From fc521fb1aef27c59607c36b2a10fcb723479d942 Mon Sep 17 00:00:00 2001 From: "jaspreet.ss" Date: Thu, 19 Dec 2024 09:18:30 -0800 Subject: [PATCH] fixing DataConnectorValidations & KqlValidations checks --- ...pplicationPrivilegeEscalationOrChange.yaml | 3 +- ...SamsungKnoxKeyguardDisabledFeatureSet.yaml | 3 +- .../SamsungKnoxSecurityLogFull.yaml | 3 +- .../SamsungKnoxSuspiciousURLs.yaml | 3 +- .../Data Connectors/SamsungDCDefinition.json | 11 +- .../Package/3.0.0.zip | Bin 13356 -> 13398 bytes .../Package/mainTemplate.json | 112 ++++++++++-------- 7 files changed, 83 insertions(+), 52 deletions(-) diff --git a/Solutions/Samsung Knox Asset Intelligence/Analytic Rules/SamsungKnoxApplicationPrivilegeEscalationOrChange.yaml b/Solutions/Samsung Knox Asset Intelligence/Analytic Rules/SamsungKnoxApplicationPrivilegeEscalationOrChange.yaml index 30c60868f83..0b659f86ef4 100644 --- a/Solutions/Samsung Knox Asset Intelligence/Analytic Rules/SamsungKnoxApplicationPrivilegeEscalationOrChange.yaml +++ b/Solutions/Samsung Knox Asset Intelligence/Analytic Rules/SamsungKnoxApplicationPrivilegeEscalationOrChange.yaml @@ -13,7 +13,8 @@ tactics: - PrivilegeEscalation relevantTechniques: - T1548 -query: Samsung_Knox_Process_CL | where Name == "PROCESS_PRIVILEGE_ESCALATION" and MitreTtp has "T1548" +query: | + Samsung_Knox_Process_CL | where Name == "PROCESS_PRIVILEGE_ESCALATION" and MitreTtp has "T1548" suppressionEnabled: false suppressionDuration: 5h incidentConfiguration: diff --git a/Solutions/Samsung Knox Asset Intelligence/Analytic Rules/SamsungKnoxKeyguardDisabledFeatureSet.yaml b/Solutions/Samsung Knox Asset Intelligence/Analytic Rules/SamsungKnoxKeyguardDisabledFeatureSet.yaml index 5c01b73cd58..7eaf5422bcc 100644 --- a/Solutions/Samsung Knox Asset Intelligence/Analytic Rules/SamsungKnoxKeyguardDisabledFeatureSet.yaml +++ b/Solutions/Samsung Knox Asset Intelligence/Analytic Rules/SamsungKnoxKeyguardDisabledFeatureSet.yaml @@ -13,7 +13,8 @@ tactics: - InitialAccess relevantTechniques: - T1461 -query: Samsung_Knox_Audit_CL | where Name == "TAG_KEYGUARD_DISABLED_FEATURES_SET" and MitreTtp has "T1461" +query: | + Samsung_Knox_Audit_CL | where Name == "TAG_KEYGUARD_DISABLED_FEATURES_SET" and MitreTtp has "T1461" suppressionEnabled: false suppressionDuration: 5h incidentConfiguration: diff --git a/Solutions/Samsung Knox Asset Intelligence/Analytic Rules/SamsungKnoxSecurityLogFull.yaml b/Solutions/Samsung Knox Asset Intelligence/Analytic Rules/SamsungKnoxSecurityLogFull.yaml index 073729ce334..3edba390cf9 100644 --- a/Solutions/Samsung Knox Asset Intelligence/Analytic Rules/SamsungKnoxSecurityLogFull.yaml +++ b/Solutions/Samsung Knox Asset Intelligence/Analytic Rules/SamsungKnoxSecurityLogFull.yaml @@ -11,7 +11,8 @@ requiredDataConnectors: - Samsung_Knox_Audit_CL tactics: [] relevantTechniques: [] -query: Samsung_Knox_Audit_CL| where Name == "LOG_IS_FULL" and MitreTtp has "KNOX.1" +query: | + Samsung_Knox_Audit_CL| where Name == "LOG_IS_FULL" and MitreTtp has "KNOX.1" suppressionEnabled: false suppressionDuration: 5h incidentConfiguration: diff --git a/Solutions/Samsung Knox Asset Intelligence/Analytic Rules/SamsungKnoxSuspiciousURLs.yaml b/Solutions/Samsung Knox Asset Intelligence/Analytic Rules/SamsungKnoxSuspiciousURLs.yaml index 3d598c065c9..de17f6d1d68 100644 --- a/Solutions/Samsung Knox Asset Intelligence/Analytic Rules/SamsungKnoxSuspiciousURLs.yaml +++ b/Solutions/Samsung Knox Asset Intelligence/Analytic Rules/SamsungKnoxSuspiciousURLs.yaml @@ -13,7 +13,8 @@ tactics: - InitialAccess relevantTechniques: - T1566 -query: Samsung_Knox_User_CL | where Name == "SUSPICIOUS_URL_ACCESSED" and ConfidenceScore > 0.9 +query: | + Samsung_Knox_User_CL | where Name == "SUSPICIOUS_URL_ACCESSED" and ConfidenceScore > 0.9 suppressionEnabled: false suppressionDuration: 5h incidentConfiguration: diff --git a/Solutions/Samsung Knox Asset Intelligence/Data Connectors/SamsungDCDefinition.json