From ab16f88f69eb13cb5cce175a6a3543c3aad3496f Mon Sep 17 00:00:00 2001
From: v-rusraut <v-rusraut@microsoft.com>
Date: Mon, 23 Sep 2024 12:07:00 +0530
Subject: [PATCH 1/5] Update Anomalous Sign-in Activity.yaml

---
 .../Hunting Queries/Anomalous Sign-in Activity.yaml             | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Solutions/UEBA Essentials/Hunting Queries/Anomalous Sign-in Activity.yaml b/Solutions/UEBA Essentials/Hunting Queries/Anomalous Sign-in Activity.yaml
index a1b70b4a37..42b086ecca 100644
--- a/Solutions/UEBA Essentials/Hunting Queries/Anomalous Sign-in Activity.yaml	
+++ b/Solutions/UEBA Essentials/Hunting Queries/Anomalous Sign-in Activity.yaml	
@@ -22,7 +22,7 @@ query: |
  | where ActionType =~ "Sign-in"
  | where UsersInsights.IsNewAccount == True or UsersInsights.IsDormantAccount == True or ActivityInsights has "True"
  | join kind = inner (
- SigninLogs | where Status.errorCode == 0 or Status.errorCode == 0 and RiskDetail !~ "none"
+ SigninLogs | where  (Status.errorCode == 0 and RiskDetail !~ "none")
  ) on $left.SourceRecordId == $right._ItemId 
  | extend UserPrincipalName = iff(UserPrincipalName has "#EXT#",replace_string(tostring(split(UserPrincipalName, "#")[0]),"_","@"),UserPrincipalName),
  UserName = iff(UserName has "#EXT#",replace_string(tostring(split(UserPrincipalName, "#")[0]),"_","@"),UserName)

From ef9a68ddc07e52a7c700c6bb7acf4f0c207438d8 Mon Sep 17 00:00:00 2001
From: v-rusraut <v-rusraut@microsoft.com>
Date: Mon, 23 Sep 2024 13:54:21 +0530
Subject: [PATCH 2/5] Repackaged - UEBA Essentials

---
 .../UEBA Essentials/Data/Solution_UEBA.json   |   2 +-
 .../Anomalous Sign-in Activity.yaml           |   2 +-
 Solutions/UEBA Essentials/Package/3.0.1.zip   | Bin 0 -> 18017 bytes
 .../Package/createUiDefinition.json           |   4 +-
 .../UEBA Essentials/Package/mainTemplate.json | 859 +++++++++---------
 .../Package/testParameters.json               |  24 +
 6 files changed, 446 insertions(+), 445 deletions(-)
 create mode 100644 Solutions/UEBA Essentials/Package/3.0.1.zip
 create mode 100644 Solutions/UEBA Essentials/Package/testParameters.json

diff --git a/Solutions/UEBA Essentials/Data/Solution_UEBA.json b/Solutions/UEBA Essentials/Data/Solution_UEBA.json
index 0017e8efaa..29b84c94e0 100644
--- a/Solutions/UEBA Essentials/Data/Solution_UEBA.json	
+++ b/Solutions/UEBA Essentials/Data/Solution_UEBA.json	
@@ -30,6 +30,6 @@
   ],
   "Metadata": "SolutionMetadata.json",
   "BasePath": "C:\\GitHub\\Azure-Sentinel\\Solutions\\UEBA Essentials",
-  "Version": "2.0.1",
+  "Version": "3.0.1",
   "TemplateSpec": true
 }
\ No newline at end of file
diff --git a/Solutions/UEBA Essentials/Hunting Queries/Anomalous Sign-in Activity.yaml b/Solutions/UEBA Essentials/Hunting Queries/Anomalous Sign-in Activity.yaml
index 42b086ecca..e7515cfa20 100644
--- a/Solutions/UEBA Essentials/Hunting Queries/Anomalous Sign-in Activity.yaml	
+++ b/Solutions/UEBA Essentials/Hunting Queries/Anomalous Sign-in Activity.yaml	
@@ -47,4 +47,4 @@ entityMappings:
     fieldMappings:
       - identifier: ResourceId
         columnName: ResourceId
-version: 2.0.0
+version: 2.0.1
diff --git a/Solutions/UEBA Essentials/Package/3.0.1.zip b/Solutions/UEBA Essentials/Package/3.0.1.zip
new file mode 100644
index 0000000000000000000000000000000000000000..8569198614b7ad688da943ce2fe7b7565415f270
GIT binary patch
literal 18017
zcmY&;Q;=nWvTWP7ZQHhO+qSJ~o71*!+n%<qY1^;o+;eZl``xiVYUQd#Wo!j$U=S1l
z000O8T~l^Vrt^qXB}4##2t5D*^q*giolFf~OjRvKOwBCqEL|+^?dYtW?d>jgE@H7;
zQNQ%_t_8|y)u2c&hvk0LWTIKuCec`tYhQB-8e)R73df{p6OxmNH~hvrZG4!2BjG)X
zcTQ@0s-YFt9uz~+X2#Kj>%HFeF!THTyvDfrm={w{xSe6Vkjb9By#4CwWtwW+|1}ok
zB>dIEV1#i-v)T9#J~+5HPrz<OHth4AfVlbV#JtpqD8)soa&M8y^={PWrE%#TKASIw
z^@vI?w7))QV$7nF+|EPDm)#2@#(Y5I6au>y47%0X&VvkxB?zr|pR^6bk~Kln7m!Z!
zJ;`TU76zT1r@26X3)7jJc*6z;-Pn+r*cn~yt8og+O!nciEHQTP-jHak2?JdX17kiv
zM1idd>HE7MR3}-g=$(Kj{qPGp+v4K-v$2c4snO(5#^kDO{x^8;Nv#12VN!Xe-<N5T
z*m>h@&x#z5{}U#+JZNhWCL>}P=k%sZ-7h(1-ZUyhW5#(ghVrTd%SiQ`o+Zn`NlvrX
z760!~{HN%{)sAsJ9^@W-oQa;lsg;k^-F}`k5Q;UoL@s8}x%_?}ccq2FqsvCz2=9KU
zIbQf?j_@Y~4oqpvfX*{7Kqa$!I+VQXGFsX!<o&e(F>X6yf|HWkR+re%8g$VI0em`a
zQes+aa%Ho3s{N*wcUb#X20~Rjc!QyJb)z&V^Qa6#)25jXo2MDkpxUQEbZwMbj>N8p
zYxJQEN*Z7{NQ}VqO8BvH%7*U@4DQhfv6@~e$4s<&_UVvK36wGvVPa!oX2kh*%G@U3
zbHjKrP(%ZMH<aaO16&yZ));e<n*FjY#eQuInDUNvJWftvJ|SloyU4PpvrPHXAb6uR
z$Fa|6w;~)UB6OBM(**-u+2bn(TJUj1w)+Hn=^ch`s(pciAk@vmaeo?VR_fsEh=wjg
zXFwK_gS6J-(g4PAG5&tYu2N~+s*coxxJ9+<@z9u@gDKVLwndecH^u5k(#U&47uClC
zsHBJq)+LTqAT;vR<Ku&XE*GjU%28de>SR%?QLGY4CxsSc89G;6^e-(2$e<;ZM27zb
zx3H)%B@BvrDFy%(!k%-1tWh0w^;n*iF3Vui$`>=O@7tm)e$oxRms#EMHK*t(^!B(I
zMqX7LW*VZzzZj^Oa#SPG-Gi*|*71t_jH-T8QhdCGSC;{XeCGNL%V`>JE2qGwLa`G9
zuiKXR?HwB*={IlFp9!`LZa`P6n4^Yf-iy`FdF~2-_aLMBC(8|=eE~=@bZd5U{+Sa4
z_qi%y%U9aInr=i(zq^{T%o$U05>lys(dMP$>$ZflK}FoBx~(tT(PaM)wke${7F4s~
znnbYvZ_(`WKoXiu_&jDl+Y)47W+^mySd40c#q^b|wPJQg6B3J*C2nnoS9|^rmhK_-
zJ-O@C3+fH98H9T_WhQRQH_SH$cg>|eXiN#An!%RiR^13WIlrp3<;(=F)BF=Dl?J@L
zj9cQQcwT#q+=jemww{!Z=m`?*EC>rsKu8RF^H5MKQf<V2WXL<sSU>`Tz)lGf5bxYM
zw@|3!8yr2-0!m31R7#s=E9sD(eFXL2M|dxKZd=7*v3fgPi4v^t^qJN;`i(IV{V`cf
z5e)p@dD}!}utZ1y+WxRCq|;iSwBX%PUtbpo7Y2?OCkKZ%aAdvK&ZXq#%l(fq>=y}h
zOpdrxv6E5*J*{eGJ~T=;{WvfNsD$)$mM6Gl&`bD(znS@I3J8M{j94s8kVO~GQrPhp
z1OwYhNXwWGGQV}#l!;;^{0}K@IBg9^?rXqJRu&68SIGMG>^TOHebLq*e>hDD4;ogd
zTbe5nN46Q9eH}Q7SW`W$50B+ijEwmROtuzjCosQVOH6;Sc;fMA?Sk1xO#X3gyKE8P
z)q?Eex@Rr8MxSnvWp&g;Rh)%Xt+L3h5TGfo_z576*}wEI-K!JJ=D~}Fc5Pd&&~d`p
zkrH?MxSH1RV&1M=qr)_`$IlFyT(2F~*_oD?F8@)u4n&<g?sOA-8dW-IYY&5Tn|hSr
zqt}fx72=+HD~pgj10b&^iuP>^MFi4eBQ?jyyX|ll$-k?*_9T#SJl=J^(Qol%two0&
zg+|6zRSFx8CZ_&a4B509yk(QMnL7F}3(<``cavd8_EFDv6TMG50D3q(`W9#zAB)c<
zyb2OWep!eRA{2JtAy*Cwf}O*p9}l;_=N*^SUao6{US~k_RKam8I3Vv68o`Sl@FZOc
z#y+6>a&<Ec!Hc|qCmiG0jEpDF00#=ja2n3Opv!Ksdf+7rHwIIIbCL@*1f5g95z>P&
z;}LWDwB!+5LFq3r;r=i{(#}fSnRzGy5A#)0v8-;?`075Jqk+le*^PrMi-R`mLPG>d
z4&J;drd60tP>6a#&cORLY={))z^oAM22>8bORQK|K7u|QvUH?$EDY%UzHUUty&w~S
zT)iLOjtMCIK0FZQ1TC#k{r$-??_nQo!2`-jw9AmCG`G`442?g8N>$*8vBeTq9dNT9
zD~Qo5YM_bE%s>L62t<FB2MOQH1K>krGaJmBHzXaIMg-*t`a-vm_mrG58~#cYYY!A(
zMY18pRv@*0G<tioHq6Ou#<+OT81(i9Ca7DvT4$ls*d$wqzpx|Ly1m0#Wvz@4kO`23
z3KWVRUU|{@sv@Rb>(Z{C%@mvmCoBt;%?7D{=bEvbajulZM?R^EIiL&fRjis}p90pz
zHUnlsMpIHyyaARtYvdxiwJ#(4fE)05q8;d3fjozuQnM^JU_S-)-tAYGja1j0R(G>`
zs=gY;tL19M26#W~4s%bc=wd7Ql8Hh|=QR*`>}W44bnu9D4!*L?$dfCG2hrjVsraqO
z8}yJ-ZfoHF?C@z6?C_~KW!*{?8$1)iyjl}-*Rm0CfX*F!AgN)+5ohTM2R~+iV+R~i
zLJRxrl|vxp(dgAcXNwW`#UMDo1BDElWki|18-ZvQIeE$5qMyQZT&{1RimZ+eunwFX
zc=ZvnOB+=>1=%j*ucNEIu8V%Sk<b2tXVaSL%BdjW+|X$GQ_m)Wn7kI^pY>|btbkUa
zb$b55rvu<i^(+wEBP}#espwBx8i5ovOJZUMy%!8a8M5gc4Kz3Jy+w6*z=oAEpj)&;
z`?h4?{cR9dP!<#Op3R~sd|P7QW-_~Tp;C`>h#M<X2rn1Y^3gEos2T@}JWZLr(8L0!
z+Z)D(-5UdHp0W!qyx>y~Zf?`!@Mn~u{Vs{u^%}Oo&%xmAz;BWfWH-GO1k)oe(QN!e
zDk4epuKxD{X=ccV>2zHUa;Ax{{j;oD$3mmH1tPT5H=-vMT<jO*b}sviMW#b2VS3_W
zIav9o%pzzv7M@dN(;;d&Gr@;oa@g+vt%X~=Cuttd6BG6o0Bttv+>qh9Kfv4oXkIf&
z`E?9{)zJf(X9Gu|OOg4hdF}ipGyIh)M#D}zS7rB`l}KI8=XG>fUS$*KdpZth1GSqL
zIv6xgaw!qXf{Z<CRzT20R%Hz#)hgo9zg1|=5|1@fc6JSX*+@f!k)b-sim(X(W(zp@
zcyCCcrX3zdC|gP})7a%v%0+5)kaM*oa~a=*|GJ*TRFUsu^{wwT9yayelZ-fXh?f{1
z#;%CY9cVXV%ovjhQo&$QE)rq!DuaJ6u$;b8D2dW^{41|PW1Zp#H3Bc4+m;Wh$TPJV
zxx4Kj%_@V*{Fx60@@ge0yIUt_vi{4fgsb><K%o!DMf`wC^!(%tE@gfhos?A@E2zpB
zMZn4VoL*{OfAZ~%e0_yyZHChh^_CZSDW)7eLqYM<t*xh%c>}dZ8X0vB1~Lhf#caWB
zml;Z@m)zv=0@oT^8-IHL5@ZQ5Q{E6P=ZsU#4vqR_+cb=~RE#R#DpbLuoO}BnAh>dJ
zLMYE|z;}(KRwW@<kK^z~;5g>b2<%m-q#Jly^SJO?rdAxwOLSa0l!5h#v-`>HWXS#t
z6#QVYArDVsD@B<NT9-MwjNR!Y5tB;~U4c!cTLPAsEq`j{I}zt~@Zuse74Zn4@(mYs
zEDFsIW`?m7)~+lp;?7Gf;JVQ%zC>7m5&QfDPY-p!CPxq4UjVg$00&g4J{odl14JP_
zAaD|r<%?{6Jiq3{?xZcgQKPx2asZ^XNlQA$lPHz@7qjz#?p`(wSDAdgS4aWmU#I~i
zs63&pqRQnrrWx>RaM}!$-{=#D+~Mz~Z4bywdmHmGo!kTZ^Dx^A^JW*fvjl|*C!XvZ
z1IxgL{PDzNfc*#75c{KSFMb2$bSlqwv!RzNAipDjDWFlO=A_nOcvlD_Pg+Ddo?O9w
zr$Hh~OWP9(?W$vd=%O~=W~A<V1i21S`T5M#qJXHnQua`0v{3bOgIpTb7))r8&M|2r
zGL++77T{ba2rQ11g+jg7sOT9&MkfI?5D$lI(Hoe-U>^^;*4T7k>69{Q`4p7)x_f)s
zH2@WqoUp5e58PB=&?-8Hhr+{BC9afF<U(deTni62AXfkem%*o}5H6hmj`kN~bEa&2
zpJrE1*pdufraxJpX}<j;bf05$kFin8K*eepP4Ct`zD(BESE(8esK-qC^1PA>6b+Uz
zCR^*ZV6}v2W!sH_%WI_gJ@JQlD|3k?kC%sR{hsq6o~a~RCC{f!%LpAo9KMK)PnkJK
zO20zlm$8N#Xa7dy4evb%2WI(|6p?w7C@HISt^zIQ-xtcVA&cpac5K7*D=LZ97_zyT
zcOR3aga~yrXT<z_1zcewa{)3{v6ZA!zZxQ<Hhif8Daud8+us9&X5T?sDv@^v$bW15
zO{(`7v}z1M>gWljtz8miGL{gZ=uvFoR*Cm%ZlX+ss55Pm_!<Rr-^$E{2v54bt(yQs
zvvZVG$uO~-bIHT=Ce#@XiLc^5?1tZ#_ZHXNnxHz&9|l+)TD-rb3g1V?yXD0;cRIVh
zRxNnti}89;u~b5yOIs}`+|{e^B?UKy1UGfy>%<fr9>shwsb%sN@Zm?1^C#u088AT2
zk0!aaP+#)93N@|t&2#q>+9eh@ls^h@5L%RRUGX;Qe3tyAK}*6rD}A&|_%q0q4`((q
zG24oLXp}2BGn22l0_8d0jAUQ=Abh)pD#~%Bfwn4=W}v`vyPt0CL%>W3!;k7cT?Z}-
zciQ51u-gZE=Lyt`DH$&!)kpJli0sahsA~EaH#HAf(AAS*6;t#f@2llrxQRi}IcY+Y
zwQ=zk#B|AB)aA)w1{|b(!$UV!M600RA&viXGL;W(>AFB}E9-9-C+!tpq9pKg^VZ6R
zw-(UEUda_>;OWw?$>d@A0YUtUcp?}3Vi@-Zi|8`%nb}uar7m@Lvuj#Rkkdp5S;2m@
z&%I@s2@(q|rP>&u*k`)Z&k(_i^vL_X_z-@YUV9Fo1T{|a9IfuJK=}hxCJdv1&=|I)
zs4gKDf|VjBw*Lg;$&P*n0NkRCr0Sb!7InfR-bwAR1xkTIZH@+V6Hv1tE6UPr0CIIQ
zuWlkRhsdiXcuu3jmfd+>w$$Ef<25@*2d~2q7j8HZHPVmgpZ;2|cLfu+7+(B5Ry4vV
z*ihp4N^CmnMiuTC6_j7tsm$<zjfM<=J|(Lu<uiI7VXrIVgEWe;U}kK{*JkvR<gD@4
zj`-TDyn(XtuI+|!E$6x@o+?u@5lYO6<GOlpV*{dw&;lPNnWmwJzpEjyr|+=@B{`{O
zbp5m~U|%&(HGiw53<$Elg0GZB1xE__<iVg6>_!BoT26);_#uEkBE2Kl58hI0`eajV
zu4cCEGdm&S4GP_##V0KGSzF%o9h1Do#;pGsckb1u=Ib>_Tp&932Amc=Vy?$cKPG?C
zbE1yh4?b+q*mIqR`@WwBgrUh7i2i<bbMJLnEHAKNjx)*H#J9I<SzYxpZ_8TF-}1|L
zIa<w+JJ|&4JNWwxT;cz#VFp7Pz7Sae06-~#0DjsS09!*#I~7w~2b-TV=063@U)?k3
zjgiFf9@Te#8B1l+vlOub->zi+YNHc{qdIoJyM84~;Hdx+86Xyb3B`u(USDr8a6tr;
zuw)TFEr$vvq`9rrtFyC=uX6C0cm8kS{K8r#{~@x&)7(>wWYfim+>?{nlt##3WAU;Y
z$=M0LW{}+X2a=BTyelY6!;yigkG~tvIC>6T>{m^=$S}FziDL@Cxwuf_Zw@Gey{|PA
z!yJcl3v(zxdiTFVOhXc*t#8<S0n)~3u!kYZKRF+gIAVff43lR{7CFYhyp{A0ppJxw
zjLCFDlbyR`M;l@A!Wx7KQHCJB-Y?nFPd8XVE8?RUiDzCoR}7_)fV=`CS!qY=<r{R4
z_K|d^u1cc$iKY`7uu|nu%tGenX|T+Q+bU=1mC@qYIK0J2nERjk3@v%2eV%-gW=lrN
z&5x98E*esGl*Xh!Nq(bo;eH~STck31MRsY15sgq3Qbf%s7f}+8gP5;@-w0&p@Ay;U
z1?k7_ucaFq4DT>}085tP18-cLLwt@XU=(8#CrgX2Mda`B508htNcn_Gv-*qYiskbQ
z8Aeh_4`_Rs#1A10el3DlV8lvw^Plkh(2ZJZ7X9|mirrk*y(UE13mgsBUsD(oi@qBZ
zwZx=5S}lSQZezql<#B8CEpBk|obvfv+;zcY9Sy$w+C4n%*mwd>TG43XS}&6Ms`kN)
z6i{S@^otBXB_cZLq<K)rkWOV_$u+5c-HcdGhqs?-SaTUqUN34Vm6YgWtenLhgWc1x
z=yGe=R&lwerW^%!baZgyC8riYMpwvHW-q-#GNhe6jW_-iSwPZO^pP`WZfR(fv*qwg
zO(%I9?HN+-sX<q1*Z(266+Is<jrTPhP3lhH%}?O-ClsJ;haN_ul1CH!A&bi}L5;qg
zK$Ru@rQ_hBj|7YjXKQfC1%hm7zPy}5FK>-i(pAuO!H?IJ@3~Pcm*x?nw!q!NiHoB)
z==d+|y}4ximadp32af64>uysNb{yY+{}~Mw|BMFS#wai*vVoiG;>Eqyvz6}E5r}wZ
zvNve?1>*FgVSA(P<Omom>|e?b_-|#}6o%0!U(IJLZ>QR5$i%Cq&dtinPWAZpo|@CJ
z{oOuQR~w7KU|cKjRnr_(1X*X_V5tuEog{BlnRu7l`6E5y?e3sIY<~j4I>IsvELIt8
zv5|Kk>k2yq&D#PiIAs>PM|w7?4TFljr|F(E@2*gbdafwxin+|DRO$eeAiZOYjYpMS
zq?OY#F=Bt7;cZtR0g-&x(!FYydalU+c^qzDW^rESF9ukDn0bGqft7*}NHR!ZiFL(=
zWXH<-f9Kdb($nVi0=3LTsPOg*u#I`C`|CyJ1}r)pBE)v@g2b^f-oO3dM;DLu#D7Lk
zrmUI3Niq^{rJb8DU40A!2ns+fV6?J`B|6hHm%mD36kO=GOY_$Cd_FFU97)gjNZ0(+
zA7;(DO4<_jDZuQr7+!STo_OW@e5i+sOtMu;rTc}7(hwS&=W1|P9PO#G!WsrU97J=x
z%EgANfdexfx+IwP;6Ud9PnTLRxIDa7oJEB{$XRWa9(LWgs~p+~vY7YbSXLlRc!&x3
z$Xl_#K)0>^NM;yZ6~#Tt?i&0?Tl!cAYE4^2ub&^^t|A`@3rE5v?x><}h=8lY23z@F
zv1?)z@9Jm{S!$;+c+?aq%(K+uQw3Isg56^-1oA>95+LL{d=IH?62;-FulhS0wt?=7
z=HL(PdE4*hTi~r$+%R8>nYu49ys$h6#%7lDjX=AsK&p#<UsWe2wy}=3#$;vovLmPU
zzGs`^fVc3M3Rvk-p}de%x@F(NJA&4;8q#cvC)MfkRf3EC87H}BHi!DWW?Lh!o_&Ma
zaE5?Ou0I)o&h<wZassHTkL7=JWVh5s$&LTLo-~(haAr-OX<hNHEp`KX?TPN<@Q@ls
zi>^Mq$_R^o+A#H!ud3_+3{mwn#D$aA2u3~d>~QA!pi;gCmz(OjF)xFxRaV%bb4yXw
zv)Y>Ee}-6)+sbR9wqTW?r<oqj0fnwdEUUx1k14LyPMy(N0U|Zk?P@)j8vv6;x6WS5
z&Wm?(l)Ip&a+L-A;LO8o1g7A_4AoLul%)>fEw+{H(AZFS{hxU&xov~b=}Mb%Y3F!_
z>TAI2u(ag>q(jdPwi;vl++CMa<WSaoD!4JRO>{Rkw=A($+&QZyA(HR7Y&IwlhD%Qj
z3#{Ol(`ymq`c!q@#PcsJJCgow#Lo<Bs_t6^K5`eH9VhK5Ziyuq2Ei48WPz6k8_&%F
zSQS^44HR81wdZmpVQT2={<rkM@2GyAP0dF3exp~I90GIKJOXY0$pVy<4W(w~z%4om
zd;vV_=$>(<HmNc}uQJtErZb?Wwd&M{;bX6_t3N#~d(-R7d2XMc#O1u-^WZf7W#LA6
zU?oCzQhKsT(gRD$bJ69XjtO8%D=@}V^=M_`b3xcKe#2teO8BlqeAG=nFwdH$#YPaE
z)Y!}&;1#S|{djunYYnsKDJ-9z&_Eew@y3+tEv4f>`voH1&e@CB(^WJ&{xKR@^=xpe
zHuNw~iB*+>WNLx*4U7rJSqW6Moae&Z3L^%KGCAPIEpK=yB#-!O9}*LIZSr*MsIrx^
z%=3P5^V$IzwU>wy?o>HF<~YWq^)-*!m+`sJnT#ZQLQq=;kk>EG=#jv`T-&j+j+(u5
z1-AWO@TkRCud97da;a^FiG9-FpZ<%AS6$g@^3+-k=|-uetTeuXg`KsEYIhKA!O8A!
