TacitRed-IOC-CrowdStrike v3.0.1: Add missing playbook discovery tags and deployment fixes

Changes from 3.0.0 to 3.0.1:
- Added hidden-SentinelTemplateName and hidden-SentinelTemplateVersion tags
  (without these, playbook template does not appear in Automation > Playbook templates)
- Fixed location parameter: removed hardcoded location, use workspace-location-inline
- Removed unused TacitRed_Domain parameter and URI filter
- Fixed solutionId to match Partner Center offer ID
- Updated API versions from future-dated 2025-09-01 to 2023-04-01-preview
- Updated publisher name to Data443 Risk Mitigation, Inc.

Note: PR Azure#13641 (v3.0.1) was previously merged but only included the Solution JSON —
the Package/mainTemplate.json and zip were not part of that merge. This PR adds them.

Author: mazamizo21

Solutions/TacitRed-IOC-CrowdStrike/Package/3.0.1.zip

@@ -33,8 +33,8 @@
     "email": "support@data443.com",
     "_email": "[variables('email')]",
     "_solutionName": "TacitRed-IOC-CrowdStrike",
-    "_solutionVersion": "3.0.0",
-    "solutionId": "data443.azure-sentinel-solution-tacitred-crowdstrike-ioc-automation",
+    "_solutionVersion": "3.0.1",
+    "solutionId": "data443riskmitigationinc1761580347231.azure-sentinel-solution-tacitred-cs-ioc-automation",
     "_solutionId": "[variables('solutionId')]",
     "blanks": "[replace('b', 'b', '')]",
     "playbookVersion1": "1.0",
@@ -49,14 +49,14 @@
   "resources": [
     {
       "type": "Microsoft.OperationalInsights/workspaces/providers/contentTemplates",
-      "apiVersion": "2025-09-01",
+      "apiVersion": "2023-04-01-preview",
       "name": "[variables('playbookTemplateSpecName1')]",
       "location": "[parameters('workspace-location')]",
       "dependsOn": [
         "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]"
       ],
       "properties": {
-        "description": "pb-tacitred-to-crowdstrike Playbook with template version 3.0.0",
+        "description": "pb-tacitred-to-crowdstrike Playbook with template version 3.0.1",
         "mainTemplate": {
           "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
           "contentVersion": "[variables('playbookVersion1')]",
@@ -65,24 +65,13 @@
               "type": "string",
               "defaultValue": "pb-tacitred-to-crowdstrike"
             },
-            "location": {
-              "type": "string",
-              "defaultValue": "[concat('[resourceGroup().locatio', 'n]')]"
-            },
             "TacitRed_ApiKey": {
               "type": "securestring",
               "defaultValue": "",
               "metadata": {
                 "description": "TacitRed API Key for authentication"
               }
             },
-            "TacitRed_Domain": {
-              "type": "string",
-              "defaultValue": "",
-              "metadata": {
-                "description": "Optional domain filter for TacitRed findings"
-              }
-            },
             "CrowdStrike_ClientId": {
               "type": "securestring",
               "defaultValue": "",
@@ -108,16 +97,13 @@
               "type": "Microsoft.Logic/workflows",
               "apiVersion": "2019-05-01",
               "name": "[[parameters('PlaybookName')]",
-              "location": "[[parameters('location')]",
+              "location": "[[variables('workspace-location-inline')]",
               "properties": {
                 "state": "Enabled",
                 "parameters": {
                   "TacitRed_ApiKey": {
                     "value": "[[parameters('TacitRed_ApiKey')]"
                   },
-                  "TacitRed_Domain": {
-                    "value": "[[parameters('TacitRed_Domain')]"
-                  },
                   "CrowdStrike_ClientId": {
                     "value": "[[parameters('CrowdStrike_ClientId')]"
                   },
@@ -137,10 +123,6 @@
                       "type": "string",
                       "defaultValue": "[variables('blanks')]"
                     },
-                    "TacitRed_Domain": {
-                      "type": "string",