b/Solutions/Samsung Knox Asset Intelligence/Data Connectors/SamsungDCDefinition.json index b606cc97116..3b619f8120d 100644 --- a/Solutions/Samsung Knox Asset Intelligence/Data Connectors/SamsungDCDefinition.json +++ b/Solutions/Samsung Knox Asset Intelligence/Data Connectors/SamsungDCDefinition.json @@ -58,7 +58,7 @@ "resourceProvider": [ { "provider": "Microsoft.OperationalInsights/workspaces", - "permissionsDisplayText": "Read and Write permissions on the Log Analytics Workspace are required to enable the Solution. You can either choose an existing Log Analytics workspace or create new. [See the documentation](https://learn.microsoft.com/en-us/azure/azure-monitor/logs/quick-create-workspace?tabs=azure-portal) to learn more about Log Analytics workspace creation.", + "permissionsDisplayText": "read and write permissions are required.", "providerDisplayName": "Workspace", "scope": "Workspace", "requiredPermissions": { @@ -66,6 +66,15 @@ "read": true, "delete": true } + }, + { + "provider": "Microsoft.OperationalInsights/workspaces/sharedKeys", + "permissionsDisplayText": "read permissions to shared keys for the workspace are required. [See the documentation to learn more about workspace keys](https://docs.microsoft.com/azure/azure-monitor/platform/agent-windows#obtain-workspace-id-and-key).", + "providerDisplayName": "Keys", + "scope": "Workspace", + "requiredPermissions": { + "action": true + } } ], "customs": [ diff --git a/Solutions/Samsung Knox Asset Intelligence/Package/3.0.0.zip b/Solutions/Samsung Knox Asset Intelligence/Package/3.0.0.zip index 46df9437cb9f0b4f5e89aaa81d63b8d70b29b5b3..684d8d99c6b9053ac7879c2b629188b65a4e40f5 100644 GIT binary patch delta 10703 zcmZ9SRZN~;l!bBl(Bcloy%aBA++9B0-Q7xgad&rjcXxNESSjxATA2Qm%+1`d?5sS= z$yqylRa*SAKvtB2hQWe>fIxsil&(Y8M?^)GPSD&i`TT{E4g$gwoZyK_1dP`oejKXY z-K2H+Mw-5Hn%FxrL&n!a`9V6dnhWDdB(F7pso!H7`y`KQy%ED|Eimq#_)Mv?gw|D= zLOSTj z4$ea9(zW2bmn^>;n4j?j-aCZmWRY+cmAX@P)!ejL+=fovfUhdMqoZGamn`g19BwBov_rayU zO)Wvp8%ZgAIXrjIDw+lTOjTf&B&}VwCjNbq0;h;)DaUug-fll9`fqL#NZ@9(fxKOwIFZp{@bCgR+t zm(eL>u9wouryVRRMJVN?O*O$H$xt0oAYA&c#L2by8dX(g4{!^In98Nlsda>pzKA7@ zF>b|{eT4B-z9w4FCI=fuJzi2l(Dg8)FKtj z!Wp!HVh?!%M#C#=%7evkwN-vBe7^|E$k5PGk9%v8e=){8F5`8a6^VGUc2&kXi2ooRRsovr_AxmU;od1Aw zFOcq+9|R!v3Z;crzm##hB475=pl>6N1)4}FWVIC!zKm6*MiRvR{JS4$Rk{~dTOk)$ z)n1oHwkFQO+>&oSF79fD56IFza%Bt+Zc3vIYiJIj$;4Mk4Sqe0u2SI8&wy#k_L8Bn z31li-1Ij2i371fG*9}M!%s=8Am@Nv;%r(&lIvwbP1`qa&nyM1{wfN_)i+@GR##+Q3 zZKOIQy>jB93^z9AKG z8StKGuZ`mh$09w_hzw}LOFJ2is?7bQZO9U@WkLt5o)v_>5;GfzD_@i<+1ZOyY@^dH z32X^ebW9O#*y8-sO?H~KzjV=BtDgToMm*#@VCJ`8a4y$$1c|0=yK8f|uhUm{Fz$aZ;$J)Az)G4YHmK)-pe95qT0L`F zbd#`MdaYvLu&w&;j)bMJ;jVo;zacD)1uSp;V$SUl`)|bhzY$+5J8Uo9;RD*+*Hs8Q zx~RW$uP814i7sa6wM9X;DQS^`w`^b63)-Aw?ykLPUOsS-Kv2?gU+?j~z(KdP+c@7l zvMZ^*s83A)W9bHOt2_7V0=DE@>llyL0w?K~H)(6hoIet7uy33*)^v!4Ggkr~Sscf9 zEM(!QcIJQEwIvJNTw5{V=k1mfjn&H63QK*JU z9fCBUk1uTLuZDR)oWXv%9r!#2roNhdGoMS#IS(`5#OFzDU@9MPiHqG)h@6EnX!v7u z-GnnfnCA}Hg{B;SymCjEiSPZz$S}|HX?$6fSJ5AIp(v0gUs}{*4kYW7on5~ijugI> ztyS?9UW4juF<=(%H@)j}ZGD+$5abY%94T%mxf9x82z@Q;VMn{Rqx`Ap+&c}W7yp zRo^2$ITO7Y#`yjc0Wuz8N0FC|$FOoMGk~?mq*PA{jw|x{?X^ujRs(`Hiuq+j>X?Eo z94IQy6qYM2;p2LZjjv&p9y~3WeCs3seDq~XE2Q!`?;U;uZe=3T9!&;Gg@;Ab;jQ^I}a{+nxw(X7?45_m3l;laMN7SDb=r}OihFAU@_2wW3vY+afqxF z>jpktnBe&4J&x|QN$g$h>j`<(OTClvuC5=U_II=6ngTv~>f*k?7|qh{oTb$vZmwi^ z)J3ioi{CG1XL>?;iDUW>eXDfwjinz(HU4&ok)|yG(1f!sJDN|z+yhNEjhL5yRGZRe zgC+-um1t!-6Td`fA7-ji4HhA?aytCA5NP>Fyq-k)&$_^hXplvR8fZt4U`3Gsq;sX; z1U#;^mJsn%ppP39)`fv6mgR3DWETj(PcF45P+3vPO)beSLcBQ|mGK9KRP*h;b=^XjQg|biN zHm)$vHJ}Et>%JA@mln%l##3oY!Uhu<4-Czz-8ckL#TN`Yv&fHIbhFECLldTTT+K47 z#pG9#5_}O|Mg!kW?nVjB}kHHFJu2gj}ja(o?GuBf+JhM)RJR;gb6$_Si}T zlpv?}CIdBEC`n}Lot~sRTl}x-8^e9%4$#bo9tU)f!LS2Hk2P+aDkw6bSvV2!_c?4@ zV{3HR>56fhWfL{bfQBI~=4;RViXnj*l;edTZL&X;AP3ONK``RqHL=kN-7mBUXQ<)j zZP4&ldIhXjW_?2;?>}weSTj}%JWXE#lTm^EqM;ew;z0PsV#@%XJU-r5yfdiR=F>>< zHq!