zq$<nPSPc`AeSn<Z_V<Qdzf@mEKsCfFHq+t4cm34VAeRgw)YZgHLljdLBFIU!IP1ii
z!x#k-Wsrb<3gCIY;qOgHz{foJjZLTr{C0MZTXq`}yFrd}uG^Y|Z`#b;p=he`^S?~A
zWSCx0Fx`@7HgX=ATLTklaG_Cpqy(@FfN$tZ9KR&QQFIX|GUzG2mJxjR-We@^gWn!S
zRhFslZBW59wQTI>r`An<H%CK!tBcC;RyU2IHMN>bA6_VaP>P!H*kNO#h!uP$f2Z$!
zi7@%Iz%9bmB*DZ$#H$@p-ysT?;|C*$Lk2U-aOj34Hx{yq^3m&e+38u$`PgYRUCP+%
zs*;;tm;RXwC2h7<t=6bmYPJ?9ZN|s`lN!X`1CN=+!X1`@W`<1@4h?DLNNPRXN38%-
z<66J5M&!?e)+2UpX`Es$>FBwPo(Tbd-T#Hwd1Afk^nNZjuwm*CL98Vm9#l%)EKx>K
zKY(WBjNTe&A=~Xly_MsImfD=^cL3(fStYBD=BB$s+g_YO7SeQnBispEY^4fPtx(ZC
z_*P<7pQ=(~aiCWYE0ZfCmPJ}Uf6oCpZZb_U_L#_?K4SQ=SJopv<vEMyF}pE!Ep_&&
zZ~fYP#g=|;^!#~{NkMI?_Lm_os`-NL%4uU^V#2;=_X1{tOP+B>KWf@VR^Jyf)AM(<
z(!@tSasH+`u{z%Y-{Z&W!SbWeR#9=LAMxxF7L17gY+m~|Zm52lZZj##wFT8R>&zAo
zPHMiZ0j5@*X$X9{=}_Z?(C^cZ=<T`)ku~KJ=FEI`pb_32#X;sKv>Dq{L(;rPyfvWN
zfH^UdAvT~j!QV0lxQ9m#5zdEO`IboAVa6jX;yoHIE6{NO&NrCu+FAGJJE4-9-H_xo
zxly%Ju9K4OFab0`SUWdT_v%8z46ke7`Tg(?o^`k=Oef>ln-uJ>SLY{#0J2Wv_dIF=
zgsm{5Fv%i##)#=qYwXkmMnjQv9M!|nB9Msv38g)V9=3RFmT?(41ZD-*n@*P8Lo!+m
z6zi~N4KrWf#$?tZ*HFv}I>XTQyk<&skLi+e88r8<V3ye@iVVnW(N6qRhk9AVgF#Bm
z98Cc@O~D~bEiIKT4Ho(+$p!8LlwR<~A@G333KHn?q>+*3RaZUI`{NrCy_uA;IrrEK
zJp6_Z#hB5cg??M{??wHn-J#AKzce9FX>{0t)b$Sg;VO$Go*G7aCiPKSse$lbJ%?IX
zkmCZ%S+vFVXr{(Z0ZduJ21$A23L%VA75RQejZ+gA=FymczSs%MAx{gcBMLb-h@}K&
zUtbA1y}qep<2?)!;&oueQgX%a6H#bFUO31Amd6HBv`fo7QH;&%W{J~M4ytyMMK^-@
zKq!D22S9j4>QhM$xZoW@w;|$BGT1iU>l>beXir$cW8xB+6xD8OopXmoYoUQRVUJm4
ze?EsrFGK90nvk@!Qw}}FD+;a%i}9K?O|4)Sx#oxmMw>8Cw8YOpY3~jSMJ~VG<|PzV
zU%nY75ETMbGI<qI_&^j%`~khMh*b~W*Ikvz#IPFC>$lKhKjgDC7_->hbi-2v;+jl~
z3CMrNSNfppyGKoMmyO16-!hwGA}K-g3IpS>yG1eE4)0$%{lMwYR^qd7Kuq2R;@#b<
zGvMe5t`mTK=YU2={8DEaY=8GOf-r(hE@~VHA-bS9kPKr-zB^$IH|;S;gopfkdiDQ(
z(+f*0M1z9I1>!2QJfnbd%TNBxFkM)j{snrO`AcEDju<6(M`vy3UK~d(Vg-Fx=*A%^
zRuP&=jk6R|xjS$U?d~Uh(--zbO>k74PT0U4*R$XTXbN&1lZSCgB@QegfaT|2`*|Q#
zd%AE>q)wVP`OM%fpQEYVP1Uz3t%H8B`3xJ7sR(S0tAf<OET#9m(2bm5R_ec8)*{he
zMO)uPJz@KCkQ(F7@iwS&JE|F&4Bn)Qesltg9_FCs3M1&Ml3d3?k;l6;ZTrnQ)^cDb
zQhZ1c@s-9-{)zXm3RJ<z)d=nEuM12L*nvV$Z`8q7ie`pt#FOC`V3^iue`j-pC~2lC
zvtTz^=X$?}EvZKAp=OYE;#ZHj>~9LH0blfDu+6Atmbl=F11cFeOSbKAdQXN82Q96>
zJro?Y)ZTa;9<Ve6|84f<p!I^_u+D)Orr5o6p2ZQhn#4D_4AUJn-(@%EyI_&IHqd^_
zQU&6&Os-vENi=riZycF~;CFJW+#_{N=pVT)018X>F-|#m|8zjAU1*IIzJ_(G)LmcR
z@rY}KfJwVo%8BNNEySZ*H<5+t&p1sw#2W$uD|p6HE^>GbH?dtF<B@B<aofFbhf9;C
z<8+@b4Yo!k3Jk~oNPe9f^u&=3`G+h$ru`Wh5u9AQ{%`Z>o#pLz0Za_0{n37&!qwR;
z^1x;-FOf??M0~pwu;mp3qLn7foE<{G>(dT4q871_dPMwTP7%Teu@I<k9K>V99Fx9z
z{IVw=C}QF?#j|+GRqrD&O^8K|IXo8O`g#pL8esz$0#T)S#6Y+}1kqDDPpUX&q5VEI
z7i1y%j`I>sZ_s?lKV&EpmVS^?`G*V*cD_h&oqXB3&@mw0I+aI6Az|F@)4riLO2o59
zg4NfJ7&T+o0E;w-ULstN-c=qIB69wLGh9P}wFfZ5+X}Nt*loS6{IQGB&8*FSpuG5=
z3tZI{{swF^4V&?2)*$H-ps0RVbOs%cX5(;R^GBCfIvZHqofqSRE&RD-oWJ$vpjJC=
zgIk1mQxRtq_NMU<)kk>$QT>XreFDwMd$Ta_!Z8l-S>yPhrOX!Y;x%BJYHu1RO>Y|R
zVOjI2SAH)A53>G<W1w}JK1_|F`!1GSoOK9%pml&=5)Ra-+W;bv8qUJY-qx`42y5n^
zI>Y);h>^!ysnh0Y&5le7n8`FD);W+x-Ht%Ljk$Bi=Sh6^q<E0~eb@m&tnF^MQHXPL
zGHZ;1Es^c1ID_da$@g7{<jyRr&PqEenXZTX%b8kTTt_^=U@l(&1eb+iA{>X|S3nRj
zS{av1NZT1|s{s}LFG}fr7r1=4gK)#t>?A$Wlan++{`s&mjHVLz*ZSY>3+>4a5E%4-
zLtr;){A9Z8+>iz@I~R2J;wn#%y;DEcpg8eZrm%iD;Yd%WZM6(qTKF|o9*wO<0QArA
z=QmasCSfVNMqGRvT;=z>UJ|T8e`(f93|VgPH){2UnbHQ2S6A}7oW*NgwqJwO4sy0#
zaR+Mg>nx-7lisOjy)6ke`Teo^va?4r*=IKUh}NLYthM@BHQzyS3Fu4jcG9=KM!>Mv
zB%iknsQ<T^7}`IJ*_VFER*kR$Yz(RkAN|<3`oD{bku*)Q0c5<P4jc}eRDF9O*!pc_
zyMn&)b>PxxA_t!o8V8zmG#w(3Nop;o-+%fa1x}u_{83=C9|eX^j!|e}O1-yRT`us_
zwcON`_zTUJ6g+wr6Pho|@Rv_RgW4!$8Nf)|LnGF9NugQ|q5OhZlrz5N#)#^HK6%(D
z`ZdcXc1OJ;RhYkx?<~I@FEeos?Q!nU!uncInyVXxY%`6V1^e8ef4U?4Pj@V&oa|L1
zF7wNSYQjsrEUf-lcVz$RPJTJ~W)MD_TJuOfc#Nv;&wE6vw&QA~Y#6KV2^**~-)8RP
zuWfNNVVm>HHRE`K7JC14TSuzaAGg)ifIO{IV;d~50N(P9CWde#DZo)R@9ggU03FET
zcuhW}@6F+Tu^wReNSI$zymZm_n5>CKvpk`n=;89(sH>Fgj3{H-zRYHiWEE}gW#aZf
zt-QN$dW`Eg{h(cO9GEY9tlg|>b2eP)nnmx?yy5w77?*}8*`~8@AZ>amCX}W&$~JeL
z&^H7jloyFWuVtV3PSnf=Fh5o5diUa!9cX&;-A_$3!w**QlZ-gpDXjF*yAsi{l&I=f
z3GB576ot|Gr8Gix$mk*TxYvnS&BfC+q1&G2>K>uiOrvPQZn5-(V2s*71e>Is!haB)
zuL!CUuk>pAUj&2Heh{pluLxg{_z!~B|A%0?6u3q)6|WX5ABYyKJSjRl{X{10r%ZtZ
z7dCWf4wF+eN;v3=&<o_aJXWVt3fi(Qx#>@`^H@Xb%DkTK3H3_Pn|x}sr>AZKt@2=A
zbWY#PmmfJ@!7u`RCE4Fu1IiuhvJ)ris66*&%FclbG78L1WC87+R|x?1Y=r*yz?Od5
z<M^_T=}Myz9R+2G?_&-Dxos)caj2{tapzo6hNA_*A7_%_>w=}p=~IvyNG^UIeGZ|S
zH)k!?EVfeS0%B9}fH(_yw;Krj6-g#)sS|(X8Okq<0mMpXgl}%b(<AJ+H-dbn9N2vL
zb;uG$-!P%=*=Fa7hv)&fr{6Uh@?P>W>p__dQ2+@G2HY}_1CVw6o{!?m+|NHIb@350
zZ-f-VoD&6%5v+c<#~F^;71?$z?K;maa&5pD`gQvrc)?jCsS9h(w^VQV!sb?9U}%J>
zUr0t=Qad=)&z^qe^=G)Ef?~BUVEL9789c{|GMOT>8cd)hGqx6kt-q&ob(KLD+M5kp
zpvE+ls-B0rE^ulgz4Ejskd~dHKL6}SVd;ojU)ffhRYpS%yi|QYz^bOyGx8ViaGgM;
zc%5+;oLYuic`VvXU`-&8wlnUu8JC;yQePPM>gv4;d}r!DNQI?m&Iv$<wPuTvGU!F-
zk<sAtZav;&A5wOiR9;7pbUR{=VEUf-sxqrb*}mm!VM#dcuqyACqRz&#381s<urV83
zMsXku)U2{(fG*vP!>=ok^WC?@i_KRfXdU-1{IZ@a2IPy>k^yCdR{}PkKlQrO%w@A>
zm(GhYD==mD23rB&m@2Hd-;M4ylL`A8Kz^vzC*m83BZHp{8&~P;PLEB*9p1RAtc}?7
zZY~fAmIV?w0B2OQald?1eVcp}dBuSeNhHUpRnHE^SE7;6B)D*NXG()bR5t>ZXf~d9
zi#Y(*!WINpRHl<n<evyL5G7iw6&30XEn1{_*VG6yMtrc+OTZRTz}}i*#vylk`=s4$
z(9&~kAcwU}jFl&qNGDr#BujH>IUA4y;CvQSY_UN2sPK}f@-StbWPu|=QKeeotYD`C
zCVGrPr(6|o18piAuB20s1+{&*g4f3txQ{zyZ6?fi58f4VRe_m7P=%EHXn^z!_`2|i
z!Lt_yj5}uQ6iUE41O?*_1@oy+e@~QvF7S}%l^lC@5Mu2yF<4{;p-2=mqgIJO%l_)9
zDCdUB%+IrB-cUg~Ur#IzFmg>2)OIZq&{h>KtU+3hq|-ah%D_MFB}u|MtS#Zi*-lVb
z|BJ_+yL+=}{>#^MK<;e>9MC7W3z4uiDvp1_W#G=KSbayz;<)n-BsP`8mNMwRO5Fl*
z#Ib3ghDV-hPlaVc@3w3y{?&a6=B4w)0kv`V<32qqj3z%Qric>OvY=gbcp&|ETJSQd
zTb@=TLog$pn#Sv7y9BMq!+xzsz89%zXh#;#+axCe@04i&>x4|>v2+^+AK&+4=l9o3
z>3icON@{4`97iwzJMdQr|2y=Dwj}aUi~2F?L??e|fI2|b)Ak{H8n#L+=~&w*(`uBb
z%PoFuo|TFjs_aMLr2i~Wx~rqHX$)@Vh1F=}AG#NcMKrBL_qLoRy~)J+LF@tarjPfL
zT0_a9g7q}K;P;STRw~E3hET_RDg(=aoPML<PhCuDlTsZzK8R`1+{tOpykpXL+!Wc^
z(>pH|PY$$S9aV3yM+==DB>Rs$+x-@xGa{Ga`jJPjuTdP5dkvnJP!hE~8|#xJzGXC}
z$~**3^Q(6lbDF8-${HfX_8oTCFPFN+(@MIN1=wfjtmlFkRvQQXPmnt=8psp82b8}3
zp(Qs2FQqYM#V~Q-LeJ>(0;K!i;vbOPfMw|>^q3DPe<OWB%w_+c>^Y(Q!I<_51CQ9_
z;>^jV9AUn9jnQC_8fN9!gelq_JtQkmB7rj~uF@M%^Ff{I>GO`>4UM=T6Ts3Jk1CY9
zaC%KOnyfE^wlzTXrgIiD_E;KjMIAC#yvvY*Qtl^ZTBgW2lCO&oBW0uO^W1v15ZRus
zH)$q}oVJ}hKE&C9y~VTS3ABT7?Jr@TcY1)Qb3{Q7#_P4@K#dgzfc+hqjj9f>&fQ9{
zL5c4LSX&73O3kKCKTf=pMT=AQT0-si0nn9<I{#H2wqS0_sWzrvf27pfz}@6lhwPC3
zq{(xS$GM?X2!@ZkRzF&OaInF33{ja)M|~HNHEJ6j0n_NcSsj%99LGHj-yGb<R!##F
z=RGFc;Rx@!DXcfMVqNse1HLA#=dZHni|z?c<fp?unms}Dq>)m%$-SL#+T1ScsoOa!
zwR2U^bcGl0z0FHE5_M-4pR~<tx31rgri_P`DDS<}MtjkcU5_+((frqcrLF1JP26Y$
z_aH|e=RB9T>-KZKXEbs$CQGKZKYJGaNz<y!Gl6cU&Ka;^W$TH9v_zlf)yz)ju{%zb
zPG3Wj_Hy{h_d_<{O)*=H7EaBhco+r;DcV?v2MM$^@BQN<|D_**NA0CU*xDaaE0}HT
z^T`kmWG`*|&%}V_$Pzf$aMtj*rLP`pKyvTLcXM*9`%6lk#V6BYZPd_On+?rjM(cZe
zMlZlw2ok(mWMpaWug`C3ALitIxo!kADWrOHG)IjYX59hiYe%`WdXcn2E5CY(tNAv?
zblyamu+!DjGih3h;-Cj2lo9#73CF~w<WFNXqf=SP)Z0?a#70lqq@P1J5^0hIAtj<V
zUS!L=?wjbI{`L*%XcRwExJ2M?{pG7z<e7T>^C;p9eXhG8gSdlV$fdUG=`w|I-gi<c
z8z$t6TeXh6;~I${qeFj1_ve$H_DHZ7yd!SWpIopmc;yV{y*G=e1Q)!s(Kwo{_DCm)
ze~z!f(Rz2|`<DBz>fzS=w%Ob0x2a$lM4ViOCt-NLNFKbG;HF+MKIRj?Hr;lwC%SIP
z{nR9nIxR!bl`!2~!K<lj2jt|EuTBl2@bcSG5+prl6_M!p997|OgD?7rK6IZ(jEdwJ
z{1lX1{0P1&2u-7sDjRtIyhWHL+cs}7Xi_CG2X=!tnS@^8ov53L;;IbCo(v9`)O;S%
z_%F8-`l(Vt7R!7s+R(V$qoCY6`(YR=K4d_}x9_11;_=C{7U$@cP_dL1qq279eIEG!
