    "dataTypesDependencies": [],
    "dataConnectorsDependencies": [],
    "previewImagesFileNames": [
      "LogSourcesAndAnalyticRulesCoverageBlack.png",
      "LogSourcesAndAnalyticRulesCoverageWhite.png"
    ],
    "version": "1.1.0",
    "title": "Log Sources & Analytic Rules Coverage",
    "templateRelativePath": "LogSourcesAndAnalyticRulesCoverage.json",
    "subtitle": "",
    "provider": "Microsoft Sentinel Community",
    "support": {
      "tier": "Community"
    },
    "author": {
      "name": "Eli Forbes"
    },
    "source": {
      "kind": "Community"
    },
    "categories": {
      "domains": [
        "Security - Others"
      ]
    }
  },
  {
    "workbookKey": "CiscoFirepower",
    "logoFileName": "cisco-logo-72px.svg",
    "description": "Gain insights into your Cisco Firepower firewalls. This workbook analyzes Cisco Firepower device logs.",
    "dataTypesDependencies": [
      "CommonSecurityLog"
    ],
    "dataConnectorsDependencies": [],
    "previewImagesFileNames": [
      "CiscoFirepowerBlack.png",
      "CiscoFirepowerWhite.png"
    ],
    "version": "1.0.0",
    "title": "Cisco Firepower",
    "templateRelativePath": "CiscoFirepower.json",
    "subtitle": "",
    "provider": "Microsoft Sentinel Community",
    "support": {
      "tier": "Community"
    },
    "author": {
      "name": "Samik Roy"
    },
    "source": {
      "kind": "Community"
    },
    "categories": {
      "domains": [
        "Security - Network"
      ]
    }
  },
  {
    "workbookKey": "MicrorosftTeams",
    "logoFileName": "microsoftteams.svg",
    "description": "This workbook is intended to identify the activities on Microrsoft Teams.",
    "dataTypesDependencies": [
      "OfficeActivity"
    ],
    "dataConnectorsDependencies": [],
    "previewImagesFileNames": [
      "MicrosoftTeamsBlack.png",
      "MicrosoftTeamsWhite.png"
    ],
    "version": "1.0.0",
    "title": "Microsoft Teams",
    "templateRelativePath": "MicrosoftTeams.json",
    "subtitle": "",
    "provider": "Microsoft Sentinel Community"
  },
  {
    "workbookKey": "ArchivingBasicLogsRetention",
    "logoFileName": "ArchivingBasicLogsRetention.svg",
    "description": "This workbooks shows workspace and table retention periods, basic logs, and search & restore tables. It also allows you to update table retention periods, plans, and delete search or restore tables.",
    "dataTypesDependencies": [],
    "dataConnectorsDependencies": [],
    "previewImagesFileNames": [
      "ArchivingBasicLogsRetentionBlack1.png",
      "ArchivingBasicLogsRetentionWhite1.png"
    ],
    "version": "1.1.0",
    "title": "Archiving, Basic Logs, and Retention",
    "templateRelativePath": "ArchivingBasicLogsRetention.json",
    "subtitle": "",
    "provider": "Microsoft Sentinel Community",
    "support": {
      "tier": "Community"
    },
    "author": {
      "name": "seanstark-ms"
    },
    "source": {
      "kind": "Community"
    },
    "categories": {
      "domains": [
        "Platform",
        "IT Operations"
      ]
    }
  },
  {
    "workbookKey": "OktaSingleSignOnWorkbook",
    "logoFileName": "okta_logo.svg",
    "description": "Gain extensive insight into Okta Single Sign-On (SSO) by analyzing, collecting and correlating Audit and Event events.\nThis workbook provides visibility into message and click events that were permitted, delivered, or blocked.",
    "dataTypesDependencies": [
      "Okta_CL",
      "OktaSSO"
    ],
    "dataConnectorsDependencies": [
      "OktaSSO",
      "OktaSSOv2"
    ],
    "previewImagesFileNames": [
      "OktaSingleSignOnWhite.png",
      "OktaSingleSignOnBlack.png"
    ],
    "version": "1.2",
    "title": "Okta Single Sign-On",
    "templateRelativePath": "OktaSingleSignOn.json",
    "subtitle": "",
    "provider": "Okta"
  },
  {
    "workbookKey": "CiscoMerakiWorkbook",
    "logoFileName": "cisco-logo-72px.svg",
    "description": "Gain insights into the Events from Cisco Meraki Solution and analyzing all the different types of Security Events. This workbook also helps in identifying the Events from affected devices, IPs and the nodes where malware was successfully detected.\nIP data received in Events is correlated with Threat Intelligence to identify if the reported IP address is known bad based on threat intelligence data.",
    "dataTypesDependencies": [
      "meraki_CL",
      "CiscoMerakiNativePoller",
      "ThreatIntelligenceIndicator"
    ],
    "dataConnectorsDependencies": [
      "CustomLogsAma",
      "CiscoMerakiNativePolling",
      "ThreatIntelligence"
    ],
    "previewImagesFileNames": [
      "CiscoMerakiWorkbookWhite.png",
      "CiscoMerakiWorkbookBlack.png"
    ],
    "version": "1.0.0",
    "title": "CiscoMerakiWorkbook",
    "templateRelativePath": "CiscoMerakiWorkbook.json",
    "subtitle": "",
    "provider": "Microsoft"
  },
  {
    "workbookKey": "SentinelOneWorkbook",
    "logoFileName": "Azure_Sentinel.svg",
    "description": "Sets the time name for analysis.",
    "dataTypesDependencies": [
      "SentinelOne_CL"
    ],
    "dataConnectorsDependencies": [
      "SentinelOne"
    ],
    "previewImagesFileNames": [
      "SentinelOneBlack.png",
      "SentinelOneWhite.png"
    ],
    "version": "1.0.0",
    "title": "SentinelOneWorkbook",
    "templateRelativePath": "SentinelOne.json",
    "subtitle": "",
    "provider": "Microsoft"
  },
  {
    "workbookKey": "TrendMicroApexOneWorkbook",
    "logoFileName": "trendmicro_logo.svg",
    "description": "Sets the time name for analysis.",
    "dataTypesDependencies": [
      "CommonSecurityLog"
    ],
    "dataConnectorsDependencies": [
      "CefAma"
    ],
    "previewImagesFileNames": [
      "TrendMicroApexOneBlack.png",
      "TrendMicroApexOneWhite.png"
    ],
    "version": "1.0.0",
    "title": "Trend Micro Apex One",
    "templateRelativePath": "TrendMicroApexOne.json",
    "subtitle": "",
    "provider": "TrendMicro"
  },
  {
    "workbookKey": "ContrastADR_Command_Injection_Workbook",
    "logoFileName": "ContrastADR.svg",
    "description": "Command injection is a malicious technique where attackers exploit vulnerabilities in web applications to inject and execute arbitrary operating system (OS) commands on the server. By manipulating input data, attackers can manipulate the application's execution flow, tricking it into running unintended system commands.This can result in data breaches, system compromise, etc. Contrast uses various detection capabilities for Command Injection. Some track malicious input into commands being run, some detect sensitive file paths being accessed, and so forth..",
    "dataTypesDependencies": [],
    "dataConnectorsDependencies": [],
    "previewImagesFileNames": [
      "ContrastrADRCommandInjectionWorkbookBlack.png",
      "ContrastrADRCommandInjectionWorkbookWhite.png"
    ],
    "version": "1.0.0",
    "title": "ContrastADR Command Injection Workbook",
    "templateRelativePath": "ContrastADR_Command_Injection_Workbook.json",
    "subtitle": "",
    "provider": "contrast adr"
  },
  {
    "workbookKey": "ContrastADR_Cross_Site_Scripting_Workbook",
    "logoFileName": "ContrastADR.svg",
    "description": "Cross-site scripting (XSS) is a type of web security vulnerability that allows an attacker to inject malicious JavaScript code into websites viewed by other users. Instead of the website displaying trusted content, the attacker's code is executed, which can compromise user accounts, steal sensitive data, or even take control of the user's browser.",
    "dataTypesDependencies": [],
    "dataConnectorsDependencies": [],
    "previewImagesFileNames": [
      "ContrastADRCross-SiteScriptingWookbookBlack.png",
      "ContrastADRCross-SiteScriptingWorkbookWhite.png"
    ],
    "version": "1.0.0",
    "title": "ContrastADR Cross Site Scripting Workbook",
    "templateRelativePath": "ContrastADR_Cross_Site_Scripting_Workbook.json",
    "subtitle": "",
    "provider": "contrast adr"
  },
  {
    "workbookKey": "ContrastADR_Expression_Language_Injection_Workbook",
    "logoFileName": "ContrastADR.svg",
    "description": "Expression Language Injection works by taking advantage of server-side code injection vulnerabilities which occur whenever an application incorporates user-controllable data into a string that is dynamically evaluated by a code interpreter. This can lead to complete compromise of the application's data and functionality, as well as the server that is hosting the application.",
    "dataTypesDependencies": [],
    "dataConnectorsDependencies": [],
    "previewImagesFileNames": [
      "ContrastADRExpressionLanguageInjectionWorkbookBlack.png",
      "ContrastADRExpressionLanguageInjectionWorkbookWhite.png"
    ],
    "version": "1.0.0",
    "title": "ContrastADR Expression Language Injection Workbook",
    "templateRelativePath": "ContrastADR_Expression_Language_Injection_Workbook.json",
    "subtitle": "",
    "provider": "contrast adr"
  },
  {
    "workbookKey": "ContrastADR_HTTP_Method_Tampering_Workbook",
    "logoFileName": "ContrastADR.svg",
    "description": "Method Tampering (aka verb tampering or HTTP method tampering) is an attack where an attacker manipulates the HTTP method used in a request to a web application. Providing unexpected HTTP methods can sometimes bypass authentication, authorization or other security mechanisms.",
    "dataTypesDependencies": [],
    "dataConnectorsDependencies": [],
    "previewImagesFileNames": [
      "ContrastADRHTTPMethodTamperingWorkbookBlack.png",
      "ContrastADRHTTPMethodTamperingWorkbookWhite.png"
    ],
    "version": "1.0.0",
    "title": "ContrastADR HTTP Method Tampering Workbook",
    "templateRelativePath": "ContrastADR_HTTP_Method_Tampering_Workbook.json",
    "subtitle": "",
    "provider": "contrast adr"
  },
  {
    "workbookKey": "ContrastADR_JNDI_Injection_Workbook",
    "logoFileName": "ContrastADR.svg",
    "description": "JNDI injection is a malicious technique where attackers exploit vulnerabilities in web applications to influence the server used in a JNDI lookup. Where an attacker can influence the server the JNDI Lookup is sent to, it is possible to get the server to connect to a malicious JNDI Server which returns a malicious class which when loaded will give the attacker Remote Code Execution on the impacted server. Also in the case of infamous log4shell vulnerability, as well as RCE, it is possible to exfiltrate data fro the impacted server.",
    "dataTypesDependencies": [],
    "dataConnectorsDependencies": [],
    "previewImagesFileNames": [
      "ContrastADRJNDIInjectionWorkbookBlack.png",
      "ContrastADRJNDIInjectionWorkbookwhite.png"
    ],
    "version": "1.0.0",
    "title": "ContrastADR JNDI Injection Workbook",
    "templateRelativePath": "ContrastADR_JNDI_Injection_Workbook.json",
    "subtitle": "",
    "provider": "contrast adr"
  },
  {
    "workbookKey": "ContrastADR_Path_Traversal_Workbook",
    "logoFileName": "ContrastADR.svg",
    "description": "Path traversal attacks use an affected application to gain unauthorized access to server file system folders that are higher in the directory hierarchy than the web root folder. A successful path traversal attack can fool a web application into reading and consequently exposing the contents of files outside of the document root directory of the application or the web server, including credentials for back-end systems, application code and data, and sensitive operating system files. If successful this can lead to unauthorized data access, data exfiltration, and remote code execution.",
    "dataTypesDependencies": [],
    "dataConnectorsDependencies": [],
    "previewImagesFileNames": [
      "ContrastADRPathTraversalWorkbookBlack.png",
      "ContrastADRPathTraversalWorkbookWhite.png"
    ],
    "version": "1.0.0",
    "title": "ContrastADR Path Traversal Workbook",
    "templateRelativePath": "ContrastADR_Path_Traversal_Workbook.json",
    "subtitle": "",
    "provider": "contrast adr"
  },
  {
    "workbookKey": "ContrastADR_SQL_Injection_Workbook",
    "logoFileName": "ContrastADR.svg",
    "description": "SQL injection is a malicious technique where attackers exploit vulnerabilities in web applications to inject unauthorized SQL commands into the database. By carefully crafting input data, attackers can manipulate the SQL queries executed by the application, potentially leading to unauthorized data access, data modification, or even complete database compromise.",
    "dataTypesDependencies": [],
    "dataConnectorsDependencies": [],
    "previewImagesFileNames": [
      "ContrastADRSQLInjectionWorkbookBlack.png",
      "ContrastADRSQLInjectionWorkbookWhite.png"
    ],
    "version": "1.0.0",
    "title": "ContrastADR SQL Injection Workbook",
    "templateRelativePath": "ContrastADR_SQL_Injection_Workbook.json",
    "subtitle": "",
    "provider": "contrast adr"
  },
  {
    "workbookKey": "ContrastADR_Untrusted_Deserialization_Workbook",
    "logoFileName": "ContrastADR.svg",
    "description": "Serialization refers to the process of converting an object into a format which can be saved to a file or a datastore. Deserialization reverses this process, transforming serialized data coming from a file, stream, or network socket into an object.Untrusted Deserialization is a web application vulnerability that enables attackers to pass arbitrary objects or code to a deserializer. In this kind of attack, untrusted data abuses the logic of an application to inflict a denial of service (DoS) attack, achieve authentication bypass, enable remote code execution, and even execute arbitrary code as it is being deserialized.",
    "dataTypesDependencies": [],
    "dataConnectorsDependencies": [],
    "previewImagesFileNames": [
      "ContrastADRUntrustedDeserializationWorkbookBlack.png",
      "ContrastADRUntrustedDeserializationWorkbookWhite.png"
    ],
    "version": "1.0.0",
    "title": "ContrastADR Untrusted Deserialization Workbook",
    "templateRelativePath": "ContrastADR_Untrusted_Deserialization_Workbook.json",
    "subtitle": "",
    "provider": "contrast adr"
  },
  {
    "workbookKey": "ContrastADR_XML External_Entity_Injection_Injection_Workbook",
    "logoFileName": "ContrastADR.svg",
    "description": "XXE is a flaw in XML parsers where attackers can cause the parser to read local or remote resources as part of the document. Attackers often abuse this functionality to access other sensitive system information.",
    "dataTypesDependencies": [],
    "dataConnectorsDependencies": [],
    "previewImagesFileNames": [
      "ContrastADRXMLExternalEntityInjectionWorkbookBlack.png",
      "ContrastADRXMLExternalEntityInjectionWorkbookWhite.png"
    ],
    "version": "1.0.0",
    "title": "ContrastADR XML External Entity Injection Injection Workbook",
    "templateRelativePath": "ContrastADR_XML External_Entity_Injection_Injection_Workbook.json",
    "subtitle": "",
    "provider": "contrast adr"
  },
  {
    "workbookKey": "ContrastProtect",
    "logoFileName": "contrastsecurity_logo.svg",
    "description": "Select the time range for this Overview.",
    "dataTypesDependencies": [
      "CommonSecurityLog"
    ],
    "dataConnectorsDependencies": [
      "ContrastProtect",
      "ContrastProtectAma",
      "CefAma"
    ],
    "previewImagesFileNames": [
      "ContrastProtectAllBlack.png",
      "ContrastProtectAllWhite.png",
      "ContrastProtectEffectiveBlack.png",
      "ContrastProtectEffectiveWhite.png",
      "ContrastProtectSummaryBlack.png",
      "ContrastProtectSummaryWhite.png"
    ],
    "version": "1.0.0",
    "title": "Contrast Protect",
    "templateRelativePath": "ContrastProtect.json",
    "subtitle": "",
    "provider": "contrast security"
  },
  {
    "workbookKey": "ArmorbloxOverview",
    "logoFileName": "armorblox.svg",
    "description": "INCIDENTS FROM SELECTED TIME RANGE",
    "dataTypesDependencies": [
      "Armorblox_CL"
    ],
    "dataConnectorsDependencies": [
      "Armorblox"
    ],
    "previewImagesFileNames": [
      "ArmorbloxOverviewBlack01.png",
      "ArmorbloxOverviewBlack02.png",
      "ArmorbloxOverviewWhite01.png",
      "ArmorbloxOverviewWhite02.png"
    ],
    "version": "1.0.0",
    "title": "Armorblox",
    "templateRelativePath": "ArmorbloxOverview.json",
    "subtitle": "",
    "provider": "Armorblox"
  },
  {
    "workbookKey": "CiscoETDWorkbook",
    "logoFileName": "cisco-logo-72px.svg",
    "description": "Analyze email threat data seamlessly with the workbook, correlating information from the Secure Email Threat Defense API to identify and mitigate suspicious activities, providing insights into trends and allowing for precise filtering and analysis",
    "dataTypesDependencies": [
      "CiscoETD_CL"
    ],
    "dataConnectorsDependencies": [
      "CiscoETD"
    ],
    "previewImagesFileNames": [
      "CiscoETDBlack01.PNG",
      "CiscoETDBlack02.PNG",
      "CiscoETDWhite01.PNG",
      "CiscoETDWhite02.PNG"
    ],
    "version": "1.0",
    "title": "Cisco Email Threat Defense",
    "templateRelativePath": "CiscoETD.json",
    "subtitle": "",
    "provider": "Cisco"
  },
  {
    "workbookKey": "PaloAltoCDL",
    "logoFileName": "paloalto_logo.svg",
    "description": "Sets the time name for analysis",
    "dataTypesDependencies": [
      "CommonSecurityLog"
    ],
    "dataConnectorsDependencies": [
      "CefAma"
    ],
    "previewImagesFileNames": [
      "PaloAltoBlack.png",
      "PaloAltoWhite.png"
    ],
    "version": "1.0.0",
    "title": "Palo Alto Networks Cortex Data Lake",
    "templateRelativePath": "PaloAltoCDL.json",
    "subtitle": "",
    "provider": "Palo Alto Networks"
  },
  {
    "workbookKey": "VMwareCarbonBlack",
    "logoFileName": "Azure_Sentinel.svg",
    "description": "Sets the time name for analysis",
    "dataTypesDependencies": [
      "CarbonBlackEvents_CL",
      "CarbonBlackAuditLogs_CL",
      "CarbonBlackNotifications_CL"
    ],
    "dataConnectorsDependencies": [
      "VMwareCarbonBlack"
    ],
    "previewImagesFileNames": [
      "VMwareCarbonBlack.png",
      "VMwareCarbonWhite.png"
    ],
    "version": "1.0.0",
    "title": "VMware Carbon Black Cloud",
    "templateRelativePath": "VMwareCarbonBlack.json",
    "subtitle": "",
    "provider": "Microsoft"
  },
  {
    "workbookKey": "VMwareSDWAN",
    "logoFileName": "vmware_sase_logo.svg",
    "description": "This workbook is intended to provide an overview on security events on VMware SD-WAN and Cloud Web Security.",
    "dataTypesDependencies": [
      "VMware_CWS_Weblogs_CL",
      "VMware_VECO_EventLogs_CL"
    ],
    "dataConnectorsDependencies": [
      "VMwareSDWAN"
    ],
    "previewImagesFileNames": [
      "vmwaresdwan_sentinel_audit_overview_Black.png",
      "vmwaresdwan_sentinel_audit_overview_White.png",
      "vmwaresdwan_sentinel_connectivity_overview_Black.png",
      "vmwaresdwan_sentinel_connectivity_overview_White.png",
      "vmwaresdwan_sentinel_cws_agents_events_Black.png",
      "vmwaresdwan_sentinel_cws_agents_events_White.png",
      "vmwaresdwan_sentinel_cws_casb_Black.png",
      "vmwaresdwan_sentinel_cws_casb_White.png",
      "vmwaresdwan_sentinel_cws_cf_users_policy_Black.png",
      "vmwaresdwan_sentinel_cws_cf_users_policy_White.png",
      "vmwaresdwan_sentinel_cws_overview_Black.png",
      "vmwaresdwan_sentinel_cws_overview_White.png",
      "vmwaresdwan_sentinel_cws_sasepop_urlf_Black.png",
      "vmwaresdwan_sentinel_cws_sasepop_urlf_White.png",
      "vmwaresdwan_sentinel_cws_urlf_Black.png",
      "vmwaresdwan_sentinel_cws_urlf_White.png",
      "vmwaresdwan_sentinel_efs_idps_categories_Black.png",
      "vmwaresdwan_sentinel_efs_idps_categories_White.png",
      "vmwaresdwan_sentinel_idps_activity_Black.png",
      "vmwaresdwan_sentinel_idps_activity_White.png",
      "vmwaresdwan_sentinel_nsd_overview_Black.png",
      "vmwaresdwan_sentinel_nsd_overview_White.png",
      "vmwaresdwan_sentinel_nsd_via_vcg_Black.png",
      "vmwaresdwan_sentinel_nsd_via_vcg_White.png",
      "vmwaresdwan_sentinel_sdwan_efs_statefulfw_Black.png",
      "vmwaresdwan_sentinel_sdwan_efs_statefulfw_White.png"
    ],
    "version": "1.0.0",
    "title": "VMware SD-WAN and SASE",
    "templateRelativePath": "VMwareSASESOCDashboard.json",
    "subtitle": "",
    "provider": "velocloud"
  },
  {
    "workbookKey": "arista-networks",
    "logoFileName": "AristaAwakeSecurity.svg",
    "description": "Sets the time name for analysis",
    "dataTypesDependencies": [
      "CommonSecurityLog"
    ],
    "dataConnectorsDependencies": [
      "CefAma"
    ],
    "previewImagesFileNames": [
      "AristaAwakeSecurityDevicesBlack.png",
      "AristaAwakeSecurityDevicesWhite.png",
      "AristaAwakeSecurityModelsBlack.png",
      "AristaAwakeSecurityModelsWhite.png",
      "AristaAwakeSecurityOverviewBlack.png",
      "AristaAwakeSecurityOverviewWhite.png"
    ],
    "version": "1.0.0",
    "title": "Arista Awake",
    "templateRelativePath": "AristaAwakeSecurityWorkbook.json",
    "subtitle": "",
    "provider": "Arista Networks"
  },
  {
    "workbookKey": "TomcatWorkbook",
    "logoFileName": "Azure_Sentinel.svg",
    "description": "Sets the time name for analysis",
    "dataTypesDependencies": [
      "Tomcat_CL"
    ],
    "dataConnectorsDependencies": [
      "CustomLogsAma"
    ],
    "previewImagesFileNames": [
      "TomcatBlack.png",
      "TomcatWhite.png"
    ],
    "version": "1.0.0",
    "title": "ApacheTomcat",
    "templateRelativePath": "Tomcat.json",
    "subtitle": "",
    "provider": "Apache"
  },
  {
    "workbookKey": "ClarotyWorkbook",
    "logoFileName": "Azure_Sentinel.svg",
    "description": "Sets the time name for analysis",
    "dataTypesDependencies": [
      "CommonSecurityLog"
    ],
    "dataConnectorsDependencies": [
      "CefAma"
    ],
    "previewImagesFileNames": [
      "ClarotyBlack.png",
      "ClarotyWhite.png"
    ],
    "version": "1.0.0",
    "title": "Claroty",
    "templateRelativePath": "ClarotyOverview.json",
    "subtitle": "",
    "provider": "Claroty"
  },
  {
    "workbookKey": "ApacheHTTPServerWorkbook",
    "logoFileName": "apache.svg",
    "description": "Sets the time name for analysis",
    "dataTypesDependencies": [
      "ApacheHTTPServer_CL"
    ],
    "dataConnectorsDependencies": [
      "CustomLogsAma"
    ],
    "previewImagesFileNames": [
      "ApacheHTTPServerOverviewBlack01.png",
      "ApacheHTTPServerOverviewBlack02.png",
      "ApacheHTTPServerOverviewWhite01.png",
      "ApacheHTTPServerOverviewWhite02.png"
    ],
    "version": "1.0.0",
    "title": "Apache HTTP Server",
    "templateRelativePath": "ApacheHTTPServer.json",
    "subtitle": "",
    "provider": "Apache Software Foundation"
  },
  {
    "workbookKey": "OCIWorkbook",
    "logoFileName": "Azure_Sentinel.svg",
    "description": "Sets the time name for analysis",
    "dataTypesDependencies": [
      "OCI_Logs_CL"
    ],
    "dataConnectorsDependencies": [
      "OracleCloudInfrastructureLogsConnector"
    ],
    "previewImagesFileNames": [
      "OCIBlack.png",
      "OCIWhite.png"
    ],
    "version": "1.0.0",
    "title": "Oracle Cloud Infrastructure",
    "templateRelativePath": "OracleCloudInfrastructureOCI.json",
    "subtitle": "",
    "provider": "Microsoft"
  },
  {
    "workbookKey": "OracleWeblogicServerWorkbook",
    "logoFileName": "Azure_Sentinel.svg",
    "description": "Sets the time name for analysis",
    "dataTypesDependencies": [
      "OracleWebLogicServer_CL"
    ],
    "dataConnectorsDependencies": [
      "CustomLogsAma"
    ],
    "previewImagesFileNames": [
      "OracleWeblogicServerBlack.png",
      "OracleWeblogicServerWhite.png"
    ],
    "version": "1.0.0",
    "title": "Oracle WebLogic Server",
    "templateRelativePath": "OracleWorkbook.json",
    "subtitle": "",
    "provider": "Oracle"
  },
  {
    "workbookKey": "BitglassWorkbook",
    "logoFileName": "Azure_Sentinel.svg",
    "description": "Sets the time name for analysis",
    "dataTypesDependencies": [
      "BitglassLogs_CL"
    ],
    "dataConnectorsDependencies": [
      "Bitglass"
    ],
    "previewImagesFileNames": [
      "BitglassBlack.png",
      "BitglassWhite.png"
    ],
    "version": "1.0.0",
    "title": "Bitglass",
    "templateRelativePath": "Bitglass.json",
    "subtitle": "",
    "provider": "Bitglass"
  },
  {
    "workbookKey": "NGINXWorkbook",
    "logoFileName": "Azure_Sentinel.svg",
    "description": "Sets the time name for analysis",
    "dataTypesDependencies": [
      "NGINX_CL"
    ],
    "dataConnectorsDependencies": [
      "CustomLogsAma"
    ],
    "previewImagesFileNames": [
      "NGINXOverviewBlack01.png",
      "NGINXOverviewBlack02.png",
      "NGINXOverviewWhite01.png",
      "NGINXOverviewWhite02.png"
    ],
    "version": "1.0.0",
    "title": "NGINX HTTP Server",
    "templateRelativePath": "NGINX.json",
    "subtitle": "",
    "provider": "Microsoft"
  },
  {
    "workbookKey": "vArmourAppContollerWorkbook",
    "logoFileName": "varmour-logo.svg",
    "description": "Sets the time name for analysis",
    "dataTypesDependencies": [
      "CommonSecurityLog"
    ],
    "dataConnectorsDependencies": [
      "vArmourAC",
      "vArmourACAma",
      "CefAma"
    ],
    "previewImagesFileNames": [
      "vArmourAppControllerAppBlack.png",
      "vArmourAppControllerAppBlack-1.png",
      "vArmourAppControllerAppBlack-2.png",
      "vArmourAppControllerAppBlack-3.png",
      "vArmourAppControllerAppBlack-4.png",
      "vArmourAppControllerAppBlack-5.png",
      "vArmourAppControllerAppBlack-6.png",
      "vArmourAppControllerAppBlack-7.png",
      "vArmourAppControllerAppWhite.png",
      "vArmourAppControllerAppWhite-1.png",
      "vArmourAppControllerAppWhite-2.png",
      "vArmourAppControllerAppWhite-3.png",
      "vArmourAppControllerAppWhite-4.png",
      "vArmourAppControllerAppWhite-5.png",
      "vArmourAppControllerAppWhite-6.png",
      "vArmourAppControllerAppWhite-7.png"
    ],
    "version": "1.0.0",
    "title": "vArmour Application Controller",
    "templateRelativePath": "vArmour_AppContoller_Workbook.json",
    "subtitle": "",
    "provider": "vArmour"
  },
  {
    "workbookKey": "CorelightWorkbook",
    "logoFileName": "corelight.svg",
    "description": "Sets the time name for analysis",
    "dataTypesDependencies": [
      "Corelight_CL"
    ],
    "dataConnectorsDependencies": [
      "Corelight"
    ],
    "previewImagesFileNames": [
      "CorelightConnectionsBlack1.png",
      "CorelightConnectionsBlack2.png",
      "CorelightConnectionsWhite1.png",
      "CorelightConnectionsWhite2.png",
      "CorelightDNSBlack1.png",
      "CorelightDNSWhite1.png",
      "CorelightFileBlack1.png",
      "CorelightFileBlack2.png",
      "CorelightFileWhite1.png",
      "CorelightFileWhite2.png",
      "CorelightMainBlack1.png",
      "CorelightMainWhite1.png",
      "CorelightSoftwareBlack1.png",
      "CorelightSoftwareWhite1.png",
      "CorelightWhite1.png",
      "CorelightWhite2.png",
      "CorelightWhite3.png",
      "CorelightWhite4.png",
      "CorelightWhite5.png",
      "CorelightWhite6.png",
      "CorelightWhite7.png",
      "CorelightWhite8.png",
      "CorelightBlack1.png",
      "CorelightBlack2.png",
      "CorelightBlack3.png",
      "CorelightBlack4.png",
      "CorelightBlack5.png",
      "CorelightBlack6.png",
      "CorelightBlack7.png",
      "CorelightBlack8.png"
    ],
    "version": "1.0.0",
    "title": "Corelight",
    "templateRelativePath": "Corelight.json",
    "subtitle": "",
    "provider": "Corelight"
  },
  {
    "workbookKey": "CorelightAlertAggregationsWorkbook",
    "logoFileName": "corelight.svg",
    "description": "A workbook providing insights into Corelight Alert Aggregations.",
    "dataTypesDependencies": [
      "Corelight_v2_suricata_corelight_CL",
      "Corelight_v2_conn_CL",
      "Corelight_v2_conn_red_CL",
      "Corelight_v2_conn_long_CL",