}@9S?cBB?NllccK$IqWaz_UrEicA;G;6Fk5R*@QYFlf4|qI!49%#XpJv!m~BmP zib&>WsCX~InaWCn6ucOxiB()^P7{=UP%uMal(05$u$$~ zSr%D48RVg%)S~LG>Z=`)MR$tN%+I4q^3+LyZ|7p|hRm1KzKCM0I%HcplKb_`ZNcl| z$kvlujBN3R1sr!sa$~|nYduPrCti0ZMP-$lDkJ4Lv8z`^)>b^0sA!L@?RJ0ZkY#5!etG!}!zR4x5e0R;>vnuU4Ne?^UyJ97Ki>Sa*w9&w6X2#=kr= zv22)a)@wmRwkg83Vm4Q0!UkC&oLyId3FEq!+7Do2X!$&-3A6mX02d9S*?h)yg z&buH&(=1H=a;gTBB1?9!Jx;b8>B<`{plIo<<|C|}Fxj6YqqgH+wqu!1ugXZBigQE@ z2s!R<;BF1|7hKerMuM?n7CZN$yFBx!?5pXn1Jfz-?BQdO2fJ4f8 zPu9z!lSTM#Y#x^?HUq8vPn-;pPe@;gZ3t(wX;JC1Rbv5Y0=YBDA3oC_{^C@WwMyHl z*IoaDZng)Ep2CttF%^_5%L*C#~MVs&`~)blBa}JY;3zj6WqKrzFsb5MXgDa2MUG$8_Q25%!GIfp~6$I z(L`OUPYX1#GkFC0xcRfx8P{TS{1!)+SBQQZ>&>M`Hplko!)Ox!QxVUHp@; zTywRDi>@SEKC>(`1&qmmq_Xl8$;$mI%_8uWfd`t;`ttNea#V+8p^ZZ+&6@n~NcULi z`jvJXyH0Nu{e6GGzGNY)SH7CGs@CY)hTjV7!5_EibqR~NS0+FZW`8Cb#Z%zvrc_KU zzv@H&#FVpi=|4MPwZ&Cd;EbQGEWc zWfU!M5}EDoRDW`K65?M_6h7T&nuV{{se#@#qjI6-kdI_xQY9_l8QJDX4!=yfcY_@5 znj>NYy#a=sHqvO>E(&>ke4I)nN!D6do(1|}cwZUcDPQ>22iTCHQ@)pZ7mVqjr!?a& z&(!7Lhu!=xAAKfmb;39I=F&aV?7X{G7!-nEk1IeH<~yi5hR!ZSqpJF;c^N~R#@UCe}HHi=OM|trWl)&mA_ynjHs2W=8)lJJs#W@q<|@v!!JXinQ9jsk9>2#hoXoIE>wP>WFOma|bC-`6(DwoCp?IWXQ(X z`+B?O47CJKI#GXRp@H8^sNbhIr;WIROtH!G9@n(q4vgSIO8YR5t|>j5lbRL7;hCt< z*S1&I%;vtL9QN$jI&Zs~IlX_!_yq{(xmK*0vMtmx*LNH&pN^`uY?)w6uiVuik>oZ` zu`+*g(pUrSi6P2}B8)Qhs%Z`E>CO=@;rY3H@9e=05@E55FTG zS7OrsILN)`gkS#f^52I->L|PWD_2IsXfL=>PZ)p0MgBL9>$9mnUpoHnOwSx(5r-n~ zY|j`jx-eHPw;`F(KIfPn#ny8ZoW}QN)*Z#ta}b;wWHPz(bW>sHp(!~X8O79d5}X{g zC%fKyBV(tbDcOG)Mb~o_oahpwW3wwozmnN8M`;`|=DebDQ)R$mW*?bV*1cpCsOtf3 z(@vB|XrRp1ZDQvUmhBST)K>(I4kuGK`fw0xW}87zkQ0K#nQn88J%J0jq|PWhZbD_V z+NEz%*iBjw!3jjw2+Q4@b8<57l3%pTY{!zqu{;-bj*gJaD*$ta5%%J}6j z%FjFXp4+PCr;$u2mR4qda6Fu-8!}hZ?OUBXHMzc9oi5eXXR8=bEG+{2Rwqszu5IZr z$6yt~5Vgf)2Zi^vKv;8ApfABd#a@^J%};lUtTqh%=UFA6`S5Icm0{lJrLLv{j`N3t z!LZSpzxz>8ef5cj8fpVJuY?=T@nFCi6LDC;1GfZOH!jXDzC+PFO1n4mrGjv4<+7wE z+m>P^S)PplG{erbs{;V`=&S!3avkijql$}P8v)Nxl<38Ukbmf103c0IOMUggb_w)d%f?fwnfiV~wRcK~nK4zxL~hn+pkXWGOe< zC)m|kLK^Ko47g4bFQ`6Tr_0#BMMM5N!ws@YmOa1KNxN(OH!i?^=%)?nD6${+k-3Bk zV#Q|+4H9`WQ~7%UITKLPl=$#f^O0J*(I$lj|Dybc?(wg@zldb?xyY89iE?X zQSKSz5TuBR;~H=Zg%)SPZ1`13?t$|~XLRY`%7BDE-47jnd%Nu9-4AEK(Dl zYMxz;h0}eZhy5+`?Rqv&n&4cEN;p)DHWu6yyQN)=Y5>=}_TtC%DjeP1u-J`m=xZ(E z-B|Zv5Pk%E%(l;0m#_WI6joU)Yqo9+{JK+pXq_Pr@XzM{-#^yW2;`pJmsUJ=?K`WN zKbBpol$)$N1n?}<;q-K?0v@<{#_dRDbH(mAHtgVQbXPQUt%@!aqra#Rq->Amdu3d) zEXvfnbOPw)##-oN1(&FpQg*42#T($MtuZ_}qG76CCXc5PEN@f>yMVa)GRsJmUr#lw z0efzXt^pxItbu&S-fY@fQ+F>MjSsG{D8t07k0IWJ(4dt)hGy#FZ$}_aCH` z@j;FCd7ROCy86-J28;>aPnjH1CA8J_O0W?aX*onusv~IB6o4MX!n@=5w2tub8niQ6vUcl_~i-zqb-`g%Fd5skUg81bT$C z#YYETMmZjAdG#36(+8i-Z?Wc0Fy|UcCjA6i)>awi41zt4!?2KT)!WAaRrSl{`hPb4 z0&06;AnO@g;z|*{=&#*V;EZ*dG5>VS>yeW|sChGKfAP)iYsFF7JQ_Ce&7dLS zEcgGu#JpfWSBo4t^kNb8F^IvwRFolkJf&BmM}^WQ{nVoOBvY`4r^dTmm3tJM3S`8u zS^Jy%$!S-{72`x#a;B--*gc;vkqe+mkY~&t2&EdcnIK(PD#5498mL&?b7bfE830q|V$9ups^w8?%l-@^@NBi&ST6Wp##vy6=!%6k zdb2f1NYBj7sc6S6JvV@sk$rAeUdEG=m!j=Mtu*}I)cMa37V>qajQ7hZ4bIU|R9Ez7 zM#5|JIMUjwO|Xk7$P`x*2)3(*P-xz(*{G;ruPs)Gd#|tvu|uLHvW^HWQ3U&BZaVdHzfq2tymZg}Z<=!=->qUq%$ zR#(o-yPwhr+U9k)+348r@E?)`TlSW1QX{voc%Hg734c|tY@X^MN%8OLJ^kO=;w*ZN zaoRp(V<3XGI!RIQdj)b+=5y>na|UyDMwfLfZG1g{MG=phiH3mW6aWx!&d$-}iqxV6 zOkvXNLL_U}N`LM0|Ky!tfY(riS$|V|c`dof<{!Yi435r|c-88*pkg1$Up;WK$tut0 z#27U!9e!KHljZme4~aU05J}UF#Q$4+DJ*%2@i2T~f7V&8yuMMf-Zw}A(hYwH;?F7( zwM*%HGSe9bgnFG$^8jG(a4>3QL}rig^!Rjs&63DgN@a%5)uTfkq^U2vHB@m-m_rc; z?>@J zuq91qgJKWi?(tLBfcqK|fyjXK(3MhW2YYZbi|^Lx&D(O71U2O}Z>Q;o_E!jJN0;E3 zKif_cCi^Uwg^NIG333v_J*{*POt2m*=D49Sw=8W4NYFjCS6I{g6oLccjRwv%6deSA zUX_@;k<;jt2FY6y`lLnn`^?9m9xLMYiBJ${!YOOc^1U|crkgTCb#zyBOpu+2wgP;DVwVIhYp)e;$~0TS9sG@)i#1cVz|c4tsn( z*Jxp8JHrx_Bn5vWO4R);b8>=u4a zVY2nFr~pXp7)DSh&aPhGu8yMBpEK)_9g6p!92Pd>&&r|;1Pt0dGIz?hx$nj^R0CX% z$c_4SH}NP9gSO^*1!$^+7&Nqp7AllWB_%=#N`WGkHaOO((u&vmc0wKX4 zi#7B0xwkIy^}H+LIKmdJkF(kHZp+7(5&DZ4>>n#{y1F(k1Xo^JE)7Cw^yzo&m}W6w z9)K>5S|t`!Ym{2K5Kci0S#`OGJjR}3H7YrupbLeLa#2q6m+gakxsBEXGxaV30@sWHnLsoh^d`R!bD6kW4woQ7JqD!<7k{=0XBm6 zPst#c_=>gyj(~zQ=h5Y1@XOeswK3hU$7R!XqMPXb8s7LfLT?m4s)y+zJfvz5se>=u z$1Q2*`?