zN%j53+dHOsv_P&;8Zj{fh52!e1EUaFOH11kTqG7Yno9A30>-6KZs0Mx`{2Ma7j!nz
z{lpeD3o&_)ATg7#UNKEMCk%Oxmx`wDb8WG}t|l(^(%z%8=&kl^7sXLp__}|@Ixw!%
z=z3&*#I}6{BX=8<%pzqksMGY;g@x}dnMJEfFIsf}t#pyiI12i7=awi3fTRz9RQ~B1
z%Ajq2)CaH3J!Z^U?H_L#V>YDW1d6a70>z>$nnC8V(5-!cAq)({2eb60dinbRvF-ed
zB8=}b<j68U_UQJhyDpF%?mo|i$!H6njJ>~Nk*Z*?GWtV%dg%xmSPuexE4%e(3UXRu
zMt2_`VHiiE!n0I21o<3dM%4T0erqHLt+M-v0U}5hcgI(S`z&%=ySEwc<L0S;9wv$^
ztfkvS<Zno%fAr(R6E7W4KQ+0cq6mQ#Ll`~jz+%cVSQ>ce=Ixn3ocMUI>u+Mx%WOD^
zk$Hv4DypCIn+P*3CKDrIhD84DAM)kT{vqqS8|p#eWmqKGnG_Hs>;8{ogc}xE$5C}M
z&o9C4CM3+!W#h6#ZuOYfriGmQlBnQITD0jSc>zOPKYaAt^IO8KvvfN(7xS}_<g$S+
zX*bwyz*7Tu`;Dh!G?{H&()9ykoOaT;oeMqm_k>`g|LUofZbS@-1$fv1$s-~_oK7b3
zVWEk|L)DKl=k%aPZXt#e`7>J98w4ELpd7?<^+?p)Dv83lo$;jkCN?!YcbM>sOL)Ji
z?hXAGKUHh`MGnl^D~I}b=A&Z>e&l0WHxw;M{8+sRJ7Z_;BlZ3f%aV82FnwpeaN=sp
zKD5=@q_0-ma1{2V<!4Vo{lxHZn8kL{uP|Tg0kS@(#%hnAoe$Oh5R>LMC6)V1cvCOv
z5B@QVGH?EeQ8WJ-rP5Lyzzeo>#fbv|+he{6Vx_n*aK{sckk@7yLJ%C((g-7)S=1PT
zD1#JZm_*F_Ay!WKz>afp;~>sgJPmJFG%I<UR7x@_B(pon(Px`);BKfza%31Yz~r%c
z2rJ9qEnDJ|d?wUKq?e?XswS6rNIO_3i8N&-|IkG75rUq5od1AR(x^*}-jC!1=9^Ld
z7VEuzRZ0TYowhPTGkiL}&8ut|>Rr`uwz;4pZs!@Yxu9|RfFbNOnTiUH8KLb~Vc>4J
zM(W34*M8N}j=<wINwhUaD{j~RyLLt5!V_+gb_GxMsgIWZW;Pba%+2z)&G7i?M|c<(
z{|09qLog414ou}5+!^w{l4ktoXtP<@YX@M)|M3WHolIKI*2{>L06le6X$MXAD>rsS
zZHYBuWa$X<D~F)FZ{`~P-KK!gnit=-Vb?XD&)FOA10wRS-{7@QL?_R;;SNaQjC#i+
z5|p>Xa`&2U!wW2uucgo{D?{<9OPen}r9n-!`Q6A}MW^v1&(H6T?i|A-c!SsxsjqgN
zpi6XdK!Eb{(Eis@fuk3{VxPT;`0z&|@n$lL4wZlVgw@*(#HWbaARX_aoSeP-3KEHH
z^qzoIQby$tvh1DkI#Tgw<WuEZr1qcE_E?s3%DsDH9!K_~u%qcFxO+4zB(WRUx?o00
z?gt6>p@^Dkj%8dE%leK715S`DraSs{DI{mjIFSW1$TMtdNn$Tr)Z|?|Fnq@T8P)L9
zRSK+-Bq)KvQ7&fq`eFmq4d0*O^${-1ZwS&4#p|u!)<;Zl80E4VibDm}fz{w_O6~nP
z7>n;E46~_uVx1<$beh~xfEkMa$5`R3AI1vnt%Op7#KE*nurnPd5dN=YFdY6k#unxs
zmHO+Lhhy4EY!<rxPQ%J%R5hQTO-vWZCOv%^Adv1@5eX#ubad8}I$c{;c-Y~h*@&9-
zvMskUY2FI!S|TPpY}Xbm2LQWX$Uy6wY+{h_$x({`$_mM-#v+w3@R1-~h~GT6Kh&eX
zR5w^kO=$leNUNh`)jspVWRTf9Bi0jkcrNc%(fZR%WuDAotmaHvn@m?M4dQ76Oo=m$
z8G;CdB&3k2hc_t>&FMamz9<#-KxjM9+tBPs)nvFK15j@?1PxXR$#B-PF_sx-Og;#M
zG2t1btXYzHA}QX4IU@{G^qy5*z@9RbDa&#5@MOY``b(=CvR`ajNwdKMW)3M;y0I%P
z51H1~EU|B;b~;354e&ZdloAfs08RL)!hj8>342a%(c6?nh;PpCi;@ceTD`92(@p!c
zNYXW|S`99-E~{#{=_<lot4XdXm=N`Uu<QL3N<CfoW_<{}TdM@Sp-N)C{}syq%6~$6
zutZmTH-=!Hwj7IHZ}$Uxl*T3BkX2j+>n6R?C$+T1FWQm5O;Tu@G~K6v?jx+$`QtuY
z|J*0f22wLkw(Fn!nAs}L5ZzTm+v$CxlxW71+}k3JMnk_)%9hw8uH<D$60~Zc>i#y@
z(MJZ!$62Qtr(*h~MPr{Ap%0ZgE*xXOSv-Uzl%zc38!1^53ar%z3hY%%zQz}|xFln2
zNo(HS^aXjpDuwGh4R*d@JatF7`iu<r6Ia?6o>&3jC&{|S>8ByeNC%O^f&*=*j}Nj=
zP_~gW3M)u->LH0U;)%rU!r4zT=7=*i1KfAS`81xH4CZ_j!}T#!d{EVRuAcj&4o8AV
z`Ru4<=iTgX125UGjn-j8FtJr0v_<Kj_R>%B+;OEw=uxyO+L7QCm+Z}{Uz@Oej}zup
z%UkhRuDx^Xjrd?w*NfY3rrUQ?kN(8%jiZ&>>B^z^_j}Dt4HB<oYA(xxotA$4snfqq
zn&rs-Pj7x|PrYXo>5*=W?aP^d0H3ThItj5?!h5m6F51o4=_&a8>bm;}O(XrB_-LP^
zvyh`B1NCsXeaLn)oG&$v)`UH)7Li!?{lV^iwfp_;Ds*DQYl6R++gHauG)QhijY9|@
zx?Ma|fgpMxt`Pxuhz<DcCMOAVXMZWt^QUKbvC>YW$pt-qz{I;~Ml-@xkZIQ4F!;ml
z#zyatgqb0#iVALWftXfe&-)xfUfnZbD);u!W<4UA9stuv`1ZbyK3HQ0OErhQXE@*Q
zc>9gN$!^4BR`m@s$~hQ)^&l;#AE2_E<Y_*wnew~I-5th7g<sGHKDyv+{E}r}7D*r=
zswfZ#QeZXFhgxy*Y0YR^-d=g$q=@J2OY0=YpEd8qIJW0Tn0aFnN4YDrJ<KI=b{fdY
zf%jg1>@xPCa|k}{VC50!CsxJMFT`;84c-24tm5$d7pri3GX-!kBd-_M91CAAwV$jM
zyQrS?JXG-%ecJR<zQ2xZj0j3$_S0-?$Jz~?bnYaBJyh++J8Z?PKpwcrw1Zwc99y|T
z!3S=zb6NviH;!z0To1<jE#d}CTX?^$(w)OvDd<N297786g5*KwgN*EyVrrNmaz;<d
ztWtJO{#DN5LDUdF{*@+jh{Lr$yyP3b8HaY%b)!U}j;cLLh^xmg&P)djNOVt{E)qYl
zn~-bguY9Pw*SngMul3t<KQDKIV!-<ziXaPhejKEV2EO#MF{T%4{asY$R=tdF*)Ugi
zHR5*seC#DQ{`PiBqSHNZ0+^|%<tztg@TEhwj``pMg&*ZW+k0LU0uNLFCm#6_A87yg
zpfdEi_!p0QRA;6g5qsofa9Q^@@_*vd4W;i-BMhnEW<H?K5*JbXEr)f-I$f({PYDk@
zUJCoV{*#T+f3i`|cuTzfe9s1Muzl$LuZqY_yP@ZwznVdrJ<I#;X=f526R((HjhsLa
z!Hea(*X#2Y>!;>8{c-jS1hlYYzAp}<<Vr9^h3x2qqwm-?OetO)iK1mNBCYC2rWec8
z;K75Tpc~{%OW^VC?@>+cxRU@NadssM&wZ<m<sdt{DlDN>>@_E=+tK}EmUm6_ugX;k
zC{jXTQ-ljOB0xn`7BRg-3(<((H+?DMfL1>UOzElP(KDuD=p#0gfWtj2k}NbFBevub
zS}3b}Qc5P2G@i^1h7rN~r<9g|f0WWv$Nfkf0#DL7!Hy(`*iz@ek&-axM=8AtVk&v7
zh=XHvrMT@@+x`*VM&;e0kZWMXVYZI(mqGeip3l{3Hj9l-rhfaO(tnZ#Tg5-7NBuDU
z#6)|w&0^=Wr@y6+(TFq94%Cl7W{mY#Um!T&{p;O5)|xx)x-9YhHM8g<hm^CYO6pHh
z&N+58Rt{KFNGbEQqp!FUie{<{^1^zKr9@z5dV{>_ni7yi2}TR~1zHM^cnirEgUood
z27r_7phDRhRv_rOObTbi@oC~2NLW!N7D@%jOO5Jq1Im^`B+R(alB23R8;SO^Z2X?m
zcngfSQo0pY3zkP<i4c>ttId*8=AlO<-I<($WKCsTqVa@V9!AMU2OEjA%wi&~ek#k7
z3(1yJzCv3099#^QQyxdnfiW^pHq(|fsk&mm!kQ}S3cJpDGVbt_&00N;3>t%YlCGH~
z7_(~pv9Ko;ED8AV8QhYM`s>x+{?4_r$|vzd0BEy!;JzgrGs(0HDg|g5w3T3f%Tap8
zmG@LDk4@$kM&R{XV#y$XM=b`Dsx7!wz0F3j`aXyTrWCNQGOKbT?^?Kt7{OYLm|%BU
z{u<SziFTj~*1e@cCYFRU#_1vx33)&(K<#S1rh!*Os8y@XXh~|ZRH|)zq8zWblL;vR
z>`Mvt1`C9b3U^t$AaVL(CKw77RI&|jGFCcZiti{?`bFM4@S2M0RvOK8aOztJxNB0r
z-IP1-TJm(?Xlo%?1sE9wR7hBWBuI~luLpM|JXUGoh)b?vz6`8Oa1g;@kdW#eM~W<T
zk*Ab^?DV4xaMmspgK1U}j6^;&D$V~Dfmr!@s{dC6D*Y6J(mzF@^#2usMwc#;iIwWY
zzXh5h_I6(QG8)P!mA*1qTr31vS2**5I{Cjle2?}}7Kh-2|MhzS5C7Be`HQQ#&Bv<(
z9LoNu;LH9g_<k<uE*v4c`Me8KsI#p{_|GF8-7|CPaG5D;R5Qn*Mei>sx^wqHe0_Gm
z>N^@-b|Eb`eXG(~l<=rOvDk<oT|D6?dU2uMk(J*O7O6d@eh`D4>=C(p&+p7tTGw<_
zf`wJ;If{xEX9$6-2bQR#zFNZ{JQ1NBb~;QaH~Q^?fc&Tl^P*iWJNV-os7bK)G?}k$
zg$D;-ptC$RlY{vnIQ4f}1Cp6jIRYcHQsk02BJ?0Sqa$Q+5=I^pBjz6G#W3CzK@xs8
z!k>BrG7-9Ed{L{;8A-NIBhDzlUU9s=<sz?onr0h0&<)-(T4qlcf%vKRQ}B2l!;fLY
z5WH=2hwYn;Nw^Oj=SJI%i)zGV&*QnpXk&>nEk?_fK|8N8Tz}!)j9TdWC_>=5M@PCG
z#Ll-FH~sh0Xf$qmDr*SGEnG_fJLVSMk?gj~Ew<76_wfqD(wAFoz0DZq%6;@y*b#8n
z141<FGsT+j^4}@e8r_sywc$1*B~a_$aFnXJ*tgLgZ2KI|#sU8}c;_1)W%9uG9^*?l
zrtO+ym`GRLA*pmq;VC_#7oa7m$K&tu$|kI&7X90Q%#v@iMkAB#Y-7k=BYMg>a3_4N
z6#Hg;FyaHd1-f><gTHh2RKiLLI9Ph@?hxLJkLCDlq*h2rJj$Q4S%Y}j`a~J;Jd1`H
zdIuTW-*knTZyNJ*=@avH<Bu%n`Xi7jx(P3JtP^5DR-sLgU(KGsN|eF(upsUCY3V8L
zGszvO25vYy3XcR40?M5>?x%uF|6lJjzEreYwV{~MkPC<h^lk+GDbl4G05c98=Wn{o
zvUjEFNNIdeVC8h9Ji?dwR*|t>=45xr93?03MtL_sl~cd2@mq@d?w0kFl`xTKT4)a@
zgpO;K{;Sg-=?{ZbKV9|)1fGI-qOFK4ahKlzeudzxpL@?u{8_hce{9t^ZP_YBo0HG2
z*LM=@uO4R5RvL?^UV`l0XN!S7Ym}ef-_)qXHtUv+Ja_gt_0b}aCl=>I2H@NiGsan;
z&F_FUBQ)K_?e@GLgm=!|yY}7iQhfihJC<MM{9mbuf8X)HbUs9{h{Tw|wlxTd^3ZtO
z_qpB~W}L7@4ILpYEV~Jg&qm)dLcVvtKj=MY^*4lo?tn?-2;Sa$GBwF|b*6Rx-|XfV
zuqghUdg|L>OMl7VpGB@6)cO1W*}838b0s+H<=@zI9KONkyD9r~m_}=Fon%jLPOISy
zi9DI8%QyUT({Co&*OgCtbEEHEU_fG1-HNwAmOR%veZJVrbMY%i5#^$L-IvX+zxVFb
zNj=KxYv{9R_Jg4Lf}gG&)!37B^<9*f*Iu`Sbz2X$7tBzYc;)H}1`+<uZN7oW7i%3-
zdNMJfJ%s7x@u2L|m)0V4Lzns=sk*=Q<UaTIQd7@K;dKI=cD^{K_9dNT>dUN9?%(z|
z-8@5IX{@+kcjd9_cEz=`8}3av^SaqSC*ftHr)S~KZ4<T!dC8Z_X9+Sd;fc_WvTJPO
zT;!1H=hnUO$GqIQq=hd`HaV9ceYrk0@L0LgLxWxy#menlgs<Hf&^^D>N^)P$CM}J<
z(=+8B&lcvKl%oEr?3A8c{+i^-IyJG`i_Qo|JzH|fxv|malHIXY&zt5kd3`;|G*Qf&
zJ<Rt{t<#g%B(C1Jf2Q8A0$fugf3nE4muW5C)#1Nk#r%Y(yZd6)#P#29pQ#ZoBHO0Y
z-t#KV<W}3$M{@Vy6fJO{uz`2)?IWuv*{#37s(X>#%_+HEbCl#uW=(CXviLJ=O~{Xo
zPF*GU$SvoBUiROz+jdgxaFK@HL;lZF%BDYSe(vbhtXQ;->+;Wq73+)AlVkY=Pj1+C
zaOGUX&bD;_^JVtW;&filIHmuhmH$RYkmya${LQ|a-*#KQ?AiZk_bsEy{TqG+_&j^P
zF6Fx6mx;^vt=sQg>l6R=9sh0~!?GQv3+>Fs3yajdYAzOd%jLDNDqpHG&Fo0|mR<cz
zOOJ7vzD+O9jrg-`H|Ms(kb8^&-c0!`?Hze3e4pK(Ey|m0O?Ik&eVb>v`U>-_D}Gbu
z*1JV>9b03^ztXRI>rJhm!0E?V99<mpNO5P?o~oRKfhz@0mn3rNvd&bQb!qFt+x_8l
zn=<Ede{(bGt1nQwt#_iRNA0nC%<O4bHt^pw;4XDA|5IR*_v_1y>Y%nc2E{9v*(E$%
zI!$v{TK~+>i*tWARGvwavrd$oZP;IXz$Veqe~y9wnHlPK3G+71SnfAtdD@v^d4uy2
zXN=X)7#lyE$v@+{&a<7u&vr_FzQcaz&%dnaelup~TAr^x!1HI)<%C;72jol*tVJh8
z@)vxcVCZgk?4qIm4~Y*gJa;4{4W{tyd605ovQa^D>VXSJADX5!`ky(_JCo7*>;djP
zHXBQ3^D;IbTW0+qk{?)j??^})i16-tka1wLNkMYvfeR)dnwB&AUpdgblF|9<0q%8a
z`%O1(%kAHtF8=j@|LwZn61lgf%I}{Gl6$Z%ZcotdZO89!KDU;A$J*ryS+~FKs7}kS
zZn$k#?+TKb{Oa1lyEadXCO(OJH~(tIpQ*E~mIXU6Z@wJ4d6DDXrvfF1&i6X}eD|gQ
z+1jd2{hE(tQ%#D`POy`|kkeG<s`9bxm~mXWt$4`IWl0Je#>}hL*F9a3cUsc-%hmnX
z<~E_TUO$}Kys6;nOb6Aut0l9~&wqH|KERuiNrVCSK`y{eL=21!3Lpvya2)G`ZV37|
fB#>5!A??6jNf?`w0=!w-KuVZ^umwmTcLnhP9K+_Q

literal 0
HcmV?d00001

diff --git a/Solutions/UEBA Essentials/Package/createUiDefinition.json b/Solutions/UEBA Essentials/Package/createUiDefinition.json
index 717163e7dc..2dabeb26a3 100644
--- a/Solutions/UEBA Essentials/Package/createUiDefinition.json	
+++ b/Solutions/UEBA Essentials/Package/createUiDefinition.json	
@@ -6,7 +6,7 @@
     "config": {
       "isWizard": false,
       "basics": {
-        "description": "<img src=\"https://raw.githubusercontent.com/Azure/Azure-Sentinel/master/Logos/Azure_Sentinel.svg\"width=\"75px\"height=\"75px\">\n\n**Note:** Please refer to the following before installing the solution: \r \n • Review the solution [Release Notes](https://github.com/Azure/Azure-Sentinel/blob/master/Solutions/UEBA%20Essentials/ReleaseNotes.md)\r \n • There may be [known issues](https://aka.ms/sentinelsolutionsknownissues) pertaining to this Solution, please refer to them before installing.\n\nThe Microsoft Sentinel UEBA content package will provide you with various queries based on UEBA tables, that allows you to hunt for tailored threat scenarios. You'll be able to investigate and search for anomalous activities over UEBA's enriched data, and get inspired to customize queries according to your own use-cases.\n\n**Important :** Some of the queries that are part of this solution, make use of [Built-in Watchlist Templates](https://docs.microsoft.com/azure/sentinel/watchlist-schemas) and will not work unless the corresponding watchlist is created. Other queries may requires changes to match your environment details.\n\n**Hunting Queries:** 23\n\n[Learn more about Microsoft Sentinel](https://aka.ms/azuresentinel) | [Learn more about Solutions](https://aka.ms/azuresentinelsolutionsdoc)",
+        "description": "<img src=\"https://raw.githubusercontent.com/Azure/Azure-Sentinel/master/Logos/Azure_Sentinel.svg\"width=\"75px\"height=\"75px\">\n\n**Note:** Please refer to the following before installing the solution: \n\n• Review the solution [Release Notes](https://github.com/Azure/Azure-Sentinel/tree/master/Solutions/UEBA%20Essentials/ReleaseNotes.md)\n\n • There may be [known issues](https://aka.ms/sentinelsolutionsknownissues) pertaining to this Solution, please refer to them before installing.\n\nThe Sentinel UEBA content package will provide you with various queries based on UEBA tables, that allows you to hunt for tailored threat scenarios. You'll be able to investigate and search for anomalous activities over UEBA's enriched data, and get inspired to customize queries according to your own use-cases.\n\n**Important :** Some of the queries that are part of this solution, make use of [Built-in Watchlist Templates](https://docs.microsoft.com/azure/sentinel/watchlist-schemas) and will not work unless the corresponding watchlist is created. Other queries may requires changes to match your environment details.\n\n**Hunting Queries:** 23\n\n[Learn more about Microsoft Sentinel](https://aka.ms/azuresentinel) | [Learn more about Solutions](https://aka.ms/azuresentinelsolutionsdoc)",
         "subscription": {
           "resourceProviders": [
             "Microsoft.OperationsManagement/solutions",
@@ -152,7 +152,7 @@
                 "name": "huntingquery6-text",
                 "type": "Microsoft.Common.TextBlock",
                 "options": {
-                  "text": "Account created in the last 7 days that is added to administrators group This hunting query depends on IdentityInfo data connector (IdentityInfo Parser or Table)"
+                  "text": "Account created in the last 7 days that is added to administrators group This hunting query depends on BehaviorAnalytics data connector (IdentityInfo Parser or Table)"
                 }
               }
             ]
diff --git a/Solutions/UEBA Essentials/Package/mainTemplate.json b/Solutions/UEBA Essentials/Package/mainTemplate.json
index a60a41e2ec..efc5a851f5 100644
--- a/Solutions/UEBA Essentials/Package/mainTemplate.json	
+++ b/Solutions/UEBA Essentials/Package/mainTemplate.json	
@@ -33,163 +33,140 @@
     "email": "support@microsoft.com",
     "_email": "[variables('email')]",
     "_solutionName": "UEBA Essentials",
-    "_solutionVersion": "3.0.0",
+    "_solutionVersion": "3.0.1",
     "solutionId": "azuresentinel.azure-sentinel-solution-uebaessentials",
     "_solutionId": "[variables('solutionId')]",
-    "huntingQueryVersion1": "1.0.0",
-    "huntingQuerycontentId1": "028ac38c-f5a4-483b-a58a-aa83d500bf27",
-    "_huntingQuerycontentId1": "[variables('huntingQuerycontentId1')]",
-    "huntingQueryId1": "[resourceId('Microsoft.OperationalInsights/savedSearches', variables('_huntingQuerycontentId1'))]",
-    "huntingQueryTemplateSpecName1": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat(parameters('workspace'),'-hq-',uniquestring(variables('_huntingQuerycontentId1'))))]",
-    "_huntingQuerycontentProductId1": "[concat(take(variables('_solutionId'),50),'-','hq','-', uniqueString(concat(variables('_solutionId'),'-','HuntingQuery','-',variables('_huntingQuerycontentId1'),'-', variables('huntingQueryVersion1'))))]",
-    "huntingQueryVersion2": "2.0.0",
-    "huntingQuerycontentId2": "9ba2b304-7767-4d54-b03c-b0161ae87cc7",
-    "_huntingQuerycontentId2": "[variables('huntingQuerycontentId2')]",
-    "huntingQueryId2": "[resourceId('Microsoft.OperationalInsights/savedSearches', variables('_huntingQuerycontentId2'))]",
-    "huntingQueryTemplateSpecName2": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat(parameters('workspace'),'-hq-',uniquestring(variables('_huntingQuerycontentId2'))))]",
-    "_huntingQuerycontentProductId2": "[concat(take(variables('_solutionId'),50),'-','hq','-', uniqueString(concat(variables('_solutionId'),'-','HuntingQuery','-',variables('_huntingQuerycontentId2'),'-', variables('huntingQueryVersion2'))))]",
-    "huntingQueryVersion3": "2.0.0",
-    "huntingQuerycontentId3": "7c303408-f913-42f8-8d7b-9eb64a229c4d",
-    "_huntingQuerycontentId3": "[variables('huntingQuerycontentId3')]",
-    "huntingQueryId3": "[resourceId('Microsoft.OperationalInsights/savedSearches', variables('_huntingQuerycontentId3'))]",
-    "huntingQueryTemplateSpecName3": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat(parameters('workspace'),'-hq-',uniquestring(variables('_huntingQuerycontentId3'))))]",
-    "_huntingQuerycontentProductId3": "[concat(take(variables('_solutionId'),50),'-','hq','-', uniqueString(concat(variables('_solutionId'),'-','HuntingQuery','-',variables('_huntingQuerycontentId3'),'-', variables('huntingQueryVersion3'))))]",
-    "huntingQueryVersion4": "2.0.0",
-    "huntingQuerycontentId4": "741fdf32-e002-4577-ac9b-839fb49f128e",
-    "_huntingQuerycontentId4": "[variables('huntingQuerycontentId4')]",
-    "huntingQueryId4": "[resourceId('Microsoft.OperationalInsights/savedSearches', variables('_huntingQuerycontentId4'))]",
-    "huntingQueryTemplateSpecName4": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat(parameters('workspace'),'-hq-',uniquestring(variables('_huntingQuerycontentId4'))))]",
-    "_huntingQuerycontentProductId4": "[concat(take(variables('_solutionId'),50),'-','hq','-', uniqueString(concat(variables('_solutionId'),'-','HuntingQuery','-',variables('_huntingQuerycontentId4'),'-', variables('huntingQueryVersion4'))))]",
-    "huntingQueryVersion5": "2.0.0",
-    "huntingQuerycontentId5": "c3b09dd3-ee50-41ae-b863-8603620e5f48",
-    "_huntingQuerycontentId5": "[variables('huntingQuerycontentId5')]",
-    "huntingQueryId5": "[resourceId('Microsoft.OperationalInsights/savedSearches', variables('_huntingQuerycontentId5'))]",
-    "huntingQueryTemplateSpecName5": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat(parameters('workspace'),'-hq-',uniquestring(variables('_huntingQuerycontentId5'))))]",
-    "_huntingQuerycontentProductId5": "[concat(take(variables('_solutionId'),50),'-','hq','-', uniqueString(concat(variables('_solutionId'),'-','HuntingQuery','-',variables('_huntingQuerycontentId5'),'-', variables('huntingQueryVersion5'))))]",
-    "huntingQueryVersion6": "2.0.0",
-    "huntingQuerycontentId6": "8a255821-844a-4b6a-a529-0fdaff23219b",
-    "_huntingQuerycontentId6": "[variables('huntingQuerycontentId6')]",
-    "huntingQueryId6": "[resourceId('Microsoft.OperationalInsights/savedSearches', variables('_huntingQuerycontentId6'))]",
-    "huntingQueryTemplateSpecName6": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat(parameters('workspace'),'-hq-',uniquestring(variables('_huntingQuerycontentId6'))))]",
-    "_huntingQuerycontentProductId6": "[concat(take(variables('_solutionId'),50),'-','hq','-', uniqueString(concat(variables('_solutionId'),'-','HuntingQuery','-',variables('_huntingQuerycontentId6'),'-', variables('huntingQueryVersion6'))))]",
-    "huntingQueryVersion7": "2.0.0",
-    "huntingQuerycontentId7": "f0ad3b3f-72ac-48b1-9f01-ad408b3af88e",
-    "_huntingQuerycontentId7": "[variables('huntingQuerycontentId7')]",
-    "huntingQueryId7": "[resourceId('Microsoft.OperationalInsights/savedSearches', variables('_huntingQuerycontentId7'))]",
-    "huntingQueryTemplateSpecName7": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat(parameters('workspace'),'-hq-',uniquestring(variables('_huntingQuerycontentId7'))))]",
-    "_huntingQuerycontentProductId7": "[concat(take(variables('_solutionId'),50),'-','hq','-', uniqueString(concat(variables('_solutionId'),'-','HuntingQuery','-',variables('_huntingQuerycontentId7'),'-', variables('huntingQueryVersion7'))))]",
-    "huntingQueryVersion8": "2.0.0",
-    "huntingQuerycontentId8": "e091e85d-4376-48cd-9bff-4beaa2ed4280",
-    "_huntingQuerycontentId8": "[variables('huntingQuerycontentId8')]",
-    "huntingQueryId8": "[resourceId('Microsoft.OperationalInsights/savedSearches', variables('_huntingQuerycontentId8'))]",
-    "huntingQueryTemplateSpecName8": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat(parameters('workspace'),'-hq-',uniquestring(variables('_huntingQuerycontentId8'))))]",
-    "_huntingQuerycontentProductId8": "[concat(take(variables('_solutionId'),50),'-','hq','-', uniqueString(concat(variables('_solutionId'),'-','HuntingQuery','-',variables('_huntingQuerycontentId8'),'-', variables('huntingQueryVersion8'))))]",
-    "huntingQueryVersion9": "2.0.0",
-    "huntingQuerycontentId9": "202ee40b-e6d8-4968-9a79-cf24c5c09db9",
-    "_huntingQuerycontentId9": "[variables('huntingQuerycontentId9')]",
-    "huntingQueryId9": "[resourceId('Microsoft.OperationalInsights/savedSearches', variables('_huntingQuerycontentId9'))]",
-    "huntingQueryTemplateSpecName9": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat(parameters('workspace'),'-hq-',uniquestring(variables('_huntingQuerycontentId9'))))]",
-    "_huntingQuerycontentProductId9": "[concat(take(variables('_solutionId'),50),'-','hq','-', uniqueString(concat(variables('_solutionId'),'-','HuntingQuery','-',variables('_huntingQuerycontentId9'),'-', variables('huntingQueryVersion9'))))]",
-    "huntingQueryVersion10": "1.0.0",
-    "huntingQuerycontentId10": "8741deeb-332e-4061-8873-5086040920e3",
-    "_huntingQuerycontentId10": "[variables('huntingQuerycontentId10')]",
-    "huntingQueryId10": "[resourceId('Microsoft.OperationalInsights/savedSearches', variables('_huntingQuerycontentId10'))]",
-    "huntingQueryTemplateSpecName10": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat(parameters('workspace'),'-hq-',uniquestring(variables('_huntingQuerycontentId10'))))]",
-    "_huntingQuerycontentProductId10": "[concat(take(variables('_solutionId'),50),'-','hq','-', uniqueString(concat(variables('_solutionId'),'-','HuntingQuery','-',variables('_huntingQuerycontentId10'),'-', variables('huntingQueryVersion10'))))]",
-    "huntingQueryVersion11": "2.0.0",
-    "huntingQuerycontentId11": "0454c8d8-d0a6-42a4-8d03-f5b4fdcbd173",
-    "_huntingQuerycontentId11": "[variables('huntingQuerycontentId11')]",
-    "huntingQueryId11": "[resourceId('Microsoft.OperationalInsights/savedSearches', variables('_huntingQuerycontentId11'))]",
-    "huntingQueryTemplateSpecName11": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat(parameters('workspace'),'-hq-',uniquestring(variables('_huntingQuerycontentId11'))))]",
-    "_huntingQuerycontentProductId11": "[concat(take(variables('_solutionId'),50),'-','hq','-', uniqueString(concat(variables('_solutionId'),'-','HuntingQuery','-',variables('_huntingQuerycontentId11'),'-', variables('huntingQueryVersion11'))))]",
-    "huntingQueryVersion12": "2.0.0",
-    "huntingQuerycontentId12": "bd6fda76-c0df-41b0-b8cd-808190e1ded0",
-    "_huntingQuerycontentId12": "[variables('huntingQuerycontentId12')]",
-    "huntingQueryId12": "[resourceId('Microsoft.OperationalInsights/savedSearches', variables('_huntingQuerycontentId12'))]",
-    "huntingQueryTemplateSpecName12": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat(parameters('workspace'),'-hq-',uniquestring(variables('_huntingQuerycontentId12'))))]",
-    "_huntingQuerycontentProductId12": "[concat(take(variables('_solutionId'),50),'-','hq','-', uniqueString(concat(variables('_solutionId'),'-','HuntingQuery','-',variables('_huntingQuerycontentId12'),'-', variables('huntingQueryVersion12'))))]",
-    "huntingQueryVersion13": "2.0.0",
-    "huntingQuerycontentId13": "f8ab176c-1f3f-4cb5-8dc1-f50d30bcae0d",
-    "_huntingQuerycontentId13": "[variables('huntingQuerycontentId13')]",
-    "huntingQueryId13": "[resourceId('Microsoft.OperationalInsights/savedSearches', variables('_huntingQuerycontentId13'))]",
-    "huntingQueryTemplateSpecName13": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat(parameters('workspace'),'-hq-',uniquestring(variables('_huntingQuerycontentId13'))))]",
-    "_huntingQuerycontentProductId13": "[concat(take(variables('_solutionId'),50),'-','hq','-', uniqueString(concat(variables('_solutionId'),'-','HuntingQuery','-',variables('_huntingQuerycontentId13'),'-', variables('huntingQueryVersion13'))))]",
-    "huntingQueryVersion14": "2.0.0",
-    "huntingQuerycontentId14": "8cf3c78e-cd10-4bfb-bd69-d62dc7f375f1",
-    "_huntingQuerycontentId14": "[variables('huntingQuerycontentId14')]",
-    "huntingQueryId14": "[resourceId('Microsoft.OperationalInsights/savedSearches', variables('_huntingQuerycontentId14'))]",
-    "huntingQueryTemplateSpecName14": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat(parameters('workspace'),'-hq-',uniquestring(variables('_huntingQuerycontentId14'))))]",
-    "_huntingQuerycontentProductId14": "[concat(take(variables('_solutionId'),50),'-','hq','-', uniqueString(concat(variables('_solutionId'),'-','HuntingQuery','-',variables('_huntingQuerycontentId14'),'-', variables('huntingQueryVersion14'))))]",
-    "huntingQueryVersion15": "2.0.0",
-    "huntingQuerycontentId15": "fcb704ae-ac17-400a-9ed9-3c46bd0a3960",
-    "_huntingQuerycontentId15": "[variables('huntingQuerycontentId15')]",
-    "huntingQueryId15": "[resourceId('Microsoft.OperationalInsights/savedSearches', variables('_huntingQuerycontentId15'))]",
-    "huntingQueryTemplateSpecName15": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat(parameters('workspace'),'-hq-',uniquestring(variables('_huntingQuerycontentId15'))))]",
-    "_huntingQuerycontentProductId15": "[concat(take(variables('_solutionId'),50),'-','hq','-', uniqueString(concat(variables('_solutionId'),'-','HuntingQuery','-',variables('_huntingQuerycontentId15'),'-', variables('huntingQueryVersion15'))))]",
-    "huntingQueryVersion16": "2.0.0",
-    "huntingQuerycontentId16": "77a58c08-bc8e-48b3-8fe9-6c38fd011cd9",
-    "_huntingQuerycontentId16": "[variables('huntingQuerycontentId16')]",