      "Corelight_v2_files_CL",
      "Corelight_v2_files_red_CL",
      "Corelight_v2_http_CL",
      "Corelight_v2_http_red_CL",
      "Corelight_v2_http2_CL",
      "Corelight_v2_ssl_CL",
      "Corelight_v2_ssl_red_CL",
      "Corelight_v2_dns_CL",
      "Corelight_v2_dns_red_CL",
      "Corelight_v2_smb_files_CL",
      "Corelight_v2_smb_mapping_CL"
    ],
    "dataConnectorsDependencies": [
      "Corelight"
    ],
    "previewImagesFileNames": [
      "CorelightAlertAggregationsBlack.png",
      "CorelightAlertAggregationsWhite.png"
    ],
    "version": "1.0.0",
    "title": "CorelightAlertAggregations",
    "templateRelativePath": "Corelight_Alert_Aggregations.json",
    "provider": "Corelight"
  },
  {
    "workbookKey": "CorelightDataExplorerWorkbook",
    "logoFileName": "corelight.svg",
    "description": "A workbook providing insights into Corelight Data Explorer.",
    "dataTypesDependencies": [
      "Corelight_v2_conn_CL",
      "Corelight_v2_conn_red_CL",
      "Corelight_v2_conn_long_CL",
      "Corelight_v2_files_CL",
      "Corelight_v2_files_red_CL",
      "Corelight_v2_http_CL",
      "Corelight_v2_http_red_CL",
      "Corelight_v2_http2_CL",
      "Corelight_v2_ssl_CL",
      "Corelight_v2_ssl_red_CL",
      "Corelight_v2_dns_CL",
      "Corelight_v2_dns_red_CL",
      "Corelight_v2_software_CL",
      "Corelight_v2_x509_CL",
      "Corelight_v2_x509_red_CL"
    ],
    "dataConnectorsDependencies": [
      "Corelight"
    ],
    "previewImagesFileNames": [
      "CorelightDataExplorerBlack1.png",
      "CorelightDataExplorerBlack2.png",
      "CorelightDataExplorerBlack3.png",
      "CorelightDataExplorerBlack4.png",
      "CorelightDataExplorerBlack5.png",
      "CorelightDataExplorerBlack6.png",
      "CorelightDataExplorerBlack7.png",
      "CorelightDataExplorerBlack8.png",
      "CorelightDataExplorerBlack9.png",
      "CorelightDataExplorerBlack10.png",
      "CorelightDataExplorerBlack11.png",
      "CorelightDataExplorerBlack12.png",
      "CorelightDataExplorerWhite1.png",
      "CorelightDataExplorerWhite2.png",
      "CorelightDataExplorerWhite3.png",
      "CorelightDataExplorerWhite4.png",
      "CorelightDataExplorerWhite5.png",
      "CorelightDataExplorerWhite6.png",
      "CorelightDataExplorerWhite7.png",
      "CorelightDataExplorerWhite8.png",
      "CorelightDataExplorerWhite9.png",
      "CorelightDataExplorerWhite10.png",
      "CorelightDataExplorerWhite11.png",
      "CorelightDataExplorerWhite12.png"
    ],
    "version": "1.0.0",
    "title": "CorelightDataExplorer",
    "templateRelativePath": "Corelight_Data_Explorer.json",
    "provider": "Corelight"
  },
  {
    "workbookKey": "CorelightSecurityWorkflowWorkbook",
    "logoFileName": "corelight.svg",
    "description": "A workbook providing insights into Corelight Security Workflow.",
    "dataTypesDependencies": [
      "Corelight_v2_suricata_corelight_CL",
      "Corelight_v2_conn_CL",
      "Corelight_v2_conn_red_CL",
      "Corelight_v2_conn_long_CL",
      "Corelight_v2_files_CL",
      "Corelight_v2_files_red_CL",
      "Corelight_v2_http_CL",
      "Corelight_v2_http_red_CL",
      "Corelight_v2_http2_CL",
      "Corelight_v2_ssl_CL",
      "Corelight_v2_ssl_red_CL",
      "Corelight_v2_dns_CL",
      "Corelight_v2_dns_red_CL",
      "Corelight_v2_smb_files_CL",
      "Corelight_v2_smb_mapping_CL",
      "Corelight_v2_notice_CL",
      "Corelight_v2_intel_CL",
      "Corelight_v2_etc_viz_CL",
      "Corelight_v2_ftp_CL",
      "Corelight_v2_vpn_CL",
      "Corelight_v2_rdp_CL",
      "Corelight_v2_smtp_CL"
    ],
    "dataConnectorsDependencies": [
      "Corelight"
    ],
    "previewImagesFileNames": [
      "CorelightSecurityWorkflowBlack1.png",
      "CorelightSecurityWorkflowBlack2.png",
      "CorelightSecurityWorkflowBlack3.png",
      "CorelightSecurityWorkflowBlack4.png",
      "CorelightSecurityWorkflowBlack5.png",
      "CorelightSecurityWorkflowBlack6.png",
      "CorelightSecurityWorkflowBlack7.png",
      "CorelightSecurityWorkflowBlack8.png",
      "CorelightSecurityWorkflowBlack9.png",
      "CorelightSecurityWorkflowBlack10.png",
      "CorelightSecurityWorkflowBlack11.png",
      "CorelightSecurityWorkflowBlack12.png",
      "CorelightSecurityWorkflowWhite1.png",
      "CorelightSecurityWorkflowWhite2.png",
      "CorelightSecurityWorkflowWhite3.png",
      "CorelightSecurityWorkflowWhite4.png",
      "CorelightSecurityWorkflowWhite5.png",
      "CorelightSecurityWorkflowWhite6.png",
      "CorelightSecurityWorkflowWhite7.png",
      "CorelightSecurityWorkflowWhite8.png",
      "CorelightSecurityWorkflowWhite9.png",
      "CorelightSecurityWorkflowWhite10.png",
      "CorelightSecurityWorkflowWhite11.png",
      "CorelightSecurityWorkflowWhite12.png"
    ],
    "version": "1.0.0",
    "title": "CorelightSecurityWorkflow",
    "templateRelativePath": "Corelight_Security_Workflow.json",
    "provider": "Corelight"
  },
  {
    "workbookKey": "CorelightSensorOverviewWorkbook",
    "logoFileName": "corelight.svg",
    "description": "A workbook providing insights into Corelight Sensor Overview.",
    "dataTypesDependencies": [
      "Corelight_v2_corelight_metrics_iface_CL",
      "Corelight_v2_corelight_metrics_memory_CL",
      "Corelight_v2_corelight_metrics_system_CL",
      "Corelight_v2_corelight_metrics_zeek_doctor_CL",
      "Corelight_v2_corelight_metrics_disk_CL"
    ],
    "dataConnectorsDependencies": [
      "Corelight"
    ],
    "previewImagesFileNames": [
      "CorelightSensorOverviewBlack1.png",
      "CorelightSensorOverviewBlack2.png",
      "CorelightSensorOverviewBlack3.png",
      "CorelightSensorOverviewWhite1.png",
      "CorelightSensorOverviewWhite2.png",
      "CorelightSensorOverviewWhite3.png"
    ],
    "version": "1.0.0",
    "title": "CorelightSensorOverview",
    "templateRelativePath": "Corelight_Sensor_Overview.json",
    "provider": "Corelight"
  },
  {
    "workbookKey": "LookoutEvents",
    "logoFileName": "lookout.svg",
    "description": "Sets the time name for analysis",
    "dataTypesDependencies": [
      "Lookout_CL"
    ],
    "dataConnectorsDependencies": [
      "LookoutAPI"
    ],
    "previewImagesFileNames": [
      "SampleLookoutWorkBookBlack.png",
      "SampleLookoutWorkBookWhite.png"
    ],
    "version": "1.0.0",
    "title": "Lookout",
    "templateRelativePath": "LookoutEvents.json",
    "subtitle": "",
    "provider": "Lookout"
  },
  {
    "workbookKey": "sentinel-MicrosoftPurview",
    "logoFileName": "MicrosoftPurview.svg",
    "description": "Sets the time name for analysis",
    "dataTypesDependencies": [
      "AzureDiagnostics"
    ],
    "dataConnectorsDependencies": [
      "MicrosoftAzurePurview"
    ],
    "previewImagesFileNames": [
      ""
    ],
    "version": "1.0.0",
    "title": "Microsoft Purview",
    "templateRelativePath": "MicrosoftPurviewInformationProtection.json",
    "subtitle": "",
    "provider": "Microsoft"
  },
  {
    "workbookKey": "InfobloxCDCB1TDWorkbook",
    "logoFileName": "infoblox_logo.svg",
    "description": "Get a closer look at your BloxOne DNS Query/Response logs, DHCP logs and Threat Defense security event data. This workbook is intended to help visualize BloxOne query data as part of the Infoblox Cloud solution. Drilldown your data and visualize events, trends, and anomalous changes over time.",
    "dataTypesDependencies": [
      "CommonSecurityLog"
    ],
    "dataConnectorsDependencies": [
      "CefAma"
    ],
    "previewImagesFileNames": [
      "InfobloxCDCB1TDBlack.png",
      "InfobloxCDCB1TDWhite.png"
    ],
    "version": "2.0.0",
    "title": "Infoblox CDC BloxOne DDI & Threat Defense DNS Workbook",
    "templateRelativePath": "InfobloxCDCB1TDWorkbook.json",
    "subtitle": "",
    "provider": "Infoblox"
  },
  {
    "workbookKey": "InfobloxSOCInsightsWorkbook",
    "logoFileName": "infoblox_logo.svg",
    "description": "Get a closer look at your Infoblox SOC Insights. This workbook is intended to help visualize your BloxOne SOC Insights data as part of the Infoblox SOC Insights Solution. Drilldown your data and visualize events, trends, and anomalous changes over time.",
    "dataTypesDependencies": [
      "InfobloxInsight",
      "InfobloxInsightAssets",
      "InfobloxInsightComments",
      "InfobloxInsightIndicators",
      "InfobloxInsightEvents"
    ],
    "dataConnectorsDependencies": [
      "InfobloxSOCInsightsDataConnector_AMA",
      "InfobloxSOCInsightsDataConnector_API",
      "InfobloxSOCInsightsDataConnector_Legacy",
      "CefAma"
    ],
    "previewImagesFileNames": [
      "InfobloxSOCInsightsBlack.png",
      "InfobloxSOCInsightsWhite.png"
    ],
    "version": "1.0.0",
    "title": "Infoblox SOC Insights Workbook",
    "templateRelativePath": "InfobloxSOCInsightsWorkbook.json",
    "subtitle": "",
    "provider": "Infoblox"
  },
  {
    "workbookKey": "UbiquitiUniFiWorkbook",
    "logoFileName": "ubiquiti.svg",
    "description": "Sets the time name for analysis",
    "dataTypesDependencies": [
      "Ubiquiti_CL"
    ],
    "dataConnectorsDependencies": [
      "CustomLogsAma"
    ],
    "previewImagesFileNames": [
      "UbiquitiOverviewBlack01.png",
      "UbiquitiOverviewBlack02.png",
      "UbiquitiOverviewWhite01.png",
      "UbiquitiOverviewWhite02.png"
    ],
    "version": "1.0.0",
    "title": "Ubiquiti UniFi",
    "templateRelativePath": "Ubiquiti.json",
    "subtitle": "",
    "provider": "Microsoft"
  },
  {
    "workbookKey": "VMwareESXiWorkbook",
    "logoFileName": "Azure_Sentinel.svg",
    "description": "Sets the time name for analysis",
    "dataTypesDependencies": [
      "Syslog"
    ],
    "dataConnectorsDependencies": [
      "SyslogAma"
    ],
    "previewImagesFileNames": [
      "VMWareESXiBlack.png",
      "VMWareESXiWhite.png"
    ],
    "version": "1.0.0",
    "title": "VMware ESXi",
    "templateRelativePath": "VMWareESXi.json",
    "subtitle": "",
    "provider": "Microsoft"
  },
  {
    "workbookKey": "SnowflakeWorkbook",
    "logoFileName": "Azure_Sentinel.svg",
    "description": "Sets the time name for analysis",
    "dataTypesDependencies": [
      "Snowflake"
    ],
    "dataConnectorsDependencies": [
      "SnowflakeDataConnector"
    ],
    "previewImagesFileNames": [
      "SnowflakeBlack.png",
      "SnowflakeWhite.png"
    ],
    "version": "1.0.1",
    "title": "Snowflake",
    "templateRelativePath": "Snowflake.json",
    "subtitle": "",
    "provider": "Snowflake"
  },
  {
    "workbookKey": "LastPassWorkbook",
    "logoFileName": "LastPass.svg",
    "description": "Sets the time name for analysis",
    "dataTypesDependencies": [
      "LastPassNativePoller_CL"
    ],
    "dataConnectorsDependencies": [
      "LastPassAPIConnector"
    ],
    "previewImagesFileNames": [
      "LastPassBlack.png",
      "LastPassWhite.png"
    ],
    "version": "1.0.0",
    "title": "Lastpass Enterprise Activity Monitoring",
    "templateRelativePath": "LastPassWorkbook.json",
    "subtitle": "",
    "provider": "LastPass"
  },
  {
    "workbookKey": "SecurityBridgeWorkbook",
    "logoFileName": "SecurityBridgeLogo-Vector-TM_75x75.svg",
    "description": "Sets the time name for analysis",
    "dataTypesDependencies": [
      "SecurityBridgeLogs"
    ],
    "dataConnectorsDependencies": [
      "CustomLogsAma"
    ],
    "previewImagesFileNames": [
      ""
    ],
    "version": "1.0.0",
    "title": "SecurityBridge App",
    "templateRelativePath": "SecurityBridgeThreatDetectionforSAP.json",
    "subtitle": "",
    "provider": "SecurityBridge"
  },
  {
    "workbookKey": "PaloAltoPrismaCloudWorkbook",
    "logoFileName": "paloalto_logo.svg",
    "description": "Sets the time name for analysis.",
    "dataTypesDependencies": [
      "PaloAltoPrismaCloudAlert_CL",
      "PaloAltoPrismaCloudAudit_CL"
    ],
    "dataConnectorsDependencies": [
      "PaloAltoPrismaCloud"
    ],
    "previewImagesFileNames": [
      "PaloAltoPrismaCloudBlack01.png",
      "PaloAltoPrismaCloudBlack02.png",
      "PaloAltoPrismaCloudWhite01.png",
      "PaloAltoPrismaCloudWhite02.png"
    ],
    "version": "1.0.0",
    "title": "Palo Alto Prisma",
    "templateRelativePath": "PaloAltoPrismaCloudOverview.json",
    "subtitle": "",
    "provider": "Microsoft"
  },
  {
    "workbookKey": "PingFederateWorkbook",
    "logoFileName": "PingIdentity.svg",
    "description": "Sets the time name for analysis",
    "dataTypesDependencies": [
      "PingFederateEvent"
    ],
    "dataConnectorsDependencies": [
      "CefAma"
    ],
    "previewImagesFileNames": [
      "PingFederateBlack1.png",
      "PingFederateWhite1.png"
    ],
    "version": "1.0.0",
    "title": "PingFederate",
    "templateRelativePath": "PingFederate.json",
    "subtitle": "",
    "provider": "Microsoft"
  },
  {
    "workbookKey": "McAfeeePOWorkbook",
    "logoFileName": "mcafee_logo.svg",
    "description": "Sets the time name for analysis",
    "dataTypesDependencies": [
      "McAfeeEPOEvent"
    ],
    "dataConnectorsDependencies": [
      "SyslogAma"
    ],
    "previewImagesFileNames": [
      "McAfeeePOBlack1.png",
      "McAfeeePOBlack2.png",
      "McAfeeePOWhite1.png",
      "McAfeeePOWhite2.png"
    ],
    "version": "1.0.0",
    "title": "McAfee ePolicy Orchestrator",
    "templateRelativePath": "McAfeeePOOverview.json",
    "subtitle": "",
    "provider": "Microsoft"
  },
  {
    "workbookKey": "OracleDatabaseAudit",
    "logoFileName": "oracle_logo.svg",
    "description": "Sets the time name for analysis",
    "dataTypesDependencies": [
      "Syslog"
    ],
    "dataConnectorsDependencies": [
      "SyslogAma"
    ],
    "previewImagesFileNames": [
      "OracleDatabaseAuditBlack1.png",
      "OracleDatabaseAuditBlack2.png",
      "OracleDatabaseAuditWhite1.png",
      "OracleDatabaseAuditWhite2.png"
    ],
    "version": "1.0.0",
    "title": "Oracle Database Audit",
    "templateRelativePath": "OracleDatabaseAudit.json",
    "subtitle": "",
    "provider": "Oracle"
  },
  {
    "workbookKey": "SenservaProAnalyticsWorkbook",
    "logoFileName": "SenservaPro_logo.svg",
    "description": "Sets the time name for analysis",
    "dataTypesDependencies": [
      "SenservaPro_CL"
    ],
    "dataConnectorsDependencies": [
      "SenservaPro"
    ],
    "previewImagesFileNames": [
      "SenservaProAnalyticsBlack.png",
      "SenservaProAnalyticsWhite.png"
    ],
    "version": "1.0.0",
    "title": "SenservaProAnalytics",
    "templateRelativePath": "SenservaProAnalyticsWorkbook.json",
    "subtitle": "",
    "provider": "Senserva Pro"
  },
  {
    "workbookKey": "SenservaProMultipleWorkspaceWorkbook",
    "logoFileName": "SenservaPro_logo.svg",
    "description": "Sets the time name for analysis",
    "dataTypesDependencies": [
      "SenservaPro_CL"
    ],
    "dataConnectorsDependencies": [
      "SenservaPro"
    ],
    "previewImagesFileNames": [
      "SenservaProMultipleWorkspaceWorkbookBlack.png",
      "SenservaProMultipleWorkspaceWorkbookWhite.png"
    ],
    "version": "1.0.0",
    "title": "SenservaProMultipleWorkspace",
    "templateRelativePath": "SenservaProMultipleWorkspaceWorkbook.json",
    "subtitle": "",
    "provider": "Senserva Pro"
  },
  {
    "workbookKey": "SenservaProSecureScoreMultiTenantWorkbook",
    "logoFileName": "SenservaPro_logo.svg",
    "description": "Sets the time name for analysis",
    "dataTypesDependencies": [
      "SenservaPro_CL"
    ],
    "dataConnectorsDependencies": [
      "SenservaPro"
    ],
    "previewImagesFileNames": [
      "SenservaProSecureScoreMultiTenantBlack.png",
      "SenservaProSecureScoreMultiTenantWhite.png"
    ],
    "version": "1.0.0",
    "title": "SenservaProSecureScoreMultiTenant",
    "templateRelativePath": "SenservaProSecureScoreMultiTenantWorkbook.json",
    "subtitle": "",
    "provider": "Senserva Pro"
  },
  {
    "workbookKey": "CiscoSecureEndpointOverviewWorkbook",
    "logoFileName": "cisco-logo-72px.svg",
    "description": "Sets the time name for analysis",
    "dataTypesDependencies": [
      "CiscoSecureEndpoint"
    ],
    "dataConnectorsDependencies": [
      "CiscoSecureEndpoint"
    ],
    "previewImagesFileNames": [
      "CiscoSecureEndpointBlack.png",
      "CiscoSecureEndpointWhite.png"
    ],
    "version": "1.0.0",
    "title": "Cisco Secure Endpoint",
    "templateRelativePath": "Cisco Secure Endpoint Overview.json",
    "subtitle": "",
    "provider": "Cisco"
  },
  {
    "workbookKey": "InfoSecGlobalWorkbook",
    "logoFileName": "infosecglobal.svg",
    "description": "Sets the time name for analysis.",
    "dataTypesDependencies": [
      "InfoSecAnalytics_CL"
    ],
    "dataConnectorsDependencies": [
      "InfoSecDataConnector"
    ],
    "previewImagesFileNames": [
      "InfoSecGlobalWorkbookBlack.png",
      "InfoSecGlobalWorkbookWhite.png"
    ],
    "version": "1.0.0",
    "title": "AgileSec Analytics Connector",
    "templateRelativePath": "InfoSecGlobal.json",
    "subtitle": "",
    "provider": "InfoSecGlobal"
  },
  {
    "workbookKey": "CrowdStrikeFalconEndpointProtectionWorkbook",
    "logoFileName": "crowdstrike.svg",
    "description": "Sets the time name for analysis",
    "dataTypesDependencies": [
      "CrowdStrikeFalconEventStream"
    ],
    "dataConnectorsDependencies": [
      "CrowdstrikeReplicator"
    ],
    "previewImagesFileNames": [
      "CrowdStrikeFalconEndpointProtectionBlack.png",
      "CrowdStrikeFalconEndpointProtectionWhite.png"
    ],
    "version": "1.0.0",
    "title": "CrowdStrike Falcon Endpoint Protection",
    "templateRelativePath": "CrowdStrikeFalconEndpointProtection.json",
    "subtitle": "",
    "provider": "Microsoft"
  },
  {
    "workbookKey": "IronDefenseAlertDashboard",
    "logoFileName": "IronNet.svg",
    "description": "Sets the time name for analysis",
    "dataTypesDependencies": [
      "CommonSecurityLog"
    ],
    "dataConnectorsDependencies": [
      "IronNetIronDefense"
    ],
    "previewImagesFileNames": [
      "IronDefenseDashboardBlack.png",
      "IronDefenseDashboardWhite.png"
    ],
    "version": "1.0.0",
    "title": "IronDefenseAlertDashboard",
    "templateRelativePath": "IronDefenseAlertDashboard.json",
    "subtitle": "",
    "provider": "Microsoft"
  },
  {
    "workbookKey": "IronDefenseAlertDetails",
    "logoFileName": "IronNet.svg",
    "description": "Sets the time name for analysis",
    "dataTypesDependencies": [
      "CommonSecurityLog"
    ],
    "dataConnectorsDependencies": [
      "IronNetIronDefense"
    ],
    "previewImagesFileNames": [
      "IronDefenseAlertsBlack.png",
      "IronDefenseAlertsWhite.png"
    ],
    "version": "1.0.0",
    "title": "IronDefenseAlertDetails",
    "templateRelativePath": "IronDefenseAlertDetails.json",
    "subtitle": "",
    "provider": "Microsoft"
  },
  {
    "workbookKey": "CiscoSEGWorkbook",
    "logoFileName": "cisco-logo-72px.svg",
    "description": "Sets the time name for analysis",
    "dataTypesDependencies": [
      "CommonSecurityLog"
    ],
    "dataConnectorsDependencies": [
      "CefAma"
    ],
    "previewImagesFileNames": [
      "CiscoSEGBlack.png",
      "CiscoSEGWhite.png"
    ],
    "version": "1.0.0",
    "title": "Cisco Secure Email Gateway",
    "templateRelativePath": "CiscoSEG.json",
    "subtitle": "",
    "provider": "Cisco"
  },
  {
    "workbookKey": "EatonForeseerHealthAndAccess",
    "logoFileName": "Azure_Sentinel.svg",
    "description": "This workbook gives an insight into the health of all the Windows VMs in this subscription running Eaton Foreseer and       the unauthorized access into the Eaton Foreseer application running on these VMs.",
    "dataTypesDependencies": [
      "SecurityEvent"
    ],
    "dataConnectorsDependencies": [],
    "previewImagesFileNames": [
      "EatonForeseerHealthAndAccessBlack.png",
      "EatonForeseerHealthAndAccessWhite.png"
    ],
    "version": "1.0.0",
    "title": "EatonForeseerHealthAndAccess",
    "templateRelativePath": "EatonForeseerHealthAndAccess.json",
    "subtitle": "",
    "provider": "Eaton"
  },
  {
    "workbookKey": "PCIDSSComplianceWorkbook",
    "logoFileName": "Azure_Sentinel.svg",
    "description": "Choose your subscription and workspace in which PCI assets are deployed",
    "dataTypesDependencies": [
      "AzureDiagnostics",
      "SecurityEvent",
      "SecurityAlert",
      "OracleDatabaseAuditEvent",
      "Syslog",
      "Anomalies"
    ],
    "dataConnectorsDependencies": [],
    "previewImagesFileNames": [
      "PCIDSSComplianceBlack01.PNG",
      "PCIDSSComplianceBlack02.PNG",
      "PCIDSSComplianceWhite01.PNG",
      "PCIDSSComplianceWhite02.PNG"
    ],
    "version": "1.0.0",
    "title": "PCI DSS Compliance",
    "templateRelativePath": "PCIDSSCompliance.json",
    "subtitle": "",
    "provider": "Microsoft"
  },
  {
    "workbookKey": "SonraiSecurityWorkbook",
    "logoFileName": "Sonrai.svg",
    "description": "Sets the time name for analysis",
    "dataTypesDependencies": [
      "Sonrai_Tickets_CL"
    ],
    "dataConnectorsDependencies": [
      "SonraiDataConnector"
    ],
    "previewImagesFileNames": [
      "SonraiWorkbookBlack.png",
      "SonraiWorkbookWhite.png"
    ],
    "version": "1.0.0",
    "title": "Sonrai",
    "templateRelativePath": "Sonrai.json",
    "subtitle": "",
    "provider": "Sonrai"
  },
  {
    "workbookKey": "SemperisDSPWorkbook",
    "logoFileName": "Semperis.svg",
    "description": "Specify the time range on which to query the data",
    "dataTypesDependencies": [
      "dsp_parser"
    ],
    "dataConnectorsDependencies": [
      "SemperisDSP"
    ],
    "previewImagesFileNames": [
      "SemperisDSPOverview1Black.png",
      "SemperisDSPOverview1White.png",
      "SemperisDSPOverview2Black.png",
      "SemperisDSPOverview2White.png",
      "SemperisDSPOverview3Black.png",
      "SemperisDSPOverview3White.png"
    ],
    "version": "1.0.0",
    "title": "Semperis Directory Services Protector",
    "templateRelativePath": "SemperisDSPWorkbook.json",
    "subtitle": "",
    "provider": "Semperis"
  },
  {
    "workbookKey": "BoxWorkbook",
    "logoFileName": "box.svg",
    "description": "Sets the time name for analysis",
    "dataTypesDependencies": [
      "BoxEvents"
    ],
    "dataConnectorsDependencies": [
      "BoxEventsCCPDefinition"
    ],
    "previewImagesFileNames": [
      "BoxBlack1.png",
      "BoxWhite1.png",
      "BoxBlack2.png",
      "BoxWhite2.png"
    ],
    "version": "1.0.1",
    "title": "Box",
    "templateRelativePath": "Box.json",
    "subtitle": "",
    "provider": "Box"
  },
  {
    "workbookKey": "SymantecEndpointProtection",
    "logoFileName": "symantec_logo.svg",
    "description": "Sets the time name for analysis",
    "dataTypesDependencies": [
      "SymantecEndpointProtection"
    ],
    "dataConnectorsDependencies": [
      "SyslogAma"
    ],
    "previewImagesFileNames": [
      "SymantecEndpointProtectionBlack.png",
      "SymantecEndpointProtectionWhite.png"
    ],
    "version": "1.0.0",
    "title": "Symantec Endpoint Protection",
    "templateRelativePath": "SymantecEndpointProtection.json",
    "subtitle": "",
    "provider": "Symantec"
  },
  {
    "workbookKey": "DynamicThreatModeling&Response",
    "logoFileName": "Azure_Sentinel.svg",
    "description": "Sets the time name for analysis",
    "dataTypesDependencies": [
      "SecurityAlert"
    ],
    "dataConnectorsDependencies": [],
    "previewImagesFileNames": [
      "DynamicThreatModeling&ResponseWhite.png",
      "DynamicThreatModeling&ResponseBlack.png"
    ],
    "version": "1.0.0",
    "title": "Dynamic Threat Modeling Response",
    "templateRelativePath": "DynamicThreatModeling&Response.json",
    "subtitle": "",
    "provider": "Microsoft"
  },
  {
    "workbookKey": "ThreatAnalysis&Response",
    "logoFileName": "Azure_Sentinel.svg",
    "description": "The Defenders for IoT workbook provide guided investigations for OT entities based on open incidents, alert notifications, and activities for OT assets. They also provide a hunting experience across the MITRE ATT&CK® framework for ICS, and are designed to enable analysts, security engineers, and MSSPs to gain situational awareness of OT security posture.",
    "dataTypesDependencies": [
      "SecurityAlert"
    ],
    "dataConnectorsDependencies": [],
    "previewImagesFileNames": [
      "ThreatAnalysis&ResponseWhite1.png",
      "ThreatAnalysis&ResponseWhite2.png",
      "ThreatAnalysis&ResponseWhite3.png",
      "ThreatAnalysis&ResponseBlack1.png",
      "ThreatAnalysis&ResponseBlack2.png",
      "ThreatAnalysis&ResponseBlack3.png"
    ],
    "version": "1.1.0",
    "title": "Threat Analysis Response",
    "templateRelativePath": "ThreatAnalysis&Response.json",
    "subtitle": "",
    "provider": "Microsoft"
  },
  {
    "workbookKey": "TrendMicroCAS",
    "logoFileName": "Trend_Micro_Logo.svg",
    "description": "Sets the time name for analysis",
    "dataTypesDependencies": [
      "TrendMicroCAS_CL"
    ],
    "dataConnectorsDependencies": [
      "TrendMicroCAS"
    ],
    "previewImagesFileNames": [
      "TrendMicroCASBlack.png",
      "TrendMicroCASWhite.png"
    ],
    "version": "1.0.0",
    "title": "TrendMicroCAS",
    "templateRelativePath": "TrendMicroCAS.json",
    "subtitle": "",
    "provider": "TrendMicro"
  },
  {
    "workbookKey": "GitHubSecurityWorkbook",
    "logoFileName": "GitHub.svg",
    "description": "Gain insights to GitHub activities that may be interesting for security.",
    "dataTypesDependencies": [
      "GitHubAuditLogPolling_CL"
    ],
    "dataConnectorsDependencies": [
      "GitHubEcAuditLogPolling"
    ],
    "previewImagesFileNames": [
      "GitHubSecurityBlack.png",
      "GitHubSecurityWhite.png"
    ],
    "version": "1.0.0",
    "title": "GithubWorkbook",
    "templateRelativePath": "GitHub.json",
    "subtitle": "",
    "provider": "Microsoft"
  },
  {
    "workbookKey": "GCPDNSWorkbook",
    "logoFileName": "google_logo.svg",
    "description": "Sets the time name for analysis",
    "dataTypesDependencies": [
      "GCPCloudDNS"
    ],
    "dataConnectorsDependencies": [
      "GCPDNSDataConnector"
    ],
    "previewImagesFileNames": [
      "GCPDNSBlack.png",
      "GCPDNSWhite.png"
    ],
    "version": "1.0.0",
    "title": "Google Cloud Platform DNS",
    "templateRelativePath": "GCPDNS.json",
    "subtitle": "",
    "provider": "Microsoft"
  },
  {
    "workbookKey": "AtlassianJiraAuditWorkbook",
    "logoFileName": "atlassian.svg",
    "description": "Sets the time name for analysis",
    "dataTypesDependencies": [
      "AtlassianJiraNativePoller_CL"
    ],
    "dataConnectorsDependencies": [
      "AtlassianJira"
    ],
    "previewImagesFileNames": [
      "AtlassianJiraAuditWhite.png",
      "AtlassianJiraAuditBlack.png"
    ],
    "version": "1.0.0",
    "title": "AtlassianJiraAudit",
    "templateRelativePath": "AtlassianJiraAudit.json",
    "subtitle": "",
    "provider": "Atlassian"
  },
  {
    "workbookKey": "DigitalGuardianWorkbook",
    "logoFileName": "Azure_Sentinel.svg",
    "description": "Sets the time name for analysis",
    "dataTypesDependencies": [
      "DigitalGuardianDLPEvent"
    ],
    "dataConnectorsDependencies": [
      "SyslogAma"
    ],
    "previewImagesFileNames": [
      "DigitalGuardianBlack.png",
      "DigitalGuardianWhite.png"
    ],
    "version": "1.0.0",
    "title": "DigitalGuardianDLP",
    "templateRelativePath": "DigitalGuardian.json",
    "subtitle": "",
    "provider": "Digital Guardian"
  },
  {
    "workbookKey": "CiscoDuoWorkbook",
    "logoFileName": "cisco-logo-72px.svg",
    "description": "Sets the time name for analysis",
    "dataTypesDependencies": [
      "CiscoDuo_CL"
    ],
    "dataConnectorsDependencies": [
      "CiscoDuoSecurity"
    ],
    "previewImagesFileNames": [
      "CiscoDuoWhite.png",
      "CiscoDuoBlack.png"
    ],
    "version": "1.0.0",
    "title": "CiscoDuoSecurity",