|WU6Nncl<4F2D%Pv%+%t)j&u>e!bWLIyLj#$Gqx)Xm3TePZU1paRa0%pi=Z-cpf?9wOf5A3Z|wAA>r zxTSSZ@3j=$_`tM0Qig2bZDM>;H%Ray%b5c5OzH+=O7^$(Lrcz=YIVSFA#(-OZl9c< zR1|SiJWF=PGVyFu-wn^7&s?!-1w9GVr}=1cwxukh2mXnW3?pgl-89@7c%rYfk?9*K zh}sLdH~xu1Ivk8Db;lGBLmdWz#5GPCo=8kmHo=RGp-idY`bo6)y^?`<)YU#l2RzL@ zjT-%h*?yWi`oqoJ>F)jL;ONHS!{p=S>1@F@s87skI%;Xnb-#Sh@=^yJ52+s}K!!>B z-4S!4w-?O@TJ1zJbFUu`NCHQpagW6~S@-rp<<~Q#u}tyM31DDQXKh6b(&08)_w7gJ z(F^i@D}-+D;Dp`!tl1(Pgn`{UBK`>i@J z8xf9fyh6W@W1%6!t()dm`{8h;7%lyB%~8ljcbhZR3m4{15*Tv<$TGy{p!zV@tFnG6 z!$U+5k2TGn?>-kP{nQ*MA1_q5Xq=e`yHoP-+%0?dbAhiP^EPVmR8)gH#GkDRRd&6| zOVS@}*GSVyzBKlLKO|xoc(92iH8F(G6rf5VZTMc()n1m~32kVcw|!?WV8DgMBNCxCg$E5Uj7C0cbnCFCC0B>DdG_EqP@@|*Us^;LJ~{>~tjXbM@? zCY($I*%%%Kg!@~8EW|LA{?iUMR1wb7A1Nn8HHJsS;PlqcuRKbz9}d?ZP_{uWKfke5 zs-p%k(X&)88ETZ+93yU){{7WV7E1~pSGWD12DTsKP&BdWvO%s$I_c78MjbG!Xc7L7 zbsTW9tF&K!+xvz7A=J3F#e=x+KwH$XF`O{z+dJT!s~Oi@tsbWS+(Ck|Ro-H54(5V4 zFFC|DFBwUZ2;oXGzpU;)(KTJ%hxXw4VDyOEBw0{1aYf)BwmB^9Y-5j zD-jn<2Fs-@%LmI32FiEH;9c6S2g!U5~7Z*kOE}mjnn|Nod;zZghe=;+Pz4=}<+n>t)me~?Leklw#?2%Cj;!g4S67;i;srS4gvX=%n zN=sG*HXZ~t?g$~eELaCLu1yGO{R4nxIfXsR2P#x!4E+Z{k|F(nr3^r}?MAHne*g-T z&`+6tjfx!45-et-jHaZVVE^1a7ieS=VO6N)YcPn`8H{rK)m0Le5J8QcQ4cT&bMZhx z65T6A+6<{FnVfanm{cU3wDB@yt|E%45iEGReNR4RT`5)|3!6TJvKPefb8z{Fu`CC2 zK-~Tu(W+ug$wpA!1KierbJ|}g-yW6>wU7Qi-YO(8mRVJJ#NCyelPRH5~Zh3sIgYsy&Vx+6J7CbA-nd<Ef#S+4qL zd7hrE>OaR?{~TkAXw7K=kbDes$T_0!c6`?I@eB@mGo&*o`&*h_7&BVL*{DGX&RLj9#J-w^JL<}XlmaUcZ1e#I0PJ$ z{)-IIYUT>bCYGr{?AWM-qik5)aQRq*jU%tp7(zPIXzy(Hjd6{EYQ$qcuHXaxR|OOK zJMZ3kbblnNfL}B#*dEW%H*Zf{PiMFLC|93*s|rLQ4T+zGb*(t}eu$hjZD90zT?0R$ zbB=T#ARBzdhDBUrT_ zJxXb^uhfzLWzMOxH-V}$_YPx)-<`5$8 zGiLB-$Tka&myURUN}!1X32-9seZe07mqq3ftO;DpIG;X%k9%Mg*1BF2>V_A2&F}6{ z)1`aJ*TkHMw3ZDC)$kAXFX&LUrETYZTRuOK4GCPEO`%)Yg@Fga`d1y)Hd=-76Jhn> zInsEb5NKmfqo=wPT>;_8-D~p;b^kRsVOq=*d@P%v+P!*J)P^m%mO98OucNgEc{#`r z7pt!u{T*B8bE!Rjq;y?+N$sHnF!Wj$QL_+bG8 z?z^z5JQ4IbKhSOT89H#%95cmcd^YW=_{{FQ;s$vZ4SVExl+qeJIYK73Gj8L-_wQv3 ze;Ob|=ODdpfaT`g`!%`_|7os3gb_6Vq`ES@U<#Z1FiQnJLQ;Y_MW#}UUCgzIbq29Q zN%Qb&-p|=E{xXLYTo7)d%&d&w%%;k;o1 z+YFH7s1d_3|}%;cDp~^jgi;REb{0b7hee;T@b<$d5+~3o_H0F)*oGsIIy*P(q0)1^CK^@<)8Qh(U8$`e}p9Z=?goc+yX zoQNHpgfS>WiiC*iD=obM-Z&8qlfaW_WFYpp5da>AHNsid<`+;~UUdfWM9LBSEfgxc zKRa_M>yj&8GyaLMp7r{+>j!{6cU&Z-dx^-%nEzzs;~s8XDq|e?AENK*?P*2=X+JD~ zHO!^cw2BF6SDVy>pwoue_OmX__m?(Go4$A+b|jm-max{y{CSr5)ZKXIKaF?qZV*&& z0m5u_Z>C$|Op!$=7KN z#GJpG=W)*>>R}5uW(Bs2w>X|poxNENk#aNag-5}GA~6PU+NA5hW9Vk+b~pVt0bhhu zGp2=U`^7DroLt|t1D;j5Ovq&u`TzaQYc>wJPPTsqPKf^j0h8I> delta 10660 zcmZ9yQ*htk_lFxhX=B@NY&&Th+qTVjY}-y6+qRv2Vym%}#y#KPf6lo%H|uV%d7iar z*36#$TCuFQL{gN4gu(y=1A_x&MQlJaKtN$dOxDto+9QRa1p^~gOZGw_0LB|{{=KU_ z-gj7lcck5+iPq?NYTpljWio5AsAx6DfMT==HED_v7}sC~{) zB~c3Dz)Jpvv90Lp?Ch%SJYTIN21rZpg)&%5$b0UyRKt3O%{)!h zs0QRINi}4&EJIDBNx73!tJLU{GjwP2z6Xld%E>QGxEC>~+xS+!|B$tVUXN~m zH^N<6pZ>B{39jDIsRaDy1(qC1H+OA9e9MNNGZfs=E6@PxiQOB$8+`l=7!XD>K>b&2 z3I{D3HQ9TG5M%xC7OH~3w{Q>==EO7kzjqown=JiAclp-6oU2D@@$U$mTkR!~Oax4* zWO5lv*dWRnOFSbCXz);2`ZAo*F;0%#B}op9lo{kFe-oPv8{k)IvD-|oN|`HW#f60$ zmQ#Qj)7S6o00QpL&pjQO;GJS3N{h7pj_IrSBLvqm=ki!Wge(?Zi`BwEox6B=i+UwX z_su_~qNA)rD%oUDlWja-6-w$|S8N|cM9 zl-M-}&ck2Ho`FV8O*!d;o&1dM1!y&<%)AR>Sgy_*_nz&`6_4l6r!3z(zhGq!LOD>i zbOl~=kC0k732}|l3zhOrq}wU4pN*q2Cs`^#FMpBWRD)+5&17VW(qf_p>c-mU?N(rA z$4()R1VRcMxlZ$RjH%W!J;Ea&#c*6l3fAH9*5hD2J`iXOnjKp{3=?TnAQ>|}ZMy15 ztB<9N#7o?R)=Z>}RO~1k9d7yv4-k)`r$DbzQQz*clC{h44$E91v###LQ-KWaM&)S1 zb*r+soh#pvx}JJ9S?D6i+r9;xh0Rf4ZDi|uEWaiBUI()Fz6VS%tp+IoBA z!ZRVS1ZY9O2w!)~?K4JU{s}|9YXtepkhAg4d1D+)DAKChDe0^4R(6hMOKHtarzycJ zbD-7WbJ;6xj`j?gx`QIlCefF0e&!`ST2XN-pVwod_T0>%EvSwbpJ(oL8#td6Rq_6z zY*tX2;m@)v7Q}8)TKcFJmALjntQxnN7;Sbh0XSAuj44V5cW65w^O&eP1#UiJEfvVm z!6ghVDv&wV*mF@YcFc>#JpLl-u}$X{ws^SXX*;y7E_Xh;7x#%F7jNE#h7`G)S1qJ` z5Unjgu;eQvUmnGhjfAtN?HMx4mifp~(rZT6SaK|So6>@>^n^ll-_9puimz*x9ZCaY{UX%WHJ)2gzKH4s;mX>xZH&$IWorMc;*KrG*7w&l5-f5Sd z>FL{KBiL!%Ct0R#nv_vf_AZ}|I_0u1Q}*;y?mD4n>Ax>8n&ou1!^%`T5r4M6^_vzK za%AVm?OdPMc-N&;cGX~x+Xo&XPTAY&0soyu8!>BpLLawJq?