-    "huntingQueryId16": "[resourceId('Microsoft.OperationalInsights/savedSearches', variables('_huntingQuerycontentId16'))]",
-    "huntingQueryTemplateSpecName16": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat(parameters('workspace'),'-hq-',uniquestring(variables('_huntingQuerycontentId16'))))]",
-    "_huntingQuerycontentProductId16": "[concat(take(variables('_solutionId'),50),'-','hq','-', uniqueString(concat(variables('_solutionId'),'-','HuntingQuery','-',variables('_huntingQuerycontentId16'),'-', variables('huntingQueryVersion16'))))]",
-    "huntingQueryVersion17": "2.0.0",
-    "huntingQuerycontentId17": "2e20ec77-8d50-4959-a70d-79c341ee2c37",
-    "_huntingQuerycontentId17": "[variables('huntingQuerycontentId17')]",
-    "huntingQueryId17": "[resourceId('Microsoft.OperationalInsights/savedSearches', variables('_huntingQuerycontentId17'))]",
-    "huntingQueryTemplateSpecName17": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat(parameters('workspace'),'-hq-',uniquestring(variables('_huntingQuerycontentId17'))))]",
-    "_huntingQuerycontentProductId17": "[concat(take(variables('_solutionId'),50),'-','hq','-', uniqueString(concat(variables('_solutionId'),'-','HuntingQuery','-',variables('_huntingQuerycontentId17'),'-', variables('huntingQueryVersion17'))))]",
-    "huntingQueryVersion18": "2.0.0",
-    "huntingQuerycontentId18": "eeea7fb9-21cf-4023-91dc-3f55d7548d14",
-    "_huntingQuerycontentId18": "[variables('huntingQuerycontentId18')]",
-    "huntingQueryId18": "[resourceId('Microsoft.OperationalInsights/savedSearches', variables('_huntingQuerycontentId18'))]",
-    "huntingQueryTemplateSpecName18": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat(parameters('workspace'),'-hq-',uniquestring(variables('_huntingQuerycontentId18'))))]",
-    "_huntingQuerycontentProductId18": "[concat(take(variables('_solutionId'),50),'-','hq','-', uniqueString(concat(variables('_solutionId'),'-','HuntingQuery','-',variables('_huntingQuerycontentId18'),'-', variables('huntingQueryVersion18'))))]",
-    "huntingQueryVersion19": "2.0.0",
-    "huntingQuerycontentId19": "22b0262c-b6b5-4f15-82a4-93663e9965d7",
-    "_huntingQuerycontentId19": "[variables('huntingQuerycontentId19')]",
-    "huntingQueryId19": "[resourceId('Microsoft.OperationalInsights/savedSearches', variables('_huntingQuerycontentId19'))]",
-    "huntingQueryTemplateSpecName19": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat(parameters('workspace'),'-hq-',uniquestring(variables('_huntingQuerycontentId19'))))]",
-    "_huntingQuerycontentProductId19": "[concat(take(variables('_solutionId'),50),'-','hq','-', uniqueString(concat(variables('_solutionId'),'-','HuntingQuery','-',variables('_huntingQuerycontentId19'),'-', variables('huntingQueryVersion19'))))]",
-    "huntingQueryVersion20": "2.0.0",
-    "huntingQuerycontentId20": "c01d95d3-ee85-4e7f-9aed-e62356f1de76",
-    "_huntingQuerycontentId20": "[variables('huntingQuerycontentId20')]",
-    "huntingQueryId20": "[resourceId('Microsoft.OperationalInsights/savedSearches', variables('_huntingQuerycontentId20'))]",
-    "huntingQueryTemplateSpecName20": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat(parameters('workspace'),'-hq-',uniquestring(variables('_huntingQuerycontentId20'))))]",
-    "_huntingQuerycontentProductId20": "[concat(take(variables('_solutionId'),50),'-','hq','-', uniqueString(concat(variables('_solutionId'),'-','HuntingQuery','-',variables('_huntingQuerycontentId20'),'-', variables('huntingQueryVersion20'))))]",
-    "huntingQueryVersion21": "2.0.0",
-    "huntingQuerycontentId21": "782f3bad-31f7-468f-8f58-3b74fc931914",
-    "_huntingQuerycontentId21": "[variables('huntingQuerycontentId21')]",
-    "huntingQueryId21": "[resourceId('Microsoft.OperationalInsights/savedSearches', variables('_huntingQuerycontentId21'))]",
-    "huntingQueryTemplateSpecName21": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat(parameters('workspace'),'-hq-',uniquestring(variables('_huntingQuerycontentId21'))))]",
-    "_huntingQuerycontentProductId21": "[concat(take(variables('_solutionId'),50),'-','hq','-', uniqueString(concat(variables('_solutionId'),'-','HuntingQuery','-',variables('_huntingQuerycontentId21'),'-', variables('huntingQueryVersion21'))))]",
-    "huntingQueryVersion22": "2.0.0",
-    "huntingQuerycontentId22": "5aa5083c-1de6-42bb-a128-2ec2aba1de39",
-    "_huntingQuerycontentId22": "[variables('huntingQuerycontentId22')]",
-    "huntingQueryId22": "[resourceId('Microsoft.OperationalInsights/savedSearches', variables('_huntingQuerycontentId22'))]",
-    "huntingQueryTemplateSpecName22": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat(parameters('workspace'),'-hq-',uniquestring(variables('_huntingQuerycontentId22'))))]",
-    "_huntingQuerycontentProductId22": "[concat(take(variables('_solutionId'),50),'-','hq','-', uniqueString(concat(variables('_solutionId'),'-','HuntingQuery','-',variables('_huntingQuerycontentId22'),'-', variables('huntingQueryVersion22'))))]",
-    "huntingQueryVersion23": "2.0.0",
-    "huntingQuerycontentId23": "bb3bb9da-9598-4d1f-af78-7cc2fd413b0b",
-    "_huntingQuerycontentId23": "[variables('huntingQuerycontentId23')]",
-    "huntingQueryId23": "[resourceId('Microsoft.OperationalInsights/savedSearches', variables('_huntingQuerycontentId23'))]",
-    "huntingQueryTemplateSpecName23": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat(parameters('workspace'),'-hq-',uniquestring(variables('_huntingQuerycontentId23'))))]",
-    "_huntingQuerycontentProductId23": "[concat(take(variables('_solutionId'),50),'-','hq','-', uniqueString(concat(variables('_solutionId'),'-','HuntingQuery','-',variables('_huntingQuerycontentId23'),'-', variables('huntingQueryVersion23'))))]",
+    "huntingQueryObject1": {
+      "huntingQueryVersion1": "1.0.0",
+      "_huntingQuerycontentId1": "028ac38c-f5a4-483b-a58a-aa83d500bf27",
+      "huntingQueryTemplateSpecName1": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat(parameters('workspace'),'-hq-',uniquestring('028ac38c-f5a4-483b-a58a-aa83d500bf27')))]"
+    },
+    "huntingQueryObject2": {
+      "huntingQueryVersion2": "2.0.0",
+      "_huntingQuerycontentId2": "9ba2b304-7767-4d54-b03c-b0161ae87cc7",
+      "huntingQueryTemplateSpecName2": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat(parameters('workspace'),'-hq-',uniquestring('9ba2b304-7767-4d54-b03c-b0161ae87cc7')))]"
+    },
+    "huntingQueryObject3": {
+      "huntingQueryVersion3": "2.0.0",
+      "_huntingQuerycontentId3": "7c303408-f913-42f8-8d7b-9eb64a229c4d",
+      "huntingQueryTemplateSpecName3": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat(parameters('workspace'),'-hq-',uniquestring('7c303408-f913-42f8-8d7b-9eb64a229c4d')))]"
+    },
+    "huntingQueryObject4": {
+      "huntingQueryVersion4": "2.0.0",
+      "_huntingQuerycontentId4": "741fdf32-e002-4577-ac9b-839fb49f128e",
+      "huntingQueryTemplateSpecName4": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat(parameters('workspace'),'-hq-',uniquestring('741fdf32-e002-4577-ac9b-839fb49f128e')))]"
+    },
+    "huntingQueryObject5": {
+      "huntingQueryVersion5": "2.0.0",
+      "_huntingQuerycontentId5": "c3b09dd3-ee50-41ae-b863-8603620e5f48",
+      "huntingQueryTemplateSpecName5": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat(parameters('workspace'),'-hq-',uniquestring('c3b09dd3-ee50-41ae-b863-8603620e5f48')))]"
+    },
+    "huntingQueryObject6": {
+      "huntingQueryVersion6": "2.0.1",
+      "_huntingQuerycontentId6": "8a255821-844a-4b6a-a529-0fdaff23219b",
+      "huntingQueryTemplateSpecName6": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat(parameters('workspace'),'-hq-',uniquestring('8a255821-844a-4b6a-a529-0fdaff23219b')))]"
+    },
+    "huntingQueryObject7": {
+      "huntingQueryVersion7": "2.0.0",
+      "_huntingQuerycontentId7": "f0ad3b3f-72ac-48b1-9f01-ad408b3af88e",
+      "huntingQueryTemplateSpecName7": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat(parameters('workspace'),'-hq-',uniquestring('f0ad3b3f-72ac-48b1-9f01-ad408b3af88e')))]"
+    },
+    "huntingQueryObject8": {
+      "huntingQueryVersion8": "2.0.0",
+      "_huntingQuerycontentId8": "e091e85d-4376-48cd-9bff-4beaa2ed4280",
+      "huntingQueryTemplateSpecName8": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat(parameters('workspace'),'-hq-',uniquestring('e091e85d-4376-48cd-9bff-4beaa2ed4280')))]"
+    },
+    "huntingQueryObject9": {
+      "huntingQueryVersion9": "2.0.0",
+      "_huntingQuerycontentId9": "202ee40b-e6d8-4968-9a79-cf24c5c09db9",
+      "huntingQueryTemplateSpecName9": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat(parameters('workspace'),'-hq-',uniquestring('202ee40b-e6d8-4968-9a79-cf24c5c09db9')))]"
+    },
+    "huntingQueryObject10": {
+      "huntingQueryVersion10": "1.0.0",
+      "_huntingQuerycontentId10": "8741deeb-332e-4061-8873-5086040920e3",
+      "huntingQueryTemplateSpecName10": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat(parameters('workspace'),'-hq-',uniquestring('8741deeb-332e-4061-8873-5086040920e3')))]"
+    },
+    "huntingQueryObject11": {
+      "huntingQueryVersion11": "2.0.0",
+      "_huntingQuerycontentId11": "0454c8d8-d0a6-42a4-8d03-f5b4fdcbd173",
+      "huntingQueryTemplateSpecName11": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat(parameters('workspace'),'-hq-',uniquestring('0454c8d8-d0a6-42a4-8d03-f5b4fdcbd173')))]"
+    },
+    "huntingQueryObject12": {
+      "huntingQueryVersion12": "2.0.0",
+      "_huntingQuerycontentId12": "bd6fda76-c0df-41b0-b8cd-808190e1ded0",
+      "huntingQueryTemplateSpecName12": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat(parameters('workspace'),'-hq-',uniquestring('bd6fda76-c0df-41b0-b8cd-808190e1ded0')))]"
+    },
+    "huntingQueryObject13": {
+      "huntingQueryVersion13": "2.0.0",
+      "_huntingQuerycontentId13": "f8ab176c-1f3f-4cb5-8dc1-f50d30bcae0d",
+      "huntingQueryTemplateSpecName13": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat(parameters('workspace'),'-hq-',uniquestring('f8ab176c-1f3f-4cb5-8dc1-f50d30bcae0d')))]"
+    },
+    "huntingQueryObject14": {
+      "huntingQueryVersion14": "2.0.0",
+      "_huntingQuerycontentId14": "8cf3c78e-cd10-4bfb-bd69-d62dc7f375f1",
+      "huntingQueryTemplateSpecName14": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat(parameters('workspace'),'-hq-',uniquestring('8cf3c78e-cd10-4bfb-bd69-d62dc7f375f1')))]"
+    },
+    "huntingQueryObject15": {
+      "huntingQueryVersion15": "2.0.0",
+      "_huntingQuerycontentId15": "fcb704ae-ac17-400a-9ed9-3c46bd0a3960",
+      "huntingQueryTemplateSpecName15": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat(parameters('workspace'),'-hq-',uniquestring('fcb704ae-ac17-400a-9ed9-3c46bd0a3960')))]"
+    },
+    "huntingQueryObject16": {
+      "huntingQueryVersion16": "2.0.0",
+      "_huntingQuerycontentId16": "77a58c08-bc8e-48b3-8fe9-6c38fd011cd9",
+      "huntingQueryTemplateSpecName16": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat(parameters('workspace'),'-hq-',uniquestring('77a58c08-bc8e-48b3-8fe9-6c38fd011cd9')))]"
+    },
+    "huntingQueryObject17": {
+      "huntingQueryVersion17": "2.0.0",
+      "_huntingQuerycontentId17": "2e20ec77-8d50-4959-a70d-79c341ee2c37",
+      "huntingQueryTemplateSpecName17": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat(parameters('workspace'),'-hq-',uniquestring('2e20ec77-8d50-4959-a70d-79c341ee2c37')))]"
+    },
+    "huntingQueryObject18": {
+      "huntingQueryVersion18": "2.0.0",
+      "_huntingQuerycontentId18": "eeea7fb9-21cf-4023-91dc-3f55d7548d14",
+      "huntingQueryTemplateSpecName18": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat(parameters('workspace'),'-hq-',uniquestring('eeea7fb9-21cf-4023-91dc-3f55d7548d14')))]"
+    },
+    "huntingQueryObject19": {
+      "huntingQueryVersion19": "2.0.0",
+      "_huntingQuerycontentId19": "22b0262c-b6b5-4f15-82a4-93663e9965d7",
+      "huntingQueryTemplateSpecName19": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat(parameters('workspace'),'-hq-',uniquestring('22b0262c-b6b5-4f15-82a4-93663e9965d7')))]"
+    },
+    "huntingQueryObject20": {
+      "huntingQueryVersion20": "2.0.0",
+      "_huntingQuerycontentId20": "c01d95d3-ee85-4e7f-9aed-e62356f1de76",
+      "huntingQueryTemplateSpecName20": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat(parameters('workspace'),'-hq-',uniquestring('c01d95d3-ee85-4e7f-9aed-e62356f1de76')))]"
+    },
+    "huntingQueryObject21": {
+      "huntingQueryVersion21": "2.0.0",
+      "_huntingQuerycontentId21": "782f3bad-31f7-468f-8f58-3b74fc931914",
+      "huntingQueryTemplateSpecName21": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat(parameters('workspace'),'-hq-',uniquestring('782f3bad-31f7-468f-8f58-3b74fc931914')))]"
+    },
+    "huntingQueryObject22": {
+      "huntingQueryVersion22": "2.0.0",
+      "_huntingQuerycontentId22": "5aa5083c-1de6-42bb-a128-2ec2aba1de39",
+      "huntingQueryTemplateSpecName22": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat(parameters('workspace'),'-hq-',uniquestring('5aa5083c-1de6-42bb-a128-2ec2aba1de39')))]"
+    },
+    "huntingQueryObject23": {
+      "huntingQueryVersion23": "2.0.1",
+      "_huntingQuerycontentId23": "bb3bb9da-9598-4d1f-af78-7cc2fd413b0b",
+      "huntingQueryTemplateSpecName23": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat(parameters('workspace'),'-hq-',uniquestring('bb3bb9da-9598-4d1f-af78-7cc2fd413b0b')))]"
+    },
     "_solutioncontentProductId": "[concat(take(variables('_solutionId'),50),'-','sl','-', uniqueString(concat(variables('_solutionId'),'-','Solution','-',variables('_solutionId'),'-', variables('_solutionVersion'))))]"
   },
   "resources": [
     {
       "type": "Microsoft.OperationalInsights/workspaces/providers/contentTemplates",
       "apiVersion": "2023-04-01-preview",
-      "name": "[variables('huntingQueryTemplateSpecName1')]",
+      "name": "[variables('huntingQueryObject1').huntingQueryTemplateSpecName1]",
       "location": "[parameters('workspace-location')]",
       "dependsOn": [
         "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]"
       ],
       "properties": {
-        "description": "anomaliesOnVIPUsers_HuntingQueries Hunting Query with template version 3.0.0",
+        "description": "anomaliesOnVIPUsers_HuntingQueries Hunting Query with template version 3.0.1",
         "mainTemplate": {
           "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
-          "contentVersion": "[variables('huntingQueryVersion1')]",
+          "contentVersion": "[variables('huntingQueryObject1').huntingQueryVersion1]",
           "parameters": {},
           "variables": {},
           "resources": [
@@ -215,13 +192,13 @@
             {
               "type": "Microsoft.OperationalInsights/workspaces/providers/metadata",
               "apiVersion": "2022-01-01-preview",
-              "name": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat('HuntingQuery-', last(split(variables('huntingQueryId1'),'/'))))]",
+              "name": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat('HuntingQuery-', last(split(resourceId('Microsoft.OperationalInsights/savedSearches', variables('huntingQueryObject1')._huntingQuerycontentId1),'/'))))]",
               "properties": {
                 "description": "UEBA Essentials Hunting Query 1",
-                "parentId": "[variables('huntingQueryId1')]",
-                "contentId": "[variables('_huntingQuerycontentId1')]",
+                "parentId": "[resourceId('Microsoft.OperationalInsights/savedSearches', variables('huntingQueryObject1')._huntingQuerycontentId1)]",
+                "contentId": "[variables('huntingQueryObject1')._huntingQuerycontentId1]",
                 "kind": "HuntingQuery",
-                "version": "[variables('huntingQueryVersion1')]",
+                "version": "[variables('huntingQueryObject1').huntingQueryVersion1]",
                 "source": {
                   "kind": "Solution",
                   "name": "UEBA Essentials",
@@ -246,27 +223,27 @@
         "packageName": "[variables('_solutionName')]",
         "packageId": "[variables('_solutionId')]",
         "contentSchemaVersion": "3.0.0",
-        "contentId": "[variables('_huntingQuerycontentId1')]",
+        "contentId": "[variables('huntingQueryObject1')._huntingQuerycontentId1]",
         "contentKind": "HuntingQuery",
         "displayName": "Anomalies on users tagged as VIP",
-        "contentProductId": "[variables('_huntingQuerycontentProductId1')]",
-        "id": "[variables('_huntingQuerycontentProductId1')]",
-        "version": "[variables('huntingQueryVersion1')]"
+        "contentProductId": "[concat(take(variables('_solutionId'),50),'-','hq','-', uniqueString(concat(variables('_solutionId'),'-','HuntingQuery','-',variables('huntingQueryObject1')._huntingQuerycontentId1,'-', '1.0.0')))]",
+        "id": "[concat(take(variables('_solutionId'),50),'-','hq','-', uniqueString(concat(variables('_solutionId'),'-','HuntingQuery','-',variables('huntingQueryObject1')._huntingQuerycontentId1,'-', '1.0.0')))]",
+        "version": "1.0.0"
       }
     },
     {
       "type": "Microsoft.OperationalInsights/workspaces/providers/contentTemplates",
       "apiVersion": "2023-04-01-preview",
-      "name": "[variables('huntingQueryTemplateSpecName2')]",
+      "name": "[variables('huntingQueryObject2').huntingQueryTemplateSpecName2]",
       "location": "[parameters('workspace-location')]",
       "dependsOn": [
         "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]"
       ],
       "properties": {
-        "description": "anomalousActionInTenant_HuntingQueries Hunting Query with template version 3.0.0",
+        "description": "anomalousActionInTenant_HuntingQueries Hunting Query with template version 3.0.1",
         "mainTemplate": {
           "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
-          "contentVersion": "[variables('huntingQueryVersion2')]",
+          "contentVersion": "[variables('huntingQueryObject2').huntingQueryVersion2]",
           "parameters": {},
           "variables": {},
           "resources": [
@@ -292,13 +269,13 @@
             {
               "type": "Microsoft.OperationalInsights/workspaces/providers/metadata",
               "apiVersion": "2022-01-01-preview",
-              "name": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat('HuntingQuery-', last(split(variables('huntingQueryId2'),'/'))))]",
+              "name": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat('HuntingQuery-', last(split(resourceId('Microsoft.OperationalInsights/savedSearches', variables('huntingQueryObject2')._huntingQuerycontentId2),'/'))))]",
               "properties": {
                 "description": "UEBA Essentials Hunting Query 2",
-                "parentId": "[variables('huntingQueryId2')]",
-                "contentId": "[variables('_huntingQuerycontentId2')]",
+                "parentId": "[resourceId('Microsoft.OperationalInsights/savedSearches', variables('huntingQueryObject2')._huntingQuerycontentId2)]",
+                "contentId": "[variables('huntingQueryObject2')._huntingQuerycontentId2]",
                 "kind": "HuntingQuery",
-                "version": "[variables('huntingQueryVersion2')]",
+                "version": "[variables('huntingQueryObject2').huntingQueryVersion2]",
                 "source": {
                   "kind": "Solution",
                   "name": "UEBA Essentials",
@@ -323,27 +300,27 @@
         "packageName": "[variables('_solutionName')]",
         "packageId": "[variables('_solutionId')]",
         "contentSchemaVersion": "3.0.0",
-        "contentId": "[variables('_huntingQuerycontentId2')]",
+        "contentId": "[variables('huntingQueryObject2')._huntingQuerycontentId2]",
         "contentKind": "HuntingQuery",
         "displayName": "Anomalous action performed in tenant by privileged user",
-        "contentProductId": "[variables('_huntingQuerycontentProductId2')]",
-        "id": "[variables('_huntingQuerycontentProductId2')]",
-        "version": "[variables('huntingQueryVersion2')]"
+        "contentProductId": "[concat(take(variables('_solutionId'),50),'-','hq','-', uniqueString(concat(variables('_solutionId'),'-','HuntingQuery','-',variables('huntingQueryObject2')._huntingQuerycontentId2,'-', '2.0.0')))]",
+        "id": "[concat(take(variables('_solutionId'),50),'-','hq','-', uniqueString(concat(variables('_solutionId'),'-','HuntingQuery','-',variables('huntingQueryObject2')._huntingQuerycontentId2,'-', '2.0.0')))]",
+        "version": "2.0.0"
       }
     },
     {
       "type": "Microsoft.OperationalInsights/workspaces/providers/contentTemplates",
       "apiVersion": "2023-04-01-preview",
-      "name": "[variables('huntingQueryTemplateSpecName3')]",
+      "name": "[variables('huntingQueryObject3').huntingQueryTemplateSpecName3]",
       "location": "[parameters('workspace-location')]",
       "dependsOn": [
         "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]"
       ],
       "properties": {
-        "description": "dormantAccountActivityFromUncommonCountry_HuntingQueries Hunting Query with template version 3.0.0",
+        "description": "dormantAccountActivityFromUncommonCountry_HuntingQueries Hunting Query with template version 3.0.1",
         "mainTemplate": {
           "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
-          "contentVersion": "[variables('huntingQueryVersion3')]",
+          "contentVersion": "[variables('huntingQueryObject3').huntingQueryVersion3]",
           "parameters": {},
           "variables": {},
           "resources": [
@@ -369,13 +346,13 @@
             {
               "type": "Microsoft.OperationalInsights/workspaces/providers/metadata",
               "apiVersion": "2022-01-01-preview",
-              "name": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat('HuntingQuery-', last(split(variables('huntingQueryId3'),'/'))))]",
+              "name": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat('HuntingQuery-', last(split(resourceId('Microsoft.OperationalInsights/savedSearches', variables('huntingQueryObject3')._huntingQuerycontentId3),'/'))))]",
               "properties": {
                 "description": "UEBA Essentials Hunting Query 3",
-                "parentId": "[variables('huntingQueryId3')]",
-                "contentId": "[variables('_huntingQuerycontentId3')]",
+                "parentId": "[resourceId('Microsoft.OperationalInsights/savedSearches', variables('huntingQueryObject3')._huntingQuerycontentId3)]",
+                "contentId": "[variables('huntingQueryObject3')._huntingQuerycontentId3]",
                 "kind": "HuntingQuery",
-                "version": "[variables('huntingQueryVersion3')]",
+                "version": "[variables('huntingQueryObject3').huntingQueryVersion3]",
                 "source": {
                   "kind": "Solution",
                   "name": "UEBA Essentials",
@@ -400,27 +377,27 @@
