Solution packaged

Author: v-prasadboke

Solutions/Threat Intelligence/Data/Solution_ThreatIntelligenceTemplateSpec.json

@@ -72,7 +72,8 @@
 		"Analytic Rules/EmailEntity_CloudAppEvents.yaml",
 		"Analytic Rules/FileHashEntity_CloudAppEvents.yaml",
 		"Analytic Rules/IPEntity_CloudAppEvents.yaml",
-		"Analytic Rules/URLEntity_CloudAppEvents.yaml"
+		"Analytic Rules/URLEntity_CloudAppEvents.yaml",
+		"Analytic Rules/IPEntity_Workday.yaml"
 	],
 	"Metadata": "SolutionMetadata.json",
 	"BasePath": "C:\\GitHub\\Azure-Sentinel\\Solutions\\Threat Intelligence\\",

Solutions/Threat Intelligence/Package/3.0.9.zip

@@ -6,7 +6,7 @@
     "config": {
       "isWizard": false,
       "basics": {
-        "description": "<img src=\"https://raw.githubusercontent.com/Azure/Azure-Sentinel/master/Logos/Azure_Sentinel.svg\"width=\"75px\" height=\"75px\">\n\n**Note:** Please refer to the following before installing the solution: \n\n• Review the solution [Release Notes](https://github.com/Azure/Azure-Sentinel/tree/master/Solutions/Threat%20Intelligence/ReleaseNotes.md)\n\n • There may be [known issues](https://aka.ms/sentinelsolutionsknownissues) pertaining to this Solution, please refer to them before installing.\n\nThe Threat Intelligence solution contains data connectors for import of supported STIX objects into Microsoft Sentinel, analytic rules for matching TI data with event data, workbook, and hunting queries. Threat indicators can be malicious IP's, URL's, filehashes, domains, email addresses etc.\n\n**Data Connectors:** 5, **Workbooks:** 1, **Analytic Rules:** 52, **Hunting Queries:** 5\n\n[Learn more about Microsoft Sentinel](https://aka.ms/azuresentinel) | [Learn more about Solutions](https://aka.ms/azuresentinelsolutionsdoc)",
+        "description": "<img src=\"https://raw.githubusercontent.com/Azure/Azure-Sentinel/master/Logos/Azure_Sentinel.svg\"width=\"75px\" height=\"75px\">\n\n**Note:** Please refer to the following before installing the solution: \n\n• Review the solution [Release Notes](https://github.com/Azure/Azure-Sentinel/tree/master/Solutions/Threat%20Intelligence/ReleaseNotes.md)\n\n • There may be [known issues](https://aka.ms/sentinelsolutionsknownissues) pertaining to this Solution, please refer to them before installing.\n\nThe Threat Intelligence solution contains data connectors for import of supported STIX objects into Microsoft Sentinel, analytic rules for matching TI data with event data, workbook, and hunting queries. Threat indicators can be malicious IP's, URL's, filehashes, domains, email addresses etc.\n\n**Data Connectors:** 5, **Workbooks:** 1, **Analytic Rules:** 53, **Hunting Queries:** 5\n\n[Learn more about Microsoft Sentinel](https://aka.ms/azuresentinel) | [Learn more about Solutions](https://aka.ms/azuresentinelsolutionsdoc)",
         "subscription": {
           "resourceProviders": [
             "Microsoft.OperationsManagement/solutions",
@@ -954,6 +954,20 @@
                 }
               }
             ]
+          },
+          {
+            "name": "analytic53",
+            "type": "Microsoft.Common.Section",
+            "label": "TI map IP entity to Workday(ASimAuditEventLogs)",
+            "elements": [
+              {
+                "name": "analytic53-text",
+                "type": "Microsoft.Common.TextBlock",
+                "options": {
+                  "text": "Detects a match in Workday activity from any IP Indicator of Compromise (IOC) provided by Threat Intelligence (TI)."
+                }
+              }
+            ]
           }
         ]
       },
@@ -1058,4 +1072,4 @@
       "workspace": "[basics('workspace')]"
     }
   }
-}
+}