    "templateRelativePath": "CiscoDuo.json",
    "subtitle": "",
    "provider": "Cisco"
  },
  {
    "workbookKey": "SlackAudit",
    "logoFileName": "slacklogo.svg",
    "description": "Sets the time name for analysis",
    "dataTypesDependencies": [
      "SlackAudit_CL"
    ],
    "dataConnectorsDependencies": [
      "SlackAuditAPI"
    ],
    "previewImagesFileNames": [
      "SlackAuditApplicationActivityBlack1.png",
      "SlackAuditApplicationActivityWhite1.png"
    ],
    "version": "1.0.0",
    "title": "SlackAudit",
    "templateRelativePath": "SlackAudit.json",
    "subtitle": "",
    "provider": "Slack"
  },
  {
    "workbookKey": "CiscoWSAWorkbook",
    "logoFileName": "cisco-logo-72px.svg",
    "description": "Sets the time name for analysis",
    "dataTypesDependencies": [
      "Syslog"
    ],
    "dataConnectorsDependencies": [
      "SyslogAma"
    ],
    "previewImagesFileNames": [
      "CiscoWSAWhite.png",
      "CiscoWSABlack.png"
    ],
    "version": "1.0.0",
    "title": "CiscoWSA",
    "templateRelativePath": "CiscoWSA.json",
    "subtitle": "",
    "provider": "Cisco"
  },
  {
    "workbookKey": "GCP-IAM-Workbook",
    "logoFileName": "google_logo.svg",
    "description": "Sets the time name for analysis",
    "dataTypesDependencies": [
      "GCP_IAM_CL"
    ],
    "dataConnectorsDependencies": [
      "GCPIAMDataConnector"
    ],
    "previewImagesFileNames": [
      "GCPIAMBlack01.png",
      "GCPIAMBlack02.png",
      "GCPIAMWhite01.png",
      "GCPIAMWhite02.png"
    ],
    "version": "1.0.0",
    "title": "Google Cloud Platform IAM",
    "templateRelativePath": "GCP_IAM.json",
    "subtitle": "",
    "provider": "Google"
  },
  {
    "workbookKey": "ImpervaWAFCloudWorkbook",
    "logoFileName": "Imperva_DarkGrey_final_75x75.svg",
    "description": "Sets the time name for analysis.",
    "dataTypesDependencies": [
      "ImpervaWAFCloud_CL"
    ],
    "dataConnectorsDependencies": [
      "ImpervaWAFCloudAPI"
    ],
    "previewImagesFileNames": [
      "ImpervaWAFCloudBlack01.png",
      "ImpervaWAFCloudBlack02.png",
      "ImpervaWAFCloudWhite01.png",
      "ImpervaWAFCloudWhite02.png"
    ],
    "version": "1.0.0",
    "title": "Imperva WAF Cloud Overview",
    "templateRelativePath": "Imperva WAF Cloud Overview.json",
    "subtitle": "",
    "provider": "Microsoft"
  },
  {
    "workbookKey": "ZscalerZPAWorkbook",
    "logoFileName": "ZscalerLogo.svg",
    "description": "Select the time range for this Overview.",
    "dataTypesDependencies": [
      "ZPA_CL"
    ],
    "dataConnectorsDependencies": [
      "CustomLogsAma"
    ],
    "previewImagesFileNames": [
      "ZscalerZPABlack.png",
      "ZscalerZPAWhite.png"
    ],
    "version": "1.0.0",
    "title": "Zscaler Private Access (ZPA)",
    "templateRelativePath": "ZscalerZPA.json",
    "subtitle": "",
    "provider": "Zscaler"
  },
  {
    "workbookKey": "GoogleWorkspaceWorkbook",
    "logoFileName": "google_logo.svg",
    "description": "Sets the time name for analysis",
    "dataTypesDependencies": [
      "GWorkspace_ReportsAPI_admin_CL",
      "GWorkspace_ReportsAPI_calendar_CL",
      "GWorkspace_ReportsAPI_drive_CL",
      "GWorkspace_ReportsAPI_login_CL",
      "GWorkspace_ReportsAPI_login_CL",
      "GWorkspace_ReportsAPI_mobile_CL"
    ],
    "dataConnectorsDependencies": [
      "GoogleWorkspaceReportsAPI"
    ],
    "previewImagesFileNames": [
      "GoogleWorkspaceBlack.png",
      "GoogleWorkspaceWhite.png"
    ],
    "version": "1.0.0",
    "title": "GoogleWorkspaceReports",
    "templateRelativePath": "GoogleWorkspace.json",
    "subtitle": "",
    "provider": "Microsoft"
  },
  {
    "workbookKey": "NCProtectWorkbook",
    "logoFileName": "NCProtectIcon.svg",
    "description": "Sets the time name for analysis",
    "dataTypesDependencies": [
      "NCProtectUAL_CL"
    ],
    "dataConnectorsDependencies": [
      "NucleusCyberNCProtect"
    ],
    "previewImagesFileNames": [
      ""
    ],
    "version": "1.0.0",
    "title": "NucleusCyberProtect",
    "templateRelativePath": "NucleusCyber_NCProtect_Workbook.json",
    "subtitle": "",
    "provider": "archTIS"
  },
  {
    "workbookKey": "CiscoISEWorkbook",
    "logoFileName": "cisco-logo-72px.svg",
    "description": "Sets the time name for analysis",
    "dataTypesDependencies": [
      "Syslog"
    ],
    "dataConnectorsDependencies": [
      "SyslogAma"
    ],
    "previewImagesFileNames": [
      "CiscoISEBlack1.png",
      "CiscoISEBlack2.png",
      "CiscoISEWhite1.png",
      "CiscoISEWhite2.png"
    ],
    "version": "1.0.0",
    "title": "Cisco ISE",
    "templateRelativePath": "CiscoISE.json",
    "subtitle": "",
    "provider": "Cisco"
  },
  {
    "workbookKey": "IoTOTThreatMonitoringwithDefenderforIoTWorkbook",
    "logoFileName": "Azure_Sentinel.svg",
    "description": "The OT Threat Monitoring with Defender for IoT Workbook features OT filtering for Security Alerts, Incidents, Vulnerabilities and Asset Inventory. The workbook features a dynamic assessment of the MITRE ATT&CK for ICS matrix across your environment to analyze and respond to OT-based threats. This workbook is designed to enable SecOps Analysts, Security Engineers, and MSSPs to gain situational awareness for IT/OT security posture.",
    "dataTypesDependencies": [
      "SecurityAlert",
      "SecurityIncident"
    ],
    "dataConnectorsDependencies": [],
    "previewImagesFileNames": [
      "IoTOTThreatMonitoringwithDefenderforIoTBlack.png",
      "IoTOTThreatMonitoringwithDefenderforIoTWhite.png"
    ],
    "version": "1.0.0",
    "title": "Microsoft Defender for IoT",
    "templateRelativePath": "IoTOTThreatMonitoringwithDefenderforIoT.json",
    "subtitle": "",
    "provider": "Microsoft"
  },
  {
    "workbookKey": "ZeroTrust(TIC3.0)Workbook",
    "logoFileName": "Azure_Sentinel.svg",
    "description": "Sets the time name for analysis",
    "dataTypesDependencies": [
      "SecurityRecommendation"
    ],
    "dataConnectorsDependencies": [],
    "previewImagesFileNames": [
      "ZeroTrust(TIC3.0)Black1.PNG",
      "ZeroTrust(TIC3.0)White1.PNG"
    ],
    "version": "1.0.0",
    "title": "ZeroTrust(TIC3.0)",
    "templateRelativePath": "ZeroTrustTIC3.json",
    "subtitle": "",
    "provider": "Microsoft"
  },
  {
    "workbookKey": "CybersecurityMaturityModelCertification(CMMC)2.0Workbook",
    "logoFileName": "Azure_Sentinel.svg",
    "description": "Sets the time name for analysis.",
    "dataTypesDependencies": [
      "InformationProtectionLogs_CL",
      "AuditLogs",
      "SecurityIncident",
      "SigninLogs",
      "AzureActivity"
    ],
    "dataConnectorsDependencies": [],
    "previewImagesFileNames": [
      "CybersecurityMaturityModelCertificationBlack.png",
      "CybersecurityMaturityModelCertificationWhite.png"
    ],
    "version": "1.1.0",
    "title": "CybersecurityMaturityModelCertification(CMMC)2.0",
    "templateRelativePath": "CybersecurityMaturityModelCertification_CMMCV2.json",
    "subtitle": "",
    "provider": "Microsoft"
  },
  {
    "workbookKey": "NISTSP80053Workbook",
    "logoFileName": "Azure_Sentinel.svg",
    "description": "Sets the time name for analysis.",
    "dataTypesDependencies": [
      "SigninLogs",
      "AuditLogs",
      "AzureActivity",
      "OfficeActivity",
      "SecurityEvents",
      "CommonSecurityLog",
      "SecurityIncident",
      "SecurityRecommendation"
    ],
    "dataConnectorsDependencies": [
      "SecurityEvents"
    ],
    "previewImagesFileNames": [
      "NISTSP80053Black.png",
      "NISTSP80053White.png"
    ],
    "version": "1.1.0",
    "title": "NISTSP80053workbook",
    "templateRelativePath": "NISTSP80053.json",
    "subtitle": "",
    "provider": "Microsoft"
  },
  {
    "workbookKey": "DarktraceWorkbook",
    "logoFileName": "Darktrace.svg",
    "description": "The Darktrace Workbook visualises Model Breach and AI Analyst data received by the Darktrace Data Connector and visualises events across the network, SaaS, IaaS and Email.",
    "dataTypesDependencies": [
      "darktrace_model_alerts_CL"
    ],
    "dataConnectorsDependencies": [
      "DarktraceRESTConnector"
    ],
    "previewImagesFileNames": [
      "DarktraceWorkbookBlack01.png",
      "DarktraceWorkbookBlack02.png",
      "DarktraceWorkbookWhite01.png",
      "DarktraceWorkbookWhite02.png"
    ],
    "version": "1.0.1",
    "title": "Darktrace",
    "templateRelativePath": "DarktraceWorkbook.json",
    "subtitle": "",
    "provider": "Darktrace"
  },
  {
    "workbookKey": "RecordedFutureAlertOverviewWorkbook",
    "logoFileName": "RecordedFuture.svg",
    "description": "Recorded Future Alerts Overview Workbook. This workbook will visualize playbook alerts imported via the RecordedFuture-Alert-Importer.",
    "dataTypesDependencies": [
      "RecordedFuturePortalAlerts_CL"
    ],
    "dataConnectorsDependencies": [],
    "previewImagesFileNames": [
      "RecordedFutureAlertOverviewWhite.png",
      "RecordedFutureAlertOverviewBlack.png"
    ],
    "version": "1.0.1",
    "title": "Recorded Future - Alerts Overview",
    "templateRelativePath": "RecordedFutureAlertOverview.json",
    "subtitle": "",
    "provider": "Recorded Future"
  },
  {
    "workbookKey": "RecordedFuturePlaybookAlertOverviewWorkbook",
    "logoFileName": "RecordedFuture.svg",
    "description": "Recorded Future Playbook Alerts Overview Workbook. This workbook will visualize playbook alerts imported via the RecordedFuture-Playbook-Alert-Importer.",
    "dataTypesDependencies": [
      "RecordedFuturePlaybookAlerts_CL"
    ],
    "dataConnectorsDependencies": [],
    "previewImagesFileNames": [
      "RecordedFuturePlaybookAlertOverviewWhite1.png",
      "RecordedFuturePlaybookAlertOverviewBlack1.png"
    ],
    "version": "1.0.1",
    "title": "Recorded Future - Playbook Alerts Overview",
    "templateRelativePath": "RecordedFuturePlaybookAlertOverview.json",
    "subtitle": "",
    "provider": "Recorded Future"
  },
  {
    "workbookKey": "RecordedFutureDomainCorrelationWorkbook",
    "logoFileName": "RecordedFuture.svg",
    "description": "Recorded Future Domain Correlation Workbook. This workbook will visualize Recorded Future threat intelligence data together with infrastructure logs ingested in to Sentinel.",
    "dataTypesDependencies": [
      "ThreatIntelligenceIndicator"
    ],
    "dataConnectorsDependencies": [],
    "previewImagesFileNames": [
      "RecordedFutureDomainCorrelationWhite.png",
      "RecordedFutureDomainCorrelationBlack.png"
    ],
    "version": "1.0.1",
    "title": "Recorded Future - Domain Correlation",
    "templateRelativePath": "RecordedFutureDomainCorrelation.json",
    "subtitle": "",
    "provider": "Recorded Future"
  },
  {
    "workbookKey": "RecordedFutureHashCorrelationWorkbook",
    "logoFileName": "RecordedFuture.svg",
    "description": "Recorded Future Hash Correlation Workbook. This workbook will visualize Recorded Future threat intelligence data together with infrastructure logs ingested in to Sentinel.",
    "dataTypesDependencies": [
      "ThreatIntelligenceIndicator"
    ],
    "dataConnectorsDependencies": [],
    "previewImagesFileNames": [
      "RecordedFutureHashCorrelationWhite.png",
      "RecordedFutureHashCorrelationBlack.png"
    ],
    "version": "1.0.1",
    "title": "Recorded Future - Hash Correlation",
    "templateRelativePath": "RecordedFutureHashCorrelation.json",
    "subtitle": "",
    "provider": "Recorded Future"
  },
  {
    "workbookKey": "RecordedFutureIPCorrelationWorkbook",
    "logoFileName": "RecordedFuture.svg",
    "description": "Recorded Future IP Correlation Workbook. This workbook will visualize Recorded Future threat intelligence data together with infrastructure logs ingested in to Sentinel.",
    "dataTypesDependencies": [
      "ThreatIntelligenceIndicator"
    ],
    "dataConnectorsDependencies": [],
    "previewImagesFileNames": [
      "RecordedFutureIPCorrelationWhite.png",
      "RecordedFutureIPCorrelationBlack.png"
    ],
    "version": "1.0.1",
    "title": "Recorded Future - IP Correlation",
    "templateRelativePath": "RecordedFutureIPCorrelation.json",
    "subtitle": "",
    "provider": "Recorded Future"
  },
  {
    "workbookKey": "RecordedFutureURLCorrelationWorkbook",
    "logoFileName": "RecordedFuture.svg",
    "description": "Recorded Future URL Correlation Workbook. This workbook will visualize Recorded Future threat intelligence data together with infrastructure logs ingested in to Sentinel.",
    "dataTypesDependencies": [
      "ThreatIntelligenceIndicator"
    ],
    "dataConnectorsDependencies": [],
    "previewImagesFileNames": [
      "RecordedFutureUrlCorrelationWhite.png",
      "RecordedFutureUrlCorrelationBlack.png"
    ],
    "version": "1.0.1",
    "title": "Recorded Future - URL Correlation",
    "templateRelativePath": "RecordedFutureURLCorrelation.json",
    "subtitle": "",
    "provider": "Recorded Future"
  },
  {
    "workbookKey": "RecordedFutureThreatActorHuntingWorkbook",
    "logoFileName": "RecordedFuture.svg",
    "description": "Recorded Future Threat Actor Hunting Workbook. This workbook will visualize Recorded Future threat map and hunting indicators ingested in to Microsoft Sentinel.",
    "dataTypesDependencies": [
      "ThreatIntelligenceIndicator"
    ],
    "dataConnectorsDependencies": [],
    "previewImagesFileNames": [
      "RecordedFutureThreatActorHuntingWhite.png",
      "RecordedFutureThreatActorHuntingBlack.png"
    ],
    "version": "1.0.1",
    "title": "Recorded Future - Threat Actor Hunting",
    "templateRelativePath": "RecordedFutureThreatActorHunting.json",
    "subtitle": "",
    "provider": "Recorded Future"
  },
  {
    "workbookKey": "RecordedFutureMalwareThreatHuntingWorkbook",
    "logoFileName": "RecordedFuture.svg",
    "description": "Recorded Future Malware Threat Hunting Workbook. This workbook will visualize Recorded Future malware threat map and hunting indicators ingested in to Microsoft Sentinel.",
    "dataTypesDependencies": [
      "ThreatIntelligenceIndicator"
    ],
    "dataConnectorsDependencies": [],
    "previewImagesFileNames": [
      "RecordedFutureMalwareThreatHuntingWhite.png",
      "RecordedFutureMalwareThreatHuntingBlack.png"
    ],
    "version": "1.0.0",
    "title": "Recorded Future - Malware Threat Hunting",
    "templateRelativePath": "RecordedFutureMalwareThreatHunting.json",
    "subtitle": "",
    "provider": "Recorded Future"
  },
  {
    "workbookKey": "MaturityModelForEventLogManagement_M2131",
    "logoFileName": "contrastsecurity_logo.svg",
    "description": "Select the time range for this Overview.",
    "dataTypesDependencies": [],
    "dataConnectorsDependencies": [],
    "previewImagesFileNames": [
      "MaturityModelForEventLogManagement_M2131Black.png",
      "MaturityModelForEventLogManagement_M2131White.png"
    ],
    "version": "1.0.1",
    "title": "MaturityModelForEventLogManagementM2131",
    "templateRelativePath": "MaturityModelForEventLogManagement_M2131.json",
    "subtitle": "",
    "provider": "Microsoft"
  },
  {
    "workbookKey": "AzureSQLSecurityWorkbook",
    "logoFileName": "AzureSQL.svg",
    "description": "Sets the time window in days to search around the alert",
    "dataTypesDependencies": [
      "AzureDiagnostics",
      "SecurityAlert",
      "SecurityIncident"
    ],
    "dataConnectorsDependencies": [
      "AzureSql"
    ],
    "previewImagesFileNames": [
      ""
    ],
    "version": "1.0.0",
    "title": "Azure SQL Database Workbook",
    "templateRelativePath": "Workbook-AzureSQLSecurity.json",
    "subtitle": "",
    "provider": "Microsoft"
  },
  {
    "workbookKey": "ContinuousDiagnostics&Mitigation",
    "logoFileName": "Azure_Sentinel.svg",
    "description": "Select the time range for this Overview.",
    "dataTypesDependencies": [],
    "dataConnectorsDependencies": [],
    "previewImagesFileNames": [
      "ContinuousDiagnostics&MitigationBlack.png",
      "ContinuousDiagnostics&MitigationWhite.png"
    ],
    "version": "1.0.1",
    "title": "ContinuousDiagnostics&Mitigation",
    "templateRelativePath": "ContinuousDiagnostics&Mitigation.json",
    "subtitle": "",
    "provider": "Microsoft"
  },
  {
    "workbookKey": "AtlasianJiraAuditWorkbook",
    "logoFileName": "atlassian.svg",
    "description": "Select the time range for this Overview.",
    "dataTypesDependencies": [
      "AtlassianJiraNativePoller_CL"
    ],
    "dataConnectorsDependencies": [
      "AtlassianJira"
    ],
    "previewImagesFileNames": [
      "AtlassianJiraAuditBlack.png",
      "AtlassianJiraAuditWhite.png"
    ],
    "version": "1.0.0",
    "title": "AtlasianJiraAuditWorkbook",
    "templateRelativePath": "AtlasianJiraAuditWorkbook.json",
    "subtitle": "",
    "provider": "Microsoft"
  },
  {
    "workbookKey": "AzureSecurityBenchmark",
    "logoFileName": "Azure_Sentinel.svg",
    "description": "Azure Security Benchmark v3 Workbook provides a mechanism for viewing log queries, azure resource graph, and policies aligned to ASB controls across Microsoft security offerings, Azure, Microsoft 365, 3rd Party, On-Premises, and Multi-cloud workloads. This workbook enables Security Architects, Engineers, SecOps Analysts, Managers, and IT Pros to gain situational awareness visibility for the security posture of cloud workloads. There are also recommendations for selecting, designing, deploying, and configuring Microsoft offerings for alignment with respective ASB requirements and practices.",
    "dataTypesDependencies": [
      "SecurityRegulatoryCompliance",
      "AzureDiagnostics",
      "SecurityIncident",
      "SigninLogs",
      "SecurityAlert"
    ],
    "dataConnectorsDependencies": [],
    "previewImagesFileNames": [
      "AzureSecurityBenchmarkBlack.png",
      "AzureSecurityBenchmarkWhite.png"
    ],
    "version": "1.1.0",
    "title": "Azure Security Benchmark",
    "templateRelativePath": "AzureSecurityBenchmark.json",
    "subtitle": "",
    "provider": "Microsoft"
  },
  {
    "workbookKey": "ZNAccessOrchestratorAudit",
    "logoFileName": "ZeroNetworks.svg",
    "description": "This workbook provides a summary of ZeroNetworks data.",
    "dataTypesDependencies": [
      "ZNAccessOrchestratorAudit_CL",
      "ZNAccessOrchestratorAuditNativePoller_CL"
    ],
    "dataConnectorsDependencies": [
      "ZeroNetworksAccessOrchestratorAuditFunction",
      "ZeroNetworksAccessOrchestratorAuditNativePoller"
    ],
    "previewImagesFileNames": [
      ""
    ],
    "version": "1.0.0",
    "title": "Zero NetWork",
    "templateRelativePath": "ZNSegmentAudit.json",
    "subtitle": "",
    "provider": "Zero Networks"
  },
  {
    "workbookKey": "FireworkWorkbook",
    "logoFileName": "Flare.svg",
    "description": "Select the time range for this Overview.",
    "dataTypesDependencies": [
      "Firework_CL"
    ],
    "dataConnectorsDependencies": [
      "FlareSystemsFirework"
    ],
    "previewImagesFileNames": [
      "FireworkOverviewBlack01.png",
      "FireworkOverviewBlack02.png",
      "FireworkOverviewWhite01.png",
      "FireworkOverviewWhite02.png"
    ],
    "version": "1.0.0",
    "title": "FlareSystemsFirework",
    "templateRelativePath": "FlareSystemsFireworkOverview.json",
    "subtitle": "",
    "provider": "Flare Systems"
  },
  {
    "workbookKey": "TaniumWorkbook",
    "logoFileName": "Tanium.svg",
    "description": "The Tanium Workbook contains 20+ visualizations across 5 tabs (Threat Response, Comply, Discover, Microsoft Tooling Health and Patch). Each of these tabs shows examples of insights teams can leverage using Tanium's real-time data.",
    "dataTypesDependencies": [
      "TaniumComplyCompliance_CL",
      "TaniumComplyVulnerabilities_CL",
      "TaniumDefenderHealth_CL",
      "TaniumDiscoverUnmanagedAssets_CL",
      "TaniumHighUptime_CL",
      "TaniumPatchCoverageStatus_CL",
      "TaniumPatchListApplicability_CL",
      "TaniumPatchListCompliance_CL",
      "TaniumSCCMClientHealth_CL",
      "TaniumThreatResponse_CL"
    ],
    "dataConnectorsDependencies": [],
    "previewImagesFileNames": [
      "TaniumWorkbookComplyBlack.png",
      "TaniumWorkbookComplyWhite.png",
      "TaniumWorkbookDiscoverBlack.png",
      "TaniumWorkbookPatchWhite.png"
    ],
    "previewImages": [
      "TaniumWorkbookComplyWhite.png",
      "TaniumWorkbookPatchWhite.png"
    ],
    "previewImagesDark": [
      "TaniumWorkbookComplyBlack.png",
      "TaniumWorkbookDiscoverBlack.png"
    ],
    "version": "2.0",
    "title": "Tanium Workbook",
    "templateRelativePath": "TaniumWorkbook.json",
    "subtitle": "",
    "provider": "Tanium"
  },
  {
    "workbookKey": "ActionableAlertsDashboard",
    "logoFileName": "Cybersixgill.svg",
    "description": "None.",
    "dataTypesDependencies": [
      "CyberSixgill_Alerts_CL"
    ],
    "dataConnectorsDependencies": [
      "CybersixgillActionableAlerts"
    ],
    "previewImagesFileNames": [
      "ActionableAlertsDashboardWhite.PNG",
      "ActionableAlertsDashboardBlack.PNG"
    ],
    "version": "1.0.0",
    "title": "Cybersixgill Actionable Alerts Dashboard",
    "templateRelativePath": "ActionableAlertsDashboard.json",
    "subtitle": "",
    "provider": "Cybersixgill"
  },
  {
    "workbookKey": "ActionableAlertsList",
    "logoFileName": "Cybersixgill.svg",
    "description": "None.",
    "dataTypesDependencies": [
      "CyberSixgill_Alerts_CL"
    ],
    "dataConnectorsDependencies": [
      "CybersixgillActionableAlerts"
    ],
    "previewImagesFileNames": [
      "ActionableAlertsListBlack.PNG",
      "ActionableAlertsListWhite.PNG"
    ],
    "version": "1.0.0",
    "title": "Cybersixgill Actionable Alerts List",
    "templateRelativePath": "ActionableAlertsList.json",
    "subtitle": "",
    "provider": "Cybersixgill"
  },
  {
    "workbookKey": "ArgosCloudSecurityWorkbook",
    "logoFileName": "argos-logo.svg",
    "description": "The ARGOS Cloud Security integration for Microsoft Sentinel allows you to have all your important cloud security events in one place.",
    "dataTypesDependencies": [
      "ARGOS_CL"
    ],
    "dataConnectorsDependencies": [
      "ARGOSCloudSecurity"
    ],
    "previewImagesFileNames": [
      "ARGOSCloudSecurityWorkbookBlack.png",
      "ARGOSCloudSecurityWorkbookWhite.png"
    ],
    "version": "1.0.0",
    "title": "ARGOS Cloud Security",
    "templateRelativePath": "ARGOSCloudSecurityWorkbook.json",
    "subtitle": "",
    "provider": "ARGOS Cloud Security"
  },
  {
    "workbookKey": "JamfProtectWorkbook",
    "logoFileName": "jamf_logo.svg",
    "description": "This Jamf Protect Workbook for Microsoft Sentinel enables you to ingest Jamf Protect events forwarded into Microsoft Sentinel.\n Providing reports into all alerts, device controls and Unfied Logs.",
    "dataTypesDependencies": [
      "jamfprotect_CL"
    ],
    "dataConnectorsDependencies": [],
    "previewImagesFileNames": [
      "JamfProtectDashboardBlack.png",
      "JamfProtectDashboardWhite.png"
    ],
    "version": "2.0.0",
    "title": "Jamf Protect Workbook",
    "templateRelativePath": "JamfProtectDashboard.json",
    "subtitle": "",
    "provider": "Jamf Software, LLC"
  },
  {
    "workbookKey": "AIVectraStream",
    "logoFileName": "AIVectraDetect.svg",
    "description": "",
    "dataTypesDependencies": [
      "VectraStream_CL"
    ],
    "dataConnectorsDependencies": [
      "AIVectraStream"
    ],
    "previewImagesFileNames": [
      "AIVectraDetectBlack1.png",
      "AIVectraDetectWhite1.png"
    ],
    "version": "1.0.0",
    "title": "AIVectraStreamWorkbook",
    "templateRelativePath": "AIVectraStreamWorkbook.json",
    "subtitle": "",
    "provider": "Vectra AI"
  },
  {
    "workbookKey": "SecurityScorecardWorkbook",
    "logoFileName": "SecurityScorecard-Cybersecurity-Ratings.svg",
    "description": "This Workbook provides immediate insight into the data coming from SecurityScorecard's three Sentinel data connectors: SecurityScorecard Cybersecurity Ratings, SecurityScorecard Cybersecurity Ratings - Factors, and SecurityScorecard Cybersecurity Ratings - Issues.",
    "dataTypesDependencies": [
      "SecurityScorecardFactor_CL",
      "SecurityScorecardIssues_CL",
      "SecurityScorecardRatings_CL"
    ],
    "dataConnectorsDependencies": [
      "SecurityScorecardFactorAzureFunctions",
      "SecurityScorecardIssueAzureFunctions",
      "SecurityScorecardRatingsAzureFunctions"
    ],
    "previewImagesFileNames": [
      "SecurityScorecardBlack1.png",
      "SecurityScorecardBlack2.png",
      "SecurityScorecardBlack3.png",
      "SecurityScorecardBlack4.png",
      "SecurityScorecardBlack5.png",
      "SecurityScorecardBlack6.png",
      "SecurityScorecardWhite1.png",
      "SecurityScorecardWhite2.png",
      "SecurityScorecardWhite3.png",
      "SecurityScorecardWhite4.png",
      "SecurityScorecardWhite5.png",
      "SecurityScorecardWhite6.png"
    ],
    "version": "1.0.0",
    "title": "SecurityScorecard",
    "templateRelativePath": "SecurityScorecardWorkbook.json",
    "subtitle": "",
    "provider": "SecurityScorecard"
  },
  {
    "workbookKey": "DigitalShadowsWorkbook",
    "logoFileName": "DigitalShadowsLogo.svg",
    "description": "For gaining insights into Digital Shadows logs.",
    "dataTypesDependencies": [
      "DigitalShadows_CL"
    ],
    "dataConnectorsDependencies": [
      "DigitalShadowsSearchlightAzureFunctions"
    ],
    "previewImagesFileNames": [
      "DigitalShadowsBlack1.png",
      "DigitalShadowsBlack2.png",
      "DigitalShadowsBlack3.png",
      "DigitalShadowsWhite1.png",
      "DigitalShadowsWhite2.png",
      "DigitalShadowsWhite3.png"
    ],
    "version": "1.0.0",
    "title": "Digital Shadows",
    "templateRelativePath": "DigitalShadows.json",
    "subtitle": "",
    "provider": "Digital Shadows"
  },
  {
    "workbookKey": "SalesforceServiceCloudWorkbook",
    "logoFileName": "salesforce_logo.svg",
    "description": "Sets the time name for analysis.",
    "dataTypesDependencies": [
      "SalesforceServiceCloud"
    ],
    "dataConnectorsDependencies": [
      "SalesforceServiceCloud_CL"
    ],
    "previewImagesFileNames": [
      ""
    ],
    "version": "1.0.0",
    "title": "Salesforce Service Cloud",
    "templateRelativePath": "SalesforceServiceCloud.json",
    "subtitle": "",
    "provider": "Salesforce"
  },
  {
    "workbookKey": "NetworkSessionSolution",
    "logoFileName": "Azure_Sentinel.svg",
    "description": "This workbook is included as part of Network Session Essentials solution and gives a summary of analyzed traffic, helps with threat analysis and investigating suspicious IP's and traffic analysis. Network Session Essentials Solution also includes playbooks to periodically summarize the logs thus enhancing user experience and improving data search. For the effective usage of workbook, we highly recommend to enable the summarization playbooks that are provided with this solution.",
    "dataTypesDependencies": [
      "AWSVPCFlow",
      "DeviceNetworkEvents",
      "SecurityEvent",
      "WindowsEvent",
      "CommonSecurityLog",
      "Syslog",
      "CommonSecurityLog",
      "VMConnection",
      "AzureDiagnostics",
      "AzureDiagnostics",
      "CommonSecurityLog",
      "Corelight_CL",
      "VectraStream",
      "CommonSecurityLog",
      "CommonSecurityLog",
      "Syslog",
      "CiscoMerakiNativePoller"
    ],
    "dataConnectorsDependencies": [
      "AWSS3",
      "MicrosoftThreatProtection",
      "SecurityEvents",
      "WindowsForwardedEvents",
      "Zscaler",
      "MicrosoftSysmonForLinux",
      "AzureMonitor(VMInsights)",
      "AzureFirewall",
      "AzureNSG",
      "CiscoASA",
      "Corelight",
      "AIVectraStream",
      "CheckPoint",
      "CustomLogsAma",
      "CefAma"
    ],
    "previewImagesFileNames": [
      ""
    ],
    "version": "1.0.0",
    "title": "Network Session Essentials",