         "packageName": "[variables('_solutionName')]",
         "packageId": "[variables('_solutionId')]",
         "contentSchemaVersion": "3.0.0",
-        "contentId": "[variables('_huntingQuerycontentId3')]",
+        "contentId": "[variables('huntingQueryObject3')._huntingQuerycontentId3]",
         "contentKind": "HuntingQuery",
         "displayName": "Dormant account activity from uncommon country",
-        "contentProductId": "[variables('_huntingQuerycontentProductId3')]",
-        "id": "[variables('_huntingQuerycontentProductId3')]",
-        "version": "[variables('huntingQueryVersion3')]"
+        "contentProductId": "[concat(take(variables('_solutionId'),50),'-','hq','-', uniqueString(concat(variables('_solutionId'),'-','HuntingQuery','-',variables('huntingQueryObject3')._huntingQuerycontentId3,'-', '2.0.0')))]",
+        "id": "[concat(take(variables('_solutionId'),50),'-','hq','-', uniqueString(concat(variables('_solutionId'),'-','HuntingQuery','-',variables('huntingQueryObject3')._huntingQuerycontentId3,'-', '2.0.0')))]",
+        "version": "2.0.0"
       }
     },
     {
       "type": "Microsoft.OperationalInsights/workspaces/providers/contentTemplates",
       "apiVersion": "2023-04-01-preview",
-      "name": "[variables('huntingQueryTemplateSpecName4')]",
+      "name": "[variables('huntingQueryObject4').huntingQueryTemplateSpecName4]",
       "location": "[parameters('workspace-location')]",
       "dependsOn": [
         "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]"
       ],
       "properties": {
-        "description": "firstConnectionFromGroup_HuntingQueries Hunting Query with template version 3.0.0",
+        "description": "firstConnectionFromGroup_HuntingQueries Hunting Query with template version 3.0.1",
         "mainTemplate": {
           "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
-          "contentVersion": "[variables('huntingQueryVersion4')]",
+          "contentVersion": "[variables('huntingQueryObject4').huntingQueryVersion4]",
           "parameters": {},
           "variables": {},
           "resources": [
@@ -446,13 +423,13 @@
             {
               "type": "Microsoft.OperationalInsights/workspaces/providers/metadata",
               "apiVersion": "2022-01-01-preview",
-              "name": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat('HuntingQuery-', last(split(variables('huntingQueryId4'),'/'))))]",
+              "name": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat('HuntingQuery-', last(split(resourceId('Microsoft.OperationalInsights/savedSearches', variables('huntingQueryObject4')._huntingQuerycontentId4),'/'))))]",
               "properties": {
                 "description": "UEBA Essentials Hunting Query 4",
-                "parentId": "[variables('huntingQueryId4')]",
-                "contentId": "[variables('_huntingQuerycontentId4')]",
+                "parentId": "[resourceId('Microsoft.OperationalInsights/savedSearches', variables('huntingQueryObject4')._huntingQuerycontentId4)]",
+                "contentId": "[variables('huntingQueryObject4')._huntingQuerycontentId4]",
                 "kind": "HuntingQuery",
-                "version": "[variables('huntingQueryVersion4')]",
+                "version": "[variables('huntingQueryObject4').huntingQueryVersion4]",
                 "source": {
                   "kind": "Solution",
                   "name": "UEBA Essentials",
@@ -477,27 +454,27 @@
         "packageName": "[variables('_solutionName')]",
         "packageId": "[variables('_solutionId')]",
         "contentSchemaVersion": "3.0.0",
-        "contentId": "[variables('_huntingQuerycontentId4')]",
+        "contentId": "[variables('huntingQueryObject4')._huntingQuerycontentId4]",
         "contentKind": "HuntingQuery",
         "displayName": "Anomalous connection from highly privileged user",
-        "contentProductId": "[variables('_huntingQuerycontentProductId4')]",
-        "id": "[variables('_huntingQuerycontentProductId4')]",
-        "version": "[variables('huntingQueryVersion4')]"
+        "contentProductId": "[concat(take(variables('_solutionId'),50),'-','hq','-', uniqueString(concat(variables('_solutionId'),'-','HuntingQuery','-',variables('huntingQueryObject4')._huntingQuerycontentId4,'-', '2.0.0')))]",
+        "id": "[concat(take(variables('_solutionId'),50),'-','hq','-', uniqueString(concat(variables('_solutionId'),'-','HuntingQuery','-',variables('huntingQueryObject4')._huntingQuerycontentId4,'-', '2.0.0')))]",
+        "version": "2.0.0"
       }
     },
     {
       "type": "Microsoft.OperationalInsights/workspaces/providers/contentTemplates",
       "apiVersion": "2023-04-01-preview",
-      "name": "[variables('huntingQueryTemplateSpecName5')]",
+      "name": "[variables('huntingQueryObject5').huntingQueryTemplateSpecName5]",
       "location": "[parameters('workspace-location')]",
       "dependsOn": [
         "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]"
       ],
       "properties": {
-        "description": "loginActivityFromBotnet_HuntingQueries Hunting Query with template version 3.0.0",
+        "description": "loginActivityFromBotnet_HuntingQueries Hunting Query with template version 3.0.1",
         "mainTemplate": {
           "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
-          "contentVersion": "[variables('huntingQueryVersion5')]",
+          "contentVersion": "[variables('huntingQueryObject5').huntingQueryVersion5]",
           "parameters": {},
           "variables": {},
           "resources": [
@@ -523,13 +500,13 @@
             {
               "type": "Microsoft.OperationalInsights/workspaces/providers/metadata",
               "apiVersion": "2022-01-01-preview",
-              "name": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat('HuntingQuery-', last(split(variables('huntingQueryId5'),'/'))))]",
+              "name": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat('HuntingQuery-', last(split(resourceId('Microsoft.OperationalInsights/savedSearches', variables('huntingQueryObject5')._huntingQuerycontentId5),'/'))))]",
               "properties": {
                 "description": "UEBA Essentials Hunting Query 5",
-                "parentId": "[variables('huntingQueryId5')]",
-                "contentId": "[variables('_huntingQuerycontentId5')]",
+                "parentId": "[resourceId('Microsoft.OperationalInsights/savedSearches', variables('huntingQueryObject5')._huntingQuerycontentId5)]",
+                "contentId": "[variables('huntingQueryObject5')._huntingQuerycontentId5]",
                 "kind": "HuntingQuery",
-                "version": "[variables('huntingQueryVersion5')]",
+                "version": "[variables('huntingQueryObject5').huntingQueryVersion5]",
                 "source": {
                   "kind": "Solution",
                   "name": "UEBA Essentials",
@@ -554,27 +531,27 @@
         "packageName": "[variables('_solutionName')]",
         "packageId": "[variables('_solutionId')]",
         "contentSchemaVersion": "3.0.0",
-        "contentId": "[variables('_huntingQuerycontentId5')]",
+        "contentId": "[variables('huntingQueryObject5')._huntingQuerycontentId5]",
         "contentKind": "HuntingQuery",
         "displayName": "Anomalous login activity originated from Botnet, Tor proxy or C2",
-        "contentProductId": "[variables('_huntingQuerycontentProductId5')]",
-        "id": "[variables('_huntingQuerycontentProductId5')]",
-        "version": "[variables('huntingQueryVersion5')]"
+        "contentProductId": "[concat(take(variables('_solutionId'),50),'-','hq','-', uniqueString(concat(variables('_solutionId'),'-','HuntingQuery','-',variables('huntingQueryObject5')._huntingQuerycontentId5,'-', '2.0.0')))]",
+        "id": "[concat(take(variables('_solutionId'),50),'-','hq','-', uniqueString(concat(variables('_solutionId'),'-','HuntingQuery','-',variables('huntingQueryObject5')._huntingQuerycontentId5,'-', '2.0.0')))]",
+        "version": "2.0.0"
       }
     },
     {
       "type": "Microsoft.OperationalInsights/workspaces/providers/contentTemplates",
       "apiVersion": "2023-04-01-preview",
-      "name": "[variables('huntingQueryTemplateSpecName6')]",
+      "name": "[variables('huntingQueryObject6').huntingQueryTemplateSpecName6]",
       "location": "[parameters('workspace-location')]",
       "dependsOn": [
         "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]"
       ],
       "properties": {
-        "description": "newAccountAddedToAdminGroup_HuntingQueries Hunting Query with template version 3.0.0",
+        "description": "newAccountAddedToAdminGroup_HuntingQueries Hunting Query with template version 3.0.1",
         "mainTemplate": {
           "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
-          "contentVersion": "[variables('huntingQueryVersion6')]",
+          "contentVersion": "[variables('huntingQueryObject6').huntingQueryVersion6]",
           "parameters": {},
           "variables": {},
           "resources": [
@@ -600,13 +577,13 @@
             {
               "type": "Microsoft.OperationalInsights/workspaces/providers/metadata",
               "apiVersion": "2022-01-01-preview",
-              "name": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat('HuntingQuery-', last(split(variables('huntingQueryId6'),'/'))))]",
+              "name": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat('HuntingQuery-', last(split(resourceId('Microsoft.OperationalInsights/savedSearches', variables('huntingQueryObject6')._huntingQuerycontentId6),'/'))))]",
               "properties": {
                 "description": "UEBA Essentials Hunting Query 6",
-                "parentId": "[variables('huntingQueryId6')]",
-                "contentId": "[variables('_huntingQuerycontentId6')]",
+                "parentId": "[resourceId('Microsoft.OperationalInsights/savedSearches', variables('huntingQueryObject6')._huntingQuerycontentId6)]",
+                "contentId": "[variables('huntingQueryObject6')._huntingQuerycontentId6]",
                 "kind": "HuntingQuery",
-                "version": "[variables('huntingQueryVersion6')]",
+                "version": "[variables('huntingQueryObject6').huntingQueryVersion6]",
                 "source": {
                   "kind": "Solution",
                   "name": "UEBA Essentials",
@@ -631,27 +608,27 @@
         "packageName": "[variables('_solutionName')]",
         "packageId": "[variables('_solutionId')]",
         "contentSchemaVersion": "3.0.0",
-        "contentId": "[variables('_huntingQuerycontentId6')]",
+        "contentId": "[variables('huntingQueryObject6')._huntingQuerycontentId6]",
         "contentKind": "HuntingQuery",
         "displayName": "New account added to admin group",
-        "contentProductId": "[variables('_huntingQuerycontentProductId6')]",
-        "id": "[variables('_huntingQuerycontentProductId6')]",
-        "version": "[variables('huntingQueryVersion6')]"
+        "contentProductId": "[concat(take(variables('_solutionId'),50),'-','hq','-', uniqueString(concat(variables('_solutionId'),'-','HuntingQuery','-',variables('huntingQueryObject6')._huntingQuerycontentId6,'-', '2.0.1')))]",
+        "id": "[concat(take(variables('_solutionId'),50),'-','hq','-', uniqueString(concat(variables('_solutionId'),'-','HuntingQuery','-',variables('huntingQueryObject6')._huntingQuerycontentId6,'-', '2.0.1')))]",
+        "version": "2.0.1"
       }
     },
     {
       "type": "Microsoft.OperationalInsights/workspaces/providers/contentTemplates",
       "apiVersion": "2023-04-01-preview",
-      "name": "[variables('huntingQueryTemplateSpecName7')]",
+      "name": "[variables('huntingQueryObject7').huntingQueryTemplateSpecName7]",
       "location": "[parameters('workspace-location')]",
       "dependsOn": [
         "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]"
       ],
       "properties": {
-        "description": "terminatedEmployeeAccessHVA_HuntingQueries Hunting Query with template version 3.0.0",
+        "description": "terminatedEmployeeAccessHVA_HuntingQueries Hunting Query with template version 3.0.1",
         "mainTemplate": {
           "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
-          "contentVersion": "[variables('huntingQueryVersion7')]",
+          "contentVersion": "[variables('huntingQueryObject7').huntingQueryVersion7]",
           "parameters": {},
           "variables": {},
           "resources": [
@@ -677,13 +654,13 @@
             {
               "type": "Microsoft.OperationalInsights/workspaces/providers/metadata",
               "apiVersion": "2022-01-01-preview",
-              "name": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat('HuntingQuery-', last(split(variables('huntingQueryId7'),'/'))))]",
+              "name": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat('HuntingQuery-', last(split(resourceId('Microsoft.OperationalInsights/savedSearches', variables('huntingQueryObject7')._huntingQuerycontentId7),'/'))))]",
               "properties": {
                 "description": "UEBA Essentials Hunting Query 7",
-                "parentId": "[variables('huntingQueryId7')]",
-                "contentId": "[variables('_huntingQuerycontentId7')]",
+                "parentId": "[resourceId('Microsoft.OperationalInsights/savedSearches', variables('huntingQueryObject7')._huntingQuerycontentId7)]",
+                "contentId": "[variables('huntingQueryObject7')._huntingQuerycontentId7]",
                 "kind": "HuntingQuery",
-                "version": "[variables('huntingQueryVersion7')]",
+                "version": "[variables('huntingQueryObject7').huntingQueryVersion7]",
                 "source": {
                   "kind": "Solution",
                   "name": "UEBA Essentials",
@@ -708,27 +685,27 @@
         "packageName": "[variables('_solutionName')]",
         "packageId": "[variables('_solutionId')]",
         "contentSchemaVersion": "3.0.0",
-        "contentId": "[variables('_huntingQuerycontentId7')]",
+        "contentId": "[variables('huntingQueryObject7')._huntingQuerycontentId7]",
         "contentKind": "HuntingQuery",
         "displayName": "Terminated employee accessing High Value Asset",
-        "contentProductId": "[variables('_huntingQuerycontentProductId7')]",
-        "id": "[variables('_huntingQuerycontentProductId7')]",
-        "version": "[variables('huntingQueryVersion7')]"
+        "contentProductId": "[concat(take(variables('_solutionId'),50),'-','hq','-', uniqueString(concat(variables('_solutionId'),'-','HuntingQuery','-',variables('huntingQueryObject7')._huntingQuerycontentId7,'-', '2.0.0')))]",
+        "id": "[concat(take(variables('_solutionId'),50),'-','hq','-', uniqueString(concat(variables('_solutionId'),'-','HuntingQuery','-',variables('huntingQueryObject7')._huntingQuerycontentId7,'-', '2.0.0')))]",
+        "version": "2.0.0"
       }
     },
     {
       "type": "Microsoft.OperationalInsights/workspaces/providers/contentTemplates",
       "apiVersion": "2023-04-01-preview",
-      "name": "[variables('huntingQueryTemplateSpecName8')]",
+      "name": "[variables('huntingQueryObject8').huntingQueryTemplateSpecName8]",
       "location": "[parameters('workspace-location')]",
       "dependsOn": [
         "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]"
       ],
       "properties": {
-        "description": "terminatedEmployeeActivity_HuntingQueries Hunting Query with template version 3.0.0",
+        "description": "terminatedEmployeeActivity_HuntingQueries Hunting Query with template version 3.0.1",
         "mainTemplate": {
           "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
-          "contentVersion": "[variables('huntingQueryVersion8')]",
+          "contentVersion": "[variables('huntingQueryObject8').huntingQueryVersion8]",
           "parameters": {},
           "variables": {},
           "resources": [
@@ -754,13 +731,13 @@
             {
               "type": "Microsoft.OperationalInsights/workspaces/providers/metadata",
               "apiVersion": "2022-01-01-preview",
-              "name": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat('HuntingQuery-', last(split(variables('huntingQueryId8'),'/'))))]",
+              "name": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat('HuntingQuery-', last(split(resourceId('Microsoft.OperationalInsights/savedSearches', variables('huntingQueryObject8')._huntingQuerycontentId8),'/'))))]",
               "properties": {
                 "description": "UEBA Essentials Hunting Query 8",
-                "parentId": "[variables('huntingQueryId8')]",
-                "contentId": "[variables('_huntingQuerycontentId8')]",
+                "parentId": "[resourceId('Microsoft.OperationalInsights/savedSearches', variables('huntingQueryObject8')._huntingQuerycontentId8)]",
+                "contentId": "[variables('huntingQueryObject8')._huntingQuerycontentId8]",
                 "kind": "HuntingQuery",
-                "version": "[variables('huntingQueryVersion8')]",
+                "version": "[variables('huntingQueryObject8').huntingQueryVersion8]",
                 "source": {
                   "kind": "Solution",
                   "name": "UEBA Essentials",
@@ -785,27 +762,27 @@
         "packageName": "[variables('_solutionName')]",
         "packageId": "[variables('_solutionId')]",
         "contentSchemaVersion": "3.0.0",
-        "contentId": "[variables('_huntingQuerycontentId8')]",
+        "contentId": "[variables('huntingQueryObject8')._huntingQuerycontentId8]",
         "contentKind": "HuntingQuery",
         "displayName": "Activity from terminated employees after their termination date",
-        "contentProductId": "[variables('_huntingQuerycontentProductId8')]",
-        "id": "[variables('_huntingQuerycontentProductId8')]",
-        "version": "[variables('huntingQueryVersion8')]"
+        "contentProductId": "[concat(take(variables('_solutionId'),50),'-','hq','-', uniqueString(concat(variables('_solutionId'),'-','HuntingQuery','-',variables('huntingQueryObject8')._huntingQuerycontentId8,'-', '2.0.0')))]",
+        "id": "[concat(take(variables('_solutionId'),50),'-','hq','-', uniqueString(concat(variables('_solutionId'),'-','HuntingQuery','-',variables('huntingQueryObject8')._huntingQuerycontentId8,'-', '2.0.0')))]",
+        "version": "2.0.0"
       }
     },
     {
       "type": "Microsoft.OperationalInsights/workspaces/providers/contentTemplates",
       "apiVersion": "2023-04-01-preview",
-      "name": "[variables('huntingQueryTemplateSpecName9')]",
+      "name": "[variables('huntingQueryObject9').huntingQueryTemplateSpecName9]",
       "location": "[parameters('workspace-location')]",
       "dependsOn": [
         "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]"
       ],
       "properties": {
-        "description": "updateKeyVaultActivity_HuntingQueries Hunting Query with template version 3.0.0",
+        "description": "updateKeyVaultActivity_HuntingQueries Hunting Query with template version 3.0.1",
         "mainTemplate": {
           "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
-          "contentVersion": "[variables('huntingQueryVersion9')]",
+          "contentVersion": "[variables('huntingQueryObject9').huntingQueryVersion9]",
           "parameters": {},
           "variables": {},
           "resources": [
@@ -831,13 +808,13 @@
             {
               "type": "Microsoft.OperationalInsights/workspaces/providers/metadata",
               "apiVersion": "2022-01-01-preview",
-              "name": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat('HuntingQuery-', last(split(variables('huntingQueryId9'),'/'))))]",
+              "name": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat('HuntingQuery-', last(split(resourceId('Microsoft.OperationalInsights/savedSearches', variables('huntingQueryObject9')._huntingQuerycontentId9),'/'))))]",
               "properties": {
                 "description": "UEBA Essentials Hunting Query 9",
-                "parentId": "[variables('huntingQueryId9')]",
-                "contentId": "[variables('_huntingQuerycontentId9')]",
+                "parentId": "[resourceId('Microsoft.OperationalInsights/savedSearches', variables('huntingQueryObject9')._huntingQuerycontentId9)]",
+                "contentId": "[variables('huntingQueryObject9')._huntingQuerycontentId9]",
                 "kind": "HuntingQuery",
-                "version": "[variables('huntingQueryVersion9')]",
+                "version": "[variables('huntingQueryObject9').huntingQueryVersion9]",
                 "source": {
                   "kind": "Solution",
                   "name": "UEBA Essentials",
@@ -862,27 +839,27 @@
         "packageName": "[variables('_solutionName')]",
         "packageId": "[variables('_solutionId')]",
         "contentSchemaVersion": "3.0.0",
-        "contentId": "[variables('_huntingQuerycontentId9')]",
+        "contentId": "[variables('huntingQueryObject9')._huntingQuerycontentId9]",
         "contentKind": "HuntingQuery",
         "displayName": "Anomalous update Key Vault activity by high blast radius user",
-        "contentProductId": "[variables('_huntingQuerycontentProductId9')]",
-        "id": "[variables('_huntingQuerycontentProductId9')]",
-        "version": "[variables('huntingQueryVersion9')]"
+        "contentProductId": "[concat(take(variables('_solutionId'),50),'-','hq','-', uniqueString(concat(variables('_solutionId'),'-','HuntingQuery','-',variables('huntingQueryObject9')._huntingQuerycontentId9,'-', '2.0.0')))]",
+        "id": "[concat(take(variables('_solutionId'),50),'-','hq','-', uniqueString(concat(variables('_solutionId'),'-','HuntingQuery','-',variables('huntingQueryObject9')._huntingQuerycontentId9,'-', '2.0.0')))]",
+        "version": "2.0.0"
       }
     },
     {
       "type": "Microsoft.OperationalInsights/workspaces/providers/contentTemplates",
       "apiVersion": "2023-04-01-preview",
-      "name": "[variables('huntingQueryTemplateSpecName10')]",
+      "name": "[variables('huntingQueryObject10').huntingQueryTemplateSpecName10]",
       "location": "[parameters('workspace-location')]",
       "dependsOn": [
         "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]"
       ],
       "properties": {
-        "description": "Anomalous AAD Account Manipulation_HuntingQueries Hunting Query with template version 3.0.0",
+        "description": "Anomalous AAD Account Manipulation_HuntingQueries Hunting Query with template version 3.0.1",
         "mainTemplate": {
           "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
-          "contentVersion": "[variables('huntingQueryVersion10')]",
+          "contentVersion": "[variables('huntingQueryObject10').huntingQueryVersion10]",
           "parameters": {},
           "variables": {},
           "resources": [
@@ -916,13 +893,13 @@
             {
               "type": "Microsoft.OperationalInsights/workspaces/providers/metadata",