=*vx*}M&`>%Iveb=YI z-tL8UY>z#9#^sH*x5w&yR&FaeLhI&s@h8K&UESdI3ATZz`=(7(mjs=XuKT7?;3ZbY z;#TA4MB?@@qxEB2Eu4;+vYXPyEm2diMXF#`Wx*S({?&N!qr3+@(9>RIPM}P3w$%U+L8)N%Hvh4hj-V zmwfSpUGs&Hfw0(Wws8jMX*tn^ee2G;h?zDbYYv7KkMl0nWT$J>rQ{X+V-|lS< z-OrA~otjqClj==**JoJ!BZD|>!*?GuFY6xz??aQo^A_J!h;yr%3N$Yo>PG`+CYbF? zHe;X!IiGHKfm-^;~RX#!EQ#~W{JE)!6_S+ zMKu}p^?>5Rsa-xGgCvf~dPn0yiZ4oSAb^yWWEIF&N)8x+#|GbDn}diRwm!4_ar=08 z3&;!8D7z|umbkIaAuGczmZbIRcJi+ZVNi`rx@Jbw+BOT|ev877@5QD zPvl@dV{{%Z6P6RvE|>2ykR3^p`HJ;YlyZp^w`bRMW-e^ax68Q)`~TKybya2i@O%vN z-OjH+MY|G*h?X%RSbTKLUPv*mz*7!XG%;m~sa+gG&Xbmi#%BGMwcw|fLS4n=sfQJ?Gg=pVyk&n*1;hKiR?lPX}?1@shfsM1k5bTEh#Lww7fF+nojm-Lo$r~mC8mcPFs=eDV=Z$rL97wq=0ZB*(`FldzrCy8fm+pYkW$IHqe)9d z3?;DrJ|}VIGGdQwyoU9CU~Rj&m&({~YalFz(gkPfZXCPaT{GW%$`V%!xz)?^+q2dX z7}05bNK&BEv#&fyKw12l=oD0PmLaR&Ob{nBhK>nRbz z2j-Z5__lku4QXTJ%#?aY1Z7A+NNGl?Ny2s!QPtn2s%*#1B}JIpTwCvL8|QqMB(nZ@ zi8yxnucw4bAk=|tP$mRu&X0i;ULYQv_uto!>!V>N4L$C-s}P*D>HaC{c_PYRZK+9j zJ$sO+?l8z@um9@W&2Q`>(5&gJ-~{oM`(u)fk6|H@2RzVdD~?DvCt!cok2SA;AL9s7 z;H=DU_J~jEq2Gd|Lrq7XJFEOTTcb`;wEgcn$mTvvS4*=Xo-q+9=ikLfIvGKorOS?4 z=!lNTIUAxNRxacz|NI`4;=5ISpXeO){T8kp<+%1>=ta1s=~PpE8h#f4!PVGxiJT}H z@A#!3i}1`kAp;znpa~ZHmb8?F=!db>v;@MugP^)^fpOPHtjnQraBhxXj)6Y0Z}+Hr z*WwM-(&|=T;tV-(i`_6o)H*()q=wmmduMYCZSh0@qwHhq?}|OVy*ZM?{^i8e9kkW= zSb``lq$(8os^70_3XC#;Xe8I>#cT;w)wWwj*zd&&^(rwql(6Bbfh@hgFKfCI-^cJl|-)T9pMZeQK`*PZWvyvU|LrqA}#Z z>jj<)zYnzs`yFGCaQCI>#Mkhb-Aiz3FhCa}a5f2}Ef=Ks#GPF~2ro zqBDhmM$YiHsE|8Y?W&P;$JkgVS7uZ=ASVFB&Fl#~!MwX-c(OST=0DrfA`%HRJa{b| za1&5lyq~O9h+OY@fA&3{W3o05!NSk)vkbE4+%>y!iHcOnULe{9Fo=yrXANSZoEIt8 zUqyRI`4WoGGtf@&Td@u*jI_$I=j6o0iuI@a1oboVK_+;QOEH9M3NLO~-L&v}Yg_;~ z%3?NL7kcszH_!XYJEeBA7v6Q*3$CeM!y@8ZXQ~PKkl>AIh_1$xj~EFm@$i2>p(l}F25O{5!S)U_o?_l)4{1_2h3L#s$RBhI}NtJB-N zyIj8|HP3CUqOj6-&nzaW?`|To^0a}4Rw!9a8u>5QmTI*UkvL4oY86Mlr??==ShEBhOMy}PV%+I(|xk!W8xYmqh!_di0H^+ce(>cl+M5r&fmNKtK5d|lkb%{V5_xVkGV#CHP7aq)D+ zqqa@mAu@Tp1lX)2Q`!3jhj_18v$W#cD7Fv=C|^3Q?G+Tb^!dNJ;C$sLs!y<0To8l> z8FgwMB^#yj9Y?S|EeO!CV(%>+F(Z|qxPc)BvtZC1K?gQ*1F?nn5Qp6sZLiTE_%uWY z+pyn9Gkq3(%9yXt`Y1L_=e<+y}?xWK^CED%GjTDcoM@07q(pBH%miN zKggN~u7bDaM`!#37HZ+UJf6Y+m*y?u2gSf1X43~%27Nc)YL6HohUa8GiNrk^xTsZ& zYg~BnWf(2-;s_6nnUG|R+DK>a4HFwfNh|WcWK0KOnpQ-Kl?c1OeKVBtJ>`@7xp)!B zw>TiNZy$G&Imm~j?DMl9(V3KMmb0A4w|mV4X%^f0Ch=?dki6k|i*%ahd))f6`&k8L zTZh~%x(&&1D5h>6E}K;L*{!`Omf=-JZ zsA5j|zWGh?dcedAeorT;-=S|4JE{tO9RE9lSL!lDvc>5mZ;yZWwH4pYPVGwBXIa^j zzFcwGy6w%A4`1vy6SZPFMm3*;)A)j7&fkt<6^s`-II8lQ-O>Ch@0NznOXbd{+km0g zgO(@-@z7AfvZ!=VGo&(+cDstrcYdSdaL$C|)!5^A?w$GXot+s^(B&n^#lg0QA^h@O z54Kv0uOL~mBE5ZG?^N6b&0opsw$c)Ko;`+frj4@}oo)5LTDRD++Lo@9+Lfh>il>-3 zEv{+%CQuQgD{ABBL%)IC8NvN*BdJN^b;BC$6ci=!!Cx|4VdI;N6VLm-EC^vJ?D{h?!jl9% z-*0$FoEVmol=*yWW=7r&ZU^G42JJ&2=xq=C1KK$l=#9EgFiv2g+h}WEKjYjaf#9{< z%M)q(eT7#O)@rjd)4E{K!E5dl*^Bv!wMqaySuO}7!<9V!VLKHNtRj5WgxWyvQe}cf zAl_3>y3N)VKo|U8^_qOFMUO7nm-;N9Qq3|Tk3!`C_sLcUQ`Z0X7Gk+kE z0ro((=U|)D+@DAGPC&4^_2z_LJ0WdQMzSOH1wrijTyOJWHH>{PL9-8AGU`eE2Mq!H zsAL`ov15`FO)D%-6k23b7tQ)kMb=*`!htDroUB273g#pfR&-wM1X4QN%+~)EwS_<4 zply)Am}JkLo+DTmb%K4d&!l-U(TM>l4Lr0EMs4sjsJ44cygkx?NC)rwv13jdq9MYn z0tnBN)Q&8-m4R*!uLHwlD=8F_Cy_Lp2@s7Mh^+U8>Y>CeT+wNJ)*V1qB}VFzFDtSB zR;u_z))vi}ScDZPWkt_fhFS$nC^sdM!HFQM)u@>o!vXc_G9!vc+#8}09!`L~GhrH! zE8q-@v-F7SUh>jZQZNN1PGu&?<}7{o(=;k$E5=t;2z_02C?^XMPpver<|~M3GKrSx zWd!|SXFi=eg{a=ENK$kJ6CBZCi&gmb@ZDeJ4`jE%eJschI`G5@X2mL5()EJ_`jPQ5 zx6MF;P|+4#Y!%Dmdf_}+>K#DQQ=*~J@!cs((0}bw&-}FY+D=m69y-$$*DrU@>xMeQ zcFgS!;6z&|5zFbX3W=K7Nb6KQA8ckSur0t3G$^r|qQ(q4oZ{ku3y|@gV&V<6n74Wh zkOim%#Upuo1RY7JHowy#{Gb*rgKMwALvoC`+FR3j@B1ggWQ$M?o(aUrx6l;N5!z7c zqU$0lB?cbr#5h6z{xb1?!KdK=inCnpFcC5oo+6gWy~X5B!tv6y4f0GN3V{{aW(y+$ z8=S+inH1D16T*-dCc{FF{>4G|9q;;Ol+f?=Dv*+9b!?aNJJf6+8(hA?SHrIhg$u0k zR)5m?%Exkp5GlPle+7W$ZQ}FW>C-1D)|DM?KLy4%|V2`Y$56Hu#xAwEB99)(7tv-DN6_M+x zB>jiQKjyv!6ScHKFDkzZGCd<6D`Tw%coy4C$o(SJM(Sts&AI{Le1E;o_SJq*%iOmb zGg_UDjUmiNL2@?p8ec4uKvJ7QI(Al-&GY+#V@|*2B`ePU&bfX!LoLrL1XFlom9ko? zL{cb&FH*x49PI5Z=8rIvNKg>egqFMc>rc4W%j1g04JfrqIWmBwZn$iY59_(o4WR zOpb@=RCwDDFcX~I{bG;yEmSS9pV29JPce!WO7X>ya)zg78H!