    "templateRelativePath": "NetworkSessionEssentials.json",
    "subtitle": "",
    "provider": "Microsoft"
  },
  {
    "workbookKey": "NetworkSessionSolutionV2",
    "logoFileName": "Azure_Sentinel.svg",
    "description": "The Microsoft Sentinel Domain Solution for Network Sessions delivers real-time insights into network activity and potential threats. Designed for Network Teams, Security Architects, Analysts, and Consultants, this solution helps monitor network assets and investigate suspicious or malicious behavior. The accompanying workbook provides a comprehensive summary of analyzed traffic, supports threat detection and investigation of suspicious IPs, and offers in-depth traffic analysis to enhance situational awareness.\n The Summary Rules included in the Solution Package are designed to aggregate log data efficiently, enhancing the performance of workbooks and data searches. Enabling these rules is highly recommended to fully leverage the capabilities and responsiveness of this workbook.",
    "dataTypesDependencies": [
      "AWSVPCFlow",
      "DeviceNetworkEvents",
      "SecurityEvent",
      "WindowsEvent",
      "Syslog",
      "CommonSecurityLog",
      "VMConnection",
      "AzureDiagnostics",
      "Corelight_CL",
      "VectraStream",
      "CiscoMerakiNativePoller"
    ],
    "dataConnectorsDependencies": [
      "AWSS3",
      "MicrosoftThreatProtection",
      "SecurityEvents",
      "WindowsForwardedEvents",
      "Zscaler",
      "MicrosoftSysmonForLinux",
      "AzureMonitor(VMInsights)",
      "AzureFirewall",
      "AzureNSG",
      "CiscoASA",
      "Corelight",
      "AIVectraStream",
      "CheckPoint",
      "CustomLogsAma",
      "CefAma"
    ],
    "previewImagesFileNames": [
      "NetworkSessionEssentialsWorkbookV2-Black.png",
      "NetworkSessionEssentialsWorkbookV2-White.png"
    ],
    "version": "1.0.0",
    "title": "Network Session Essentials V2",
    "templateRelativePath": "NetworkSessionEssentialsV2.json",
    "subtitle": "",
    "provider": "Microsoft"
  },
  {
    "workbookKey": "SAPSODAnalysis",
    "logoFileName": "SAPVMIcon.svg",
    "description": "SAP SOD Analysis",
    "dataTypesDependencies": [
      "SAPAuditLog"
    ],
    "dataConnectorsDependencies": [
      "SAP"
    ],
    "previewImagesFileNames": [
      ""
    ],
    "version": "2.0.0",
    "title": "SAP SOD Analysis",
    "templateRelativePath": "SAP - Segregation of Duties v2.0 (by Aliter Consulting).json",
    "subtitle": "",
    "provider": "Aliter Consulting"
  },
  {
    "workbookKey": "TheomWorkbook",
    "logoFileName": "theom-logo.svg",
    "description": "Theom Alert Statistics",
    "dataTypesDependencies": [
      "TheomAlerts_CL"
    ],
    "dataConnectorsDependencies": [
      "Theom"
    ],
    "previewImagesFileNames": [
      "TheomWorkbook-black.png",
      "TheomWorkbook-white.png"
    ],
    "version": "1.0.0",
    "title": "Theom",
    "templateRelativePath": "Theom.json",
    "subtitle": "",
    "provider": "Theom"
  },
  {
    "workbookKey": "DynatraceWorkbooks",
    "logoFileName": "dynatrace.svg",
    "description": "This workbook brings together queries and visualizations to assist you in identifying potential threats surfaced by Dynatrace.",
    "dataTypesDependencies": [
      "DynatraceAttacks",
      "DynatraceAuditLogs",
      "DynatraceProblems",
      "DynatraceRuntimeVulnerabilities"
    ],
    "dataConnectorsDependencies": [
      "DynatraceAttacks",
      "DynatraceAuditLogs",
      "DynatraceProblems",
      "DynatraceRuntimeVulnerabilities"
    ],
    "previewImagesFileNames": [
      "DynatraceWorkbookBlack.png",
      "DynatraceWorkbookWhite.png"
    ],
    "version": "3.0.1",
    "title": "Dynatrace",
    "templateRelativePath": "Dynatrace.json",
    "subtitle": "",
    "provider": "Dynatrace"
  },
  {
    "workbookKey": "MDOWorkbook",
    "logoFileName": "Azure_Sentinel.svg",
    "description": "Gain extensive insight into your organization's Microsoft Defender for Office Activity by analyzing, and correlating events.\nYou can track malware and phishing detection over time.",
    "dataTypesDependencies": [
      "SecurityAlert"
    ],
    "dataConnectorsDependencies": [
      "MicrosoftThreatProtection"
    ],
    "previewImagesFileNames": [
      "MDOBlack1.png",
      "MDOBlack2.png",
      "MDOWhite1.png",
      "MDOWhite2.png"
    ],
    "version": "1.0.0",
    "title": "Microsoft Defender XDR MDOWorkbook",
    "templateRelativePath": "MDO Insights.json",
    "subtitle": "",
    "provider": "Microsoft"
  },
  {
    "workbookKey": "AnomaliesVisualizationWorkbook",
    "logoFileName": "Azure_Sentinel.svg",
    "description": "A workbook that provides contextual information to a user for better insight on Anomalies and their impact. The workbook will help with investigation of anomalies as well as identify patterns that can lead to a threat.",
    "dataTypesDependencies": [
      "Anomalies"
    ],
    "dataConnectorsDependencies": [],
    "previewImagesFileNames": [
      "AnomaliesVisualizationWorkbookWhite.png",
      "AnomaliesVisualizationWorkbookBlack.png"
    ],
    "version": "1.0.0",
    "title": "AnomaliesVisulization",
    "templateRelativePath": "AnomaliesVisualization.json",
    "subtitle": "",
    "provider": "Microsoft Sentinel Community"
  },
  {
    "workbookKey": "AnomalyDataWorkbook",
    "logoFileName": "Azure_Sentinel.svg",
    "description": "A workbook providing details, related Incident, and related Hunting Workbook for a specific Anomaly.",
    "dataTypesDependencies": [
      "Anomalies"
    ],
    "dataConnectorsDependencies": [],
    "previewImagesFileNames": [
      "AnomalyDataWorkbookWhite.png",
      "AnomalyDataWorkbookBlack.png"
    ],
    "version": "1.0.0",
    "title": "AnomalyData",
    "templateRelativePath": "AnomalyData.json",
    "subtitle": "",
    "provider": "Microsoft Sentinel Community"
  },
  {
    "workbookKey": "MicrosoftExchangeLeastPrivilegewithRBAC-Online",
    "logoFileName": "Azure_Sentinel.svg",
    "description": "This Workbook, dedicated to Exchange Online environments is built to have a simple view of non-standard RBAC delegations on an Exchange Online tenant. This Workbook allow you to go deep dive on custom delegation and roles and also members of each delegation, including the nested level and the group imbrication on your environment.",
    "dataTypesDependencies": [
      "ESIExchangeOnlineConfig_CL"
    ],
    "dataConnectorsDependencies": [
      "ESI-ExchangeOnlineCollector"
    ],
    "previewImagesFileNames": [
      "MicrosoftExchangeLeastPrivilegewithRBAC-OnlineBlack.png",
      "MicrosoftExchangeLeastPrivilegewithRBAC-OnlineWhite.png"
    ],
    "version": "1.1.0",
    "title": "Microsoft Exchange Least Privilege with RBAC - Online",
    "templateRelativePath": "Microsoft Exchange Least Privilege with RBAC - Online.json",
    "subtitle": "",
    "provider": "Microsoft"
  },
  {
    "workbookKey": "MicrosoftExchangeLeastPrivilegewithRBAC",
    "logoFileName": "Azure_Sentinel.svg",
    "description": "This Workbook, dedicated to On-Premises environments is built to have a simple view of non-standard RBAC delegations on an On-Premises Exchange environment. This Workbook allow you to go deep dive on custom delegation and roles and also members of each delegation, including the nested level and the group imbrication on your environment. Required Data Connector: Exchange Security Insights On-Premises Collector.",
    "dataTypesDependencies": [
      "ESIExchangeConfig_CL"
    ],
    "dataConnectorsDependencies": [
      "ESI-ExchangeOnPremisesCollector",
      "ESI-ExchangeAdminAuditLogEvents"
    ],
    "previewImagesFileNames": [
      "MicrosoftExchangeLeastPrivilegewithRBACBlack.png",
      "MicrosoftExchangeLeastPrivilegewithRBACWhite.png"
    ],
    "version": "1.0.3",
    "title": "Microsoft Exchange Least Privilege with RBAC",
    "templateRelativePath": "Microsoft Exchange Least Privilege with RBAC.json",
    "subtitle": "",
    "provider": "Microsoft"
  },
  {
    "workbookKey": "MicrosoftExchangeSearchAdminAuditLog",
    "logoFileName": "Azure_Sentinel.svg",
    "description": "This workbook is dedicated to On-Premises Exchange organizations. It uses the MSExchange Management event logs to give you a simple way to view administrators’ activities in your Exchange environment with Cmdlets usage statistics and multiple pivots to understand who and/or what is affected to modifications on your environment. Required Data Connector: Exchange Audit Event logs via Legacy Agent.",
    "dataTypesDependencies": [
      "ESIExchangeConfig_CL"
    ],
    "dataConnectorsDependencies": [
      "ESI-ExchangeOnPremisesCollector",
      "ESI-ExchangeAdminAuditLogEvents"
    ],
    "previewImagesFileNames": [
      "MicrosoftExchangeSearchAdminAuditLogBlack.png",
      "MicrosoftExchangeSearchAdminAuditLogWhite.png"
    ],
    "version": "1.0.3",
    "title": "Microsoft Exchange Search AdminAuditLog",
    "templateRelativePath": "Microsoft Exchange Search AdminAuditLog.json",
    "subtitle": "",
    "provider": "Microsoft"
  },
  {
    "workbookKey": "MicrosoftExchangeSearchAdminAuditLog-Online",
    "logoFileName": "Azure_Sentinel.svg",
    "description": "This workbook is dedicated to Online Exchange organizations. It uses the Office Activity logs to give you a simple way to view administrators’ activities in your Exchange environment with Cmdlets usage statistics and multiple pivots to understand who and/or what is affected to modifications on your environment. Required Data Connector: Microsoft 365 (Exchange).",
    "dataTypesDependencies": [
      "OfficeActivity"
    ],
    "dataConnectorsDependencies": [
      "Office365"
    ],
    "previewImagesFileNames": [
      "MicrosoftExchangeOnlineSearchAdminAuditLogBlack.png",
      "MicrosoftExchangeOnlineSearchAdminAuditLogWhite.png"
    ],
    "version": "1.0.0",
    "title": "Microsoft Exchange Search AdminAuditLog - Online",
    "templateRelativePath": "Microsoft Exchange Search AdminAuditLog - Online.json",
    "subtitle": "",
    "provider": "Microsoft"
  },
  {
    "workbookKey": "MicrosoftExchangeSecurityMonitoring",
    "logoFileName": "Azure_Sentinel.svg",
    "description": "This Workbook is dedicated to On-Premises Exchange organizations. It uses the MSExchange Management event logs and Microsoft Exchange Security configuration collected by data connectors. It helps to track admin actions, especially on VIP Users and/or on Sensitive Cmdlets. This workbook allows also to list Exchange Services changes, local account activities and local logon on Exchange Servers. Required Data Connector: Exchange Audit Event logs via Legacy Agent.",
    "dataTypesDependencies": [
      "ESIExchangeConfig_CL"
    ],
    "dataConnectorsDependencies": [
      "ESI-ExchangeOnPremisesCollector",
      "ESI-ExchangeAdminAuditLogEvents"
    ],
    "previewImagesFileNames": [
      "MicrosoftExchangeSecurityMonitoringBlack.png",
      "MicrosoftExchangeSecurityMonitoringWhite.png"
    ],
    "version": "1.0.3",
    "title": "Microsoft Exchange Admin Activity",
    "templateRelativePath": "Microsoft Exchange Admin Activity.json",
    "subtitle": "",
    "provider": "Microsoft"
  },
  {
    "workbookKey": "MicrosoftExchangeAdminActivity-Online",
    "logoFileName": "Azure_Sentinel.svg",
    "description": "This Workbook is dedicated to Online Exchange organizations. It uses Office Activity logs. It helps to track admin actions, especially on VIP Users and/or on Sensitive Cmdlets. Required Data Connector: Microsoft 365 (Exchange).",
    "dataTypesDependencies": [
      "OfficeActivity"
    ],
    "dataConnectorsDependencies": [
      "Office365"
    ],
    "previewImagesFileNames": [
      "MicrosoftExchangeAdminActivity-OnlineBlack.png",
      "MicrosoftExchangeAdminActivity-OnlineWhite.png"
    ],
    "version": "1.0.1",
    "title": "Microsoft Exchange Admin Activity - Online",
    "templateRelativePath": "Microsoft Exchange Admin Activity - Online.json",
    "subtitle": "",
    "provider": "Microsoft"
  },
  {
    "workbookKey": "MicrosoftExchangeSecurityReview-Online",
    "logoFileName": "Azure_Sentinel.svg",
    "description": "This Workbook is dedicated to Exchange Online tenants. It displays and highlights current Security configuration on various Exchange components specific to Online including delegations, the transport configuration and the linked security risks, and risky protocols.",
    "dataTypesDependencies": [
      "ESIExchangeOnlineConfig_CL"
    ],
    "dataConnectorsDependencies": [
      "ESI-ExchangeOnlineCollector"
    ],
    "previewImagesFileNames": [
      "MicrosoftExchangeSecurityReview-OnlineBlack.png",
      "MicrosoftExchangeSecurityReview-OnlineWhite.png"
    ],
    "version": "1.1.0",
    "title": "Microsoft Exchange Security Review - Online",
    "templateRelativePath": "Microsoft Exchange Security Review - Online.json",
    "subtitle": "",
    "provider": "Microsoft"
  },
  {
    "workbookKey": "MicrosoftExchangeSecurityReview",
    "logoFileName": "Azure_Sentinel.svg",
    "description": "This Workbook is dedicated to On-Premises Exchange organizations. It displays and highlights current Security configuration on various Exchange components including delegations, rights on databases, Exchange and most important AD Groups with members including nested groups, local administrators of servers. This workbook helps also to understand the transport configuration and the linked security risks. Required Data Connector: Exchange Security Insights On-Premises Collector.",
    "dataTypesDependencies": [
      "ESIExchangeConfig_CL"
    ],
    "dataConnectorsDependencies": [
      "ESI-ExchangeOnPremisesCollector",
      "ESI-ExchangeAdminAuditLogEvents"
    ],
    "previewImagesFileNames": [
      "MicrosoftExchangeSecurityReviewBlack.png",
      "MicrosoftExchangeSecurityReviewWhite.png"
    ],
    "version": "2.0.0",
    "title": "Microsoft Exchange Security Review",
    "templateRelativePath": "Microsoft Exchange Security Review.json",
    "subtitle": "",
    "provider": "Microsoft"
  },
  {
    "workbookKey": "ibossMalwareAndC2Workbook",
    "logoFileName": "iboss_logo.svg",
    "description": "A workbook providing insights into malware and C2 activity detected by iboss.",
    "dataTypesDependencies": [],
    "dataConnectorsDependencies": [
      "CefAma"
    ],
    "previewImagesFileNames": [
      ""
    ],
    "version": "1.0.0",
    "title": "iboss Malware and C2",
    "templateRelativePath": "ibossMalwareAndC2.json",
    "subtitle": "",
    "provider": "iboss"
  },
  {
    "workbookKey": "ibossWebUsageWorkbook",
    "logoFileName": "iboss_logo.svg",
    "description": "A workbook providing insights into web usage activity detected by iboss.",
    "dataTypesDependencies": [],
    "dataConnectorsDependencies": [
      "CefAma"
    ],
    "previewImagesFileNames": [
      ""
    ],
    "version": "1.0.0",
    "title": "iboss Web Usage",
    "templateRelativePath": "ibossWebUsage.json",
    "subtitle": "",
    "provider": "iboss"
  },
  {
    "workbookKey": "CynerioOverviewWorkbook",
    "logoFileName": "Cynerio.svg",
    "description": "An overview of Cynerio Security events",
    "dataTypesDependencies": [
      "CynerioEvent_CL"
    ],
    "dataConnectorsDependencies": [
      "CynerioSecurityEvents"
    ],
    "previewImagesFileNames": [
      "CynerioOverviewBlack.png",
      "CynerioOverviewWhite.png"
    ],
    "version": "1.0.0",
    "title": "Cynerio Overview Workbook",
    "templateRelativePath": "CynerioOverviewWorkbook.json",
    "subtitle": "",
    "provider": "Cynerio"
  },
  {
    "workbookKey": "ReversingLabs-CapabilitiesOverview",
    "logoFileName": "reversinglabs.svg",
    "description": "The ReversingLabs-CapabilitiesOverview workbook provides a high level look at your threat intelligence capabilities and how they relate to your operations.",
    "dataTypesDependencies": [],
    "dataConnectorsDependencies": [],
    "previewImagesFileNames": [
      "ReversingLabsTiSummary-White.png",
      "ReversingLabsTiSummary-Black.png",
      "ReversingLabsOpsSummary-White.png",
      "ReversingLabsOpsSummary-Black.png"
    ],
    "version": "1.1.1",
    "title": "ReversingLabs-CapabilitiesOverview",
    "templateRelativePath": "ReversingLabs-CapabilitiesOverview.json",
    "subtitle": "",
    "provider": "ReversingLabs"
  },
  {
    "workbookKey": "vCenter",
    "logoFileName": "Azure_Sentinel.svg",
    "description": "This data connector depends on a parser based on Kusto Function **vCenter** to work as expected. [Follow steps to get this Kusto Function](https://aka.ms/sentinel-vCenter-parser)",
    "dataTypesDependencies": [
      "vCenter_CL"
    ],
    "dataConnectorsDependencies": [
      "CustomLogsAma"
    ],
    "previewImagesFileNames": [
      ""
    ],
    "version": "1.0.0",
    "title": "vCenter",
    "templateRelativePath": "vCenter.json",
    "subtitle": "",
    "provider": "VMware"
  },
  {
    "workbookKey": "SAP-Monitors-AlertsandPerformance",
    "logoFileName": "SAPVMIcon.svg",
    "description": "SAP -Monitors- Alerts and Performance",
    "dataTypesDependencies": [
      "SAPAuditLog"
    ],
    "dataConnectorsDependencies": [
      "SAP"
    ],
    "previewImagesFileNames": [
      ""
    ],
    "version": "2.0.1",
    "title": "SAP -Monitors- Alerts and Performance",
    "templateRelativePath": "SAP -Monitors- Alerts and Performance.json",
    "subtitle": "",
    "provider": "Microsoft"
  },
  {
    "workbookKey": "SAP-SecurityAuditlogandInitialAccess",
    "logoFileName": "SAPVMIcon.svg",
    "description": "SAP -Security Audit log and Initial Access",
    "dataTypesDependencies": [
      "SAPAuditLog"
    ],
    "dataConnectorsDependencies": [
      "SAP"
    ],
    "previewImagesFileNames": [
      ""
    ],
    "version": "2.0.1",
    "title": "SAP -Security Audit log and Initial Access",
    "templateRelativePath": "SAP -Security Audit log and Initial Access.json",
    "subtitle": "",
    "provider": "Microsoft"
  },
  {
    "workbookKey": "DNSSolutionWorkbook",
    "logoFileName": "Azure_Sentinel.svg",
    "description": "This workbook is included as part of the DNS Essentials solution and gives a summary of analyzed DNS traffic. It also helps with threat analysis and investigating suspicious Domains, IPs and DNS traffic. DNS Essentials Solution also includes a playbook to periodically summarize the logs, thus enhancing the user experience and improving data search. For effective usage of workbook, we highly recommend enabling the summarization playbook that is provided with this solution.",
    "dataTypesDependencies": [],
    "dataConnectorsDependencies": [],
    "previewImagesFileNames": [
      "DNSDomainWorkbookWhite.png",
      "DNSDomainWorkbookBlack.png"
    ],
    "version": "1.0.0",
    "title": "DNS Solution Workbook",
    "templateRelativePath": "DNSSolutionWorkbook.json",
    "subtitle": "",
    "provider": "Microsoft"
  },
  {
    "workbookKey": "MicrosoftPowerBIActivityWorkbook",
    "logoFileName": "PowerBILogo.svg",
    "description": "This workbook provides details on Microsoft PowerBI Activity",
    "dataTypesDependencies": [
      "PowerBIActivity"
    ],
    "dataConnectorsDependencies": [
      "Microsoft PowerBI (Preview)"
    ],
    "previewImagesFileNames": [
      "MicrosoftPowerBIActivityWorkbookBlack.png",
      "MicrosoftPowerBIActivityWorkbookWhite.png"
    ],
    "version": "1.0.0",
    "title": "Microsoft PowerBI Activity Workbook",
    "templateRelativePath": "MicrosoftPowerBIActivityWorkbook.json",
    "subtitle": "",
    "provider": "Microsoft"
  },
  {
    "workbookKey": "MicrosoftThreatIntelligenceWorkbook",
    "logoFileName": "Azure_Sentinel.svg",
    "description": "Gain insights into threat indicators ingestion and search for indicators at scale across Microsoft 1st Party, 3rd Party, On-Premises, Hybrid, and Multi-Cloud Workloads. Indicators Search facilitates a simple interface for finding IP, File, Hash, Sender and more across your data. Seamless pivots to correlate indicators with Microsoft Sentinel: Incidents to make your threat intelligence actionable.",
    "dataTypesDependencies": [
      "ThreatIntelligenceIndicator",
      "SecurityIncident"
    ],
    "dataConnectorsDependencies": [
      "ThreatIntelligence",
      "ThreatIntelligenceTaxii"
    ],
    "previewImagesFileNames": [
      "ThreatIntelligenceWhite.png",
      "ThreatIntelligenceBlack.png"
    ],
    "version": "1.0.0",
    "title": "Threat Intelligence",
    "templateRelativePath": "MicrosoftThreatIntelligence.json",
    "subtitle": "",
    "provider": "Microsoft"
  },
  {
    "workbookKey": "MicrosoftDefenderForEndPoint",
    "logoFileName": "Azure_Sentinel.svg",
    "description": "A wokbook to provide details about Microsoft Defender for Endpoint Advance Hunting to Overview & Analyse data brought through M365 Defender Connector.",
    "dataTypesDependencies": [],
    "dataConnectorsDependencies": [],
    "previewImagesFileNames": [
      "microsoftdefenderforendpointwhite.png",
      "microsoftdefenderforendpointblack.png"
    ],
    "version": "1.0.0",
    "title": "Microsoft Defender For EndPoint",
    "templateRelativePath": "MicrosoftDefenderForEndPoint.json",
    "subtitle": "",
    "provider": "Microsoft Sentinel Community"
  },
  {
    "workbookKey": "MicrosoftSentinelDeploymentandMigrationTracker",
    "logoFileName": "Azure_Sentinel.svg",
    "description": "Use this workbook as a tool to define, track, and complete key deployment/migraiton tasks for Microsoft Sentinel. This workbook serves as a central hub for monitoring and configuring key areas of the product without having to leave the workbook and start over.",
    "dataTypesDependencies": [],
    "dataConnectorsDependencies": [],
    "previewImagesFileNames": [
      "microsoftsentineldeploymentandmigration-black.png",
      "microsoftsentineldeploymentandmigration-white.png"
    ],
    "version": "1.1.2",
    "title": "Microsoft Sentinel Deployment and Migration Tracker",
    "templateRelativePath": "MicrosoftSentinelDeploymentandMigrationTracker.json",
    "subtitle": "",
    "provider": "Microsoft Sentinel Community",
    "support": {
      "tier": "Community"
    },
    "author": {
      "name": "Matt Lowe"
    },
    "source": {
      "kind": "Community"
    },
    "categories": {
      "domains": [
        "Platform"
      ]
    }
  },
  {
    "workbookKey": "MicrosoftDefenderForIdentity",
    "logoFileName": "Azure_Sentinel.svg",
    "description": "Use this workbook to analyse the advance hunting data ingested for Defender For Identity.",
    "dataTypesDependencies": [
      "IdentityLogonEvents",
      "IdentityQueryEvents",
      "IdentityDirectoryEvents",
      "SecurityAlert"
    ],
    "dataConnectorsDependencies": [],
    "previewImagesFileNames": [
      "microsoftdefenderforidentity-black.png",
      "microsoftdefenderforidentity-white.png"
    ],
    "version": "1.0.0",
    "title": "Microsoft Defender For Identity",
    "templateRelativePath": "MicrosoftDefenderForIdentity.json",
    "subtitle": "",
    "provider": "Microsoft Sentinel Community"
  },
  {
    "workbookKey": "EsetProtect",
    "logoFileName": "eset-logo.svg",
    "description": "Visualize events and threats from Eset protect.",
    "dataTypesDependencies": [
      "ESETPROTECT"
    ],
    "dataConnectorsDependencies": [
      "ESETPROTECT"
    ],
    "previewImagesFileNames": [
      "ESETPROTECTBlack.png",
      "ESETPROTECTWhite.png"
    ],
    "version": "1.0.0",
    "title": "EsetProtect",
    "templateRelativePath": "ESETPROTECT.json",
    "subtitle": "",
    "provider": "Community"
  },
  {
    "workbookKey": "CyberArkEPMWorkbook",
    "logoFileName": "CyberArk_Logo.svg",
    "description": "Sets the time name for analysis",
    "dataTypesDependencies": [
      "CyberArkEPM_CL"
    ],
    "dataConnectorsDependencies": [
      "CyberArkEPM"
    ],
    "previewImagesFileNames": [
      "CyberArkEPMBlack.png",
      "CyberArkEPMWhite.png"
    ],
    "version": "1.0.0",
    "title": "CyberArk EPM",
    "templateRelativePath": "CyberArkEPM.json",
    "subtitle": "",
    "provider": "CyberArk"
  },
  {
    "workbookKey": "IncidentTasksWorkbook",
    "logoFileName": "Azure_Sentinel.svg",
    "description": "Use this workbook to review and modify existing incidents with tasks. This workbook provides views that higlight incident tasks that are open, closed, or deleted, as well as incidents with tasks that are either owned or unassigned. The workbook also provides SOC metrics around incident task performance, such as percentage of incidents without tasks, average time to close tasks, and more.",
    "dataTypesDependencies": [],
    "dataConnectorsDependencies": [],
    "previewImagesFileNames": [
      "Tasks-Black.png",
      "Tasks-White.png"
    ],
    "version": "1.1.0",
    "title": "Incident Tasks Workbook",
    "templateRelativePath": "IncidentTasksWorkbook.json",
    "subtitle": "",
    "provider": "Microsoft"
  },
  {
    "workbookKey": "SentinelWorkspaceReconTools",
    "logoFileName": "Azure_Sentinel.svg",
    "description": "A workbook providing investigation tools for key tables. Good for incident response, tuning, and cost optimizaiton. An attempt to bring the Windows EventViewer experience to the cloud.",
    "dataTypesDependencies": [
      "AzureActivity",
      "AuditLogs",
      "SigninLogs",
      "SecurityIncident",
      "SecurityAlert",
      "CommonSecurityLog",
      "Events",
      "SecurityEvents",
      "Syslog",
      "WindowsSecurityEvents"
    ],
    "dataConnectorsDependencies": [
      "AzureActivity",
      "AzureActiveDirectory",
      "SecurityEvents",
      "WindowsSecurityEvents"
    ],
    "previewImagesFileNames": [
      "SentinelWorkspaceReconToolsWhite.png",
      "SentinelWorkspaceReconToolsBlack.png"
    ],
    "version": "1.0.1",
    "title": "Sentinel Workspace Recon Tools",
    "templateRelativePath": "SentinelWorkspaceReconTools.json",
    "subtitle": "",
    "provider": "Microsoft Sentinel Community",
    "support": {
      "tier": "Community"
    },
    "author": {
      "name": "Andrew Blumhardt"
    },
    "source": {
      "kind": "Community"
    },
    "categories": {
      "domains": [
        "Security - Others"
      ]
    }
  },
  {
    "workbookKey": "SyslogOverview",
    "logoFileName": "Azure_Sentinel.svg",
    "description": "A workbook designed to show an overview about the data ingested through Syslog.",
    "dataTypesDependencies": [
      "Syslog"
    ],
    "dataConnectorsDependencies": [],
    "previewImagesFileNames": [
      "syslogoverview-white.png",
      "syslogoverview-black.png"
    ],
    "version": "1.0.0",
    "title": "Syslog Overview",
    "templateRelativePath": "syslogoverview.json",
    "subtitle": "",
    "provider": "Microsoft Sentinel Community",
    "support": {
      "tier": "Community"
    },
    "author": {
      "name": "Samik Roy"
    },
    "source": {
      "kind": "Community"
    },
    "categories": {
      "domains": [
        "Application"
      ]
    }
  },
  {
    "workbookKey": "SentinelHealth",
    "logoFileName": "Azure_Sentinel.svg",
    "description": "A workbook to show data fo Sentinel Health.",
    "dataTypesDependencies": [
      "SentinelHealth"
    ],
    "dataConnectorsDependencies": [],
    "previewImagesFileNames": [
      "SentinelHealthWhite.png",
      "SentinelHealthBlack.png"
    ],
    "version": "1.0.0",
    "title": "Sentinel Health",
    "templateRelativePath": "SentinelHealth.json",
    "subtitle": "",
    "provider": "Microsoft Sentinel Community",
    "support": {
      "tier": "Microsoft"
    },
    "author": {
      "name": "Samik Roy"
    },
    "source": {
      "kind": "Community"
    },
    "categories": {
      "domains": [
        "Platform"
      ]
    }
  },
  {