               "apiVersion": "2022-01-01-preview",
-              "name": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat('HuntingQuery-', last(split(variables('huntingQueryId10'),'/'))))]",
+              "name": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat('HuntingQuery-', last(split(resourceId('Microsoft.OperationalInsights/savedSearches', variables('huntingQueryObject10')._huntingQuerycontentId10),'/'))))]",
               "properties": {
                 "description": "UEBA Essentials Hunting Query 10",
-                "parentId": "[variables('huntingQueryId10')]",
-                "contentId": "[variables('_huntingQuerycontentId10')]",
+                "parentId": "[resourceId('Microsoft.OperationalInsights/savedSearches', variables('huntingQueryObject10')._huntingQuerycontentId10)]",
+                "contentId": "[variables('huntingQueryObject10')._huntingQuerycontentId10]",
                 "kind": "HuntingQuery",
-                "version": "[variables('huntingQueryVersion10')]",
+                "version": "[variables('huntingQueryObject10').huntingQueryVersion10]",
                 "source": {
                   "kind": "Solution",
                   "name": "UEBA Essentials",
@@ -947,27 +924,27 @@
         "packageName": "[variables('_solutionName')]",
         "packageId": "[variables('_solutionId')]",
         "contentSchemaVersion": "3.0.0",
-        "contentId": "[variables('_huntingQuerycontentId10')]",
+        "contentId": "[variables('huntingQueryObject10')._huntingQuerycontentId10]",
         "contentKind": "HuntingQuery",
         "displayName": "Anomalous Microsoft Entra ID Account Manipulation",
-        "contentProductId": "[variables('_huntingQuerycontentProductId10')]",
-        "id": "[variables('_huntingQuerycontentProductId10')]",
-        "version": "[variables('huntingQueryVersion10')]"
+        "contentProductId": "[concat(take(variables('_solutionId'),50),'-','hq','-', uniqueString(concat(variables('_solutionId'),'-','HuntingQuery','-',variables('huntingQueryObject10')._huntingQuerycontentId10,'-', '1.0.0')))]",
+        "id": "[concat(take(variables('_solutionId'),50),'-','hq','-', uniqueString(concat(variables('_solutionId'),'-','HuntingQuery','-',variables('huntingQueryObject10')._huntingQuerycontentId10,'-', '1.0.0')))]",
+        "version": "1.0.0"
       }
     },
     {
       "type": "Microsoft.OperationalInsights/workspaces/providers/contentTemplates",
       "apiVersion": "2023-04-01-preview",
-      "name": "[variables('huntingQueryTemplateSpecName11')]",
+      "name": "[variables('huntingQueryObject11').huntingQueryTemplateSpecName11]",
       "location": "[parameters('workspace-location')]",
       "dependsOn": [
         "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]"
       ],
       "properties": {
-        "description": "Anomalous Account Creation_HuntingQueries Hunting Query with template version 3.0.0",
+        "description": "Anomalous Account Creation_HuntingQueries Hunting Query with template version 3.0.1",
         "mainTemplate": {
           "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
-          "contentVersion": "[variables('huntingQueryVersion11')]",
+          "contentVersion": "[variables('huntingQueryObject11').huntingQueryVersion11]",
           "parameters": {},
           "variables": {},
           "resources": [
@@ -1001,13 +978,13 @@
             {
               "type": "Microsoft.OperationalInsights/workspaces/providers/metadata",
               "apiVersion": "2022-01-01-preview",
-              "name": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat('HuntingQuery-', last(split(variables('huntingQueryId11'),'/'))))]",
+              "name": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat('HuntingQuery-', last(split(resourceId('Microsoft.OperationalInsights/savedSearches', variables('huntingQueryObject11')._huntingQuerycontentId11),'/'))))]",
               "properties": {
                 "description": "UEBA Essentials Hunting Query 11",
-                "parentId": "[variables('huntingQueryId11')]",
-                "contentId": "[variables('_huntingQuerycontentId11')]",
+                "parentId": "[resourceId('Microsoft.OperationalInsights/savedSearches', variables('huntingQueryObject11')._huntingQuerycontentId11)]",
+                "contentId": "[variables('huntingQueryObject11')._huntingQuerycontentId11]",
                 "kind": "HuntingQuery",
-                "version": "[variables('huntingQueryVersion11')]",
+                "version": "[variables('huntingQueryObject11').huntingQueryVersion11]",
                 "source": {
                   "kind": "Solution",
                   "name": "UEBA Essentials",
@@ -1032,27 +1009,27 @@
         "packageName": "[variables('_solutionName')]",
         "packageId": "[variables('_solutionId')]",
         "contentSchemaVersion": "3.0.0",
-        "contentId": "[variables('_huntingQuerycontentId11')]",
+        "contentId": "[variables('huntingQueryObject11')._huntingQuerycontentId11]",
         "contentKind": "HuntingQuery",
         "displayName": "Anomalous Microsoft Entra ID Account Creation",
-        "contentProductId": "[variables('_huntingQuerycontentProductId11')]",
-        "id": "[variables('_huntingQuerycontentProductId11')]",
-        "version": "[variables('huntingQueryVersion11')]"
+        "contentProductId": "[concat(take(variables('_solutionId'),50),'-','hq','-', uniqueString(concat(variables('_solutionId'),'-','HuntingQuery','-',variables('huntingQueryObject11')._huntingQuerycontentId11,'-', '2.0.0')))]",
+        "id": "[concat(take(variables('_solutionId'),50),'-','hq','-', uniqueString(concat(variables('_solutionId'),'-','HuntingQuery','-',variables('huntingQueryObject11')._huntingQuerycontentId11,'-', '2.0.0')))]",
+        "version": "2.0.0"
       }
     },
     {
       "type": "Microsoft.OperationalInsights/workspaces/providers/contentTemplates",
       "apiVersion": "2023-04-01-preview",
-      "name": "[variables('huntingQueryTemplateSpecName12')]",
+      "name": "[variables('huntingQueryObject12').huntingQueryTemplateSpecName12]",
       "location": "[parameters('workspace-location')]",
       "dependsOn": [
         "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]"
       ],
       "properties": {
-        "description": "Anomalous Activity Role Assignment_HuntingQueries Hunting Query with template version 3.0.0",
+        "description": "Anomalous Activity Role Assignment_HuntingQueries Hunting Query with template version 3.0.1",
         "mainTemplate": {
           "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
-          "contentVersion": "[variables('huntingQueryVersion12')]",
+          "contentVersion": "[variables('huntingQueryObject12').huntingQueryVersion12]",
           "parameters": {},
           "variables": {},
           "resources": [
@@ -1086,13 +1063,13 @@
             {
               "type": "Microsoft.OperationalInsights/workspaces/providers/metadata",
               "apiVersion": "2022-01-01-preview",
-              "name": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat('HuntingQuery-', last(split(variables('huntingQueryId12'),'/'))))]",
+              "name": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat('HuntingQuery-', last(split(resourceId('Microsoft.OperationalInsights/savedSearches', variables('huntingQueryObject12')._huntingQuerycontentId12),'/'))))]",
               "properties": {
                 "description": "UEBA Essentials Hunting Query 12",
-                "parentId": "[variables('huntingQueryId12')]",
-                "contentId": "[variables('_huntingQuerycontentId12')]",
+                "parentId": "[resourceId('Microsoft.OperationalInsights/savedSearches', variables('huntingQueryObject12')._huntingQuerycontentId12)]",
+                "contentId": "[variables('huntingQueryObject12')._huntingQuerycontentId12]",
                 "kind": "HuntingQuery",
-                "version": "[variables('huntingQueryVersion12')]",
+                "version": "[variables('huntingQueryObject12').huntingQueryVersion12]",
                 "source": {
                   "kind": "Solution",
                   "name": "UEBA Essentials",
@@ -1117,27 +1094,27 @@
         "packageName": "[variables('_solutionName')]",
         "packageId": "[variables('_solutionId')]",
         "contentSchemaVersion": "3.0.0",
-        "contentId": "[variables('_huntingQuerycontentId12')]",
+        "contentId": "[variables('huntingQueryObject12')._huntingQuerycontentId12]",
         "contentKind": "HuntingQuery",
         "displayName": "Anomalous Activity Role Assignment",
-        "contentProductId": "[variables('_huntingQuerycontentProductId12')]",
-        "id": "[variables('_huntingQuerycontentProductId12')]",
-        "version": "[variables('huntingQueryVersion12')]"
+        "contentProductId": "[concat(take(variables('_solutionId'),50),'-','hq','-', uniqueString(concat(variables('_solutionId'),'-','HuntingQuery','-',variables('huntingQueryObject12')._huntingQuerycontentId12,'-', '2.0.0')))]",
+        "id": "[concat(take(variables('_solutionId'),50),'-','hq','-', uniqueString(concat(variables('_solutionId'),'-','HuntingQuery','-',variables('huntingQueryObject12')._huntingQuerycontentId12,'-', '2.0.0')))]",
+        "version": "2.0.0"
       }
     },
     {
       "type": "Microsoft.OperationalInsights/workspaces/providers/contentTemplates",
       "apiVersion": "2023-04-01-preview",
-      "name": "[variables('huntingQueryTemplateSpecName13')]",
+      "name": "[variables('huntingQueryObject13').huntingQueryTemplateSpecName13]",
       "location": "[parameters('workspace-location')]",
       "dependsOn": [
         "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]"
       ],
       "properties": {
-        "description": "Anomalous Code Execution_HuntingQueries Hunting Query with template version 3.0.0",
+        "description": "Anomalous Code Execution_HuntingQueries Hunting Query with template version 3.0.1",
         "mainTemplate": {
           "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
-          "contentVersion": "[variables('huntingQueryVersion13')]",
+          "contentVersion": "[variables('huntingQueryObject13').huntingQueryVersion13]",
           "parameters": {},
           "variables": {},
           "resources": [
@@ -1171,13 +1148,13 @@
             {
               "type": "Microsoft.OperationalInsights/workspaces/providers/metadata",
               "apiVersion": "2022-01-01-preview",
-              "name": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat('HuntingQuery-', last(split(variables('huntingQueryId13'),'/'))))]",
+              "name": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat('HuntingQuery-', last(split(resourceId('Microsoft.OperationalInsights/savedSearches', variables('huntingQueryObject13')._huntingQuerycontentId13),'/'))))]",
               "properties": {
                 "description": "UEBA Essentials Hunting Query 13",
-                "parentId": "[variables('huntingQueryId13')]",
-                "contentId": "[variables('_huntingQuerycontentId13')]",
+                "parentId": "[resourceId('Microsoft.OperationalInsights/savedSearches', variables('huntingQueryObject13')._huntingQuerycontentId13)]",
+                "contentId": "[variables('huntingQueryObject13')._huntingQuerycontentId13]",
                 "kind": "HuntingQuery",
-                "version": "[variables('huntingQueryVersion13')]",
+                "version": "[variables('huntingQueryObject13').huntingQueryVersion13]",
                 "source": {
                   "kind": "Solution",
                   "name": "UEBA Essentials",
@@ -1202,27 +1179,27 @@
         "packageName": "[variables('_solutionName')]",
         "packageId": "[variables('_solutionId')]",
         "contentSchemaVersion": "3.0.0",
-        "contentId": "[variables('_huntingQuerycontentId13')]",
+        "contentId": "[variables('huntingQueryObject13')._huntingQuerycontentId13]",
         "contentKind": "HuntingQuery",
         "displayName": "Anomalous Code Execution",
-        "contentProductId": "[variables('_huntingQuerycontentProductId13')]",
-        "id": "[variables('_huntingQuerycontentProductId13')]",
-        "version": "[variables('huntingQueryVersion13')]"
+        "contentProductId": "[concat(take(variables('_solutionId'),50),'-','hq','-', uniqueString(concat(variables('_solutionId'),'-','HuntingQuery','-',variables('huntingQueryObject13')._huntingQuerycontentId13,'-', '2.0.0')))]",
+        "id": "[concat(take(variables('_solutionId'),50),'-','hq','-', uniqueString(concat(variables('_solutionId'),'-','HuntingQuery','-',variables('huntingQueryObject13')._huntingQuerycontentId13,'-', '2.0.0')))]",
+        "version": "2.0.0"
       }
     },
     {
       "type": "Microsoft.OperationalInsights/workspaces/providers/contentTemplates",
       "apiVersion": "2023-04-01-preview",
-      "name": "[variables('huntingQueryTemplateSpecName14')]",
+      "name": "[variables('huntingQueryObject14').huntingQueryTemplateSpecName14]",
       "location": "[parameters('workspace-location')]",
       "dependsOn": [
         "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]"
       ],
       "properties": {
-        "description": "Anomalous Data Access_HuntingQueries Hunting Query with template version 3.0.0",
+        "description": "Anomalous Data Access_HuntingQueries Hunting Query with template version 3.0.1",
         "mainTemplate": {
           "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
-          "contentVersion": "[variables('huntingQueryVersion14')]",
+          "contentVersion": "[variables('huntingQueryObject14').huntingQueryVersion14]",
           "parameters": {},
           "variables": {},
           "resources": [
@@ -1256,13 +1233,13 @@
             {
               "type": "Microsoft.OperationalInsights/workspaces/providers/metadata",
               "apiVersion": "2022-01-01-preview",
-              "name": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat('HuntingQuery-', last(split(variables('huntingQueryId14'),'/'))))]",
+              "name": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat('HuntingQuery-', last(split(resourceId('Microsoft.OperationalInsights/savedSearches', variables('huntingQueryObject14')._huntingQuerycontentId14),'/'))))]",
               "properties": {
                 "description": "UEBA Essentials Hunting Query 14",
-                "parentId": "[variables('huntingQueryId14')]",
-                "contentId": "[variables('_huntingQuerycontentId14')]",
+                "parentId": "[resourceId('Microsoft.OperationalInsights/savedSearches', variables('huntingQueryObject14')._huntingQuerycontentId14)]",
+                "contentId": "[variables('huntingQueryObject14')._huntingQuerycontentId14]",
                 "kind": "HuntingQuery",
-                "version": "[variables('huntingQueryVersion14')]",
+                "version": "[variables('huntingQueryObject14').huntingQueryVersion14]",
                 "source": {
                   "kind": "Solution",
                   "name": "UEBA Essentials",
@@ -1287,27 +1264,27 @@
         "packageName": "[variables('_solutionName')]",
         "packageId": "[variables('_solutionId')]",
         "contentSchemaVersion": "3.0.0",
-        "contentId": "[variables('_huntingQuerycontentId14')]",
+        "contentId": "[variables('huntingQueryObject14')._huntingQuerycontentId14]",
         "contentKind": "HuntingQuery",
         "displayName": "Anomalous Data Access",
-        "contentProductId": "[variables('_huntingQuerycontentProductId14')]",
-        "id": "[variables('_huntingQuerycontentProductId14')]",
-        "version": "[variables('huntingQueryVersion14')]"
+        "contentProductId": "[concat(take(variables('_solutionId'),50),'-','hq','-', uniqueString(concat(variables('_solutionId'),'-','HuntingQuery','-',variables('huntingQueryObject14')._huntingQuerycontentId14,'-', '2.0.0')))]",
+        "id": "[concat(take(variables('_solutionId'),50),'-','hq','-', uniqueString(concat(variables('_solutionId'),'-','HuntingQuery','-',variables('huntingQueryObject14')._huntingQuerycontentId14,'-', '2.0.0')))]",
+        "version": "2.0.0"
       }
     },
     {
       "type": "Microsoft.OperationalInsights/workspaces/providers/contentTemplates",
       "apiVersion": "2023-04-01-preview",
-      "name": "[variables('huntingQueryTemplateSpecName15')]",
+      "name": "[variables('huntingQueryObject15').huntingQueryTemplateSpecName15]",
       "location": "[parameters('workspace-location')]",
       "dependsOn": [
         "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]"
       ],
       "properties": {
-        "description": "Anomalous Defensive Mechanism Modification_HuntingQueries Hunting Query with template version 3.0.0",
+        "description": "Anomalous Defensive Mechanism Modification_HuntingQueries Hunting Query with template version 3.0.1",
         "mainTemplate": {
           "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
-          "contentVersion": "[variables('huntingQueryVersion15')]",
+          "contentVersion": "[variables('huntingQueryObject15').huntingQueryVersion15]",
           "parameters": {},
           "variables": {},
           "resources": [
@@ -1341,13 +1318,13 @@
             {
               "type": "Microsoft.OperationalInsights/workspaces/providers/metadata",
               "apiVersion": "2022-01-01-preview",
-              "name": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat('HuntingQuery-', last(split(variables('huntingQueryId15'),'/'))))]",
+              "name": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat('HuntingQuery-', last(split(resourceId('Microsoft.OperationalInsights/savedSearches', variables('huntingQueryObject15')._huntingQuerycontentId15),'/'))))]",
               "properties": {
                 "description": "UEBA Essentials Hunting Query 15",
-                "parentId": "[variables('huntingQueryId15')]",
-                "contentId": "[variables('_huntingQuerycontentId15')]",
+                "parentId": "[resourceId('Microsoft.OperationalInsights/savedSearches', variables('huntingQueryObject15')._huntingQuerycontentId15)]",
+                "contentId": "[variables('huntingQueryObject15')._huntingQuerycontentId15]",
                 "kind": "HuntingQuery",
-                "version": "[variables('huntingQueryVersion15')]",
+                "version": "[variables('huntingQueryObject15').huntingQueryVersion15]",
                 "source": {
                   "kind": "Solution",
                   "name": "UEBA Essentials",
@@ -1372,27 +1349,27 @@
         "packageName": "[variables('_solutionName')]",
         "packageId": "[variables('_solutionId')]",
         "contentSchemaVersion": "3.0.0",
-        "contentId": "[variables('_huntingQuerycontentId15')]",
+        "contentId": "[variables('huntingQueryObject15')._huntingQuerycontentId15]",
         "contentKind": "HuntingQuery",
         "displayName": "Anomalous Defensive Mechanism Modification",
-        "contentProductId": "[variables('_huntingQuerycontentProductId15')]",
-        "id": "[variables('_huntingQuerycontentProductId15')]",
-        "version": "[variables('huntingQueryVersion15')]"
+        "contentProductId": "[concat(take(variables('_solutionId'),50),'-','hq','-', uniqueString(concat(variables('_solutionId'),'-','HuntingQuery','-',variables('huntingQueryObject15')._huntingQuerycontentId15,'-', '2.0.0')))]",
+        "id": "[concat(take(variables('_solutionId'),50),'-','hq','-', uniqueString(concat(variables('_solutionId'),'-','HuntingQuery','-',variables('huntingQueryObject15')._huntingQuerycontentId15,'-', '2.0.0')))]",
+        "version": "2.0.0"
       }
     },
     {
       "type": "Microsoft.OperationalInsights/workspaces/providers/contentTemplates",
       "apiVersion": "2023-04-01-preview",
-      "name": "[variables('huntingQueryTemplateSpecName16')]",
+      "name": "[variables('huntingQueryObject16').huntingQueryTemplateSpecName16]",
       "location": "[parameters('workspace-location')]",
       "dependsOn": [
         "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]"
       ],
       "properties": {
-        "description": "Anomalous Failed Logon_HuntingQueries Hunting Query with template version 3.0.0",
+        "description": "Anomalous Failed Logon_HuntingQueries Hunting Query with template version 3.0.1",
         "mainTemplate": {
           "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
-          "contentVersion": "[variables('huntingQueryVersion16')]",
+          "contentVersion": "[variables('huntingQueryObject16').huntingQueryVersion16]",
           "parameters": {},
           "variables": {},
           "resources": [
@@ -1426,13 +1403,13 @@
             {
               "type": "Microsoft.OperationalInsights/workspaces/providers/metadata",
               "apiVersion": "2022-01-01-preview",
-              "name": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat('HuntingQuery-', last(split(variables('huntingQueryId16'),'/'))))]",
+              "name": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat('HuntingQuery-', last(split(resourceId('Microsoft.OperationalInsights/savedSearches', variables('huntingQueryObject16')._huntingQuerycontentId16),'/'))))]",
               "properties": {
                 "description": "UEBA Essentials Hunting Query 16",
-                "parentId": "[variables('huntingQueryId16')]",
-                "contentId": "[variables('_huntingQuerycontentId16')]",
+                "parentId": "[resourceId('Microsoft.OperationalInsights/savedSearches', variables('huntingQueryObject16')._huntingQuerycontentId16)]",
+                "contentId": "[variables('huntingQueryObject16')._huntingQuerycontentId16]",
                 "kind": "HuntingQuery",
-                "version": "[variables('huntingQueryVersion16')]",
+                "version": "[variables('huntingQueryObject16').huntingQueryVersion16]",
                 "source": {
                   "kind": "Solution",
                   "name": "UEBA Essentials",
@@ -1457,27 +1434,27 @@
         "packageName": "[variables('_solutionName')]",
         "packageId": "[variables('_solutionId')]",
         "contentSchemaVersion": "3.0.0",
-        "contentId": "[variables('_huntingQuerycontentId16')]",
+        "contentId": "[variables('huntingQueryObject16')._huntingQuerycontentId16]",
         "contentKind": "HuntingQuery",
         "displayName": "Anomalous Failed Logon",
-        "contentProductId": "[variables('_huntingQuerycontentProductId16')]",
-        "id": "[variables('_huntingQuerycontentProductId16')]",
-        "version": "[variables('huntingQueryVersion16')]"
+        "contentProductId": "[concat(take(variables('_solutionId'),50),'-','hq','-', uniqueString(concat(variables('_solutionId'),'-','HuntingQuery','-',variables('huntingQueryObject16')._huntingQuerycontentId16,'-', '2.0.0')))]",