-                      "defaultValue": "[variables('blanks')]"
-                    },
                     "CrowdStrike_BaseUrl": {
                       "type": "string",
                       "defaultValue": "https://api.us-2.crowdstrike.com"
@@ -177,7 +159,7 @@
                       "type": "Http",
                       "inputs": {
                         "method": "GET",
-                        "uri": "@{parameters('TacitRed_ApiUrl')}?types[]=compromised_credentials&domains[]=@{encodeUriComponent(if(empty(parameters('TacitRed_Domain')),'',parameters('TacitRed_Domain')))}&page=1&page_size=50",
+                        "uri": "@{parameters('TacitRed_ApiUrl')}?types[]=compromised_credentials&page=1&page_size=50",
                         "headers": {
                           "accept": "application/json",
                           "Authorization": "@{parameters('TacitRed_ApiKey')}"
@@ -249,12 +231,14 @@
                 }
               },
               "tags": {
+                "hidden-SentinelTemplateName": "TacitRedToCrowdStrike",
+                "hidden-SentinelTemplateVersion": "1.0",
                 "hidden-SentinelWorkspaceId": "[[variables('workspaceResourceId')]"
               }
             },
             {
               "type": "Microsoft.OperationalInsights/workspaces/providers/metadata",
-              "apiVersion": "2025-09-01",
+              "apiVersion": "2022-01-01-preview",
               "name": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat('Playbook-', last(split(variables('playbookId1'),'/'))))]",
               "properties": {
                 "parentId": "[variables('playbookId1')]",
@@ -267,7 +251,7 @@
                   "sourceId": "[variables('_solutionId')]"
                 },
                 "author": {
-                  "name": "TacitRed",
+                  "name": "Data443 Risk Mitigation, Inc.",
                   "email": "[variables('_email')]"
                 },
                 "support": {
@@ -288,8 +272,7 @@
             "postDeployment": [
               "1. Configure the TacitRed API Key parameter",
               "2. Configure the CrowdStrike Client ID and Client Secret parameters",
-              "3. Optionally set a domain filter to limit findings to specific domains",
-              "4. Enable the Logic App and configure the recurrence trigger as needed"
+              "3. Enable the Logic App and configure the recurrence trigger as needed"
             ],
             "lastUpdateTime": "2026-01-22T00:00:00Z",
             "tags": [
@@ -322,10 +305,10 @@
     },
     {
       "type": "Microsoft.OperationalInsights/workspaces/providers/contentPackages",
-      "apiVersion": "2025-09-01",
+      "apiVersion": "2023-04-01-preview",
       "location": "[parameters('workspace-location')]",
       "properties": {
-        "version": "3.0.0",
+        "version": "3.0.1",
         "kind": "Solution",
         "contentSchemaVersion": "3.0.0",
         "displayName": "TacitRed-IOC-CrowdStrike",
@@ -343,7 +326,7 @@
           "sourceId": "[variables('_solutionId')]"
         },
         "author": {
-          "name": "TacitRed",
+          "name": "Data443 Risk Mitigation, Inc.",
           "email": "[variables('_email')]"
         },
         "support": {

Solutions/TacitRed-IOC-CrowdStrike/Package/mainTemplate.json

@@ -1,3 +1,4 @@
 | **Version** | **Date Modified (DD-MM-YYYY)** | **Change History** |
 |-------------|--------------------------------|--------------------|
+| 3.0.1       | 26-02-2026                     | Added missing hidden-SentinelTemplateName and hidden-SentinelTemplateVersion tags for playbook template discovery in Content Hub. Fixed location parameter to use workspace-location-inline. Removed unused TacitRed_Domain parameter. Fixed solutionId to match Partner Center offer. Updated API versions and publisher name. |
 | 3.0.0       | 23-01-2026                     | Initial Solution Release - **Playbook** for automated IOC synchronization between TacitRed and CrowdStrike Falcon. Supports Domain and SHA256 IOC types. |