=>|5pIpjD9^W-wSXK z$B!`p>o@{6lJ}|x>9;^evwtQEpF_lvHtE)tUldu&?fYvBkIW_+eHYqwgtlYyzrWFI}hf zC{Tk{0#8&t*KO!Sy_5Ai7^Hr>fi8+DPs~<8xxqMy{xg_5NBkX~8*YT^ae0FFfFSE- zn6Uegi}$UD(!iW=?h2~Gx%{jy`cD?78i+)!xfk-E;gCQ0Lr<5(_Mg&T+m~$E?l95s zO7&Sr5U~RG|LJ_7YYYynz*3<3Lf|>NxjXxL{j43xbz=BYc64N!Y)AX-I=4hzugk9h z+)m#Mcwfa=?ensnvFz76xF*$$IG*KZENAj~P4ti(>r4X!c}fT=xIYUS!OUvmG#in= z&fuLWmqtuT8|zDnV?hH#n#wRx>>ey^iVO@?kP}&58A}gyfH({BuN~ke`0dZ-i>2FV za`55=atZEo|L>8J@;o0P3ej1KW4IIe!jSS{UYgrZw9$5gtlq$NH<8u6$Cuj8_k zdZ)fNp6C@ce7oG~j|#=dWNTdk+jQNFN^VtMnifns{?lGnOnaU1IdpxlxSa|3b+(-^ znK7SAUwXa&C62mvcr*gi=ADh+pyQDpcLRX{{b_&xjRAtT28K)fTg1qeb_4qcogu6) z18GP1OVnL&q#9)COT^V)_Z=~Zrzwp@27WOwckK#XYVs}GYA7Zr!^Lbr{H)#&Sr%^~eY3~^MTeS0SC1;)UkD9l%o*PBsi&=3 z?#1K%K~L#I$JIi-meZw*rTEFFcy-TbrBi5K&z0QJ^k{+yJM)**Ej|J=8uzNWfE7EZ zSD6pilysM$%DwD#dcZq;oI(~Fk-xjPsu@Dw?-c!u&C|nvZZ75iJa)wSoJgIDyXV8> zr}H_xEOej28eMU0k&aDj!xIWl#*Rjgv+ON+u~%q8g&gW=bmM`~n;*#XeM&OLn=xd$$i% z(+iEe0r^|1OiXj%;_GVdnVA&6yqzFwYR&Tsb~_uh^^4&_6KB&=s++cxBnI~S~O zc2pM?c+l3+8*jmfIXRF+{0eYs6s7J7u!)rQxde|Wgl201M@Z3QVL~I`i-Ok-u?%;A zzAw`)l{`N+Wq?8{a4KV2;oR?x!g*g~8dC6oUx~fpT%SdERzjSi{v%^89g^zEbhIX; zu38nYAaQ#tD<-j#2q)822ZZLFz^v-&Ah5@Q{$hw^q;4B&2NipPXc1(Dzx**oTbXKm z!mR2PPNVuws;VhIW5^H8GqaK&sXhy9C@87g>_i_m(Nj)n#dmd1^rN820jHh zn;HMFwRzV4N%T<9F9LKaj9zV-zdVhh>4T1Nuzq4Hm5{GgPr;9&#yT!29Oi?he2UwDWfg@OJQe`gr@gzF)uWy)7Nzfv!Mz zZdm1@9jlarl_}VkU&8|)u)feY=X(qZd1$kA`_*W(S>I-5dC7iY)FIDWGr?Mvs+wtW z+c1S6%j{Jf#}$=m4{F_sQ|71*YE9T)gf$^#rIhYf7diDqz^P-sgGZih!L8&_Xc+PW z`9eXUNs)SO%AgirsEZh89n|dR-A*R%dvX%i#{J+a=yG*IyaB{4=TLzE|qzrj^v!arH3YO2*Al0sK|`}q6& z`FQ%fJ9+uLJG=S1`nY{vzdZ~b-(772$?>r1z*JDB`$lfI>|59-T6GllXr8)<(da5gr;k+KcI!GI(O15IMQ4^$FJCSUtHliyk(=uFn z5Gh+-Ib4~vz7ng3$xbV0q$Y6~09{|n@C=Do)6r1LBU9V&DhO0p<_4>^$W;T@ZknLb zSsX`;1Go9>qq**3I$C#DlXo*n)vKS$+y0qgsoj%c%PMe!11@QjCi#hl{!;MbRwRy8 z;ZC>pWi)waEXEHyOYoMmv9~5wdj<*?FXQki9tW`7cM>|DFr-rKmUXk-P!46VeOF|X_=Og=KuVqt3sOp z^GCM&pTCGUo9`#IVl_h?B-&MnQuY7*wFLo;s^nl}H(3n8CX@y%B*!GeOfAP5ir_&9 zNl54G_B-9)8DMNmPaDN*^2dx^C->*nwpZr3Iz}aH`}D(51I}T+e7q=H@&)vcFKbA@ z+m93tc^OB9eUk9{NETIGMyyLdhB#g5PU#R;KdDg-Ng+_CF=tbUM{*D(%UoS^* zAII@;vz=dnqu1BjXZU9H!&354-!>7U0Wq;YG4VDLQI1HX>-a@m{GWeaD-0}k*bV#j zAt|!b6(K2&-HEE9sWh7kNW%&nq~Vm6wa9?N!R zn)Q&I9?y0cZ8s*iS|~)j0!4O9A*`}-P%$XIv_4@3&lZ`FW{wuA0nT=ofpJ9q7M2@a z?ztCXnl`p17!cVM6J3t_lH}~83~!a1u;LQboD>I#G-4Cn?4B0f{C~(C=|lGv3F<6> zl+u69HUBX$(vjBuk6HUaW^^%aCj$VSpS}tYJTkZA?*DErL=fPw$_}=0ljFB>^IQRi z#4-*!Q(rC})4rn@Ysge2<90FQ_nez+Utdp&*BMinCc_sKvDi+%jK(WTVfJ_N&2Jl$ z28Bx1!&-}Sj@2@AO00h~1^AnBBnvZaN;b(R(&o`~kqWy4kV2kS34EaMn0F%eKh~-g z1rm99?!o28;FwB6I~3~aZ_k%NBNO`*ufMBw_C$ho#-z{&d6DSc%-R!fkSkW7Wna!i zZ;*V8RMz?U_>Noq(QfI$>t4a?N^T&E|89WQT{{P8$f~75cc0ul0eMijbSFChE$cl@ z1yu-r%DvR-R{Q>{0vRoYTe{0P<^Wf-JK}`X*;v;Z8E5F$hsZ=G=m7=@S4IRmvwbcP zwqf_t2u0mzbO=q~t@0RZ0eoY_bHdW(@upHGkHcW0gVx8@yKDnobG+_XxPj*jgSKNX zXCsx|eHH;fxGleQfVghS!)~)@jHFxY9VbW|W!Sr)o`2x)Br90vT{b>!#J|3O9}dnF zT?}af9|)v;2|Io8m)BqruQKsEn~=jL!wy#n;9%h!n}Q+Fo8*p5*0d`ZJ|7@D# zkl_GN^ub+Aa(e@1ecWo&s@Uo5N&MH4Td6+#3kPEYgNJrsphQSmKt&VOch-WsX`aNP zMhi1E(qqB`6Nrs5(1&`5DMv!%z#9_1rn#1fMP5m!#+qk;z2Hi}3c*fAPSOK)n z2m&%DN-2xQq_(C4B_Ax5+X!7E5#|_kXmbC2TVq7 zI9~34kY<(PW2I9r6MR!oLRR)gcycTlE0B50RU-w2M$EArr!?QYq1firl zkNyxELbHfl2>h4yGvn60Ec{@Q2ifQyXptnD$wRe5Q|POMmkSRlFG;q0Ea`zHb%)fU z)-WmrV74SV3P!JCxG)pgmxx6pw`X7Ye4(#`@3>yR$`bI?t`5vX)7N>FgR9pEK%yd` ztpU|#SOw%fa~S#1;8IJLvw;N&5v4mrOY`r|p0^J;F7%FJ-*`>&{*<@-e(cHX@Vt1Y zWNN?d9DA%M)=(;XIO}dYuB8*njq|Dyb$z=2Rkm zGA&rX)UHdl@?%%{2axZZE>eGSQYKhc_w+vKHFbBsH?OGezA_zaZD&qjRNnYnbk|-# z=DC49dXt6J+d^&io^l;vC(qMxYN~o4YP2*7=P53-5p$mz<6p5Muz1ku4Zky-lPE9i zoeqDfhw@PR#`d=%=1H6g(|gK)^gk(o;4O`$axFbnrII+WjB~`pz>C8>-|15Jh$84^ z>vy+onQB~nQ!!