    "workbookKey": "MicrosoftSentinelCostGBP",
    "logoFileName": "Azure_Sentinel.svg",
    "description": "This workbook provides an estimated cost in GBP (£) across the main billed items in Microsoft Sentinel: ingestion, retention and automation. It also provides insight about the possible impact of the Microsoft 365 E5 offer.",
    "dataTypesDependencies": [],
    "dataConnectorsDependencies": [],
    "previewImagesFileNames": [
      "MicrosoftSentinelCostGBPWhite.png",
      "MicrosoftSentinelCostGBPBlack.png"
    ],
    "version": "1.6.1",
    "title": "Microsoft Sentinel Cost (GBP)",
    "templateRelativePath": "MicrosoftSentinelCostGBP.json",
    "subtitle": "",
    "provider": "Microsoft Sentinel Community",
    "support": {
      "tier": "Microsoft"
    },
    "author": {
      "name": "noodlemctwoodle"
    },
    "source": {
      "kind": "Community"
    },
    "categories": {
      "domains": [
        "Platform"
      ]
    }
  },
  {
    "workbookKey": "SentinelCosts",
    "logoFileName": "Azure_Sentinel.svg",
    "description": "A workbook to demonstrate insights into the costs of Sentinel environment.",
    "dataTypesDependencies": [],
    "dataConnectorsDependencies": [],
    "previewImagesFileNames": [
      "SentinelCostsWhite.png",
      "SentinelCostsBlack.png"
    ],
    "version": "1.5.1",
    "title": "Sentinel Costs",
    "templateRelativePath": "SentinelCosts.json",
    "subtitle": "",
    "provider": "Microsoft Sentinel Community",
    "support": {
      "tier": "Microsoft"
    },
    "author": {
      "name": "Yahya Abulhaj"
    },
    "source": {
      "kind": "Community"
    },
    "categories": {
      "domains": [
        "Platform"
      ]
    }
  },
  {
    "workbookKey": "AnalyticsHealthAudit",
    "logoFileName": "Azure_Sentinel.svg",
    "description": "This workbook provides visibility on the health and audit of your analytics rules. You will be able to find out whether an analytics rule is running as expected and get a list of changes made to an analytic rule.",
    "dataTypesDependencies": [
      "SentinelHealth",
      "SentinelAudit"
    ],
    "dataConnectorsDependencies": [],
    "previewImagesFileNames": [
      "AnalyticsHealthAuditWhite.png",
      "AnalyticsHealthAuditBlack.png"
    ],
    "version": "1.0.1",
    "title": "Analytics Health & Audit",
    "templateRelativePath": "AnalyticsHealthAudit.json",
    "subtitle": "",
    "provider": "Microsoft Sentinel Community",
    "support": {
      "tier": "Microsoft"
    },
    "author": {
      "name": "Microsoft Corporation"
    },
    "source": {
      "kind": "Community"
    },
    "categories": {
      "domains": [
        "IT Operations",
        "Platform"
      ]
    }
  },
  {
    "workbookKey": "AzureLogCoverage",
    "logoFileName": "Azure_Sentinel.svg",
    "description": "This Workbook pulls the current Azure inventory via Azure Resource Graph explorer and compares it with data written to one or more selected Log Analytics workspaces to determine which resources are sending data and which ones are not. This can be used to expose gaps in your logging coverage and/or identify inactive resources.",
    "dataTypesDependencies": [],
    "dataConnectorsDependencies": [],
    "previewImagesFileNames": [
      "AzureLogCoverageWhite1.png",
      "AzureLogCoverageWhite2.png",
      "AzureLogCoverageBlack1.png",
      "AzureLogCoverageBlack2.png"
    ],
    "version": "1.1.0",
    "title": "Azure Log Coverage",
    "templateRelativePath": "AzureLogCoverage.json",
    "subtitle": "",
    "provider": "Microsoft Sentinel Community",
    "support": {
      "tier": "Community"
    },
    "author": {
      "name": "Alex Anders"
    },
    "source": {
      "kind": "Community"
    }
  },
  {
    "workbookKey": "AzureSensitiveOperationsReview",
    "logoFileName": "Azure_Sentinel.svg",
    "description": "Monitor Sensitive Operations in Azure Activity Logs using Azure Threat Research Matrix ",
    "dataTypesDependencies": [
      "AzureActivity"
    ],
    "dataConnectorsDependencies": [
      "AzureActivity"
    ],
    "previewImagesFileNames": [
      "SensitiveoperationSecurityBlack.png",
      "SensitiveoperationSecurityWhite.png"
    ],
    "version": "1.0.0",
    "title": "Azure SensitiveOperations Review Workbook",
    "templateRelativePath": "SensitiveOperationsinAzureActivityLogReview.json",
    "subtitle": "",
    "provider": "Microsoft Sentinel community",
    "support": {
      "tier": "Microsoft"
    },
    "author": {
      "name": "Shankar Subramaniyan"
    },
    "source": {
      "kind": "Community"
    },
    "categories": {
      "domains": [
        "IT Operations",
        "Platform"
      ]
    }
  },
  {
    "workbookKey": "MicrosoftSentinelCostEUR",
    "logoFileName": "Azure_Sentinel.svg",
    "description": "This workbook provides an estimated cost in EUR (€) across the main billed items in Microsoft Sentinel: ingestion, retention and automation. It also provides insight about the possible impact of the Microsoft 365 E5 offer.",
    "dataTypesDependencies": [],
    "dataConnectorsDependencies": [],
    "previewImagesFileNames": [
      "MicrosoftSentinelCostEURWhite.png",
      "MicrosoftSentinelCostEURBlack.png"
    ],
    "version": "1.3.0",
    "title": "Microsoft Sentinel Cost (EUR)",
    "templateRelativePath": "MicrosoftSentinelCostEUR.json",
    "subtitle": "",
    "provider": "Microsoft Sentinel Community",
    "support": {
      "tier": "Microsoft"
    },
    "author": {
      "name": "Marco Passanisi"
    },
    "source": {
      "kind": "Community"
    },
    "categories": {
      "domains": [
        "Platform"
      ]
    }
  },
  {
    "workbookKey": "LogAnalyticsQueryAnalysis",
    "logoFileName": "Azure_Sentinel.svg",
    "description": "This workbook provides an analysis on Log Analytics Query Logs.",
    "dataTypesDependencies": [],
    "dataConnectorsDependencies": [],
    "previewImagesFileNames": [
      "LogAnalyticsQueryAnalysisBlack.PNG",
      "LogAnalyticsQueryAnalysisWhite.PNG"
    ],
    "version": "1.0.0",
    "title": "Log Analytics Query Analysis",
    "templateRelativePath": "LogAnalyticsQueryAnalysis.json",
    "subtitle": "",
    "provider": "Microsoft Sentinel Community",
    "support": {
      "tier": "Microsoft"
    },
    "author": {
      "name": "Samik Roy"
    },
    "source": {
      "kind": "Community"
    },
    "categories": {
      "domains": [
        "Platform"
      ]
    }
  },
  {
    "workbookKey": "AcscEssential8",
    "logoFileName": "ACSClogo.svg",
    "description": "This workbook provides insights on the health state of Azure resources against requirements by the ACSC Essential 8.",
    "dataTypesDependencies": [
      "DeviceTvmSecureConfigurationAssessment"
    ],
    "dataConnectorsDependencies": [],
    "previewImagesFileNames": [
      "AcscEssential8Black1.png",
      "AcscEssential8White1.png",
      "AcscEssential8Black2.png",
      "AcscEssential8White2.png"
    ],
    "version": "2.0.0",
    "title": "ACSC Essential 8",
    "templateRelativePath": "AcscEssential8.json",
    "subtitle": "",
    "provider": "Microsoft",
    "support": {
      "tier": "Microsoft"
    },
    "author": {
      "name": "Microsoft Corporation"
    },
    "source": {
      "kind": "Community"
    },
    "categories": {
      "domains": [
        "Compliance",
        "IT Operations"
      ]
    }
  },
  {
    "workbookKey": "TalonInsights",
    "logoFileName": "Talon.svg",
    "description": "This workbook provides Talon Security Insights on Log Analytics Query Logs",
    "dataTypesDependencies": [],
    "dataConnectorsDependencies": [],
    "previewImagesFileNames": [
      "TalonInsightsBlack.png",
      "TalonInsightsWhite.png"
    ],
    "version": "2.0.0",
    "title": "Talon Insights",
    "templateRelativePath": "TalonInsights.json",
    "subtitle": "",
    "provider": "Talon Cyber Security"
  },
  {
    "workbookKey": "manualincident",
    "logoFileName": "Azure_Sentinel.svg",
    "description": "This workbook gives the ability for efficient incident management by enabling manual creation of Microsoft Sentinel incidents directly from within the workbook.",
    "dataTypesDependencies": [
      ""
    ],
    "dataConnectorsDependencies": [
      ""
    ],
    "previewImagesFileNames": [
      "ManualincidentWhite.png",
      "ManualincidentBlack.png"
    ],
    "version": "1.0.0",
    "title": "Incident Management with Microsoft Sentinel Manual Creation of Incidents Workbook",
    "templateRelativePath": "ManualSentinelIncident.json",
    "subtitle": "",
    "provider": "Microsoft Sentinel community",
    "support": {
      "tier": "Community"
    },
    "author": {
      "name": "Microsoft Sentinel Community"
    },
    "source": {
      "kind": "Community"
    },
    "categories": {
      "domains": [
        "Security - Others"
      ]
    }
  },
  {
    "workbookKey": "CofenseTriageThreatIndicators",
    "logoFileName": "CofenseTriage.svg",
    "description": "This workbook provides visualization of Cofense Triage threat indicators which are ingested in the Microsoft Sentinel Threat intelligence.",
    "dataTypesDependencies": [
      "ThreatIntelligenceIndicator",
      "Report_links_data_CL"
    ],
    "dataConnectorsDependencies": [
      "CofenseTriageDataConnector"
    ],
    "previewImagesFileNames": [
      "CofenseTriageThreatIndicatorsWhite1.png",
      "CofenseTriageThreatIndicatorsBlack1.png"
    ],
    "version": "1.0",
    "title": "CofenseTriageThreatIndicators",
    "templateRelativePath": "CofenseTriageThreatIndicators.json",
    "subtitle": "",
    "provider": "Cofense"
  },
  {
    "workbookKey": "OptimizationWorkbook",
    "logoFileName": "optimization.svg",
    "description": "This workbook aims to help you gain insights into your current Microsoft Sentinel environment, while also providing recommendations for optimizing costs, improving operational effectiveness, and offering a management overview.",
    "dataTypesDependencies": [
      "SentinelHealth",
      "SentinelAudit"
    ],
    "dataConnectorsDependencies": [],
    "previewImagesFileNames": [
      "OptimizationWorkbookBlack.png",
      "OptimizationWorkbookWhite.png"
    ],
    "version": "1.4.0",
    "title": "Microsoft Sentinel Optimization Workbook",
    "templateRelativePath": "OptimizationWorkbook.json",
    "subtitle": "",
    "provider": "Microsoft",
    "support": {
      "tier": "Microsoft"
    },
    "author": {
      "name": "Jeremy Tan, Matthew Lowe, Margaret Mwaura"
    },
    "source": {
      "kind": "Community"
    },
    "categories": {
      "domains": [
        "IT Operations"
      ]
    }
  },
  {
    "workbookKey": "DataCollectionRuleToolkit",
    "logoFileName": "Azure_Sentinel.svg",
    "description": "Use this workbook solution to create, review, and modify data collection rules for Microsoft Sentinel. This workbook provides a click-through experience that centralizes key components from Microsoft Sentinel, Azure Log Analytics, and Azure Monitor to enable users to create new DCRs, modify existing DCRs, and review all DCRs in the environment.",
    "dataTypesDependencies": [],
    "dataConnectorsDependencies": [],
    "previewImagesFileNames": [
      "Dcr-toolkit-Black.png",
      "Dcr-toolkit-White.png"
    ],
    "version": "1.2.0",
    "title": "Data Collection Rule Toolkit",
    "templateRelativePath": "DCR-Toolkit.json",
    "subtitle": "",
    "provider": "Microsoft Sentinel Community",
    "support": {
      "tier": "Community"
    },
    "author": {
      "name": "Microsoft Sentinel Community"
    },
    "source": {
      "kind": "Community"
    },
    "categories": {
      "domains": [
        "Data Collection"
      ]
    }
  },
  {
    "workbookKey": "NetskopeWorkbook",
    "logoFileName": "Netskope_logo.svg",
    "description": "Gain insights and comprehensive monitoring into Netskope events data by analyzing traffic and user activities.\nThis workbook provides insights into various Netskope events types such as Cloud Firewall, Network Private Access, Applications, Security Alerts as well as Web Transactions.\nYou can use this workbook to get visibility in to your Netskope Security Cloud and quickly identify threats, anamolies, traffic patterns, cloud application useage, blocked URL addresses and more.",
    "dataTypesDependencies": [
      "Netskope_Events_CL",
      "Netskope_Alerts_CL",
      "Netskope_WebTX_CL"
    ],
    "dataConnectorsDependencies": [],
    "previewImagesFileNames": [
      "Netskope-ApplicationEvents-Black.png",
      "Netskope-ApplicationEvents-White.png",
      "Netskope-SecurityAlerts-DLP-Black.png",
      "Netskope-SecurityAlerts-DLP-White.png",
      "Netskope-NetworkEvents-CFW-Black.png",
      "Netskope-NetworkEvents-CFW-White.png",
      "Netskope-SecurityAlerts-Malsite-Black.png",
      "Netskope-SecurityAlerts-Malsite-White.png",
      "Netskope-NetworkEvents-NPA-Black.png",
      "Netskope-NetworkEvents-NPA-White.png",
      "Netskope-SecurityAlerts-Malware-White.png",
      "Netskope-SecurityAlerts-Malware-Black.png",
      "Netskope-SecurityAlerts-BehaviorAnalytics-Black.png",
      "Netskope-SecurityAlerts-BehaviorAnalytics-White.png",
      "Netskope-SecurityAlerts-Overview-Black.png",
      "Netskope-SecurityAlerts-Overview-White.png",
      "Netskope-SecurityAlerts-CompormisedCredentials-Black.png",
      "Netskope-SecurityAlerts-CompromisedCredentials-White.png",
      "Netskope-WebTransactions-Black.png",
      "Netskope-WebTransactions-White.png"
    ],
    "version": "1.0",
    "title": "Netskope",
    "templateRelativePath": "NetskopeEvents.json",
    "subtitle": "",
    "provider": "Netskope"
  },
  {
    "workbookKey": "NetskopeCCPWorkbook",
    "logoFileName": "Netskope_logo.svg",
    "description": "Gain insights and comprehensive monitoring into Netskope events data by analyzing traffic and user activities.\nThis workbook provides insights into various Netskope events types such as Cloud Firewall, Network Private Access, Applications, Security Alerts as well as Web Transactions.\nYou can use this workbook to get visibility in to your Netskope Security Cloud and quickly identify threats, anamolies, traffic patterns, cloud application useage, blocked URL addresses and more.",
    "dataTypesDependencies": [
      "Netskope_Events_CL",
      "Netskope_Alerts_CL"
    ],
    "dataConnectorsDependencies": [
      "NetskopeAlertsEvents"
    ],
    "previewImagesFileNames": [
      "NetskopeCCPDashboardWhite1.png",
      "NetskopeCCPDashboardWhite2.png",
      "NetskopeCCPDashboardBlack1.png",
      "NetskopeCCPDashboardBlack2.png"
    ],
    "version": "1.0",
    "title": "NetskopeCCPDashboard",
    "templateRelativePath": "NetskopeCCPDashboard.json",
    "subtitle": "",
    "provider": "Netskope"
  },
  {
    "workbookKey": "NetskopeCEWorkbook",
    "logoFileName": "Netskope_logo.svg",
    "description": "Gain insights and comprehensive monitoring into Netskope events data by analyzing traffic and user activities.\nThis workbook provides insights into various Netskope events types such as Cloud Firewall, Network Private Access, Applications, Security Alerts as well as Web Transactions.\nYou can use this workbook to get visibility in to your Netskope Security Cloud and quickly identify threats, anamolies, traffic patterns, cloud application useage, blocked URL addresses and more.",
    "dataTypesDependencies": [
      "Netskope_Events_CL",
      "Netskope_Alerts_CL",
      "Netskope_WebTX_CL"
    ],
    "previewImagesFileNames": [
      "NetskopeCEDashboardWhite1.png",
      "NetskopeCEDashboardWhite2.png",
      "NetskopeCEDashboardWhite3.png",
      "NetskopeCEDashboardBlack1.png",
      "NetskopeCEDashboardBlack2.png",
      "NetskopeCEDashboardBlack3.png"
    ],
    "version": "1.0",
    "title": "NetskopeCEDashboard",
    "templateRelativePath": "NetskopeCEDashboard.json",
    "subtitle": "",
    "provider": "Netskope"
  },
  {
    "workbookKey": "NetskopeCCFWebTxDashboard",
    "logoFileName": "Netskope_logo.svg",
    "description": "Gain insights and comprehensive monitoring into Netskope events data by analyzing traffic and user activities.\nThis workbook provides insights into various Netskope events types such as Cloud Firewall, Network Private Access, Applications, Security Alerts as well as Web Transactions.\nYou can use this workbook to get visibility in to your Netskope Security Cloud and quickly identify threats, anamolies, traffic patterns, cloud application useage, blocked URL addresses and more.",
    "dataTypesDependencies": [
      "NetskopeWebTransactions_CL"
    ],
    "previewImagesFileNames": [
      "NetskopeCCFWebTxDashboardWhite.png",
      "NetskopeCCFWebTxDashboardBlack.png"
    ],
    "version": "1.0",
    "title": "Netskope CCF WebTx Dashboard",
    "templateRelativePath": "NetskopeCCFWebTxDashboard.json",
    "subtitle": "",
    "provider": "Netskope"
  },
  {
    "workbookKey": "AIShield",
    "logoFileName": "AIShield_Logo.svg",
    "description": "Visualize events generated by AIShield. This workbook is dependent on a parser AIShield which is a part of the solution deployment.",
    "dataTypesDependencies": [
      "AIShield"
    ],
    "dataConnectorsDependencies": [
      "AIShield"
    ],
    "previewImagesFileNames": [
      "AIShieldBlack.png",
      "AIShieldWhite.png"
    ],
    "version": "1.0.0",
    "title": "AIShield Workbook",
    "templateRelativePath": "AIShield.json",
    "subtitle": "",
    "provider": "Community"
  },
  {
    "workbookKey": "AdvancedWorkbookConcepts",
    "logoFileName": "Azure_Sentinel.svg",
    "description": "Use this workbook to view and learn advanced concepts for workbooks in Azure Monitor and Microsoft Sentinel. Examples are provided in order to teach users how the concepts look, work, and are built.",
    "dataTypesDependencies": [],
    "dataConnectorsDependencies": [],
    "previewImagesFileNames": [
      "Advancedworkbookconcepts-Black.png",
      "Advancedworkbookconcepts-White.png"
    ],
    "version": "1.1.0",
    "title": "Advanced Workbook Concepts",
    "templateRelativePath": "AdvancedWorkbookConcepts.json",
    "subtitle": "",
    "provider": "Microsoft Sentinel Community",
    "support": {
      "tier": "Microsoft"
    },
    "author": {
      "name": "Microsoft Sentinel Community"
    },
    "source": {
      "kind": "Community"
    },
    "categories": {
      "domains": [
        "Workbooks",
        "Reporting",
        "Visualization"
      ]
    }
  },
  {
    "workbookKey": "NetCleanProActiveWorkbook",
    "logoFileName": "NetCleanImpactLogo.svg",
    "description": "This workbook provides insights on NetClean ProActive Incidents.",
    "dataTypesDependencies": [
      "Netclean_Incidents_CL"
    ],
    "dataConnectorsDependencies": [
      "Netclean_ProActive_Incidents"
    ],
    "previewImagesFileNames": [
      "NetCleanProActiveBlack1.png",
      "NetCleanProActiveBlack2.png",
      "NetCleanProActiveWhite1.png",
      "NetCleanProActiveWhite2.png"
    ],
    "version": "1.0.0",
    "title": "NetClean ProActive",
    "templateRelativePath": "NetCleanProActiveWorkbook.json",
    "subtitle": "",
    "provider": "NetClean"
  },
  {
    "workbookKey": "AutomationHealth",
    "logoFileName": "Azure_Sentinel.svg",
    "description": "Have a holistic overview of your automation health, gain insights about failures, correlate Microsoft Sentinel health with Logic Apps diagnostics logs and deep dive automation details per incident",
    "dataTypesDependencies": [
      "SentinelHealth"
    ],
    "dataConnectorsDependencies": [],
    "previewImagesFileNames": [
      "AutomationHealthBlack.png",
      "AutomationHealthWhite.png"
    ],
    "version": "2.0.0",
    "title": "Automation health",
    "templateRelativePath": "AutomationHealth.json",
    "subtitle": "",
    "provider": "Microsoft Sentinel Community"
  },
  {
    "workbookKey": "PlaybooksHealth",
    "logoFileName": "Azure_Sentinel.svg",
    "description": "The workbook will provide you with deeper insights regarding the status, activity, and billing of each playbook. You can use the workbook's logic to monitor the general health of the playbooks.",
    "dataTypesDependencies": [],
    "dataConnectorsDependencies": [],
    "previewImagesFileNames": [
      "PlaybookHealthWhite.PNG",
      "PlaybookHealthBlack.PNG"
    ],
    "version": "1.0.0",
    "title": "Playbooks health monitoring (preview)",
    "templateRelativePath": "PlaybookHealth.json",
    "subtitle": "",
    "provider": "Microsoft Sentinel Community",
    "support": {
      "tier": "Microsoft"
    },
    "author": {
      "name": "Microsoft Corporation"
    },
    "source": {
      "kind": "Community"
    },
    "categories": {
      "domains": [
        "IT Operations",
        "Platform"
      ]
    }
  },
  {
    "workbookKey": "CiscoSDWANWorkbook",
    "logoFileName": "cisco-logo-72px.svg",
    "description": "Cisco SD-WAN Workbook equips administrators with the necessary tools to implement robust security measures and stay ahead of emerging threats.By leveraging the insights and recommendations provided in the workbook, network administrators can effectively protect their SD-WAN infrastructure from potential vulnerabilities and ensure a secure and reliable network connectivity for their organization.",
    "dataTypesDependencies": [
      "Syslog",
      "CiscoSDWANNetflow_CL"
    ],
    "dataConnectorsDependencies": [
      "CiscoSDWAN"
    ],
    "previewImagesFileNames": [
      "CiscoSDWANWhite1.png",
      "CiscoSDWANWhite2.png",
      "CiscoSDWANWhite3.png",
      "CiscoSDWANBlack1.png",
      "CiscoSDWANBlack2.png",
      "CiscoSDWANBlack3.png"
    ],
    "version": "1.0.0",
    "title": "Cisco SD-WAN",
    "templateRelativePath": "CiscoSDWAN.json",
    "provider": "Cisco"
  },
  {
    "workbookKey": "SAP-AuditControls",
    "logoFileName": "SAPVMIcon.svg",
    "description": "SAP -Audit Controls (Preview)",
    "dataTypesDependencies": [
      "SAPAuditLog"
    ],
    "dataConnectorsDependencies": [
      "SAP"
    ],
    "previewImagesFileNames": [
      ""
    ],
    "version": "1.0.0",
    "title": "SAP -Audit Controls (Preview)",
    "templateRelativePath": "SAP -Audit Controls (Preview).json",
    "subtitle": "",
    "provider": "Microsoft"
  },
  {
    "workbookKey": "ZoomReports",
    "logoFileName": "Azure_Sentinel.svg",
    "description": "Visualize various details & visuals on Zoom Report data ingested though the solution. This also have a dependency on the parser which is available as a part of Zoom solution named Zoom",
    "dataTypesDependencies": [
      "Zoom"
    ],
    "dataConnectorsDependencies": [
      "Zoom Reports"
    ],
    "previewImagesFileNames": [
      "ZoomReportsBlack.png",
      "ZoomReportsWhite.png"
    ],
    "version": "1.0.0",
    "title": "Zoom Reports",
    "templateRelativePath": "ZoomReports.json",
    "subtitle": "",
    "provider": "Community"
  },
  {
    "workbookKey": "InsiderRiskManagementWorkbook",
    "logoFileName": "Azure_Sentinel.svg",
    "description": "The Microsoft Insider Risk Management Workbook integrates telemetry from 25+ Microsoft security products to provide actionable insights into insider risk management. Reporting tools provide “Go to Alert” links to provide deeper integration between products and a simplified user experience for exploring alerts. ",
    "dataTypesDependencies": [
      "SigninLogsSigninLogs",
      "AuditLogs",
      "AzureActivity",
      "OfficeActivity",
      "InformationProtectionLogs_CL",
      "SecurityIncident"
    ],
    "dataConnectorsDependencies": [],
    "previewImagesFileNames": [
      "InsiderRiskManagementBlack.png",
      "InsiderRiskManagementWhite.png"
    ],
    "version": "1.0.0",
    "title": "Insider Risk Management",
    "templateRelativePath": "InsiderRiskManagement.json",
    "subtitle": "",
    "provider": "Microsoft"
  },
  {
    "workbookKey": "Fortiweb-workbook",
    "logoFileName": "Azure_Sentinel.svg",
    "description": "This workbook depends on a parser based on a Kusto Function to work as expected [**Fortiweb**](https://aka.ms/sentinel-FortiwebDataConnector-parser) which is deployed with the Microsoft Sentinel Solution.",
    "dataTypesDependencies": [
      "CommonSecurityLog"
    ],
    "dataConnectorsDependencies": [
      "FortinetFortiWebAma"
    ],
    "previewImagesFileNames": [
      ""
    ],
    "version": "1.0.0",
    "title": "Fortiweb-workbook",
    "templateRelativePath": "Fortiweb-workbook.json",
    "subtitle": "",
    "provider": "Microsoft"
  },
  {
    "workbookKey": "WebSessionEssentialsWorkbook",
    "logoFileName": "Azure_Sentinel.svg",
    "description": "The 'Web Session Essentials' workbook provides real-time insights into activity and potential threats in your network. This workbook is designed for network teams, security architects, analysts, and consultants to monitor, identify and investigate threats on Web servers, Web Proxies and Web Security Gateways assets. This Workbook gives a summary of analysed web traffic and helps with threat analysis and investigating suspicious http traffic.",
    "dataTypesDependencies": [],
    "dataConnectorsDependencies": [],
    "previewImagesFileNames": [
      "WebSessionEssentialsWorkbookWhite.png",
      "WebSessionEssentialsWorkbookBlack.png"
    ],
    "version": "1.0.0",
    "title": "Web Session Essentials Workbook",
    "templateRelativePath": "WebSessionEssentials.json",
    "subtitle": "",
    "provider": "Microsoft"
  },
  {
    "workbookKey": "IslandAdminAuditOverview",
    "logoFileName": "island.svg",
    "description": "This workbook provides a view into the activities of administrators in the Island Management Console.",
    "dataTypesDependencies": [],
    "dataConnectorsDependencies": [],
    "previewImagesFileNames": [
      ""
    ],
    "version": "1.0.0",
    "title": "Island Admin Audit Overview",
    "templateRelativePath": "IslandAdminAuditOverview.json",
    "subtitle": "",
    "provider": "Island"
  },
  {
    "workbookKey": "IslandUserActivityOverview",
    "logoFileName": "island.svg",
    "description": "This workbook provides a view into the activities of users while using the Island Enterprise Browser.",
    "dataTypesDependencies": [],
    "dataConnectorsDependencies": [],
    "previewImagesFileNames": [
      ""
    ],
    "version": "1.0.0",
    "title": "Island User Activity Overview",
    "templateRelativePath": "IslandUserActivityOverview.json",
    "subtitle": "",
    "provider": "Island"
  },
  {
    "workbookKey": "BloodHoundEnterpriseAttackPathDetails",
    "logoFileName": "BHE_Logo.svg",
    "description": "Gain insights into BloodHound Enterprise attack path details.",
    "dataTypesDependencies": [
      "BHEAttackPathsData_CL"
    ],
    "dataConnectorsDependencies": [
      "BloodHoundEnterprise"
    ],
    "previewImagesFileNames": [
      "BloodHoundEnterpriseAttackPathDetails-Black.png",
      "BloodHoundEnterpriseAttackPathDetails-White.png"
    ],
    "version": "2.0",
    "title": "BloodHound Enterprise Attack Path Details",
    "templateRelativePath": "BloodHoundEnterpriseAttackPathDetails.json",
    "subtitle": "Detailed View",
    "provider": "SpecterOps"
  },
  {
    "workbookKey": "BloodHoundEnterpriseAttackPathOverview",
    "logoFileName": "BHE_Logo.svg",
    "description": "Gain insights into BloodHound Enterprise attack path.",
    "dataTypesDependencies": [
      "BHEAttackPathsTimelineData_CL"
    ],
    "dataConnectorsDependencies": [
      "BloodHoundEnterprise"
    ],
    "previewImagesFileNames": [
      "BloodHoundEnterpriseAttackPathOverview-Black.png",
      "BloodHoundEnterpriseAttackPathOverview-White.png"
    ],
    "version": "2.0",
    "title": "BloodHound Enterprise Attack Path Overview",
    "templateRelativePath": "BloodHoundEnterpriseAttackPathOverview.json",