+        "id": "[concat(take(variables('_solutionId'),50),'-','hq','-', uniqueString(concat(variables('_solutionId'),'-','HuntingQuery','-',variables('huntingQueryObject16')._huntingQuerycontentId16,'-', '2.0.0')))]",
+        "version": "2.0.0"
       }
     },
     {
       "type": "Microsoft.OperationalInsights/workspaces/providers/contentTemplates",
       "apiVersion": "2023-04-01-preview",
-      "name": "[variables('huntingQueryTemplateSpecName17')]",
+      "name": "[variables('huntingQueryObject17').huntingQueryTemplateSpecName17]",
       "location": "[parameters('workspace-location')]",
       "dependsOn": [
         "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]"
       ],
       "properties": {
-        "description": "Anomalous Login to Devices_HuntingQueries Hunting Query with template version 3.0.0",
+        "description": "Anomalous Login to Devices_HuntingQueries Hunting Query with template version 3.0.1",
         "mainTemplate": {
           "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
-          "contentVersion": "[variables('huntingQueryVersion17')]",
+          "contentVersion": "[variables('huntingQueryObject17').huntingQueryVersion17]",
           "parameters": {},
           "variables": {},
           "resources": [
@@ -1511,13 +1488,13 @@
             {
               "type": "Microsoft.OperationalInsights/workspaces/providers/metadata",
               "apiVersion": "2022-01-01-preview",
-              "name": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat('HuntingQuery-', last(split(variables('huntingQueryId17'),'/'))))]",
+              "name": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat('HuntingQuery-', last(split(resourceId('Microsoft.OperationalInsights/savedSearches', variables('huntingQueryObject17')._huntingQuerycontentId17),'/'))))]",
               "properties": {
                 "description": "UEBA Essentials Hunting Query 17",
-                "parentId": "[variables('huntingQueryId17')]",
-                "contentId": "[variables('_huntingQuerycontentId17')]",
+                "parentId": "[resourceId('Microsoft.OperationalInsights/savedSearches', variables('huntingQueryObject17')._huntingQuerycontentId17)]",
+                "contentId": "[variables('huntingQueryObject17')._huntingQuerycontentId17]",
                 "kind": "HuntingQuery",
-                "version": "[variables('huntingQueryVersion17')]",
+                "version": "[variables('huntingQueryObject17').huntingQueryVersion17]",
                 "source": {
                   "kind": "Solution",
                   "name": "UEBA Essentials",
@@ -1542,27 +1519,27 @@
         "packageName": "[variables('_solutionName')]",
         "packageId": "[variables('_solutionId')]",
         "contentSchemaVersion": "3.0.0",
-        "contentId": "[variables('_huntingQuerycontentId17')]",
+        "contentId": "[variables('huntingQueryObject17')._huntingQuerycontentId17]",
         "contentKind": "HuntingQuery",
         "displayName": "Anomalous Login to Devices",
-        "contentProductId": "[variables('_huntingQuerycontentProductId17')]",
-        "id": "[variables('_huntingQuerycontentProductId17')]",
-        "version": "[variables('huntingQueryVersion17')]"
+        "contentProductId": "[concat(take(variables('_solutionId'),50),'-','hq','-', uniqueString(concat(variables('_solutionId'),'-','HuntingQuery','-',variables('huntingQueryObject17')._huntingQuerycontentId17,'-', '2.0.0')))]",
+        "id": "[concat(take(variables('_solutionId'),50),'-','hq','-', uniqueString(concat(variables('_solutionId'),'-','HuntingQuery','-',variables('huntingQueryObject17')._huntingQuerycontentId17,'-', '2.0.0')))]",
+        "version": "2.0.0"
       }
     },
     {
       "type": "Microsoft.OperationalInsights/workspaces/providers/contentTemplates",
       "apiVersion": "2023-04-01-preview",
-      "name": "[variables('huntingQueryTemplateSpecName18')]",
+      "name": "[variables('huntingQueryObject18').huntingQueryTemplateSpecName18]",
       "location": "[parameters('workspace-location')]",
       "dependsOn": [
         "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]"
       ],
       "properties": {
-        "description": "Anomalous Geo Location Logon_HuntingQueries Hunting Query with template version 3.0.0",
+        "description": "Anomalous Geo Location Logon_HuntingQueries Hunting Query with template version 3.0.1",
         "mainTemplate": {
           "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
-          "contentVersion": "[variables('huntingQueryVersion18')]",
+          "contentVersion": "[variables('huntingQueryObject18').huntingQueryVersion18]",
           "parameters": {},
           "variables": {},
           "resources": [
@@ -1596,13 +1573,13 @@
             {
               "type": "Microsoft.OperationalInsights/workspaces/providers/metadata",
               "apiVersion": "2022-01-01-preview",
-              "name": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat('HuntingQuery-', last(split(variables('huntingQueryId18'),'/'))))]",
+              "name": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat('HuntingQuery-', last(split(resourceId('Microsoft.OperationalInsights/savedSearches', variables('huntingQueryObject18')._huntingQuerycontentId18),'/'))))]",
               "properties": {
                 "description": "UEBA Essentials Hunting Query 18",
-                "parentId": "[variables('huntingQueryId18')]",
-                "contentId": "[variables('_huntingQuerycontentId18')]",
+                "parentId": "[resourceId('Microsoft.OperationalInsights/savedSearches', variables('huntingQueryObject18')._huntingQuerycontentId18)]",
+                "contentId": "[variables('huntingQueryObject18')._huntingQuerycontentId18]",
                 "kind": "HuntingQuery",
-                "version": "[variables('huntingQueryVersion18')]",
+                "version": "[variables('huntingQueryObject18').huntingQueryVersion18]",
                 "source": {
                   "kind": "Solution",
                   "name": "UEBA Essentials",
@@ -1627,27 +1604,27 @@
         "packageName": "[variables('_solutionName')]",
         "packageId": "[variables('_solutionId')]",
         "contentSchemaVersion": "3.0.0",
-        "contentId": "[variables('_huntingQuerycontentId18')]",
+        "contentId": "[variables('huntingQueryObject18')._huntingQuerycontentId18]",
         "contentKind": "HuntingQuery",
         "displayName": "Anomalous Geo Location Logon",
-        "contentProductId": "[variables('_huntingQuerycontentProductId18')]",
-        "id": "[variables('_huntingQuerycontentProductId18')]",
-        "version": "[variables('huntingQueryVersion18')]"
+        "contentProductId": "[concat(take(variables('_solutionId'),50),'-','hq','-', uniqueString(concat(variables('_solutionId'),'-','HuntingQuery','-',variables('huntingQueryObject18')._huntingQuerycontentId18,'-', '2.0.0')))]",
+        "id": "[concat(take(variables('_solutionId'),50),'-','hq','-', uniqueString(concat(variables('_solutionId'),'-','HuntingQuery','-',variables('huntingQueryObject18')._huntingQuerycontentId18,'-', '2.0.0')))]",
+        "version": "2.0.0"
       }
     },
     {
       "type": "Microsoft.OperationalInsights/workspaces/providers/contentTemplates",
       "apiVersion": "2023-04-01-preview",
-      "name": "[variables('huntingQueryTemplateSpecName19')]",
+      "name": "[variables('huntingQueryObject19').huntingQueryTemplateSpecName19]",
       "location": "[parameters('workspace-location')]",
       "dependsOn": [
         "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]"
       ],
       "properties": {
-        "description": "Anomalous Password Reset_HuntingQueries Hunting Query with template version 3.0.0",
+        "description": "Anomalous Password Reset_HuntingQueries Hunting Query with template version 3.0.1",
         "mainTemplate": {
           "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
-          "contentVersion": "[variables('huntingQueryVersion19')]",
+          "contentVersion": "[variables('huntingQueryObject19').huntingQueryVersion19]",
           "parameters": {},
           "variables": {},
           "resources": [
@@ -1681,13 +1658,13 @@
             {
               "type": "Microsoft.OperationalInsights/workspaces/providers/metadata",
               "apiVersion": "2022-01-01-preview",
-              "name": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat('HuntingQuery-', last(split(variables('huntingQueryId19'),'/'))))]",
+              "name": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat('HuntingQuery-', last(split(resourceId('Microsoft.OperationalInsights/savedSearches', variables('huntingQueryObject19')._huntingQuerycontentId19),'/'))))]",
               "properties": {
                 "description": "UEBA Essentials Hunting Query 19",
-                "parentId": "[variables('huntingQueryId19')]",
-                "contentId": "[variables('_huntingQuerycontentId19')]",
+                "parentId": "[resourceId('Microsoft.OperationalInsights/savedSearches', variables('huntingQueryObject19')._huntingQuerycontentId19)]",
+                "contentId": "[variables('huntingQueryObject19')._huntingQuerycontentId19]",
                 "kind": "HuntingQuery",
-                "version": "[variables('huntingQueryVersion19')]",
+                "version": "[variables('huntingQueryObject19').huntingQueryVersion19]",
                 "source": {
                   "kind": "Solution",
                   "name": "UEBA Essentials",
@@ -1712,27 +1689,27 @@
         "packageName": "[variables('_solutionName')]",
         "packageId": "[variables('_solutionId')]",
         "contentSchemaVersion": "3.0.0",
-        "contentId": "[variables('_huntingQuerycontentId19')]",
+        "contentId": "[variables('huntingQueryObject19')._huntingQuerycontentId19]",
         "contentKind": "HuntingQuery",
         "displayName": "Anomalous Password Reset",
-        "contentProductId": "[variables('_huntingQuerycontentProductId19')]",
-        "id": "[variables('_huntingQuerycontentProductId19')]",
-        "version": "[variables('huntingQueryVersion19')]"
+        "contentProductId": "[concat(take(variables('_solutionId'),50),'-','hq','-', uniqueString(concat(variables('_solutionId'),'-','HuntingQuery','-',variables('huntingQueryObject19')._huntingQuerycontentId19,'-', '2.0.0')))]",
+        "id": "[concat(take(variables('_solutionId'),50),'-','hq','-', uniqueString(concat(variables('_solutionId'),'-','HuntingQuery','-',variables('huntingQueryObject19')._huntingQuerycontentId19,'-', '2.0.0')))]",
+        "version": "2.0.0"
       }
     },
     {
       "type": "Microsoft.OperationalInsights/workspaces/providers/contentTemplates",
       "apiVersion": "2023-04-01-preview",
-      "name": "[variables('huntingQueryTemplateSpecName20')]",
+      "name": "[variables('huntingQueryObject20').huntingQueryTemplateSpecName20]",
       "location": "[parameters('workspace-location')]",
       "dependsOn": [
         "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]"
       ],
       "properties": {
-        "description": "Anomalous RDP Activity_HuntingQueries Hunting Query with template version 3.0.0",
+        "description": "Anomalous RDP Activity_HuntingQueries Hunting Query with template version 3.0.1",
         "mainTemplate": {
           "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
-          "contentVersion": "[variables('huntingQueryVersion20')]",
+          "contentVersion": "[variables('huntingQueryObject20').huntingQueryVersion20]",
           "parameters": {},
           "variables": {},
           "resources": [
@@ -1766,13 +1743,13 @@
             {
               "type": "Microsoft.OperationalInsights/workspaces/providers/metadata",
               "apiVersion": "2022-01-01-preview",
-              "name": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat('HuntingQuery-', last(split(variables('huntingQueryId20'),'/'))))]",
+              "name": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat('HuntingQuery-', last(split(resourceId('Microsoft.OperationalInsights/savedSearches', variables('huntingQueryObject20')._huntingQuerycontentId20),'/'))))]",
               "properties": {
                 "description": "UEBA Essentials Hunting Query 20",
-                "parentId": "[variables('huntingQueryId20')]",
-                "contentId": "[variables('_huntingQuerycontentId20')]",
+                "parentId": "[resourceId('Microsoft.OperationalInsights/savedSearches', variables('huntingQueryObject20')._huntingQuerycontentId20)]",
+                "contentId": "[variables('huntingQueryObject20')._huntingQuerycontentId20]",
                 "kind": "HuntingQuery",
-                "version": "[variables('huntingQueryVersion20')]",
+                "version": "[variables('huntingQueryObject20').huntingQueryVersion20]",
                 "source": {
                   "kind": "Solution",
                   "name": "UEBA Essentials",
@@ -1797,27 +1774,27 @@
         "packageName": "[variables('_solutionName')]",
         "packageId": "[variables('_solutionId')]",
         "contentSchemaVersion": "3.0.0",
-        "contentId": "[variables('_huntingQuerycontentId20')]",
+        "contentId": "[variables('huntingQueryObject20')._huntingQuerycontentId20]",
         "contentKind": "HuntingQuery",
         "displayName": "Anomalous RDP Activity",
-        "contentProductId": "[variables('_huntingQuerycontentProductId20')]",
-        "id": "[variables('_huntingQuerycontentProductId20')]",
-        "version": "[variables('huntingQueryVersion20')]"
+        "contentProductId": "[concat(take(variables('_solutionId'),50),'-','hq','-', uniqueString(concat(variables('_solutionId'),'-','HuntingQuery','-',variables('huntingQueryObject20')._huntingQuerycontentId20,'-', '2.0.0')))]",
+        "id": "[concat(take(variables('_solutionId'),50),'-','hq','-', uniqueString(concat(variables('_solutionId'),'-','HuntingQuery','-',variables('huntingQueryObject20')._huntingQuerycontentId20,'-', '2.0.0')))]",
+        "version": "2.0.0"
       }
     },
     {
       "type": "Microsoft.OperationalInsights/workspaces/providers/contentTemplates",
       "apiVersion": "2023-04-01-preview",
-      "name": "[variables('huntingQueryTemplateSpecName21')]",
+      "name": "[variables('huntingQueryObject21').huntingQueryTemplateSpecName21]",
       "location": "[parameters('workspace-location')]",
       "dependsOn": [
         "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]"
       ],
       "properties": {
-        "description": "Anomalous Resource Access_HuntingQueries Hunting Query with template version 3.0.0",
+        "description": "Anomalous Resource Access_HuntingQueries Hunting Query with template version 3.0.1",
         "mainTemplate": {
           "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
-          "contentVersion": "[variables('huntingQueryVersion21')]",
+          "contentVersion": "[variables('huntingQueryObject21').huntingQueryVersion21]",
           "parameters": {},
           "variables": {},
           "resources": [
@@ -1851,13 +1828,13 @@
             {
               "type": "Microsoft.OperationalInsights/workspaces/providers/metadata",
               "apiVersion": "2022-01-01-preview",
-              "name": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat('HuntingQuery-', last(split(variables('huntingQueryId21'),'/'))))]",
+              "name": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat('HuntingQuery-', last(split(resourceId('Microsoft.OperationalInsights/savedSearches', variables('huntingQueryObject21')._huntingQuerycontentId21),'/'))))]",
               "properties": {
                 "description": "UEBA Essentials Hunting Query 21",
-                "parentId": "[variables('huntingQueryId21')]",
-                "contentId": "[variables('_huntingQuerycontentId21')]",
+                "parentId": "[resourceId('Microsoft.OperationalInsights/savedSearches', variables('huntingQueryObject21')._huntingQuerycontentId21)]",
+                "contentId": "[variables('huntingQueryObject21')._huntingQuerycontentId21]",
                 "kind": "HuntingQuery",
-                "version": "[variables('huntingQueryVersion21')]",
+                "version": "[variables('huntingQueryObject21').huntingQueryVersion21]",
                 "source": {
                   "kind": "Solution",
                   "name": "UEBA Essentials",
@@ -1882,27 +1859,27 @@
         "packageName": "[variables('_solutionName')]",
         "packageId": "[variables('_solutionId')]",
         "contentSchemaVersion": "3.0.0",
-        "contentId": "[variables('_huntingQuerycontentId21')]",
+        "contentId": "[variables('huntingQueryObject21')._huntingQuerycontentId21]",
         "contentKind": "HuntingQuery",
         "displayName": "Anomalous Resource Access",
-        "contentProductId": "[variables('_huntingQuerycontentProductId21')]",
-        "id": "[variables('_huntingQuerycontentProductId21')]",
-        "version": "[variables('huntingQueryVersion21')]"
+        "contentProductId": "[concat(take(variables('_solutionId'),50),'-','hq','-', uniqueString(concat(variables('_solutionId'),'-','HuntingQuery','-',variables('huntingQueryObject21')._huntingQuerycontentId21,'-', '2.0.0')))]",
+        "id": "[concat(take(variables('_solutionId'),50),'-','hq','-', uniqueString(concat(variables('_solutionId'),'-','HuntingQuery','-',variables('huntingQueryObject21')._huntingQuerycontentId21,'-', '2.0.0')))]",
+        "version": "2.0.0"
       }
     },
     {
       "type": "Microsoft.OperationalInsights/workspaces/providers/contentTemplates",
       "apiVersion": "2023-04-01-preview",
-      "name": "[variables('huntingQueryTemplateSpecName22')]",
+      "name": "[variables('huntingQueryObject22').huntingQueryTemplateSpecName22]",
       "location": "[parameters('workspace-location')]",
       "dependsOn": [
         "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]"
       ],
       "properties": {
-        "description": "Anomalous Role Assignment_HuntingQueries Hunting Query with template version 3.0.0",
+        "description": "Anomalous Role Assignment_HuntingQueries Hunting Query with template version 3.0.1",
         "mainTemplate": {
           "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
-          "contentVersion": "[variables('huntingQueryVersion22')]",
+          "contentVersion": "[variables('huntingQueryObject22').huntingQueryVersion22]",
           "parameters": {},
           "variables": {},
           "resources": [
@@ -1936,13 +1913,13 @@
             {
               "type": "Microsoft.OperationalInsights/workspaces/providers/metadata",
               "apiVersion": "2022-01-01-preview",
-              "name": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat('HuntingQuery-', last(split(variables('huntingQueryId22'),'/'))))]",
+              "name": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat('HuntingQuery-', last(split(resourceId('Microsoft.OperationalInsights/savedSearches', variables('huntingQueryObject22')._huntingQuerycontentId22),'/'))))]",
               "properties": {
                 "description": "UEBA Essentials Hunting Query 22",
-                "parentId": "[variables('huntingQueryId22')]",
-                "contentId": "[variables('_huntingQuerycontentId22')]",
+                "parentId": "[resourceId('Microsoft.OperationalInsights/savedSearches', variables('huntingQueryObject22')._huntingQuerycontentId22)]",
+                "contentId": "[variables('huntingQueryObject22')._huntingQuerycontentId22]",
                 "kind": "HuntingQuery",
-                "version": "[variables('huntingQueryVersion22')]",
+                "version": "[variables('huntingQueryObject22').huntingQueryVersion22]",
                 "source": {
                   "kind": "Solution",
                   "name": "UEBA Essentials",
@@ -1967,27 +1944,27 @@
         "packageName": "[variables('_solutionName')]",
         "packageId": "[variables('_solutionId')]",
         "contentSchemaVersion": "3.0.0",
-        "contentId": "[variables('_huntingQuerycontentId22')]",
+        "contentId": "[variables('huntingQueryObject22')._huntingQuerycontentId22]",
         "contentKind": "HuntingQuery",
         "displayName": "Anomalous Role Assignment",
-        "contentProductId": "[variables('_huntingQuerycontentProductId22')]",
-        "id": "[variables('_huntingQuerycontentProductId22')]",
-        "version": "[variables('huntingQueryVersion22')]"
+        "contentProductId": "[concat(take(variables('_solutionId'),50),'-','hq','-', uniqueString(concat(variables('_solutionId'),'-','HuntingQuery','-',variables('huntingQueryObject22')._huntingQuerycontentId22,'-', '2.0.0')))]",
+        "id": "[concat(take(variables('_solutionId'),50),'-','hq','-', uniqueString(concat(variables('_solutionId'),'-','HuntingQuery','-',variables('huntingQueryObject22')._huntingQuerycontentId22,'-', '2.0.0')))]",
+        "version": "2.0.0"
       }
     },
     {
       "type": "Microsoft.OperationalInsights/workspaces/providers/contentTemplates",
       "apiVersion": "2023-04-01-preview",
-      "name": "[variables('huntingQueryTemplateSpecName23')]",
+      "name": "[variables('huntingQueryObject23').huntingQueryTemplateSpecName23]",
       "location": "[parameters('workspace-location')]",
       "dependsOn": [
         "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]"
       ],
       "properties": {
-        "description": "Anomalous Sign-in Activity_HuntingQueries Hunting Query with template version 3.0.0",
+        "description": "Anomalous Sign-in Activity_HuntingQueries Hunting Query with template version 3.0.1",
         "mainTemplate": {
           "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
-          "contentVersion": "[variables('huntingQueryVersion23')]",
+          "contentVersion": "[variables('huntingQueryObject23').huntingQueryVersion23]",
           "parameters": {},
           "variables": {},
           "resources": [
@@ -2000,7 +1977,7 @@
                 "eTag": "*",
                 "displayName": "Anomalous Sign-in Activity",
                 "category": "Hunting Queries",
-                "query": "BehaviorAnalytics\n| where ActionType =~ \"Sign-in\"\n| where UsersInsights.IsNewAccount == True or UsersInsights.IsDormantAccount == True or ActivityInsights has \"True\"\n| join kind = inner (\nSigninLogs | where Status.errorCode == 0 or Status.errorCode == 0 and RiskDetail !~ \"none\"\n) on $left.SourceRecordId == $right._ItemId \n| extend UserPrincipalName = iff(UserPrincipalName has \"#EXT#\",replace_string(tostring(split(UserPrincipalName, \"#\")[0]),\"_\",\"@\"),UserPrincipalName),\nUserName = iff(UserName has \"#EXT#\",replace_string(tostring(split(UserPrincipalName, \"#\")[0]),\"_\",\"@\"),UserName)\n| project TimeGenerated, UserName, UserPrincipalName, UsersInsights, ActivityType, ActionType, [\"Evidence\"]=ActivityInsights, ResourceDisplayName, AppDisplayName, SourceIPAddress, SourceIPLocation, SourceDevice, DevicesInsights, ResourceId\n| extend Name=tostring(split(UserPrincipalName, \"@\")[0]), UPNSuffix=tostring(split(UserPrincipalName, \"@\")[1])\n| extend Account_0_Name = Name\n| extend Account_0_UPNSuffix = UPNSuffix\n| extend IP_0_Address = SourceIPAddress\n| extend AzureResource_0_ResourceId = ResourceId\n",
