Adding Watchlist template content.

Azure · Jun 8, 2021 · aaccea3 · aaccea3
1 parent 1a2f9d3
commit aaccea3
Show file tree

Hide file tree

Showing 4 changed files with 1 addition and 6 deletions.
diff --git a/Watchlists/Azure-Public-IPs/azuredeploy.json b/Watchlists/Azure-Public-IPs/azuredeploy.json
@@ -15,7 +15,6 @@
         "type": "Microsoft.OperationalInsights/workspaces/providers/Watchlists",
         "kind": "",
         "properties": {
-            "watchlistAlias": "AzurePublicIPsList",
             "displayName": "AzurePublicIPsList",
             "source": "AzurePublicIPsList.csv",
             "description": "Azure Public IPs list for reducing internet facing traffic alerts from MSFT IP Addresses",

diff --git a/Watchlists/NOBELIUM-TI/azuredeploy.json b/Watchlists/NOBELIUM-TI/azuredeploy.json
@@ -21,7 +21,6 @@
         "type": "Microsoft.OperationalInsights/workspaces/providers/Watchlists",
         "kind": "",
         "properties": {
-            "watchlistAlias": "NOBELIUMTI",
             "displayName": "NOBELIUMTI",
             "source": "NOBELIUMTI.csv",
             "description": "[parameters('watchlistdescription')]",

diff --git a/Watchlists/Templates/WatchlistTemplate.json b/Watchlists/Templates/WatchlistTemplate.json
@@ -21,7 +21,6 @@
         "type": "Microsoft.OperationalInsights/workspaces/providers/Watchlists",
         "kind": "",
         "properties": {
-            "watchlistAlias": "ReferenceTemplate",
             "displayName": "ReferenceTemplate",
             "source": "ReferenceTable.csv",
             "description": "[parameters('watchlistdescription')]",

diff --git a/Watchlists/Templates/Watchlists Template Guidance.md b/Watchlists/Templates/Watchlists Template Guidance.md
@@ -8,12 +8,10 @@ Download the json template and rename it to as "WatchlistUseCaseName.json" (no s
 
 ### Specifics
 
-The Watchlist template contains a few items that are required for it to work:
+The Watchlist template contains a two items that are required for it to work:
 
 Workspace Name: The workspace name is required so that ARM knows the workspace that Azure Sentinel is using. This is used for deploying the content and function to the workspace.
 
-Watchlist Alias: Name for the Watchlist in both Azure Sentinel and in the workspace when calling it via function. This should reflect what the Watchlist is for.
-
 SearchKey Value: Title of a column that will be used for performing lookups and joins with other tables. It is recommended to choose the a column that will be the most used for joins and lookups.
 
 ### How to fill the template