    "subtitle": "Overview",
    "provider": "SpecterOps"
  },
  {
    "workbookKey": "BloodHoundEnterpriseAuditLogs",
    "logoFileName": "BHE_Logo.svg",
    "description": "Gain insights into BloodHound Enterprise audit logs.",
    "dataTypesDependencies": [
      "BHEAuditLogsData_CL"
    ],
    "dataConnectorsDependencies": [
      "BloodHoundEnterprise"
    ],
    "previewImagesFileNames": [
      "BloodHoundEnterpriseAuditLogs-White.png",
      "BloodHoundEnterpriseAuditLogs-Black.png"
    ],
    "version": "2.0",
    "title": "BloodHound Enterprise Audit Logs",
    "templateRelativePath": "BloodHoundEnterpriseAuditLogs.json",
    "subtitle": "",
    "provider": "SpecterOps"
  },
  {
    "workbookKey": "BloodHoundEnterpriseTierZeroSearch",
    "logoFileName": "BHE_Logo.svg",
    "description": "Search BloodHound Enterprise Tier Zero data.",
    "dataTypesDependencies": [
      "BHETierZeroAssetsData_CL"
    ],
    "dataConnectorsDependencies": [
      "BloodHoundEnterprise"
    ],
    "previewImagesFileNames": [
      "BloodHoundEnterpriseTierZeroSearch-Black.png",
      "BloodHoundEnterpriseTierZeroSearch-White.png"
    ],
    "version": "1.0",
    "title": "BloodHound Enterprise Tier Zero Assets",
    "templateRelativePath": "BloodHoundEnterpriseTierZeroSearch.json",
    "subtitle": "",
    "provider": "SpecterOps"
  },
  {
    "workbookKey": "BloodHoundFindingsTrends",
    "logoFileName": "BHE_Logo.svg",
    "description": "Search BloodHound Frinding Trends.",
    "dataTypesDependencies": [
      "BHEFindingTrendsData_CL"
    ],
    "dataConnectorsDependencies": [
      "BloodHoundFunction"
    ],
    "previewImagesFileNames": [
      "BloodHoundEnterpriseTierZeroSearch-Black.png",
      "BloodHoundEnterpriseTierZeroSearch-White.png"
    ],
    "version": "1.0",
    "title": "BloodHound Enterprise Finding Trends",
    "templateRelativePath": "BloodHoundFindingTrends.json",
    "subtitle": "",
    "provider": "SpecterOps"
  },
  {
    "workbookKey": "BloodHoundPostureHistory",
    "logoFileName": "BHE_Logo.svg",
    "description": "Search BloodHound Posture History.",
    "dataTypesDependencies": [
      "BHEPostureHistory_CL "
    ],
    "dataConnectorsDependencies": [
      "BloodHoundFunction"
    ],
    "previewImagesFileNames": [
      "BloodHoundEnterpriseTierZeroSearch-Black.png",
      "BloodHoundEnterpriseTierZeroSearch-White.png"
    ],
    "version": "1.0",
    "title": "BloodHound Enterprise Posture History",
    "templateRelativePath": "BloodHoundPostureHistory.json",
    "subtitle": "",
    "provider": "SpecterOps"
  },
  {
    "workbookKey": "BitSightWorkbook",
    "logoFileName": "BitSight.svg",
    "description": "Gain insights into BitSight data.",
    "dataTypesDependencies": [
      "Alerts_data_CL",
      "BitsightBreaches_data_CL",
      "BitsightCompany_details_CL",
      "BitsightCompany_rating_details_CL",
      "BitsightDiligence_historical_statistics_CL",
      "BitsightDiligence_statistics_CL",
      "BitsightFindings_summary_CL",
      "BitsightFindings_data_CL",
      "BitsightGraph_data_CL",
      "BitsightIndustrial_statistics_CL",
      "BitsightObservation_statistics_CL"
    ],
    "dataConnectorsDependencies": [
      "BitSightDatConnector"
    ],
    "previewImagesFileNames": [
      "BitSightWhite1.png",
      "BitSightBlack1.png"
    ],
    "version": "1.0.0",
    "title": "BitSight",
    "templateRelativePath": "BitSightWorkbook.json",
    "subtitle": "",
    "provider": "BitSight"
  },
  {
    "workbookKey": "VectraXDR",
    "logoFileName": "",
    "description": "This workbook provides visualization of Audit, Detections, Entity Scoring, Lockdown and Health data.",
    "dataTypesDependencies": [
      "Audits_Data_CL",
      "Detections_Data_CL",
      "Entity_Scoring_Data_CL",
      "Lockdown_Data_CL",
      "Health_Data_CL"
    ],
    "dataConnectorsDependencies": [
      "VectraDataConnector"
    ],
    "previewImagesFileNames": [
      "VectraXDRWhite1.png",
      "VectraXDRWhite2.png",
      "VectraXDRWhite3.png",
      "VectraXDRWhite4.png",
      "VectraXDRWhite5.png",
      "VectraXDRBlack1.png",
      "VectraXDRBlack2.png",
      "VectraXDRBlack3.png",
      "VectraXDRBlack4.png",
      "VectraXDRBlack5.png"
    ],
    "version": "2.0.0",
    "title": "Vectra XDR",
    "templateRelativePath": "VectraXDR.json",
    "subtitle": "",
    "provider": "Vectra"
  },
  {
    "workbookKey": "CloudflareWorkbook",
    "logoFileName": "cloudflare.svg",
    "description": "Gain insights into Cloudflare events. You will get visibility on your Cloudflare web traffic, security, reliability.",
    "dataTypesDependencies": [
      "Cloudflare_CL"
    ],
    "dataConnectorsDependencies": [
      "CloudflareDataConnector"
    ],
    "previewImagesFileNames": [
      "CloudflareOverviewWhite01.png",
      "CloudflareOverviewWhite02.png",
      "CloudflareOverviewBlack01.png",
      "CloudflareOverviewBlack02.png"
    ],
    "version": "1.0",
    "title": "Cloudflare",
    "templateRelativePath": "Cloudflare.json",
    "subtitle": "",
    "provider": "Cloudflare"
  },
	{
		"workbookKey": "CloudflareCCFWorkbook",
    "logoFileName": "cloudflare.svg",
		"description": "Gain insights into Cloudflare events using the Codeless Connector Framework (CCF).",
		"dataTypesDependencies": [
			"CloudflareV2_CL"
		],
		"dataConnectorsDependencies": [
			"CloudflareCCFDataConnector"
		],
		"previewImagesFileNames": [
			"CloudflareOverviewWhite01.png",
			"CloudflareOverviewWhite02.png",
			"CloudflareOverviewBlack01.png",
			"CloudflareOverviewBlack02.png"
		],
		"version": "1.0",
		"title": "Cloudflare CCF",
		"templateRelativePath": "Cloudflare.json",
		"subtitle": "",
		"provider": "Cloudflare"
	},
  {
    "workbookKey": "CofenseIntelligenceWorkbook",
    "logoFileName": "CofenseTriage.svg",
    "description": "This workbook provides visualization of Cofense Intelligence threat indicators which are ingested in the Microsoft Sentinel Threat intelligence.",
    "dataTypesDependencies": [
      "ThreatIntelligenceIndicator",
      "Malware_Data"
    ],
    "dataConnectorsDependencies": [
      "CofenseIntelligenceDataConnector"
    ],
    "previewImagesFileNames": [
      "CofenseIntelligenceWhite1.png",
      "CofenseIntelligenceBlack1.png"
    ],
    "version": "1.0",
    "title": "CofenseIntelligenceThreatIndicators",
    "templateRelativePath": "CofenseIntelligenceThreatIndicators.json",
    "subtitle": "",
    "provider": "Cofense"
  },
  {
    "workbookKey": "EgressDefendMetricWorkbook",
    "logoFileName": "Egress-logo.svg",
    "description": "A workbook providing insights into Egress Defend.",
    "dataTypesDependencies": [
      "EgressDefend_CL"
    ],
    "previewImagesFileNames": [
      "EgressDefendMetricWorkbookBlack01.png",
      "EgressDefendMetricWorkbookWhite01.png"
    ],
    "version": "1.0.0",
    "title": "Egress Defend Insights",
    "templateRelativePath": "DefendMetrics.json",
    "subtitle": "Defend Metrics",
    "provider": "Egress Software Technologies"
  },
  {
    "workbookKey": "UserWorkbook-alexdemichieli-github-update-1",
    "logoFileName": "GitHub.svg",
    "description": "Gain insights to GitHub activities that may be interesting for security.",
    "dataTypesDependencies": [
      "GitHubAuditLogPolling_CL"
    ],
    "dataConnectorsDependencies": [
      "GitHubEcAuditLogPolling"
    ],
    "previewImagesFileNames": [
      ""
    ],
    "version": "1.0.0",
    "title": "GitHub Security",
    "templateRelativePath": "GitHubAdvancedSecurity.json",
    "subtitle": "",
    "provider": "Microsoft"
  },
  {
    "workbookKey": "SalemDashboard",
    "logoFileName": "salem_logo.svg",
    "description": "Monitor Salem Performance",
    "dataTypesDependencies": [
      "SalemAlerts_CL"
    ],
    "dataConnectorsDependencies": [],
    "previewImagesFileNames": [
      ""
    ],
    "version": "1.0.0",
    "title": "Salem Alerts Workbook",
    "templateRelativePath": "SalemDashboard.json",
    "subtitle": "",
    "provider": "SalemCyber"
  },
  {
    "workbookKey": "MimecastAuditWorkbook",
    "logoFileName": "Mimecast.svg",
    "description": "A workbook providing insights into Mimecast Audit.",
    "dataTypesDependencies": [
      "MimecastAudit_CL"
    ],
    "previewImagesFileNames": [
      "MimecastAuditBlack1.png",
      "MimecastAuditBlack2.png",
      "MimecastAuditWhite1.png",
      "MimecastAuditWhite2.png"
    ],
    "version": "1.0.0",
    "title": "MimecastAudit",
    "templateRelativePath": "MimecastAudit.json",
    "subtitle": "Mimecast Audit",
    "provider": "Mimecast"
  },
  {
    "workbookKey": "MailGuard365Workbook",
    "logoFileName": "MailGuard365_logo.svg",
    "description": "MailGuard 365 Workbook",
    "dataTypesDependencies": [
      "MailGuard365_Threats_CL"
    ],
    "dataConnectorsDependencies": [
      "MailGuard365"
    ],
    "previewImagesFileNames": [
      "MailGuard365WorkbookWhite1.png",
      "MailGuard365WorkbookWhite2.png",
      "MailGuard365WorkbookBlack1.png",
      "MailGuard365WorkbookBlack2.png"
    ],
    "version": "1.0.0",
    "title": "MailGuard365",
    "templateRelativePath": "MailGuard365Dashboard.json",
    "subtitle": "",
    "provider": "MailGuard 365"
  },
  {
    "workbookKey": "Mimecast_Audit_Workbook",
    "logoFileName": "Mimecast.svg",
    "description": "A workbook providing insights into Mimecast Audit.",
    "dataTypesDependencies": [
      "Audit_CL"
    ],
    "dataConnectorsDependencies": [
      "MimecastAuditAPI"
    ],
    "previewImagesFileNames": [
      "MimecastAuditBlack.png",
      "MimecastAuditWhite.png"
    ],
    "version": "1.0.0",
    "title": "Mimecast Audit Workbook",
    "templateRelativePath": "Mimecast_Audit_Workbook.json",
    "subtitle": "",
    "provider": "Mimecast"
  },
  {
    "workbookKey": "Mimecast_TTP_Workbook",
    "logoFileName": "Mimecast.svg",
    "description": "A workbook providing insights into Mimecast Targeted Threat Protection.",
    "dataTypesDependencies": [
      "Ttp_Attachment_CL",
      "Ttp_Impersonation_CL",
      "Ttp_Url_CL"
    ],
    "dataConnectorsDependencies": [
      "MimecastTTPAPI"
    ],
    "previewImagesFileNames": [
      "MimecastTTPWhite1.png",
      "MimecastTTPWhite2.png",
      "MimecastTTPWhite3.png",
      "MimecastTTPBlack1.png",
      "MimecastTTPBlack2.png",
      "MimecastTTPBlack3.png"
    ],
    "version": "1.0.0",
    "title": "Mimecast Targeted Threat Protection Workbook",
    "templateRelativePath": "Mimecast_TTP_Workbook.json",
    "subtitle": "",
    "provider": "Mimecast"
  },
  {
    "workbookKey": "Mimecast_Awareness_Training_Workbook",
    "logoFileName": "Mimecast.svg",
    "description": "A workbook providing insights into Mimecast Awareness Training.",
    "dataTypesDependencies": [
      "Awareness_Performance_Details_CL",
      "Awareness_User_Data_CL",
      "Awareness_Watchlist_Details_CL",
      "Awareness_SafeScore_Details_CL"
    ],
    "dataConnectorsDependencies": [
      "MimecastATAPI"
    ],
    "previewImagesFileNames": [
      "MimecastAwarenessTrainingWhite1.png",
      "MimecastAwarenessTrainingWhite2.png",
      "MimecastAwarenessTrainingWhite3.png",
      "MimecastAwarenessTrainingBlack1.png",
      "MimecastAwarenessTrainingBlack2.png",
      "MimecastAwarenessTrainingBlack3.png"
    ],
    "version": "1.0.0",
    "title": "Mimecast Awareness Training Workbook",
    "templateRelativePath": "Mimecast_Awareness_Training_Workbook.json",
    "subtitle": "",
    "provider": "Mimecast"
  },
  {
    "workbookKey": "Mimecast_SEG_Workbook",
    "logoFileName": "Mimecast.svg",
    "description": "A workbook providing insights into Mimecast Secure Email Gateway.",
    "dataTypesDependencies": [
      "Seg_Cg_CL",
      "Seg_Dlp_CL"
    ],
    "dataConnectorsDependencies": [
      "MimecastSEGAPI"
    ],
    "previewImagesFileNames": [
      "MimecastSEGBlack1.png",
      "MimecastSEGBlack2.png",
      "MimecastSEGBlack3.png",
      "MimecastSEGBlack4.png",
      "MimecastSEGBlack5.png",
      "MimecastSEGBlack6.png",
      "MimecastSEGBlack7.png",
      "MimecastSEGBlack8.png",
      "MimecastDLPWhite.png",
      "MimecastDLPBlack.png",
      "MimecastSEGWhite1.png",
      "MimecastSEGWhite2.png",
      "MimecastSEGWhite3.png",
      "MimecastSEGWhite4.png",
      "MimecastSEGWhite5.png",
      "MimecastSEGWhite6.png",
      "MimecastSEGWhite7.png",
      "MimecastSEGWhite8.png"
    ],
    "version": "1.0.0",
    "title": "Mimecast Secure Email Gateway Workbook",
    "templateRelativePath": "Mimecast_SEG_Workbook.json",
    "subtitle": "",
    "provider": "Mimecast"
  },
  {
    "workbookKey": "Mimecast_Cloud_Integrated_Workbook",
    "logoFileName": "Mimecast.svg",
    "description": "A workbook providing insights into Mimecast Cloud Integrated.",
    "dataTypesDependencies": [
      "Cloud_Integrated_CL"
    ],
    "dataConnectorsDependencies": [
      "MimecastCIAPI"
    ],
    "previewImagesFileNames": [
      "MimecastCIWhite.png",
      "MimecastCIBlack.png"
    ],
    "version": "1.0.0",
    "title": "Mimecast Cloud Integrated Workbook",
    "templateRelativePath": "Mimecast_Cloud_Integrated_Workbook.json",
    "subtitle": "",
    "provider": "Mimecast"
  },
  {
    "workbookKey": "MimecastTIRegionalWorkbook",
    "logoFileName": "Mimecast.svg",
    "description": "A workbook providing insights into Mimecast Regional Threat indicator.",
    "dataTypesDependencies": [
      "ThreatIntelligenceIndicator"
    ],
    "dataConnectorsDependencies": [
      "MimecastTIRegionalConnectorAzureFunctions"
    ],
    "previewImagesFileNames": [
      "MimecastTIReginalWhite.png",
      "MimecastTIRegionalBlack.png"
    ],
    "version": "1.0.0",
    "title": "MimecastTIRegional",
    "templateRelativePath": "MimecastTIRegional.json",
    "subtitle": "Mimecast TI Regional",
    "provider": "Mimecast"
  },
  {
    "workbookKey": "DataminrPulseAlerts",
    "logoFileName": "DataminrPulse.svg",
    "description": "This Workbook provides insight into the data coming from DataminrPulse.",
    "dataTypesDependencies": [
      "DataminrPulse_Alerts_CL"
    ],
    "dataConnectorsDependencies": [
      "DataminrPulseAlerts"
    ],
    "previewImagesFileNames": [
      "DataminrPulseAlertsBlack1.png",
      "DataminrPulseAlertsBlack2.png",
      "DataminrPulseAlertsBlack3.png",
      "DataminrPulseAlertsBlack4.png",
      "DataminrPulseAlertsBlack5.png",
      "DataminrPulseAlertsWhite1.png",
      "DataminrPulseAlertsWhite2.png",
      "DataminrPulseAlertsWhite3.png",
      "DataminrPulseAlertsWhite4.png",
      "DataminrPulseAlertsWhite5.png"
    ],
    "version": "1.0.0",
    "title": "Dataminr Pulse Alerts",
    "templateRelativePath": "DataminrPulseAlerts.json",
    "provider": "Dataminr"
  },
  {
    "workbookKey": "DoDZeroTrustWorkbook",
    "logoFileName": "",
    "description": "This workbook solution provides an intuitive, customizable, framework intended to help track/report Zero Trust implementation in accordance with the latest DoD Zero Trust Strategy.",
    "dataTypesDependencies": [],
    "dataConnectorsDependencies": [],
    "previewImagesFileNames": [
      "DoDZeroTrustWorkbook1Black.png",
      "DoDZeroTrustWorkbook2Black.png",
      "DoDZeroTrustWorkbook3Black.png",
      "DoDZeroTrustWorkbook1White.png",
      "DoDZeroTrustWorkbook2White.png",
      "DoDZeroTrustWorkbook3White.png"
    ],
    "version": "1.2.0",
    "title": "DoD Zero Trust Strategy Workbook",
    "templateRelativePath": "DoDZeroTrustWorkbook.json",
    "subtitle": "",
    "provider": "Microsoft",
    "support": {
      "tier": "Microsoft"
    },
    "author": {
      "name": "Lili Davoudian, Chhorn Lim, Jay Pelletier, Michael Crane"
    },
    "source": {
      "kind": "Community"
    },
    "categories": {
      "domains": [
        "IT Operations"
      ]
    }
  },
  {
    "workbookKey": "GreyNoiseIntellegenceOverviewWorkbook",
    "logoFileName": "greynoise_logomark_black.svg",
    "description": "This workbook provides visualization of GreyNoise Intelligence threat indicators which are ingested in the Microsoft Sentinel Threat intelligence.",
    "dataTypesDependencies": [
      "ThreatIntelligenceIndicator"
    ],
    "dataConnectorsDependencies": [
      "GreyNoise2SentinelAPI"
    ],
    "previewImagesFileNames": [
      "GreyNoiseOverviewWhite.png",
      "GreyNoiseOverviewBlack.png"
    ],
    "version": "1.0",
    "title": "GreyNoise Intelligence Threat Indicators",
    "templateRelativePath": "GreyNoiseOverview.json",
    "subtitle": "",
    "provider": "GreyNoise Intelligence, Inc."
  },
  {
    "workbookKey": "WizFindingsWorkbook",
    "logoFileName": "Wiz_logo.svg",
    "description": "A visualized overview of Wiz Findings.\nExplore, analize and learn about your security posture using Wiz Findings Overview",
    "dataTypesDependencies": [
      "WizIssues_CL",
      "WizVulnerabilities_CL",
      "WizAuditLogs_CL",
      "WizIssuesV2_CL",
      "WizVulnerabilitiesV2_CL",
      "WizAuditLogs_CL"
    ],
    "dataConnectorsDependencies": [
      "Wiz"
    ],
    "previewImagesFileNames": [
      "WizFindingsBlack1.png",
      "WizFindingsBlack2.png",
      "WizFindingsBlack3.png",
      "WizFindingsWhite1.png",
      "WizFindingsWhite2.png",
      "WizFindingsWhite3.png"
    ],
    "version": "2.0.0",
    "title": "Wiz Findings overview",
    "templateRelativePath": "WizFindings.json",
    "subtitle": "",
    "provider": "Wiz"
  },
  {
    "workbookKey": "ThreatConnectOverviewWorkbook",
    "logoFileName": "ThreatConnect.svg",
    "description": "This workbook provides visualization of ThreatConnect threat indicators which are ingested in the Microsoft Sentinel Threat intelligence.",
    "dataTypesDependencies": [
      "ThreatIntelligenceIndicator"
    ],
    "dataConnectorsDependencies": [
      "ThreatIntelligence"
    ],
    "previewImagesFileNames": [
      "ThreatConnectOverviewBlack.png",
      "ThreatConnectOverviewWhite.png"
    ],
    "version": "1.0.0",
    "title": "ThreatConnect Overview Workbook",
    "templateRelativePath": "ThreatConnectOverview.json",
    "subtitle": "",
    "provider": "ThreatConnect, Inc."
  },
  {
    "workbookKey": "Sentinel_Central",
    "logoFileName": "Azure_Sentinel.svg",
    "description": "Use this report to view Incident (and Alert data) across many workspaces, this works with Azure Lighthouse and across any subscription you have access to.",
    "dataTypesDependencies": [
      "SecurityEvent"
    ],
    "dataConnectorsDependencies": [
      "IdentityAndAccessWhite.png",
      "IdentityAndAccessBlack.png"
    ],
    "previewImagesFileNames": [
      "SentinelCentralBlack.png",
      "SentinelCentralWhite.png"
    ],
    "version": "2.1.2",
    "title": "Sentinel Central",
    "templateRelativePath": "Sentinel_Central.json",
    "subtitle": "",
    "provider": "Microsoft Sentinel community",
    "support": {
      "tier": "Community"
    },
    "author": {
      "name": "Clive Watson"
    },
    "source": {
      "kind": "Community"
    },
    "categories": {
      "domains": [
        "Security"
      ]
    }
  },
  {
    "workbookKey": "AuthomizeWorkbook",
    "logoFileName": "Authomize.svg",
    "description": "Manage your Authorization Security Lifecycle across all XaaS environments and Private Clouds. Using Authomize AI-based engine continuously monitor the relationships between identities and assets and gain insight into security risks and events.",
    "dataTypesDependencies": [
      "Authomize_v2_CL"
    ],
    "dataConnectorsDependencies": [
      "Authomize"
    ],
    "previewImagesFileNames": [
      "AuthomizeITDREventMonitoring-Black.png",
      "AuthomizeITDREventMonitoring-White.png"
    ],
    "version": "1.0.0",
    "title": "Authomize ITDR Event Monitoring for Identities",
    "templateRelativePath": "Authomize.json",
    "subtitle": "",
    "provider": "Authomize"
  },
  {
    "workbookKey": "GigamonConnector",
    "logoFileName": "gigamon.svg",
    "description": "A visualized overview of Gigamon AMX Data Connector .\nExplore, analize and learn about your security posture using Gigamon AMX data connector Overview.",
    "dataTypesDependencies": [
      "Gigamon_CL"
    ],
    "dataConnectorsDependencies": [
      "GigamonDataConnector"
    ],
    "previewImagesFileNames": [
      "GigamonWorkbookBlack.png",
      "GigamonWorkbookWhite.png"
    ],
    "version": "1.0.0",
    "title": "Gigamon Workbook",
    "templateRelativePath": "Gigamon.json",
    "subtitle": "",
    "provider": "Gigamon"
  },
  {
    "workbookKey": "PrancerSentinelAnalyticsWorkbook",
    "description": "Monitor and analyze Prancer PAC and CSPM scan results.",
    "logoFileName": "Prancer.svg",
    "dataTypesDependencies": [
      "prancer_CL"
    ],
    "dataConnectorsDependencies": [
      "PrancerLogData"
    ],
    "previewImagesFileNames": [
      "PrancerBlack.png",
      "PrancerWhite.png"
    ],
    "version": "1.0.0",
    "title": "Prancer Microsoft Sentinel Analytics Workbook",
    "templateRelativePath": "PrancerSentinelAnalytics.json",
    "subtitle": "",
    "provider": "Prancer"
  },
  {
    "workbookKey": "ValenceSecurityAlertsWorkbook",
    "logoFileName": "ValenceSecurityLogo.svg",
    "description": "SaaS security alerts from Valence Security.",
    "dataTypesDependencies": [
      "ValenceAlert_CL"
    ],
    "dataConnectorsDependencies": [
      "ValenceSecurity"
    ],
    "previewImagesFileNames": [
      "ValenceAlertsBlack.png",
      "ValenceAlertsWhite.png"
    ],
    "version": "1.0.0",
    "title": "Valence Security Alerts Workbook",
    "templateRelativePath": "ValenceAlertsWorkbook.json",
    "subtitle": "",
    "provider": "Valence Security"
  },
  {
    "workbookKey": "MalwareProtectionEssentialsWorkbook",
    "logoFileName": "Azure_Sentinel.svg",
    "description": "This workbook provides details about Suspicious Malware Activities from File, Process and Registry events generated by EDR (Endpoint Detection and Response) solutions.",
    "dataTypesDependencies": [
      "_ASim_FileEvent",
      "_ASim_ProcessEvent"
    ],
    "previewImagesFileNames": [
      "MalwareProtectionEssentialsWhite.png",
      "MalwareProtectionEssentialsBlack.png"
    ],
    "version": "1.0.0",
    "title": "Malware Protection Essentials",
    "templateRelativePath": "MalwareProtectionEssentialsWorkbook.json",
    "subtitle": "",
    "provider": "Microsoft Sentinel community"
  },
  {
    "workbookKey": "VaronisSaaSWorkbook",
    "logoFileName": "VaronisLogo.svg",
    "description": "Security alerts from Varonis SaaS",
    "dataTypesDependencies": [
      "VaronisAlerts_CL"
    ],
    "dataConnectorsDependencies": [
      "VaronisSaaS"
    ],
    "previewImagesFileNames": [
      "VaronisSaaSAssetsBlack.png",
      "VaronisSaaSAssetsWhite.png",
      "VaronisSaaSDevicesBlack.png",
      "VaronisSaaSDevicesWhite.png",
      "VaronisSaaSMainBlack.png",
      "VaronisSaaSMainWhite.png",
      "VaronisSaaSThreatsBlack.png",
      "VaronisSaaSThreatsWhite.png",
      "VaronisSaaSUsersBlack.png",
      "VaronisSaaSUsersWhite.png"
    ],
    "version": "1.0.0",
    "title": "Varonis SaaS Workbook",
    "templateRelativePath": "VaronisSaaS.json",
    "subtitle": "",
    "provider": "Varonis"
  },
  {
    "workbookKey": "FortinetFortiNdrCloudWorkbook",
    "logoFileName": "fortinet_logo.svg",
    "description": "Gain insights into Fortinet FortiNDR CLoud events, including the Suricata, Observation and Detections data.",
    "dataTypesDependencies": [
      "FncEventsSuricata_CL",
      "FncEventsObservation_CL",
      "FncEventsDetections_CL"
    ],
    "dataConnectorsDependencies": [
      "FortinetFortiNdrCloudDataConnector"
    ],
    "previewImagesFileNames": [
      "FncDetectionDashboardBlack.png",
      "FncDetectionDashboardWhite.png",
      "FncObservationDashboardBlack.png",
      "FncObservationDashboardWhite.png",
      "FncSuricataDashboardBlack.png",
      "FncSuricataDashboardWhite.png",
      "FncMainDashboardBlack.png",
      "FncMainDashboardWhite.png"
    ],
    "version": "1.0.0",
    "title": "FortiNDR Cloud",
    "templateRelativePath": "FortinetFortiNdrCloudWorkbook.json",
    "subtitle": "",
    "provider": "Fortinet"
  },
  {
    "workbookKey": "WithSecureTopComputersByInfection",
    "logoFileName": "WithSecure.svg",
    "description": "Top 3 computers by amount of infections.",
    "dataTypesDependencies": [
      "WsSecurityEvents_CL"
    ],
    "dataConnectorsDependencies": [
      "WithSecureElementsViaFunction"
    ],
    "previewImagesFileNames": [
      "WithSecureTopComputersByInfectionsBlack.png",
      "WithSecureTopComputersByInfectionsWhite.png"
    ],
    "version": "1.0",
    "title": "WithSecure - Top computers by infections",
    "templateRelativePath": "WithSecureTopComputersByInfections.json",
    "subtitle": "",
    "provider": "WithSecure"
  },
  {
    "workbookKey": "AzureOpenAIMonitoring",
    "logoFileName": "",
    "description": "Welcome to this Azure OpenAI Monitoring Workbook\n#### This workbook will help to monitor your Azure Open AI Instances\n\n** Please enable diagnostics settings for the Open AI instance to view the workbook.",
    "dataTypesDependencies": [],
    "dataConnectorsDependencies": [],
    "previewImagesFileNames": [
      "AzureOpenAIMonitoringWhite.PNG",
      "AzureOpenAIMonitoringBlack.PNG"
    ],
    "version": "1.0",
    "title": "Azure OpenAI Monitoring Workbook",
    "templateRelativePath": "AzureOpenAIMonitoring.json",
    "subtitle": "",
    "provider": "Microsoft Sentinel Community"
  },
  {
    "workbookKey": "SonicWallWorkbook",
    "logoFileName": "sonicwall_logo.svg",
    "description": "A collection of queries to provide visibility into the events reported by your SonicWall firewalls.",
    "dataTypesDependencies": [
      "CommonSecurityLog",
      "ASimNetworkSessionSonicWallFirewall"
    ],
    "dataConnectorsDependencies": [
      "CefAma"
    ],
    "previewImagesFileNames": [
      "SonicWallWorkbookWhite.png",
      "SonicWallWorkbookBlack.png"
    ],
    "version": "1.0.0",
    "title": "SonicWall Workbook",
    "templateRelativePath": "SonicWallFirewall.json",
    "subtitle": "",
    "provider": "SonicWall"
  },
  {
    "workbookKey": "AzureServiceHealthWorkbook",
    "logoFileName": "",
    "description": "A collection of queries to provide visibility into Azure Service Health across the subscriptions.",
    "dataTypesDependencies": [
      "AzureActivity"
    ],
    "dataConnectorsDependencies": [
      "AzureActivity"
    ],
    "previewImagesFileNames": [
      "AzureServiceHealthWhite.png",
      "AzureServiceHealthBlack.png"
    ],
    "version": "1.0.0",
    "title": "Azure Service Health Workbook",
    "templateRelativePath": "AzureServiceHealthWorkbook.json",
    "subtitle": "",
    "provider": "Microsoft Sentinel Community"
  },
  {
    "workbookKey": "EgressPreventMetricWorkbook",
    "logoFileName": "Egress-logo.svg",
    "description": "A workbook providing insights into Egress Defend.",
    "dataTypesDependencies": [
      "EgressEvents_CL"
    ],
    "dataConnectorsDependencies": [],
    "previewImagesFileNames": [
      "EgressPreventWorkbookBlack01.png",
      "EgressPreventWorkbookWhite01.png"
    ],
    "version": "1.0.0",
    "title": "Egress Defend Insights",
    "templateRelativePath": "PreventWorkbook.json",
    "subtitle": "Iris Prevent Metrics",
    "provider": "Egress Software Technologies"
  },
  {
    "workbookKey": "NetskopeDashboard",
    "logoFileName": "Netskope.svg",
    "description": "A workbook providing insights into Netskope Alerts, Events and WebTransactions.",
    "dataConnectorsDependencies": [
      "NetskopeDataConnector"
    ],
    "dataTypesDependencies": [
      "eventsapplicationdata_CL",
      "alertscompromisedcredentialdata_CL",
      "alertsctepdata_CL",
      "alertsdlpdata_CL",
      "alertsmalsitedata_CL",