*}v_T}UdLBfB*a5GPseiDFa^MgckpExkGI^3s?EfFS#AoM#Nn-mi Il?nF$0CFhLIRF3v diff --git a/Solutions/Samsung Knox Asset Intelligence/Package/mainTemplate.json b/Solutions/Samsung Knox Asset Intelligence/Package/mainTemplate.json index 12d847e89aa..bc775f69ccf 100644 --- a/Solutions/Samsung Knox Asset Intelligence/Package/mainTemplate.json +++ b/Solutions/Samsung Knox Asset Intelligence/Package/mainTemplate.json @@ -195,7 +195,7 @@ "resourceProvider": [ { "provider": "Microsoft.OperationalInsights/workspaces", - "permissionsDisplayText": "Read and Write permissions on the Log Analytics Workspace are required to enable the Solution. You can either choose an existing Log Analytics workspace or create new. [See the documentation](https://learn.microsoft.com/en-us/azure/azure-monitor/logs/quick-create-workspace?tabs=azure-portal) to learn more about Log Analytics workspace creation.", + "permissionsDisplayText": "read and write permissions are required.", "providerDisplayName": "Workspace", "scope": "Workspace", "requiredPermissions": { @@ -203,6 +203,15 @@ "read": true, "delete": true } + }, + { + "provider": "Microsoft.OperationalInsights/workspaces/sharedKeys", + "permissionsDisplayText": "read permissions to shared keys for the workspace are required. [See the documentation to learn more about workspace keys](https://docs.microsoft.com/azure/azure-monitor/platform/agent-windows#obtain-workspace-id-and-key).", + "providerDisplayName": "Keys", + "scope": "Workspace", + "requiredPermissions": { + "action": true + } } ], "customs": [ @@ -409,7 +418,7 @@ "resourceProvider": [ { "provider": "Microsoft.OperationalInsights/workspaces", - "permissionsDisplayText": "Read and Write permissions on the Log Analytics Workspace are required to enable the Solution. You can either choose an existing Log Analytics workspace or create new. [See the documentation](https://learn.microsoft.com/en-us/azure/azure-monitor/logs/quick-create-workspace?tabs=azure-portal) to learn more about Log Analytics workspace creation.", + "permissionsDisplayText": "read and write permissions are required.", "providerDisplayName": "Workspace", "scope": "Workspace", "requiredPermissions": { @@ -417,6 +426,15 @@ "read": true, "delete": true } + }, + { + "provider": "Microsoft.OperationalInsights/workspaces/sharedKeys", + "permissionsDisplayText": "read permissions to shared keys for the workspace are required. [See the documentation to learn more about workspace keys](https://docs.microsoft.com/azure/azure-monitor/platform/agent-windows#obtain-workspace-id-and-key).", + "providerDisplayName": "Keys", + "scope": "Workspace", + "requiredPermissions": { + "action": true + } } ], "customs": [ @@ -581,17 +599,17 @@ "description": "When a Knox mobile app has transitioned from an acceptable uid/esuid/fsuid to a different, non-App id.", "displayName": "Knox Application Privilege Escalation or Change", "enabled": false, - "query": "Samsung_Knox_Process_CL | where Name == \"PROCESS_PRIVILEGE_ESCALATION\" and MitreTtp has \"T1548\"", + "query": "Samsung_Knox_Process_CL | where Name == \"PROCESS_PRIVILEGE_ESCALATION\" and MitreTtp has \"T1548\"\n", "severity": "High", "suppressionDuration": "PT1H", "suppressionEnabled": false, "status": "Available", "requiredDataConnectors": [ { + "connectorId": "SamsungDCDefinition", "dataTypes": [ "Samsung_Knox_Audit_CL" - ], - "connectorId": "SamsungDCDefinition" + ] } ], "tactics": [ @@ -604,13 +622,13 @@ "aggregationKind": "SingleAlert" }, "incidentConfiguration": { + "createIncident": true, "groupingConfiguration": { - "enabled": false, + "lookbackDuration": "5h", "matchingMethod": "AllEntities", "reopenClosedIncident": false, - "lookbackDuration": "5h" - }, - "createIncident": true + "enabled": false + } } } }, @@ -682,17 +700,17 @@ "description": "Indicates that an admin has set disabled keyguard features on a Knox device.", "displayName": "Knox Keyguard Disabled Feature Set", "enabled": false, - "query": "Samsung_Knox_Audit_CL | where Name == \"TAG_KEYGUARD_DISABLED_FEATURES_SET\" and MitreTtp has \"T1461\"", + "query": "Samsung_Knox_Audit_CL | where Name == \"TAG_KEYGUARD_DISABLED_FEATURES_SET\" and MitreTtp has \"T1461\"\n", "severity": "High", "suppressionDuration": "PT1H", "suppressionEnabled": false, "status": "Available", "requiredDataConnectors": [ { + "connectorId": "SamsungDCDefinition", "dataTypes": [ "Samsung_Knox_Audit_CL" - ], - "connectorId": "SamsungDCDefinition" + ] } ], "tactics": [ @@ -705,13 +723,13 @@ "aggregationKind": "SingleAlert" }, "incidentConfiguration": { + "createIncident": true, "groupingConfiguration": { - "enabled": false, + "lookbackDuration": "5h", "matchingMethod": "AllEntities", "reopenClosedIncident": false, - "lookbackDuration": "5h" - }, - "createIncident": true + "enabled": false + } } } }, @@ -790,10 +808,10 @@ "status": "Available", "requiredDataConnectors": [ { + "connectorId": "SamsungDCDefinition", "dataTypes": [ "Samsung_Knox_System_CL" - ], - "connectorId": "SamsungDCDefinition" + ] } ], "tactics": [ @@ -806,13 +824,13 @@ "aggregationKind": "SingleAlert" }, "incidentConfiguration": { + "createIncident": true, "groupingConfiguration": { - "enabled": false, + "lookbackDuration": "5h", "matchingMethod": "AllEntities", "reopenClosedIncident": false, - "lookbackDuration": "5h" - }, - "createIncident": true + "enabled": false + } } } }, @@ -891,10 +909,10 @@ "status": "Available", "requiredDataConnectors": [ { + "connectorId": "SamsungDCDefinition", "dataTypes": [ "Samsung_Knox_User_CL" - ], - "connectorId": "SamsungDCDefinition" + ] } ], "tactics": [ @@ -907,13 +925,13 @@ "aggregationKind": "SingleAlert" }, "incidentConfiguration": { + "createIncident": true, "groupingConfiguration": { - "enabled": false, + "lookbackDuration": "5h", "matchingMethod": "AllEntities", "reopenClosedIncident": false, - "lookbackDuration": "5h" - }, - "createIncident": true + "enabled": false + } } } }, @@ -992,23 +1010,23 @@ "status": "Available", "requiredDataConnectors": [ { + "connectorId": "SamsungDCDefinition", "dataTypes": [ "Samsung_Knox_Audit_CL" - ], - "connectorId": "SamsungDCDefinition" + ] } ], "eventGroupingSettings": { "aggregationKind": "SingleAlert" }, "incidentConfiguration": { + "createIncident": true, "groupingConfiguration": { - "enabled": false, + "lookbackDuration": "5h", "matchingMethod": "AllEntities", "reopenClosedIncident": false, - "lookbackDuration": "5h" - }, - "createIncident": true + "enabled": false + } } } }, @@ -1087,10 +1105,10 @@ "status": "Available", "requiredDataConnectors": [ { + "connectorId": "SamsungDCDefinition", "dataTypes": [ "Samsung_Knox_Audit_CL" - ], - "connectorId": "SamsungDCDefinition" + ] } ], "eventGroupingSettings": { @@ -1100,13 +1118,13 @@ "alertDynamicProperties": [] }, "incidentConfiguration": { + "createIncident": true, "groupingConfiguration": { - "enabled": false, + "lookbackDuration": "5h", "matchingMethod": "AllEntities", "reopenClosedIncident": false, - "lookbackDuration": "5h" - }, - "createIncident": true + "enabled": false + } } } }, @@ -1178,17 +1196,17 @@ "description": "When a Knox device user clicks on URLs or links detected as suspicious (potentially phishing or malicious) with a high degree of confidence.", "displayName": "Knox Suspicious URL Accessed Events", "enabled": false, - "query": "Samsung_Knox_User_CL | where Name == \"SUSPICIOUS_URL_ACCESSED\" and ConfidenceScore > 0.9", + "query": "Samsung_Knox_User_CL | where Name == \"SUSPICIOUS_URL_ACCESSED\" and ConfidenceScore > 0.9\n", "severity": "High", "suppressionDuration": "PT1H", "suppressionEnabled": false, "status": "Available", "requiredDataConnectors": [ { + "connectorId": "SamsungDCDefinition", "dataTypes": [ "Samsung_Knox_User_CL" - ], - "connectorId": "SamsungDCDefinition" + ] } ], "tactics": [ @@ -1201,13 +1219,13 @@ "aggregationKind": "SingleAlert" }, "incidentConfiguration": { + "createIncident": true, "groupingConfiguration": { - "enabled": false, + "lookbackDuration": "5h", "matchingMethod": "AllEntities", "reopenClosedIncident": false, - "lookbackDuration": "5h" - }, - "createIncident": true + "enabled": false + } } } },