Changed the folder structure for playbook and images

Author: v-amolpatil

Solutions/CiscoUmbrella/Data/Solution_CiscoUmbrella.json

@@ -37,11 +37,11 @@
     "Parsers/Cisco_Umbrella.yaml"
   ],
   "Playbooks": [
-    "Playbooks/CiscoUmbrellaEnforcementAPIConnector/azuredeploy.json",
-    "Playbooks/Playbooks/CiscoUmbrella-AddIpToDestinationList/azuredeploy.json",
-    "Playbooks/Playbooks/CiscoUmbrella-AssignPolicyToIdentity/azuredeploy.json",
-    "Playbooks/Playbooks/CiscoUmbrella-BlockDomain/azuredeploy.json",
-    "Playbooks/Playbooks/CiscoUmbrella-GetDomainInfo/azuredeploy.json"
+    "Playbooks/CustomConnector/EnforcementAPICustomConnector/azuredeploy.json",
+    "Playbooks/CiscoUmbrellaPlaybooks/CiscoUmbrella-BlockDomain/azuredeploy.json",
+    "Playbooks/CiscoUmbrellaPlaybooks/CiscoUmbrella-AddIpToDestinationList/azuredeploy.json",
+    "Playbooks/CiscoUmbrellaPlaybooks/CiscoUmbrella-AssignPolicyToIdentity/azuredeploy.json",
+    "Playbooks/CiscoUmbrellaPlaybooks/CiscoUmbrella-GetDomainInfo/azuredeploy.json"
   ],
   "BasePath": "C:\\GitHub\\Azure-Sentinel\\Solutions\\CiscoUmbrella",
   "Version": "3.0.3",

Solutions/CiscoUmbrella/Package/3.0.3.zip

@@ -3,28 +3,24 @@
     "contentVersion": "1.0.0.0",
     "metadata": {
         "title": "CiscoUmbrella-AddIpToDestinationList",
-        "description": "This playbook showcases an example of triggering an incident within a targeted Teams channel and opening up a ticket within Service Now. Additionally The playbook will also list playbooks that can be initiated from teams using an adaptive card and callbacks that will take action upon certain entities identified in the incident.",
+        "description": "This playbook showcases an example of triggering an incident within a targeted Teams channel. Additionally The playbook will also list playbooks that can be initiated from teams using an adaptive card and callbacks that will take action upon certain entities identified in the incident, adds a comment on the incident. This API allows you to automatically add one or more destinations (e.g. IP address.) to a destination list in Cisco Umbrella.",
         "prerequisites": [
-            "1. ServiceNow Instance URL, Username, and password.",
-            "2. Access and authorization to enable API connectors",
-            "3. Teams Group ID, Channel ID and Alert details where the messages are to be posted in."
+            "1. Cisco Umbrella API, Client Id and Client Secret to be stored in Key vault.",
+            "2. Teams Group ID, Channel ID and Alert details where the messages are to be posted in."
         ],
         "lastUpdateTime": "2024-12-16T10:00:00.000Z",
         "entities": [
-            "Account",
-            "Url",
-            "Host"
+            "IP"
         ],
         "tags": [
-            "Sync",
             "Notification",
             "Teams Response"
         ],
         "support": {
-            "tier": "community"
+            "tier": "Microsoft"
         },
         "author": {
-            "name": "Jing Nghik"
+            "name": "Microsoft"
         }
     },
     "parameters": {

Solutions/CiscoUmbrella/Package/mainTemplate.json

@@ -4,17 +4,17 @@
 
 When a new sentinel incident is created, this playbook gets triggered and performs the following actions:
 
-<img src="./playbook_screenshot.png" width="28%"/><br>
+<img src="./Images/playbook_screenshot.png" width="28%"/><br>
 
 1. Sends an adaptive card to the Teams channel where the analyst can choose an action to be taken.
 
-<img src="./teams_screenshot.png" width="50%"/><br>
+<img src="./Images/teams_screenshot.png" width="50%"/><br>
 
 2. Adds an IP to the destination list chosen in the adaptive card.
 3. Changes incident status and severity depending on the action chosen in the adaptive card.
 4. Adds comment to the incident with information about the actions taken.
 
-<img src="./commentOnIncident.png" width="50%"/><br>
+<img src="./Images/commentOnIncident.png" width="50%"/><br>
 
 ### Prerequisites
 
@@ -34,7 +34,7 @@ When a new sentinel incident is created, this playbook gets triggered and perfor
     * Umbrella API Secret Key Name: Name of the Secrets field from Keyvault where Cisco Umbrella "Key Secret" value is stored.
     * Host End Point: Default is "api.umbrella.com" and is used for any API call to Cisco Umbrella REST API's.
 
-[![Deploy to Azure](https://aka.ms/deploytoazurebutton)](https://portal.azure.com/#create/Microsoft.Template/uri/https%3A%2F%2Fraw.githubusercontent.com%2FAzure%2FAzure-Sentinel%2Fmaster%2FSolutions%2FCiscoUmbrella%2FPlaybooksk%2FPlaybooks%2FCiscoUmbrella-AddIpToDestinationList%2Fazuredeploy.json) [![Deploy to Azure](https://aka.ms/deploytoazuregovbutton)](https://portal.azure.us/#create/Microsoft.Template/uri/https%3A%2F%2Fraw.githubusercontent.com%2FAzure%2FAzure-Sentinel%2Fmaster%2FSolutions%2FCiscoUmbrella%2FPlaybooks%2FPlaybooks%2FCiscoUmbrella-AddIpToDestinationList%2Fazuredeploy.json)
+[![Deploy to Azure](https://aka.ms/deploytoazurebutton)](https://portal.azure.com/#create/Microsoft.Template/uri/https%3A%2F%2Fraw.githubusercontent.com%2FAzure%2FAzure-Sentinel%2Fmaster%2FSolutions%2FCiscoUmbrella%2FPlaybooksk%2FCiscoUmbrellaPlaybooks%2FCiscoUmbrella-AddIpToDestinationList%2Fazuredeploy.json) [![Deploy to Azure](https://aka.ms/deploytoazuregovbutton)](https://portal.azure.us/#create/Microsoft.Template/uri/https%3A%2F%2Fraw.githubusercontent.com%2FAzure%2FAzure-Sentinel%2Fmaster%2FSolutions%2FCiscoUmbrella%2FPlaybooks%2FCiscoUmbrellaPlaybooks%2FCiscoUmbrella-AddIpToDestinationList%2Fazuredeploy.json)
 
 ### Post-Deployment instructions