      "alertsmalwaredata_CL",
      "alertspolicydata_CL",
      "alertsquarantinedata_CL",
      "alertsremediationdata_CL",
      "alertssecurityassessmentdata_CL",
      "alertsubadata_CL",
      "NetskopeWebtxData_CL"
    ],
    "previewImagesFileNames": [
      "NetskopeDashboardBlack1.png",
      "NetskopeDashboardBlack2.png",
      "NetskopeDashboardBlack3.png",
      "NetskopeDashboardWhite1.png",
      "NetskopeDashboardWhite2.png",
      "NetskopeDashboardWhite3.png"
    ],
    "version": "1.0.0",
    "title": "NetskopeDashboard",
    "templateRelativePath": "NetskopeDashboard.json",
    "subtitle": "Netskope Dashboard for Alerts, Events and WebTransactions",
    "provider": "Netskope"
  },
  {
    "workbookKey": "BitwardenEventLogsOrganization",
    "logoFileName": "Bitwarden.svg",
    "description": "This workbook provides insights on Bitwarden Organizations Event Logs.",
    "dataConnectorsDependencies": [
      "BitwardenEventLogs"
    ],
    "dataTypesDependencies": [
      "BitwardenEventLogs_CL",
      "BitwardenGroups_CL",
      "BitwardenMembers_CL"
    ],
    "previewImagesFileNames": [
      "BitwardenEventLogsOrganizationWhite1.png",
      "BitwardenEventLogsOrganizationWhite2.png",
      "BitwardenEventLogsOrganizationBlack1.png",
      "BitwardenEventLogsOrganizationBlack2.png"
    ],
    "version": "1.0.0",
    "title": "Bitwarden Organization Events",
    "templateRelativePath": "BitwardenEventLogsOrganization.json",
    "subtitle": "",
    "provider": "Bitwarden"
  },
  {
    "workbookKey": "BitwardenEventLogsAuthentication",
    "logoFileName": "Bitwarden.svg",
    "description": "This workbook provides insights on Bitwarden Authentication Event Logs.",
    "dataConnectorsDependencies": [
      "BitwardenEventLogs"
    ],
    "dataTypesDependencies": [
      "BitwardenEventLogs_CL",
      "BitwardenGroups_CL",
      "BitwardenMembers_CL"
    ],
    "previewImagesFileNames": [
      "BitwardenEventLogsAuthenticationWhite1.png",
      "BitwardenEventLogsAuthenticationWhite2.png",
      "BitwardenEventLogsAuthenticationBlack1.png",
      "BitwardenEventLogsAuthenticationBlack2.png"
    ],
    "version": "1.0.0",
    "title": "Bitwarden Authentication Events",
    "templateRelativePath": "BitwardenEventLogsAuthentication.json",
    "subtitle": "",
    "provider": "Bitwarden"
  },
  {
    "workbookKey": "BitwardenEventLogsVaultItems",
    "logoFileName": "Bitwarden.svg",
    "description": "This workbook provides insights on Bitwarden Vault Items Event Logs.",
    "dataConnectorsDependencies": [
      "BitwardenEventLogs"
    ],
    "dataTypesDependencies": [
      "BitwardenEventLogs_CL",
      "BitwardenGroups_CL",
      "BitwardenMembers_CL"
    ],
    "previewImagesFileNames": [
      "BitwardenEventLogsVaultItemsWhite1.png",
      "BitwardenEventLogsVaultItemsWhite2.png",
      "BitwardenEventLogsVaultItemsBlack1.png",
      "BitwardenEventLogsVaultItemsBlack2.png"
    ],
    "version": "1.0.0",
    "title": "Bitwarden Vault Items Events",
    "templateRelativePath": "BitwardenEventLogsVaultItems.json",
    "subtitle": "",
    "provider": "Bitwarden"
  },
  {
    "workbookKey": "CodelessConnectorBuilder",
    "logoFileName": "Azure_Sentinel.svg",
    "description": "Create custom codeless connectors on demand with this UI-like workbook. Templates can be generated by going step by step in this workbook while filling out the different values.",
    "dataTypesDependencies": [],
    "previewImagesFileNames": [
      "CodelessConnectorBuilderBlack.png",
      "CodelessConnectorBuilderWhite.png"
    ],
    "version": "1.0.0",
    "title": "Codeless Connector Builder",
    "templateRelativePath": "CodelessConnectorBuilder.json",
    "subtitle": "",
    "provider": "Microsoft Sentinel Community"
  },
  {
    "workbookKey": "InfobloxLookupWorkbook",
    "logoFileName": "infoblox_logo.svg",
    "description": "The Infoblox Lookup Workbook provides comprehensive insights through lookups on various data types including IP, Host, URL, Hash, and Email.\nThe workbook features distinct tabs for targeted lookups. \nThe 'TIDE' tab delivers insights from Infoblox TIDE data, while the 'Dossier' tab aggregates information from a range of other third party sources. \nTo obtain detailed insights, enter the relevant data into the specified fields within each tab. \nThis allows users to efficiently gather and analyze critical information.",
    "dataTypesDependencies": [
      "dossier_whois_CL",
      "dossier_whitelist_CL",
      "dossier_tld_risk_CL",
      "dossier_threat_actor_CL",
      "dossier_rpz_feeds_records_CL",
      "dossier_rpz_feeds_CL",
      "dossier_nameserver_matches_CL",
      "dossier_nameserver_CL",
      "dossier_malware_analysis_v3_CL",
      "dossier_inforank_CL",
      "dossier_infoblox_web_cat_CL",
      "dossier_geo_CL",
      "dossier_dns_CL",
      "dossier_atp_threat_CL",
      "dossier_atp_CL",
      "dossier_ptr_CL",
      "tide_lookup_data_CL",
      "SecurityAlert",
      "SecurityIncident"
    ],
    "dataConnectorsDependencies": [
      "InfobloxDataConnector"
    ],
    "previewImagesFileNames": [
      "Infoblox-Lookup-Workbook-Black1.png",
      "Infoblox-Lookup-Workbook-Black2.png",
      "Infoblox-Lookup-Workbook-Black3.png",
      "Infoblox-Lookup-Workbook-Black4.png",
      "Infoblox-Lookup-Workbook-White1.png",
      "Infoblox-Lookup-Workbook-White2.png",
      "Infoblox-Lookup-Workbook-White3.png",
      "Infoblox-Lookup-Workbook-White4.png"
    ],
    "version": "1.0",
    "title": "Infoblox Lookup Workbook",
    "templateRelativePath": "Infoblox_Lookup_Workbook.json",
    "subtitle": "Efficiently Gather and Analyze Critical Information of TIDE and Dossier with Targeted Lookups",
    "provider": "Infoblox"
  },
  {
    "workbookKey": "InfobloxWorkbook",
    "logoFileName": "infoblox_logo.svg",
    "description": "The Infoblox Workbook is a detailed analytical tool comprising six tabs: SOC Insights, Config Insights, Blocked DNS, DNS, DHCP, Service Log, Audit and Threat Intelligence. \nIt fetches data from Common Event Format (CEF) logs to provide standardized and comprehensive insights into network security and operations. \nEach tab focuses on specific areas such as overall security metrics, blocked DNS requests, DNS activities, DHCP allocations, various service logs, and a combination of audit records with threat intelligence. \nThis workbook enables efficient monitoring and proactive management of network security and performance.",
    "dataTypesDependencies": [
      "CommonSecurityLog",
      "IP_Space_Info_CL",
      "Service_Name_Info_CL",
      "Host_Name_Info_CL",
      "ThreatIntelligenceIndicator",
      "SecurityAlert",
      "SecurityIncident",
      "InfobloxInsight",
      "InfobloxInsightAssets",
      "InfobloxInsightComments",
      "InfobloxInsightIndicators",
      "InfobloxInsightEvents",
      "Infoblox_Config_Insights_CL",
      "Infoblox_Config_Insight_Details_CL"
    ],
    "dataConnectorsDependencies": [
      "CefAma",
      "InfobloxSOCInsightsDataConnector_AMA",
      "InfobloxSOCInsightsDataConnector_API",
      "InfobloxSOCInsightsDataConnector_Legacy"
    ],
    "previewImagesFileNames": [
      "Infoblox-Workbook-Black1.png",
      "Infoblox-Workbook-Black2.png",
      "Infoblox-Workbook-Black3.png",
      "Infoblox-Workbook-Black4.png",
      "Infoblox-Workbook-Black5.png",
      "Infoblox-Workbook-Black6.png",
      "Infoblox-Workbook-Black7.png",
      "Infoblox-Workbook-Black8.png",
      "Infoblox-Workbook-Black9.png",
      "Infoblox-Workbook-White1.png",
      "Infoblox-Workbook-White2.png",
      "Infoblox-Workbook-White3.png",
      "Infoblox-Workbook-White4.png",
      "Infoblox-Workbook-White5.png",
      "Infoblox-Workbook-White6.png",
      "Infoblox-Workbook-White7.png",
      "Infoblox-Workbook-White8.png",
      "Infoblox-Workbook-White9.png"
    ],
    "version": "1.0",
    "title": "Infoblox Workbook",
    "templateRelativePath": "Infoblox_Workbook.json",
    "subtitle": "Efficiently Monitor and Manage Network Security and Performance with Comprehensive Insights",
    "provider": "Infoblox"
  },
  {
    "workbookKey": "IllumioAuditableEventsWorkbook",
    "logoFileName": "IllumioLogo.svg",
    "description": "A collection of queries to provide visibility into auditable events reported by Illumio.",
    "dataTypesDependencies": [
      "Illumio_Auditable_Events_CL"
    ],
    "dataConnectorsDependencies": [
      "IllumioSaaSDataConnector"
    ],
    "previewImagesFileNames": [
      "IllumioAuditableEventsBlack.png",
      "IllumioAuditableEventsWhite.png"
    ],
    "version": "1.0.0",
    "title": "Illumio Auditable Events Workbook",
    "templateRelativePath": "IllumioAuditableEvents.json",
    "subtitle": "",
    "provider": "Illumio"
  },
  {
    "workbookKey": "IllumioFlowEventsWorkbook",
    "logoFileName": "IllumioLogo.svg",
    "description": "A collection of queries to provide visibility into the flow events reported by Illumio.",
    "dataTypesDependencies": [
      "Illumio_Flows_Events_CL"
    ],
    "dataConnectorsDependencies": [
      "IllumioSaaSDataConnector"
    ],
    "previewImagesFileNames": [
      "IllumioFlowEventsBlack.png",
      "IllumioFlowEventsWhite.png"
    ],
    "version": "1.0.0",
    "title": "Illumio Flow Data Workbook",
    "templateRelativePath": "IllumioFlowData.json",
    "subtitle": "",
    "provider": "Illumio"
  },
  {
    "workbookKey": "IllumioWorkloadsStatsWorkbook",
    "logoFileName": "IllumioLogo.svg",
    "description": "This workbook leverages workloads api of Illumio and presents insights",
    "dataTypesDependencies": [
      "Illumio_Workloads_Summarized_API_CL"
    ],
    "dataConnectorsDependencies": [
      "IllumioSaaSDataConnector"
    ],
    "previewImagesFileNames": [
      "IllumioWorkloadsSummarizedBlack.png",
      "IllumioWorkloadsSummarizedWhite.png"
    ],
    "version": "1.1.0",
    "title": "Illumio Workload Stats Workbook",
    "templateRelativePath": "IllumioWorkloadsStats.json",
    "subtitle": "",
    "provider": "Illumio"
  },
  {
    "workbookKey": "IllumioOnPremHealthWorkbook",
    "logoFileName": "IllumioLogo.svg",
    "description": "This workbook leverages events ingested by 'Syslog via AMA devices' and presents insights",
    "dataTypesDependencies": [
      "Syslog"
    ],
    "dataConnectorsDependencies": [
      "SyslogAMA"
    ],
    "previewImagesFileNames": [
      "IllumioOnPremHealthWhite.png",
      "IllumioOnPremHealthBlack.png"
    ],
    "version": "1.2.0",
    "title": "Illumio OnPrem Health Workbook",
    "templateRelativePath": "IllumioOnPremHealth.json",
    "subtitle": "",
    "provider": "Illumio"
  },
  {
    "workbookKey": "CEFOverview",
    "logoFileName": "Azure_Sentinel.svg",
    "description": "This Workbook gives an overview of ingestion of logs in the CommonSecurityLog table.",
    "dataTypesDependencies": [
      "CommonSecurityLog"
    ],
    "dataConnectorsDependencies": [],
    "previewImagesFileNames": [
      "CEFOverviewWhite.png",
      "CEFOverviewBlack.png"
    ],
    "version": "1.0.0",
    "title": "Common Event Format Logs Overview",
    "templateRelativePath": "CEFOverviewWorkbook.json",
    "provider": "",
    "support": {
      "tier": "Microsoft"
    },
    "author": {
      "name": "Microsoft"
    },
    "categories": {
      "domains": [
        "IT Operations"
      ]
    }
  },
  {
    "workbookKey": "TenableIEIoA",
    "logoFileName": "Tenable.svg",
    "description": "This workbook providing insights into Tenable Indicators of Attack",
    "dataTypesDependencies": [
      "Tenable_IE_CL"
    ],
    "dataConnectorsDependencies": [
      "TenableIE"
    ],
    "previewImagesFileNames": [
      "TenableIEIoABlack1.png",
      "TenableIEIoABlack2.png",
      "TenableIEIoABlack3.png",
      "TenableIEIoAWhite1.png",
      "TenableIEIoAWhite2.png",
      "TenableIEIoAWhite3.png"
    ],
    "version": "1.0.0",
    "title": "TIE IOA workbook",
    "templateRelativePath": "TenableIEIoA.json",
    "subtitle": "",
    "provider": "Tenable"
  },
  {
    "workbookKey": "TenableIEIoE",
    "logoFileName": "Tenable.svg",
    "description": "This workbook providing insights into Tenable Indicators of Exposure",
    "dataTypesDependencies": [
      "Tenable_IE_CL"
    ],
    "dataConnectorsDependencies": [
      "TenableIE"
    ],
    "previewImagesFileNames": [
      "TenableIEIoEBlack1.png",
      "TenableIEIoEBlack2.png",
      "TenableIEIoEBlack3.png",
      "TenableIEIoEWhite1.png",
      "TenableIEIoEWhite2.png",
      "TenableIEIoEWhite3.png"
    ],
    "version": "1.0.0",
    "title": "TIE IOE workbook",
    "templateRelativePath": "TenableIEIoE.json",
    "subtitle": "",
    "provider": "Tenable"
  },
  {
    "workbookKey": "SyslogConnectorsOverviewWorkbook",
    "logoFileName": "Azure_Sentinel.svg",
    "description": "This Workbook gives an overview of ingestion of logs into Syslog table via Syslog based dataconnectors such as AMA agent",
    "dataTypesDependencies": [
      "Syslog"
    ],
    "dataConnectorsDependencies": [
      "Syslog",
      "SyslogAma"
    ],
    "previewImagesFileNames": [
      ""
    ],
    "version": "1.0.0",
    "title": "Syslog Connectors Overview Workbook",
    "templateRelativePath": "SyslogConnectorsOverviewWorkbook.json",
    "subtitle": "",
    "provider": "-------"
  },
  {
    "workbookKey": "PhishingAnalysis",
    "logoFileName": "Azure_Sentinel.svg",
    "description": "This Workbook fetches data from MDO tables and provides a comphrehensive overview for Phishing Analysis",
    "dataTypesDependencies": [],
    "dataConnectorsDependencies": [],
    "previewImagesFileNames": [
      "PhishingAnalysisWhite.png",
      "PhishingAnalysisBlack.png"
    ],
    "version": "1.0.0",
    "title": "Phishing Analysis",
    "templateRelativePath": "PhishingAnalysis.json",
    "subtitle": "",
    "provider": "DSR",
    "support": {
      "tier": "Community"
    },
    "author": {
      "name": "Microsoft DSR"
    },
    "source": {
      "kind": "Community"
    },
    "categories": {
      "domains": [
        "Security - Cloud Security",
        "Security - Threat Protection"
      ]
    }
  },
  {
    "workbookKey": "GSANetworkTraffic",
    "logoFileName": "gsa.svg",
    "description": "This workbook provides an overview of all traffic logs within your network, offering insights into data transfer, anomalies, and potential threats.",
    "dataTypesDependencies": [],
    "dataConnectorsDependencies": [
      "AzureActiveDirectory"
    ],
    "previewImagesFileNames": [
      "GSATrafficLogsWhite.png",
      "GSATrafficLogsBlack.png"
    ],
    "version": "1.0.1",
    "title": "Network Traffic Insights",
    "templateRelativePath": "GSANetworkTraffic.json",
    "subtitle": "",
    "provider": "Microsoft"
  },
  {
    "workbookKey": "GSAM365EnrichedEvents",
    "logoFileName": "gsa.svg",
    "description": "This Workbook provides a detailed view of Microsoft 365 log data, enriched with contextual information to enhance visibility into user activities and potential security threats.",
    "dataTypesDependencies": [],
    "dataConnectorsDependencies": [
      "AzureActiveDirectory"
    ],
    "previewImagesFileNames": [
      "GSAEnrichedLogsWhite.png",
      "GSAEnrichedLogsBlack.png"
    ],
    "version": "1.0.1",
    "title": "Enriched Microsoft 365 logs Workbook",
    "templateRelativePath": "GSAM365EnrichedEvents.json",
    "provider": "Microsoft"
  },
  {
    "workbookKey": "MicrosoftDefenderForOffice365detectionsandinsights",
    "logoFileName": "Azure_Sentinel.svg",
    "description": "Gain extensive insight into your organization's Microsoft Defender for Office 365 Detections by analyzing and correlating events. \nYou can track various detections and insights over time including: metrics for phish, spam, malware, URL and URL click detection details, post delivery detections, user and admin submissions, system overrides and actions taken by security administrators.",
    "dataTypesDependencies": [
      "EmailEvents",
      "EmailPostDeliveryEvents",
      "EmailUrlInfo",
      "UrlClickEvents",
      "CloudAppEvents"
    ],
    "dataConnectorsDependencies": [
      "MicrosoftThreatProtection"
    ],
    "previewImagesFileNames": [
      "MicrosoftDefenderForOffice365detectionsandinsightswhite.png",
      "MicrosoftDefenderForOffice365detectionsandinsightsblack.png"
    ],
    "version": "1.0.0",
    "title": "Microsoft Defender for Office 365 Detection and Insights",
    "templateRelativePath": "MicrosoftDefenderForOffice365detectionsandinsights.json",
    "subtitle": "",
    "provider": "Microsoft"
  },
  {
    "workbookKey": "WindowsFirewallViaAMA",
    "logoFileName": "WindowsFirewallViaAMA.svg",
    "description": "Gain insights into Windows Firewall logs via AMA in combination with security and Azure signin logs.",
    "dataTypesDependencies": [
      "ASimNetworkSessionLogs",
      "SecurityEvent",
      "SigninLogs"
    ],
    "dataConnectorsDependencies": [
      "SecurityEvents",
      "WindowsFirewall",
      "WindowsSecurityEvents"
    ],
    "previewImagesFileNames": [
      "WindowsFirewallviaAMAWhite1.png",
      "WindowsFirewallviaAMABlack1.png",
      "WindowsFirewallviaAMAWhite2.png",
      "WindowsFirewallviaAMABlack2.png"
    ],
    "version": "1.0",
    "title": "Windows Firewall via AMA",
    "templateRelativePath": "WindowsFirewallViaAMA.json",
    "subtitle": "",
    "provider": "Microsoft Sentinel community",
    "support": {
      "tier": "Community"
    },
    "author": {
      "name": "John Joyner"
    },
    "source": {
      "kind": "Community"
    },
    "categories": {
      "domains": [
        "Security"
      ]
    }
  },
  {
    "workbookKey": "MicrosoftCopilotForSecurity",
    "logoFileName": "",
    "description": "Gain insights and monitor Microsoft Copilot for Security ",
    "dataTypesDependencies": [
      "SigninLogs",
      "AADNonInteractiveSignInLogs",
      "AzureActivity"
    ],
    "dataConnectorsDependencies": [],
    "previewImagesFileNames": [
      "MicrosoftCopilotForSecurityBlack.png",
      "MicrosoftCopilotForSecurityWhite.png"
    ],
    "version": "1.0.1",
    "title": "Microsoft Copilot For Security Monitoring",
    "templateRelativePath": "CopilotforSecurityMonitoring.json",
    "subtitle": "",
    "provider": "Microsoft Sentinel Community",
    "support": {
      "tier": "Community"
    },
    "author": {
      "name": "Samik Roy"
    },
    "source": {
      "kind": "Community"
    },
    "categories": {
      "domains": [
        "Security - Copilot"
      ]
    }
  },
  {
    "workbookKey": "TeamCymruScout",
    "logoFileName": "TeamCymruScout.svg",
    "description": "This Workbook provides immediate insight into the data coming from Team Cymru Scout.",
    "dataTypesDependencies": [
      "Cymru_Scout_Domain_Data_CL",
      "Cymru_Scout_IP_Data_Foundation_CL",
      "Cymru_Scout_IP_Data_Details_CL",
      "Cymru_Scout_IP_Data_Communications_CL",
      "Cymru_Scout_IP_Data_PDNS_CL",
      "Cymru_Scout_IP_Data_Fingerprints_CL",
      "Cymru_Scout_IP_Data_OpenPorts_CL",
      "Cymru_Scout_IP_Data_x509_CL",
      "Cymru_Scout_IP_Data_Summary_Details_CL",
      "Cymru_Scout_IP_Data_Summary_PDNS_CL",
      "Cymru_Scout_IP_Data_Summary_OpenPorts_CL",
      "Cymru_Scout_IP_Data_Summary_Certs_CL",
      "Cymru_Scout_IP_Data_Summary_Fingerprints_CL",
      "Cymru_Scout_Account_Usage_Data_CL",
      "Domain_Data_CL",
      "Identity_Data_CL",
      "Proto_By_IP_Data_CL",
      "Summary_Details_CL",
      "Summary_Details_Top_Certs_Data_CL",
      "Summary_Details_Top_Fingerprints_Data_CL",
      "Summary_Details_Top_Open_Ports_Data_CL",
      "Summary_Details_Top_Pdns_Data_CL",
      "Top_Asns_By_IP_Data_CL",
      "Top_Country_Codes_By_IP_Data_CL",
      "Top_Services_By_IP_Data_CL",
      "Top_Tags_By_IP_Data_CL",
      "Whois_Data_CL"
    ],
    "dataConnectorsDependencies": [
      "TeamCymruScout"
    ],
    "previewImagesFileNames": [
      "TeamCymruScoutWhite1.png",
      "TeamCymruScoutWhite2.png",
      "TeamCymruScoutWhite3.png",
      "TeamCymruScoutWhite4.png",
      "TeamCymruScoutWhite5.png",
      "TeamCymruScoutBlack1.png",
      "TeamCymruScoutBlack2.png",
      "TeamCymruScoutBlack3.png",
      "TeamCymruScoutBlack4.png",
      "TeamCymruScoutBlack5.png"
    ],
    "version": "1.0.0",
    "title": "Team Cymru Scout",
    "templateRelativePath": "TeamCymruScout.json",
    "subtitle": "",
    "provider": "Team Cymru"
  },
  {
    "workbookKey": "CTERA_Workbook",
    "logoFileName": "CTERA_Logo.svg",
    "description": "This Workbook provides an overview of CTERA log ingestion and operations, offering insights into various activities and potential security incidents.",
    "dataTypesDependencies": [
      "Syslog"
    ],
    "dataConnectorsDependencies": [
      "CTERA"
    ],
    "previewImagesFileNames": [
      "CTERASMBLogsWorkbookWhite.png",
      "CTERASMBLogsWorkbookBlack.png"
    ],
    "version": "1.0.0",
    "title": "CTERA Audit Logs Ingestion",
    "templateRelativePath": "CTERA_Workbook.json",
    "provider": "CTERA"
  },
  {
    "workbookKey": "Data_Latency",
    "logoFileName": "Azure_Sentinel.svg",
    "description": "The Latency Details workbook offers a comprehensive view of latency across data connectors and log sources. It shows the timestamp of the last data received and calculates the time elapsed since the last ingestion for each data source, covering both Windows and Linux machines, enabling efficient monitoring and troubleshooting of data flow.",
    "dataTypesDependencies": [
      "Syslog",
      "SecurityEvents",
      "AzureActivity"
    ],
    "dataConnectorsDependencies": [
      "Syslog",
      "SecurityEvents",
      "AzureActivity"
    ],
    "previewImagesFileNames": [
      "Data_Latency_Black.png",
      "Data_Latency_White.png"
    ],
    "version": "1.0.0",
    "title": "Data Latency Workbook",
    "templateRelativePath": "Data_Latency_Workbook.json",
    "subtitle": "",
    "provider": "InspiraEnterprise",
    "source": {
      "kind": "Community"
    },
    "author": {
      "name": "Inspira Enterprise"
    }
  },
  {
    "workbookKey": "User_Analytics",
    "logoFileName": "Azure_Sentinel.svg",
    "description": "The User Analytics Workbook is designed to provide a comprehensive overview of individual user activities and attributes within your organization. This custom solution aggregates and visualizes critical data related to users, including their group memberships, personal information, sign-in activities, recently assigned roles, behaviour analysis, assigned Entra ID (Formerly known as Active Directory (AD)) roles, risk status, and any recent incidents associated with the user.\nBy consolidating this information into a single, user-friendly workbook, organizations can easily monitor and analyze user behaviour, track changes in roles and responsibilities, and assess potential risks associated with user accounts. This solution enhances your ability to conduct detailed user analytics, supporting better decision-making and improved security oversight.",
    "dataTypesDependencies": [
      "SigninLogs",
      "AuditLogs",
      "AzureActivity"
    ],
    "dataConnectorsDependencies": [
      "AzureActiveDirectory",
      "AzureActivity"
    ],
    "previewImagesFileNames": [
      "User_Analytics_Black.png",
      "User_Analytics_White.png"
    ],
    "version": "1.0.0",
    "title": "User Analytics",
    "templateRelativePath": "User_Analytics_Workbook.json",
    "subtitle": "",
    "provider": "InspiraEnterprise",
    "source": {
      "kind": "Community"
    },
    "author": {
      "name": "Inspira Enterprise"
    }
  },
  {
    "workbookKey": "Syslog-Bifurcation",
    "logoFileName": "Azure_Sentinel.svg",
    "description": "The Data Ingestion Comparison Hourly workbook offers a comprehensive view of ingested data, presenting the total data volume and ingestion amounts in GB, categorized by each hour. This breakdown helps in monitoring and comparing data ingestion trends over time, ensuring visibility into hourly ingestion patterns and potential anomalies.",
    "dataTypesDependencies": [
      "Syslog",
      "SecurityEvents",
      "AzureActivity"
    ],
    "dataConnectorsDependencies": [
      "Syslog",
      "SecurityEvents",
      "AzureActivity"
    ],
    "previewImagesFileNames": [
      "Syslog_Bifurcation_Black.png",
      "Syslog_Bifurcation_White.png"
    ],
    "version": "1.0.0",
    "title": "Syslog Bifurcation",
    "templateRelativePath": "Syslog-Bifurcation.json",
    "subtitle": "",
    "provider": "InspiraEnterprise",
    "source": {
      "kind": "Community"
    },
    "author": {
      "name": "Inspira Enterprise"
    }
  },
  {
    "workbookKey": "Dynamics365Activity",
    "logoFileName": "DynamicsLogo.svg",
    "description": "This workbook brings together queries and visualizations to assist you in identifying potential threats in your Dynamics 365 audit data.",
    "dataTypesDependencies": [
      "DataverseActivity"
    ],
    "dataConnectorsDependencies": [
      "Dataverse"
    ],
    "previewImagesFileNames": [
      "Dynamics365ActivityBlack.png",
      "Dynamics365ActivityWhite.png"
    ],
    "version": "1.0.4",
    "title": "Dynamics 365 Activity",
    "templateRelativePath": "Dynamics365Activity.json",
    "subtitle": "",
    "provider": "Microsoft"
  },
  {
    "workbookKey": "SAPBTPActivity",
    "logoFileName": "SAPBTP.svg",
    "description": "This workbook contains visualizations and insights in the SAP BTP environment.",
    "dataTypesDependencies": [
      "SAPBTPAuditLog_CL"
    ],
    "dataConnectorsDependencies": [
      "SAPBTPAuditLog"
    ],
    "previewImagesFileNames": [
      "SAPBTPActivityBlack.png",
      "SAPBTPActivityWhite.png"
    ],
    "version": "1.0.0",
    "title": "SAP BTP Activity",
    "templateRelativePath": "SAPBTPActivity.json",
    "subtitle": "",
    "provider": "Microsoft"
  },
  {
    "workbookKey": "SAPLogServObserve",
    "logoFileName": "SAPBTP.svg",
    "description": "This workbook contains visualizations and insights in the SAP BTP environment.",
    "dataTypesDependencies": [
      "SAPLogServ_CL"
    ],
    "dataConnectorsDependencies": [
      "SAPLogServ"
    ],
    "previewImagesFileNames": [
      "SAPLogServActivityBlack.png",
      "SAPLogServActivityWhite.png"
    ],
    "version": "1.0.0",
    "title": "SAP LogServ Insights Dashboard",
    "templateRelativePath": "SAPLogServObserve.json",
    "subtitle": "",
    "provider": "SAP"
  },
  {
    "workbookKey": "DoppelWorkbook",
    "logoFileName": "doppel.svg",
    "description": "This Workbook provides a flexible canvas for data monitoring, analysis and the creation of rich visual doppel alerts and event reports within the Azure portal",
    "dataTypesDependencies": [
      "DoppelTable_CL"
    ],
    "dataConnectorsDependencies": [
      "Doppel_DataConnector"
    ],
    "previewImagesFileNames": [
      "DoppelWorkbookBlack.png",
      "DoppelWorkbookWhite.png"
    ],
    "version": "1.0.0",
    "title": "Doppel Workbook",
    "templateRelativePath": "Doppel.json",
    "subtitle": "",
    "provider": "Doppel"
  },
  {
    "workbookKey": "SamsungKnoxAssetIntelligence.json",
    "logoFileName": "Samsung_Knox_Asset_Intelligence.svg",
    "description": "This Knox Asset Intelligence for Microsoft Sentinel solution installs a workbook that summarizes the mobile security events reported by Samsung Knox devices over a selected reporting period. You can use this workbook to quickly assess the threat type and severity, or identify patterns and anomalies in order to help prioritize incident responses or further investigations.",
    "dataTypesDependencies": [
      "Samsung_Knox_Audit_CL",
      "Samsung_Knox_Application_CL",
      "Samsung_Knox_System_CL",
      "Samsung_Knox_Process_CL",
      "Samsung_Knox_User_CL",
      "Samsung_Knox_Network_CL"
    ],
    "dataConnectorsDependencies": [
      "SamsungKnoxAssetIntelligence"
    ],
    "previewImagesFileNames": [
      "SamsungKnoxAssetIntelligenceBlack.png",
      "SamsungKnoxAssetIntelligenceWhite.png"
    ],
    "version": "1.0.0",
    "title": "Samsung Knox Asset Intelligence",
    "templateRelativePath": "SamsungKnoxAssetIntelligence.json",
    "subtitle": "",
    "provider": "Samsung"
  },
  {
    "workbookKey": "SemperisDSPADChangesWorkbook",
    "logoFileName": "Semperis.svg",
    "description": "View change data related to the Semperis DSP system.",
    "dataTypesDependencies": [
      "CommonSecurityLog"
    ],
    "dataConnectorsDependencies": [
      "SemperisDSP-connector"
    ],
    "previewImagesFileNames": [
      "adchanges-black.png",
      "adchanges-white.png"
    ],
    "version": "1.0.0",
    "title": "Semperis DSP AD Changes",
    "templateRelativePath": "SemperisDSPADChanges.json",
    "subtitle": "",
    "provider": "Semperis"
  },
  {
    "workbookKey": "SemperisDSPNotificationsWorkbook",
    "logoFileName": "Semperis.svg",
    "description": "View notification data related to the Semperis DSP system.",
    "dataTypesDependencies": [
      "Event"
    ],
    "dataConnectorsDependencies": [
      "SemperisDSP-connector"
    ],
    "previewImagesFileNames": [
      "notifications-black.png",
      "notifications-white.png"
    ],
    "version": "1.0.0",
    "title": "Semperis DSP Notifications",
    "templateRelativePath": "SemperisDSPNotifications.json",
    "subtitle": "",
    "provider": "Semperis"
  },
  {
    "workbookKey": "SemperisDSPQuickviewDashboardWorkbook",
    "logoFileName": "Semperis.svg",
    "description": "View data related to the Semperis DSP system.",
    "dataTypesDependencies": [
      "Event"
    ],
    "dataConnectorsDependencies": [
      "SemperisDSP-connector"
    ],
    "previewImagesFileNames": [
      "quickview-black.png",
      "quickview-white.png"
    ],
    "version": "1.0.0",
    "title": "Semperis DSP Quickview Dashboard",
    "templateRelativePath": "SemperisDSPQuickviewDashboard.json",
    "subtitle": "",
    "provider": "Semperis"
  },
  {
    "workbookKey": "SemperisDSPSecurityIndicatorsWorkbook",
    "logoFileName": "Semperis.svg",
    "description": "View security indicator data related to the Semperis DSP system.",
    "dataTypesDependencies": [
      "dsp_parser"
    ],
    "dataConnectorsDependencies": [
      "SemperisDSP-connector"
    ],
    "previewImagesFileNames": [
      "indicators-black.png",
      "indicators-white.png"
    ],
    "version": "1.0.0",
    "title": "Semperis DSP Security Indicators",
    "templateRelativePath": "SemperisDSPSecurityIndicators.json",
    "subtitle": "",
    "provider": "Semperis"
  },
  {
    "workbookKey": "ForescoutHostPropertyWorkbook",
    "logoFileName": "forescout-logo.svg",
    "description": "Gain insights into host properties in Forescout platform",
    "dataTypesDependencies": [
      "ForescoutHostProperties_CL",
      "ForescoutPolicyStatus_CL",
      "ForescoutComplianceStatus_CL"
    ],
    "dataConnectorsDependencies": [],
    "previewImagesFileNames": [
      "ForescoutHostPropWorkbookBlack.png",
      "ForescoutHostPropWorkbookWhite.png"
    ],
    "version": "1.0",
    "title": "Forescout Host Property Monitor Workbook",
    "templateRelativePath": "ForescoutHostPropertyMonitorWorkbook.json",
    "subtitle": "",
    "provider": "Forescout"
  },
  {
    "workbookKey": "MimecastTTPWorkbook",
    "logoFileName": "Mimecast.svg",
    "description": "A workbook providing insights into Mimecast TTP.",
    "dataTypesDependencies": [
      "MimecastTTPUrl_CL",
      "MimecastTTPAttachment_CL",
      "MimecastTTPImpersonation_CL"
    ],
    "previewImagesFileNames": [
      "MimecastTTPBlack1.png",
      "MimecastTTPBlack2.png",
      "MimecastTTPWhite1.png",
      "MimecastTTPWhite2.png"
    ],
    "version": "1.0.0",
    "title": "MimecastTTP",
    "templateRelativePath": "MimecastTTPWorkbook.json",
    "subtitle": "Mimecast TTP",
    "provider": "Mimecast"
  },
  {
    "workbookKey": "MimecastSEGworkbook",
    "logoFileName": "Mimecast.svg",
    "description": "A workbook providing insights into Mimecast SEG.",
    "dataTypesDependencies": [
      "MimecastSIEM_CL",
      "MimecastDLP_CL"
    ],
    "previewImagesFileNames": [
      "MimecastSEGBlack1.png",
      "MimecastSEGWhite1.png"
    ],
    "version": "1.0.0",
    "title": "MimecastSEG",
    "templateRelativePath": "MimecastSEGworkbook.json",
    "subtitle": "Mimecast SEG",
    "provider": "Mimecast"
  },
  {
    "workbookKey": "ZeroTrustStrategyWorkbook",
    "logoFileName": "Azure_Sentinel.svg",
    "description": "This workbook assists organizations in embarking on their Zero Trust journey. It enables them to implement, measure, track, and report their progress by leveraging Microsoft and third-party security controls, aligned with the latest DoD Zero Trust Strategy. This workbook is specifically targeted at customers on commercial tenants.",
    "dataTypesDependencies": [
      "AuditLogs",
      "SigninLogs"
    ],
    "dataConnectorsDependencies": [],
    "previewImagesFileNames": [
      "ZeroTrustStrategyWorkbook1Black.png",
      "ZeroTrustStrategyWorkbook1White.png",
      "ZeroTrustStrategyWorkbook2Black.png",
      "ZeroTrustStrategyWorkbook2White.png",
      "ZeroTrustStrategyWorkbook3Black.png",
      "ZeroTrustStrategyWorkbook3White.png"
    ],
    "version": "1.0.0",
    "title": "Zero Trust Strategy Workbook",
    "templateRelativePath": "ZeroTrustStrategyWorkbook.json",
    "provider": "Microsoft",
    "support": {
      "tier": "Microsoft"
    },
    "author": {
      "name": "Jay Pelletier, Astha Naral, Mohan Damodaran"
    },
    "source": {
      "kind": "Community"
    }
  },
  {
    "workbookKey": "AADNonInteractiveUserSignInLogs",
    "logoFileName": "Azure_Sentinel.svg",
    "description": "This workbook provides insights into non-interactive sign-ins collected from Azure AD.",
    "dataTypesDependencies": [
      "AADNonInteractiveUserSignInLogs"
    ],
    "dataConnectorsDependencies": [],
    "previewImagesFileNames": [
      "AADNonInteractiveUserSignInLogsBlack.png",
      "AADNonInteractiveUserSignInLogsWhite.png"
    ],
    "version": "1.0.0",
    "title": "AAD NonInteractive User SignInLogs",
    "templateRelativePath": "AADNonInteractiveUserSignInLogs.json",
    "subtitle": "",
    "provider": "Microsoft Sentinel Community"
  },
  {
    "workbookKey": "ThreatIntelligenceNew",
    "logoFileName": "Azure_Sentinel.svg",
    "description": "Gain insights into threat indicators ingestion and search for indicators at scale across Microsoft 1st Party, 3rd Party, On-Premises, Hybrid, and Multi-Cloud Workloads. Indicators Search facilitates a simple interface for finding IP, File, Hash, Sender and more across your data. Seamless pivots to correlate indicators with Microsoft Sentinel: Incidents to make your threat intelligence actionable.",
    "dataTypesDependencies": [
      "ThreatIntelIndicatorsv2",
      "SecurityIncident"
    ],
    "dataConnectorsDependencies": [],
    "previewImagesFileNames": [
      "ThreatIntelligenceWhite.png",
      "ThreatIntelligenceBlack.png"
    ],
    "version": "1.0.0",
    "title": "Threat Intelligence",
    "templateRelativePath": "ThreatIntelligenceNew.json",
    "subtitle": "",
    "provider": "Microsoft"
  },
  {
    "workbookKey": "AzureThreatResearchMatrixWorkbook",
    "logoFileName": "",
    "description": "This Workbook provides detection methods for various tactics & techniques used by threat actors to compromise an Azure resource or Entra ID. This workbook leverages detection methods provided in Azure Threat Research Matrix framework.This Workbook utilizes Azure Activity Logs and Entra ID Audit Logs as a data source.",
    "dataTypesDependencies": [
      "AzureActivity"
    ],
    "dataConnectorsDependencies": [
      "AzureActivity"
    ],
    "previewImagesFileNames": [
      "AzureThreatResearchMatrixWhite.png",
      "AzureThreatResearchMatrixBlack.png"
    ],
    "version": "1.0.0",
    "title": "Azure Threat Research Matrix Workbook",
    "templateRelativePath": "AzureThreatResearchMatrixWorkbook.json",
    "subtitle": "",
    "provider": "Microsoft Sentinel Community",
    "support": {
      "tier": "Community"
    },
    "author": {
      "name": "Shankar Subramaniyan"
    },
    "source": {
      "kind": "Community"
    }
  },
  {
    "workbookKey": "AADServicePrincipalSignInLogs",
    "logoFileName": "Azure_Sentinel.svg",
    "description": "This workbook provides insights into AAD Service Principal SignIn Logs collected from Azure AD.",
    "dataTypesDependencies": [
      "AADServicePrincipalSignInLogs"
    ],
    "dataConnectorsDependencies": [
      "AzureActiveDirectory"
    ],
    "previewImagesFileNames": [
      "AADServicePrincipalSignInLogsBlack.png",
      "AADServicePrincipalSignInLogsWhite.png"
    ],
    "version": "1.0.0",
    "title": "AAD Service Principal Sign In Logs",
    "templateRelativePath": "AADServicePrincipalSignInLogs.json",
    "subtitle": "",
    "provider": "Microsoft Sentinel Community",
    "support": {
      "tier": "Community"
    },
    "author": {
      "name": "Samik Roy"
    },
    "source": {
      "kind": "Community"
    }
  },
  {
    "workbookKey": "AADManagedIdentitySignInLogs",
    "logoFileName": "Azure_Sentinel.svg",
    "description": "This workbook provides insights into AAD Managed Identity Sign In Logs collected from Azure AD.",
    "dataTypesDependencies": [
      "AADManagedIdentitySignInLogs"
    ],
    "dataConnectorsDependencies": [],
    "previewImagesFileNames": [
      "AADManagedIdentitySignInLogsBlack.png",
      "AADManagedIdentitySignInLogsWhite.png"
    ],
    "version": "1.0.0",
    "title": "AAD Managed Identity Sign In Logs",
    "templateRelativePath": "AADManagedIdentitySignInLogs.json",
    "subtitle": "",
    "provider": "Microsoft Sentinel Community",
    "support": {
      "tier": "Community"
    },
    "author": {
      "name": "Samik Roy"
    },
    "source": {
      "kind": "Community"
    }
  },
  {
    "workbookKey": "NordPassWorkbook",
    "logoFileName": "NordPass.svg",
    "description": "Here, you can find a comprehensive overview of all activities performed by your organization members, detailed in three categories: the actions of NordPass organization Owners and Admins in the Admin Panel, each employee's actions in their business vault, and actions performed by organization employees to log in to NordPass and their vaults.",
    "dataTypesDependencies": [
      "NordPassEventLogs_CL"
    ],
    "dataConnectorsDependencies": [
      "NordPass"
    ],
    "previewImagesFileNames": [
      "NordPassWhite1.png",
      "NordPassWhite2.png",
      "NordPassWhite3.png",
      "NordPassBlack1.png",
      "NordPassBlack2.png",
      "NordPassBlack3.png"
    ],
    "version": "1.0.0",
    "title": "NordPass Workbook",
    "templateRelativePath": "NordPass.json",
    "subtitle": "",
    "provider": "NordPass"
  },
  {
    "workbookKey": "eyeInspectOTSecurityWorkbook",
    "logoFileName": "forescout-logo.svg",
    "description": "Gain insights into Assets and Alerts in Forescout eyeInspect OT platform",
    "dataTypesDependencies": [
      "ForescoutOtAsset_CL",
      "ForescoutOtAlert_CL"
    ],
    "dataConnectorsDependencies": [],
    "previewImagesFileNames": [
      "ForescoutEyeInspectOTSecurityWorkbookBlack.png",
      "ForescoutEyeInspectOTSecurityWorkbookWhite.png"
    ],
    "version": "1.0.0",
    "title": "Forescout eyeInspect for OT Security Workbook",
    "templateRelativePath": "eyeInspectOTSecurityWorkbook.json",
    "subtitle": "",
    "provider": "Forescout"
  },
  {
    "workbookKey": "AlibabaCloud",
    "logoFileName": "Azure_Sentinel.svg",
    "description": "This workbook provides insights into Alibaba.",
    "dataTypesDependencies": [
      "AliCloud_CL"
    ],
    "dataConnectorsDependencies": [
      "AliCloudSentinelConnector"
    ],
    "previewImagesFileNames": [
      "AlibabaCloudBlack.png",
      "AlibabaCloudWhite.png"
    ],
    "version": "1.0.0",
    "title": "AlibabaCloud Workbook",
    "templateRelativePath": "AliCloudworkbook.json",
    "subtitle": "",
    "provider": "Microsoft Sentinel Community",
    "support": {
      "tier": "Community"
    },
    "author": {
      "name": "Samik Roy"
    },
    "source": {
      "kind": "Community"
    }
  },
  {
    "workbookKey": "VeeamDataPlatformMonitoringWorkbook",
    "logoFileName": "VeeamLogo.svg",
    "description": "The Veeam Data Platform Monitoring dashboard shows an aggregated view of job activity on your Veeam Backup & Replication servers.",
    "dataTypesDependencies": [
      "Syslog"
    ],
    "dataConnectorsDependencies": [
      "Syslog"
    ],
    "previewImagesFileNames": [
      "VeeamDataPlatformMontoringPreviewWhite1.png",
      "VeeamDataPlatformMontoringPreviewWhite2.png",
      "VeeamDataPlatformMontoringPreviewWhite3.png",
      "VeeamDataPlatformMontoringPreviewWhite4.png",
      "VeeamDataPlatformMontoringPreviewWhite5.png",
      "VeeamDataPlatformMontoringPreviewBlack1.png",
      "VeeamDataPlatformMontoringPreviewBlack2.png",
      "VeeamDataPlatformMontoringPreviewBlack3.png",
      "VeeamDataPlatformMontoringPreviewBlack4.png",
      "VeeamDataPlatformMontoringPreviewBlack5.png"
    ],
    "version": "1.0.1",
    "title": "Veeam Data Platform Monitoring",
    "templateRelativePath": "VeeamDataPlatformMonitoring.json",
    "subtitle": "",
    "provider": "Veeam"
  },
  {
    "workbookKey": "VeeamSecurityActivitiesWorkbook",
    "logoFileName": "VeeamLogo.svg",
    "description": "The Veeam Security Activities dashboard shows an aggregated view of security events from your Veeam Backup & Replication servers and Veeam ONE servers, as well as Coveware findings.",
    "dataTypesDependencies": [
      "VeeamMalwareEvents_CL",
      "VeeamAuthorizationEvents_CL",
      "VeeamOneTriggeredAlarms_CL",
      "VeeamSecurityComplianceAnalyzer_CL",
      "VeeamCovewareFindings_CL",
      "Syslog"
    ],
    "dataConnectorsDependencies": [
      "VeeamCustomTablesDataConnector",
      "Syslog"
    ],
    "previewImagesFileNames": [
      "VeeamSecurityActivitiesPreviewWhite1.png",
      "VeeamSecurityActivitiesPreviewWhite2.png",
      "VeeamSecurityActivitiesPreviewWhite3.png",
      "VeeamSecurityActivitiesPreviewWhite4.png",
      "VeeamSecurityActivitiesPreviewWhite5.png",
      "VeeamSecurityActivitiesPreviewBlack1.png",
      "VeeamSecurityActivitiesPreviewBlack2.png",
      "VeeamSecurityActivitiesPreviewBlack3.png",
      "VeeamSecurityActivitiesPreviewBlack4.png",
      "VeeamSecurityActivitiesPreviewBlack5.png"
    ],
    "version": "1.0.1",
    "title": "Veeam Security Activities",
    "templateRelativePath": "VeeamSecurityActivities.json",
    "subtitle": "",
    "provider": "Veeam"
  },
  {
    "workbookKey": "KeeperSecurityDashboard",
    "logoFileName": "keeper_security.svg",
    "description": "This workbook contains visualizations and insights in the Keeper Security environment.",
    "dataTypesDependencies": [
      "KeeperSecurityEventNewLogs_CL"
    ],
    "dataConnectorsDependencies": [
      "KeeperSecurityPush2"
    ],
    "previewImagesFileNames": [
      "KeeperSecurityDashboard01White.png",
      "KeeperSecurityDashboard02White.png",
      "KeeperSecurityDashboard03White.png",
      "KeeperSecurityDashboard01Black.png",
      "KeeperSecurityDashboard02Black.png",
      "KeeperSecurityDashboard03Black.png"
    ],
    "version": "1.0.0",
    "title": "Keeper Security Dashboard",
    "templateRelativePath": "KeeperSecurityDashboard.json",
    "subtitle": "",
    "provider": "Keeper Security"
  },
  {
    "workbookKey": "Cribl",
    "logoFileName": "Azure_Sentinel.svg",
    "description": "This workbook provides insights into Cribl.",
    "dataTypesDependencies": [
      "CriblAccess_CL",
      "CriblAudit_CL",
      "CriblInternal_CL",
      "CriblUIAccess_CL"
    ],
    "dataConnectorsDependencies": [
      "Cribl"
    ],
    "previewImagesFileNames": [
      "CriblBlack.png",
      "CriblWhite.png"
    ],
    "version": "1.0.0",
    "title": "Cribl Workbook",
    "templateRelativePath": "CriblWorkbook.json",
    "subtitle": "",
    "provider": "Microsoft Sentinel Community",
    "support": {
      "tier": "Community"
    },
    "author": {
      "name": "Samik Roy"
    },
    "source": {
      "kind": "Community"
    }
  },
  {
    "workbookKey": "WindowsAuditChecker",
    "logoFileName": "winaudit_logo.svg",
    "description": "Assess Windows Security auditing coverage in your Microsoft Sentinel workspace. The workbook highlights two core gaps: (1) important events not being collected due to disabled or insufficient audit subcategories, and (2) noisy over-collection where outcomes/subcategories aren't required or filtering is missing. It also detects duplicate Event ID collection introduced by overlapping Data Collection Rules (DCRs), helping you eliminate redundant ingestion.",
    "previewImagesFileNames": [
      "WindowsAuditCheckerWhite.png",
      "WindowsAuditCheckerBlack.png"
    ],
    "version": "1.1.0",
    "title": "Windows Audit Checker",
    "templateRelativePath": "WindowsAuditChecker.json",
    "dataTypesDependencies": [
      "SecurityEvent"
    ],
    "dataConnectorsDependencies": [
      "SecurityEvents",
      "WindowsSecurityEvents"
    ],
    "subtitle": "Find missing audit events and reduce noise from over-collection",
    "provider": "Microsoft Sentinel community",
    "support": {
      "tier": "Community"
    },
    "author": {
      "name": "Nikolay Salnikov"
    },
    "source": {
      "kind": "Community"
    },
    "categories": {
      "domains": [
        "Security - Cloud Security"
      ]
    }
  },
  {
    "workbookKey": "LumenDefenderThreatFeedOverviewWorkbook",
    "logoFileName": "Lumen.svg",
    "description": "This workbook provides visualization of Lumen Defender Threat Feed indicators which are ingested into Microsoft Sentinel Threat intelligence.",
    "dataTypesDependencies": [
      "ThreatIntelligenceIndicator"
    ],
    "dataConnectorsDependencies": [
      "LumenThreatFeedConnector"
    ],
    "previewImagesFileNames": [
      "LumenDefenderThreatFeedwhite.png",
      "LumenDefenderThreatFeedblack.png"
    ],
    "version": "1.0",
    "title": "Lumen Defender Threat Feed Overview",
    "templateRelativePath": "Lumen-Threat-Feed-Overview.json",
    "subtitle": "",
    "provider": "Lumen Technologies, Inc."
  },
  {
    "workbookKey": "Auth0",
    "logoFileName": "Azure_Sentinel.svg",
    "description": "This workbook provides insights into Auth0 logs.",
    "dataTypesDependencies": [
      "Auth0_CL"
    ],
    "dataConnectorsDependencies": [
      "Auth0"
    ],
    "previewImagesFileNames": [
      "Auth0Black.png",
      "Auth0White.png"
    ],
    "version": "1.0.0",
    "title": "Auth0 Workbook",
    "templateRelativePath": "Auth0Workbook.json",
    "subtitle": "",
    "provider": "Microsoft Sentinel Community",
    "support": {
      "tier": "Community"
    },
    "author": {
      "name": "Samik Roy"
    },
    "source": {
      "kind": "Community"
    }
  },
  {
    "workbookKey": "WatchGuardFirebox",
    "logoFileName": "Azure_Sentinel.svg",
    "description": "This workbook provides insights into Watch Guard Firebox logs.",
    "dataTypesDependencies": [
      "Syslog"
    ],
    "dataConnectorsDependencies": [
      "WatchguardFirebox"
    ],
    "previewImagesFileNames": [
      "WatchGuardWhite.png",
      "WatchGuardBlack.png"
    ],
    "version": "1.0.0",
    "title": "WatchGuardFirebox Workbook",
    "templateRelativePath": "WatchGuardFireboxWorkbook.json",
    "subtitle": "",
    "provider": "Microsoft Sentinel Community",
    "support": {
      "tier": "Community"
    },
    "author": {
      "name": "Samik Roy"
    },
    "source": {
      "kind": "Community"
    }
  },
  {
    "workbookKey": "HIPAAComplianceWorkbook",
    "logoFileName": "Azure_Sentinel.svg",
    "description": "Choose your subscription and workspace in which HIPAA assets are deployed",
    "dataTypesDependencies": [
      "AzureDiagnostics",
      "SecurityEvent",
      "SecurityAlert",
      "SecurityIncident",
      "DeviceNetworkEvents",
      "DeviceProcessEvents ",
      "DeviceInfo ",
      "DeviceFileEvents",
      "Syslog ",
      "SQLSecurityAuditEvents",
      "SigninLogs",
      "ThreatIntelIndicators"
    ],
    "dataConnectorsDependencies": [],
    "previewImagesFileNames": [
      "HIPAAComplianceBlack01.png",
      "HIPAAComplianceBlack02.png",
      "HIPAAComplianceWhite01.png",
      "HIPAAComplianceWhite02.png"
    ],
    "version": "1.0.0",
    "title": "HIPAA Compliance Workbook (Preview)",
    "templateRelativePath": "HIPAACompliance.json",
    "subtitle": "",
    "provider": "Microsoft"
  },
  {
    "workbookKey": "GDPRComplianceAndDataSecurity",
    "logoFileName": "Azure_Sentinel.svg",
    "description": "This workbook helps you track, visualize and monitor GDPR related requirements across your enterprise. It consolidates data from Defender XDR, Microsoft Purview, Azure SQL Databases, Microsoft 365, UEBA and Entra ID solution.",
    "dataTypesDependencies": [
      "SecurityAlert",
      "SecurityIncident",
      "PurviewDataSensitivityLogs",
      "MicrosoftPurviewInformationProtection",
      "AzureDiagnostics",
      "BehaviorAnalytics",
      "OfficeActivity",
      "SigninLogs",
      "AuditLogs",
      "AADUserRiskEvents"
    ],
    "dataConnectorsDependencies": [
      "MicrosoftThreatProtection",
      "MicrosoftAzurePurview",
      "MicrosoftPurviewInformationProtection",
      "AzureSql",
      "Office365",
      "AzureActiveDirectory"
    ],
    "previewImagesFileNames": [
      "GDPRComplianceAndDataSecurityWhite.png",
      "GDPRComplianceAndDataSecurityBlack.png"
    ],
    "version": "1.0.1",
    "title": "GDPR Compliance And Data Security (Preview)",
    "templateRelativePath": "GDPRComplianceAndDataSecurity.json",
    "subtitle": "",
    "provider": "Microsoft"
  },
  {
    "workbookKey": "ConditionalAccessSISMWorkbook",
    "logoFileName": "azureactivedirectory_logo.svg",
    "description": "Comprehensive Conditional Access Summaries, Insights, Security & Monitoring (CA-SISM) workbook. Provides real-time insights into tenant-defined Conditional Access policies using AuditLogs and SigninLogs, analyzes sign-in activities, assesses policy effectiveness, and uncovers coverage gaps. Includes support for user accounts, workload identities, emergency account monitoring, and policy change tracking.",
    "dataTypesDependencies": [
      "AuditLogs",
      "SigninLogs",
      "AADServicePrincipalSignInLogs",
      "AADRiskyServicePrincipals"
    ],
    "dataConnectorsDependencies": [
      "AzureActiveDirectory"
    ],
    "previewImagesFileNames": ["ConditionalAccessSISMWhite.png", "ConditionalAccessSISMBlack.png"],
    "version": "1.0.0",
    "title": "Conditional Access SISM",
    "templateRelativePath": "ConditionalAccessSISM.json",
    "subtitle": "",
    "provider": "Microsoft"
 },
{
		"workbookKey": "LookoutEventsV2",
		"logoFileName": "lookout.svg",
		"description": "This workbook leverages the enhanced Lookout Mobile Risk API v2 data with comprehensive field extraction and advanced threat intelligence. It depends on the LookoutEvents parser deployed with the Azure Sentinel Solution.",
		"dataTypesDependencies": [
			"LookoutEvents"
		],
		"dataConnectorsDependencies": [
			"LookoutAPI"
		],
		"previewImagesFileNames": [
			"SampleLookoutWorkBookBlack.png",
			"SampleLookoutWorkBookWhite.png"
		],
		"version": "1.0.0",
		"title": "Lookout Enhanced Security Dashboard",
		"templateRelativePath": "LookoutEventsV2.json",
		"subtitle": "",
		"provider": "Lookout"
	},
	{
		"workbookKey": "LookoutExecutiveDashboard",
		"logoFileName": "lookout.svg",
		"description": "Real-time mobile threat detection and device security monitoring",
		"dataTypesDependencies": [
			"LookoutMtdV2_CL"
		],
		"dataConnectorsDependencies": [
			"LookoutAPI"
		],
		"previewImagesFileNames": [
			"LookoutExecutiveDashboardBlack1.png",
			"LookoutExecutiveDashboardWhite1.png"
		],
		"version": "1.0.0",
		"title": "Lookout Executive Dashboard",
		"templateRelativePath": "LookoutExecutiveDashboard.json",
		"subtitle": "",
		"provider": "Lookout"
	},
	{
		"workbookKey": "LookoutIOAInvestigationDashboard",
		"logoFileName": "lookout.svg",
		"description": "Comprehensive mobile threat intelligence, device investigation, and security posture monitoring",
		"dataTypesDependencies": [
			"LookoutMtdV2_CL"
		],
		"dataConnectorsDependencies": [
			"LookoutAPI"
		],
		"previewImagesFileNames": [
			"SampleLookoutWorkBookBlack1.png",
			"SampleLookoutWorkBookWhite1.png"
		],
		"version": "1.0.0",
		"title": "Lookout IOA Investigation Dashboard",
		"templateRelativePath": "LookoutIOAInvestigationDashboard.json",
		"subtitle": "",
		"provider": "Lookout"
	},
	{
		"workbookKey": "LookoutSecurityInvestigationDashboard",
		"logoFileName": "lookout.svg",
		"description": "Real-time mobile threat investigation and incident response",
		"dataTypesDependencies": [
			"LookoutMtdV2_CL"
		],
		"dataConnectorsDependencies": [
			"LookoutAPI"
		],
		"previewImagesFileNames": [
			"LookoutSecurityInvestigationDashboardBlack1.png",
			"LookoutSecurityInvestigationDashboardBlack2.png",
			"LookoutSecurityInvestigationDashboardWhite1.png",
			"LookoutSecurityInvestigationDashboardWhite2.png"
		],
		"version": "1.0.0",
		"title": "Lookout Security Investigation Dashboard",
		"templateRelativePath": "LookoutSecurityInvestigationDashboard.json",
		"subtitle": "",
		"provider": "Lookout"
	},
	{
		"workbookKey": "CybleVisionAlertsWorkbook",
		"logoFileName": "CybleLogo.svg",
		"description": "This Workbook is used to display and analyze Cyble Vision Alerts. Cyble Vision is a threat intelligence platform that provides real-time monitoring of an organization's digital footprint across the dark, deep, and surface web.",
		"dataTypesDependencies": [
			"CybleVisionAlerts_CL"
		],
		"dataConnectorsDependencies": [
			"CybleVisionAlerts"
		],
		"previewImagesFileNames": [
			"CybleAlertsWhite.png",
			"CybleAlertsBlack.png"
		],
		"version": "1.0.1",
		"title": "Cyble Vision Alerts Workbook  (Preview)",
		"templateRelativePath": "CybleVisionAlertsWorkbook.json",
		"subtitle": "",
		"provider": "Cyble Inc."
	},
	{		"workbookKey": "DORAComplianceWorkbook",
		"logoFileName": "Azure_Sentinel.svg",
		"description": "Choose your subscription and workspace in which DORA assets are deployed",
		"dataTypesDependencies": [
			"SecurityEvent",
			"SecurityAlert",
			"SecurityIncident",
			"Event",
			"ThreatIntelIndicators"
		],
		"dataConnectorsDependencies": [],
		"previewImagesFileNames": [
			"DORAComplianceBlack01.png",
			"DORAComplianceBlack02.png",
			"DORAComplianceWhite01.png",
			"DORAComplianceWhite02.png"
		],
		"version": "1.0.0",
		"title": "DORA Compliance Workbook (Preview)",
		"templateRelativePath": "DORACompliance.json",
		"subtitle": "",
		"provider": "Microsoft"
	},
	{
		"workbookKey": "CyrenThreatIntelligenceDashboard",
		"logoFileName": "cyren_logo.svg",
		"description": "This workbook provides visualization and monitoring for Cyren threat intelligence indicators including IP reputation and malware URLs.",
		"dataTypesDependencies": [
			"Cyren_Indicators_CL"
		],
		"dataConnectorsDependencies": [
			"CyrenThreatIntel"
		],
		"previewImagesFileNames": [
			"CyrenThreatIntelligenceDashboardBlack.png",
			"CyrenThreatIntelligenceDashboardWhite.png"
		],
		"version": "1.0.0",
		"title": "Cyren Threat Intelligence Dashboard",
		"templateRelativePath": "CyrenThreatIntelligenceDashboard.json",
		"subtitle": "",
		"provider": "Data443 Risk Mitigation, Inc."
	}
]