+                "query": "BehaviorAnalytics\n| where ActionType =~ \"Sign-in\"\n| where UsersInsights.IsNewAccount == True or UsersInsights.IsDormantAccount == True or ActivityInsights has \"True\"\n| join kind = inner (\nSigninLogs | where  (Status.errorCode == 0 and RiskDetail !~ \"none\")\n) on $left.SourceRecordId == $right._ItemId \n| extend UserPrincipalName = iff(UserPrincipalName has \"#EXT#\",replace_string(tostring(split(UserPrincipalName, \"#\")[0]),\"_\",\"@\"),UserPrincipalName),\nUserName = iff(UserName has \"#EXT#\",replace_string(tostring(split(UserPrincipalName, \"#\")[0]),\"_\",\"@\"),UserName)\n| project TimeGenerated, UserName, UserPrincipalName, UsersInsights, ActivityType, ActionType, [\"Evidence\"]=ActivityInsights, ResourceDisplayName, AppDisplayName, SourceIPAddress, SourceIPLocation, SourceDevice, DevicesInsights, ResourceId\n| extend Name=tostring(split(UserPrincipalName, \"@\")[0]), UPNSuffix=tostring(split(UserPrincipalName, \"@\")[1])\n| extend Account_0_Name = Name\n| extend Account_0_UPNSuffix = UPNSuffix\n| extend IP_0_Address = SourceIPAddress\n| extend AzureResource_0_ResourceId = ResourceId\n",
                 "version": 2,
                 "tags": [
                   {
@@ -2021,13 +1998,13 @@
             {
               "type": "Microsoft.OperationalInsights/workspaces/providers/metadata",
               "apiVersion": "2022-01-01-preview",
-              "name": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat('HuntingQuery-', last(split(variables('huntingQueryId23'),'/'))))]",
+              "name": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat('HuntingQuery-', last(split(resourceId('Microsoft.OperationalInsights/savedSearches', variables('huntingQueryObject23')._huntingQuerycontentId23),'/'))))]",
               "properties": {
                 "description": "UEBA Essentials Hunting Query 23",
-                "parentId": "[variables('huntingQueryId23')]",
-                "contentId": "[variables('_huntingQuerycontentId23')]",
+                "parentId": "[resourceId('Microsoft.OperationalInsights/savedSearches', variables('huntingQueryObject23')._huntingQuerycontentId23)]",
+                "contentId": "[variables('huntingQueryObject23')._huntingQuerycontentId23]",
                 "kind": "HuntingQuery",
-                "version": "[variables('huntingQueryVersion23')]",
+                "version": "[variables('huntingQueryObject23').huntingQueryVersion23]",
                 "source": {
                   "kind": "Solution",
                   "name": "UEBA Essentials",
@@ -2052,12 +2029,12 @@
         "packageName": "[variables('_solutionName')]",
         "packageId": "[variables('_solutionId')]",
         "contentSchemaVersion": "3.0.0",
-        "contentId": "[variables('_huntingQuerycontentId23')]",
+        "contentId": "[variables('huntingQueryObject23')._huntingQuerycontentId23]",
         "contentKind": "HuntingQuery",
         "displayName": "Anomalous Sign-in Activity",
-        "contentProductId": "[variables('_huntingQuerycontentProductId23')]",
-        "id": "[variables('_huntingQuerycontentProductId23')]",
-        "version": "[variables('huntingQueryVersion23')]"
+        "contentProductId": "[concat(take(variables('_solutionId'),50),'-','hq','-', uniqueString(concat(variables('_solutionId'),'-','HuntingQuery','-',variables('huntingQueryObject23')._huntingQuerycontentId23,'-', '2.0.1')))]",
+        "id": "[concat(take(variables('_solutionId'),50),'-','hq','-', uniqueString(concat(variables('_solutionId'),'-','HuntingQuery','-',variables('huntingQueryObject23')._huntingQuerycontentId23,'-', '2.0.1')))]",
+        "version": "2.0.1"
       }
     },
     {
@@ -2065,12 +2042,12 @@
       "apiVersion": "2023-04-01-preview",
       "location": "[parameters('workspace-location')]",
       "properties": {
-        "version": "3.0.0",
+        "version": "3.0.1",
         "kind": "Solution",
         "contentSchemaVersion": "3.0.0",
         "displayName": "UEBA Essentials",
         "publisherDisplayName": "Microsoft Sentinel, Microsoft Corporation",
-        "descriptionHtml": "<p><strong>Note:</strong> <em>There may be <a href=\"https://aka.ms/sentinelsolutionsknownissues\">known issues</a> pertaining to this Solution, please refer to them before installing.</em></p>\n<p>The Sentinel UEBA content package will provide you with various queries based on UEBA tables, that allows you to hunt for tailored threat scenarios. You’ll be able to investigate and search for anomalous activities over UEBA’s enriched data, and get inspired to customize queries according to your own use-cases.</p>\n<p><strong>Important :</strong> Some of the queries that are part of this solution, make use of <a href=\"https://docs.microsoft.com/azure/sentinel/watchlist-schemas\">Built-in Watchlist Templates</a> and will not work unless the corresponding watchlist is created. Other queries may requires changes to match your environment details.</p>\n<p><strong>Hunting Queries:</strong> 23</p>\n<p><a href=\"https://aka.ms/azuresentinel\">Learn more about Microsoft Sentinel</a> | <a href=\"https://aka.ms/azuresentinelsolutionsdoc\">Learn more about Solutions</a></p>\n",
+        "descriptionHtml": "<p><strong>Note:</strong> Please refer to the following before installing the solution:</p>\n<p>• Review the solution <a href=\"https://github.com/Azure/Azure-Sentinel/tree/master/Solutions/UEBA%20Essentials/ReleaseNotes.md\">Release Notes</a></p>\n<p>• There may be <a href=\"https://aka.ms/sentinelsolutionsknownissues\">known issues</a> pertaining to this Solution, please refer to them before installing.</p>\n<p>The Sentinel UEBA content package will provide you with various queries based on UEBA tables, that allows you to hunt for tailored threat scenarios. You'll be able to investigate and search for anomalous activities over UEBA's enriched data, and get inspired to customize queries according to your own use-cases.</p>\n<p><strong>Important :</strong> Some of the queries that are part of this solution, make use of <a href=\"https://docs.microsoft.com/azure/sentinel/watchlist-schemas\">Built-in Watchlist Templates</a> and will not work unless the corresponding watchlist is created. Other queries may requires changes to match your environment details.</p>\n<p><strong>Hunting Queries:</strong> 23</p>\n<p><a href=\"https://aka.ms/azuresentinel\">Learn more about Microsoft Sentinel</a> | <a href=\"https://aka.ms/azuresentinelsolutionsdoc\">Learn more about Solutions</a></p>\n",
         "contentKind": "Solution",
         "contentProductId": "[variables('_solutioncontentProductId')]",
         "id": "[variables('_solutioncontentProductId')]",
@@ -2097,118 +2074,118 @@
           "criteria": [
             {
               "kind": "HuntingQuery",
-              "contentId": "[variables('_huntingQuerycontentId1')]",
-              "version": "[variables('huntingQueryVersion1')]"
+              "contentId": "[variables('huntingQueryObject1')._huntingQuerycontentId1]",
+              "version": "[variables('huntingQueryObject1').huntingQueryVersion1]"
             },
             {
               "kind": "HuntingQuery",
-              "contentId": "[variables('_huntingQuerycontentId2')]",
-              "version": "[variables('huntingQueryVersion2')]"
+              "contentId": "[variables('huntingQueryObject2')._huntingQuerycontentId2]",
+              "version": "[variables('huntingQueryObject2').huntingQueryVersion2]"
             },
             {
               "kind": "HuntingQuery",
-              "contentId": "[variables('_huntingQuerycontentId3')]",
-              "version": "[variables('huntingQueryVersion3')]"
+              "contentId": "[variables('huntingQueryObject3')._huntingQuerycontentId3]",
+              "version": "[variables('huntingQueryObject3').huntingQueryVersion3]"
             },
             {
               "kind": "HuntingQuery",
-              "contentId": "[variables('_huntingQuerycontentId4')]",
-              "version": "[variables('huntingQueryVersion4')]"
+              "contentId": "[variables('huntingQueryObject4')._huntingQuerycontentId4]",
+              "version": "[variables('huntingQueryObject4').huntingQueryVersion4]"
             },
             {
               "kind": "HuntingQuery",
-              "contentId": "[variables('_huntingQuerycontentId5')]",
-              "version": "[variables('huntingQueryVersion5')]"
+              "contentId": "[variables('huntingQueryObject5')._huntingQuerycontentId5]",
+              "version": "[variables('huntingQueryObject5').huntingQueryVersion5]"
             },
             {
               "kind": "HuntingQuery",
-              "contentId": "[variables('_huntingQuerycontentId6')]",
-              "version": "[variables('huntingQueryVersion6')]"
+              "contentId": "[variables('huntingQueryObject6')._huntingQuerycontentId6]",
+              "version": "[variables('huntingQueryObject6').huntingQueryVersion6]"
             },
             {
               "kind": "HuntingQuery",
-              "contentId": "[variables('_huntingQuerycontentId7')]",
-              "version": "[variables('huntingQueryVersion7')]"
+              "contentId": "[variables('huntingQueryObject7')._huntingQuerycontentId7]",
+              "version": "[variables('huntingQueryObject7').huntingQueryVersion7]"
             },
             {
               "kind": "HuntingQuery",
-              "contentId": "[variables('_huntingQuerycontentId8')]",
-              "version": "[variables('huntingQueryVersion8')]"
+              "contentId": "[variables('huntingQueryObject8')._huntingQuerycontentId8]",
+              "version": "[variables('huntingQueryObject8').huntingQueryVersion8]"
             },
             {
               "kind": "HuntingQuery",
-              "contentId": "[variables('_huntingQuerycontentId9')]",
-              "version": "[variables('huntingQueryVersion9')]"
+              "contentId": "[variables('huntingQueryObject9')._huntingQuerycontentId9]",
+              "version": "[variables('huntingQueryObject9').huntingQueryVersion9]"
             },
             {
               "kind": "HuntingQuery",
-              "contentId": "[variables('_huntingQuerycontentId10')]",
-              "version": "[variables('huntingQueryVersion10')]"
+              "contentId": "[variables('huntingQueryObject10')._huntingQuerycontentId10]",
+              "version": "[variables('huntingQueryObject10').huntingQueryVersion10]"
             },
             {
               "kind": "HuntingQuery",
-              "contentId": "[variables('_huntingQuerycontentId11')]",
-              "version": "[variables('huntingQueryVersion11')]"
+              "contentId": "[variables('huntingQueryObject11')._huntingQuerycontentId11]",
+              "version": "[variables('huntingQueryObject11').huntingQueryVersion11]"
             },
             {
               "kind": "HuntingQuery",
-              "contentId": "[variables('_huntingQuerycontentId12')]",
-              "version": "[variables('huntingQueryVersion12')]"
+              "contentId": "[variables('huntingQueryObject12')._huntingQuerycontentId12]",
+              "version": "[variables('huntingQueryObject12').huntingQueryVersion12]"
             },
             {
               "kind": "HuntingQuery",
-              "contentId": "[variables('_huntingQuerycontentId13')]",
-              "version": "[variables('huntingQueryVersion13')]"
+              "contentId": "[variables('huntingQueryObject13')._huntingQuerycontentId13]",
+              "version": "[variables('huntingQueryObject13').huntingQueryVersion13]"
             },
             {
               "kind": "HuntingQuery",
-              "contentId": "[variables('_huntingQuerycontentId14')]",
-              "version": "[variables('huntingQueryVersion14')]"
+              "contentId": "[variables('huntingQueryObject14')._huntingQuerycontentId14]",
+              "version": "[variables('huntingQueryObject14').huntingQueryVersion14]"
             },
             {
               "kind": "HuntingQuery",
-              "contentId": "[variables('_huntingQuerycontentId15')]",
-              "version": "[variables('huntingQueryVersion15')]"
+              "contentId": "[variables('huntingQueryObject15')._huntingQuerycontentId15]",
+              "version": "[variables('huntingQueryObject15').huntingQueryVersion15]"
             },
             {
               "kind": "HuntingQuery",
-              "contentId": "[variables('_huntingQuerycontentId16')]",
-              "version": "[variables('huntingQueryVersion16')]"
+              "contentId": "[variables('huntingQueryObject16')._huntingQuerycontentId16]",
+              "version": "[variables('huntingQueryObject16').huntingQueryVersion16]"
             },
             {
               "kind": "HuntingQuery",
-              "contentId": "[variables('_huntingQuerycontentId17')]",
-              "version": "[variables('huntingQueryVersion17')]"
+              "contentId": "[variables('huntingQueryObject17')._huntingQuerycontentId17]",
+              "version": "[variables('huntingQueryObject17').huntingQueryVersion17]"
             },
             {
               "kind": "HuntingQuery",
-              "contentId": "[variables('_huntingQuerycontentId18')]",
-              "version": "[variables('huntingQueryVersion18')]"
+              "contentId": "[variables('huntingQueryObject18')._huntingQuerycontentId18]",
+              "version": "[variables('huntingQueryObject18').huntingQueryVersion18]"
             },
             {
               "kind": "HuntingQuery",
-              "contentId": "[variables('_huntingQuerycontentId19')]",
-              "version": "[variables('huntingQueryVersion19')]"
+              "contentId": "[variables('huntingQueryObject19')._huntingQuerycontentId19]",
+              "version": "[variables('huntingQueryObject19').huntingQueryVersion19]"
             },
             {
               "kind": "HuntingQuery",
-              "contentId": "[variables('_huntingQuerycontentId20')]",
-              "version": "[variables('huntingQueryVersion20')]"
+              "contentId": "[variables('huntingQueryObject20')._huntingQuerycontentId20]",
+              "version": "[variables('huntingQueryObject20').huntingQueryVersion20]"
             },
             {
               "kind": "HuntingQuery",
-              "contentId": "[variables('_huntingQuerycontentId21')]",
-              "version": "[variables('huntingQueryVersion21')]"
+              "contentId": "[variables('huntingQueryObject21')._huntingQuerycontentId21]",
+              "version": "[variables('huntingQueryObject21').huntingQueryVersion21]"
             },
             {
               "kind": "HuntingQuery",
-              "contentId": "[variables('_huntingQuerycontentId22')]",
-              "version": "[variables('huntingQueryVersion22')]"
+              "contentId": "[variables('huntingQueryObject22')._huntingQuerycontentId22]",
+              "version": "[variables('huntingQueryObject22').huntingQueryVersion22]"
             },
             {
               "kind": "HuntingQuery",
-              "contentId": "[variables('_huntingQuerycontentId23')]",
-              "version": "[variables('huntingQueryVersion23')]"
+              "contentId": "[variables('huntingQueryObject23')._huntingQuerycontentId23]",
+              "version": "[variables('huntingQueryObject23').huntingQueryVersion23]"
             }
           ]
         },
diff --git a/Solutions/UEBA Essentials/Package/testParameters.json b/Solutions/UEBA Essentials/Package/testParameters.json
new file mode 100644
index 0000000000..e55ec41a9a
--- /dev/null
+++ b/Solutions/UEBA Essentials/Package/testParameters.json	
@@ -0,0 +1,24 @@
+{
+  "location": {
+    "type": "string",
+    "minLength": 1,
+    "defaultValue": "[resourceGroup().location]",
+    "metadata": {
+      "description": "Not used, but needed to pass arm-ttk test `Location-Should-Not-Be-Hardcoded`.  We instead use the `workspace-location` which is derived from the LA workspace"
+    }
+  },
+  "workspace-location": {
+    "type": "string",
+    "defaultValue": "",
+    "metadata": {
+      "description": "[concat('Region to deploy solution resources -- separate from location selection',parameters('location'))]"
+    }
+  },
+  "workspace": {
+    "defaultValue": "",
+    "type": "string",
+    "metadata": {
+      "description": "Workspace name for Log Analytics where Microsoft Sentinel is setup"
+    }
+  }
+}

From a06ca30b4c873b4fc3acb59304cb21b80e7ef18d Mon Sep 17 00:00:00 2001
From: v-rusraut <v-rusraut@microsoft.com>
Date: Mon, 23 Sep 2024 14:05:30 +0530
Subject: [PATCH 3/5] Update ReleaseNotes.md

---
 Solutions/UEBA Essentials/ReleaseNotes.md | 9 ++++-----
 1 file changed, 4 insertions(+), 5 deletions(-)

diff --git a/Solutions/UEBA Essentials/ReleaseNotes.md b/Solutions/UEBA Essentials/ReleaseNotes.md
index 680b251197..f7ddd17e77 100644
--- a/Solutions/UEBA Essentials/ReleaseNotes.md	
+++ b/Solutions/UEBA Essentials/ReleaseNotes.md	
@@ -1,5 +1,4 @@
-| **Version** | **Date Modified (DD-MM-YYYY)** | **Change History**                                                         |
-|-------------|--------------------------------|----------------------------------------------------------------------------|
-| 3.0.0       | 07-11-2023                     | Modified text as there is rebranding from Azure Active Directory to Microsoft Entra ID.   |                             
-         
-                                                                                                                 
+| **Version** | **Date Modified (DD-MM-YYYY)** | **Change History**                                                                        |
+|-------------|--------------------------------|-------------------------------------------------------------------------------------------|
+| 3.0.1       | 23-09-2024                     | Updated query logic in Hunting query **Anomalous Sign-in Activity**                       |
+| 3.0.0       | 07-11-2023                     | Modified text as there is rebranding from Azure Active Directory to Microsoft Entra ID.   |

From ca6e2d836709847fc66226cd33f59e2c098d4823 Mon Sep 17 00:00:00 2001
From: v-rusraut <v-rusraut@microsoft.com>
Date: Mon, 23 Sep 2024 14:07:16 +0530
Subject: [PATCH 4/5] Update ReleaseNotes.md

---
 Solutions/UEBA Essentials/ReleaseNotes.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Solutions/UEBA Essentials/ReleaseNotes.md b/Solutions/UEBA Essentials/ReleaseNotes.md
index f7ddd17e77..f247f2dd06 100644
--- a/Solutions/UEBA Essentials/ReleaseNotes.md	
+++ b/Solutions/UEBA Essentials/ReleaseNotes.md	
@@ -1,4 +1,4 @@
 | **Version** | **Date Modified (DD-MM-YYYY)** | **Change History**                                                                        |
 |-------------|--------------------------------|-------------------------------------------------------------------------------------------|
-| 3.0.1       | 23-09-2024                     | Updated query logic in Hunting query **Anomalous Sign-in Activity**                       |
+| 3.0.1       | 23-09-2024                     | Updated query logic in **Hunting Query** [Anomalous Sign-in Activity]                     |
 | 3.0.0       | 07-11-2023                     | Modified text as there is rebranding from Azure Active Directory to Microsoft Entra ID.   |

From 39ed0022306a1499359880d56ea84e71c4c334c6 Mon Sep 17 00:00:00 2001
From: v-rusraut <v-rusraut@microsoft.com>
Date: Mon, 23 Sep 2024 14:37:16 +0530
Subject: [PATCH 5/5] updated createUiDefinition and zip

---
 Solutions/UEBA Essentials/Package/3.0.1.zip   | Bin 18017 -> 18017 bytes
 .../Package/createUiDefinition.json           |   2 +-
 2 files changed, 1 insertion(+), 1 deletion(-)

diff --git a/Solutions/UEBA Essentials/Package/3.0.1.zip b/Solutions/UEBA Essentials/Package/3.0.1.zip
index 8569198614b7ad688da943ce2fe7b7565415f270..0719612b230ecf849dffd2a8d7b903807be57803 100644
GIT binary patch
delta 4031
zcmV;w4?ytYi~-?{0T)n90|XQR000O8mvlE-UKI{eQV{?ElCc*G0)Ij$D;LUeNi6I(
z%XxGK++cH=rYtvlCS$=Cx_}FA%4Xb1U0C)@A&eB30nkLuK*-dG<KtA=K1_i-#&Pc~
zJqoj$7SK1$3EIdMrWQjZ<OQ>lP}r#*vVZ7e4+aHcVL$kkR5M|nOn^TO2*#}7CYn+|
zT<MIbI2Rr{IRj?GbbmB3i>9(?nNUUoqhl6x$NThnA{>e&mo&a+QDL3V<ZDr_hewe%
zaS$|2-7wrVV8bASmD-`l>{*s;*b!I}BKJaPg6Ro?uI$H40CoVl?EFpGG+S+2#;*i+
zi??1pEM)2iQn8=7i>9fxj$Mi@Pk9Tjv5o*<m2N@UlJ2UovwuG?A0Gr&)}vL^PAcu#
zT$?LaDA*!PlZB-kVRNl$!PV1%Q5KQTiihk6XlSZsA(oB!r2qj!8_;<Pu2sWzc-G5H
zsF^fcp>Acdz}+sT_FaMVOxWLjXDGU(dwA=`6WCV8GDIvN>%y%8=?Y_L?d8&Y>|boP
zmx{D+f4JftNPoE3={Gc{Eyhii*-)l%6FPwPM&jIagp~D*W((Fd1wR0XIgRqPvOW9N
z$jwo&dyuDR%Ay9f`?!%7h$`%UUXH%c!Th*q1?=uydTVtt*81vgjX|-?h+0mN%AIDz
zm-UY~O_8NK;%mhP28|;Vmv5l$lyNM`CVeLfie)E#Hh&kMw4ghT&Iq-sP5{<CT{tjt
ztP(|Qc5hmX>dd5-pixRYdCk<z4gJ>WB43$5sk6tgfFCeJxa&;O?5O-__($1sZHX&r
zG)=MsJCEyzH9k4{sai^NR&J4twpUTXdU#^8lUzOm&24nreoE`~QsOE)m#BFrpkV+c
zY`mx?7JsyqctxC7B;02~28@IN`Zg62=z&(>5h{$*i+GWcrZC-9sKiaXEg^P$LtJ66
zf6#l`X^R>(igoKiGS%qMbiRFj*+wRKMQ%zX!uSA>Zj+oakc|6#4L01AK!4@A90Y&t
z>!X9CgTcX<gM-68nDDyYt){eY7w0$Jz(+dEz<-TAH99{9^U`Xa^07#<`Fb>fQHaD;
zr?Gc6FKB-lXV(n9gn}4GjM1QxNg!RXRoZ|=0}=L?kg(2xi{k9co)U3H{3B0c%V`5M
zo_9SUyPh81y*2^%dczqu@3YXZ$G-jxc_=W1?K=GgdNko4?0gSgj&N-){(8`$E1k%w
zAAc~(R&)c3_I@3CnU6Zhqt0HRVKaKF&-O;0{-{GUS%3G<9(4V338%q6#;ZD_DY055
zH5&z>y)3l{_@4PYmB-ZE)nKF7qiM<Zwi=C79*axqXf|(c30seLYsJznEA;g<8#wXG
zt(co@>2V3IAA%*gT6sk0-e|5^66_AgD1Y%@g#f`1wo6e(m|yAM4B5#90CioI(PyS0
zN`Tw8^kmz^CC8Td<86IC4-8I*tka(Lo9559<+`C@VXCWA+OS}0j5Rl!D62iN<*un+
zVPvNfi@)2U4a@8-_w}ZI;ll*DIJ~*&E<p96;ah&7lE4W?B@~KK*Z?Ni@g#w8gMVB0
z<JtMjlh;uS|E!bs+6Am-7B#;;2<Wl50Ks<~SavbR5D&PrZmp#O!GHSOb%;TBX3FCb
z#-YF{zT^-Oq5~hi3T&s?!H^N1o1|MnaFGiYlb|1pDW6GgPAaz$Jxw$i3N{QV*<EdM
zj#dD|JHsw9+U%`>Yz1a37hX1h-hUo<M;pgo84ZI-!07>9l)+};E<lJ4$_bpm+(4+D
z3fv^zlC8k;XxDJ8^8o>7Gr^R=)WBE>1@4WA3Kt{;`1I20H$(=4;v^pr$|*RFwdCx_
ziN<>yMB^!l5dnwUl!E@I9a;Dwu22#6!|0}2Yz2h(b_~L}EdtBBn1LZdh<_4zDF;n>
z_~ilMV_|z9tN|rnQoIyV@GHP~kp{J=%zQq~XK{QJfMg}v7P1jl(k?%aKhG}C=`o9$
zo{tgK_csXYTE&J%qnf2{Lj92bHoEoxj$vJ!`T)=b@T?Fh+&ElapUtN-ntG+nz3P-1
z1a%l{66mx^xRS5S1kY5L@_+O>S<cE3?mEybt;&3>G@!L{Hb66BF%>P{HjsQ4qf6=*
zXKJGF0IWaX3anF|fZnKdwKfudV;0!&^+WBHfc?FMh37`U!WQh&suQybn18-wm@kQ<
zYYW2Hq)2hm6Am<wdn*zeua{6ixVDbrNe%Kqu)Rx&`uFM)q|Z!k1An`_hwB#`gzNWW
zUb_`>9CSvU!FDB-x7`LDzt|ZZPr_2ec}&Z5ctC!GcN+jSZD~l%#{nX&7t06Z>W*o^
z2OEUcr7&5bF`l~Vg%H7>psc<_3r5LHb^;b=HG#DWfIZk5z^;$r-KtosoNz;AkE?s@
zqWd}&;}ajxqs=b6Mt=_qfF?dpwfE%)F?!O9pw@29+XTE7(0=&|v>zX6zuF{dE7!8f
zQDW?GVgahONE;b}@xsRlV=`%m$Fi{73!lEa3y{4=7KpbPeZ!^f6Za;lDWD-c^W`SB
z|7aWOt2J>`7dpjDMSxc;LC~WsOFcH6TXcm(0?lFqEfg1(iGPQWkp_ncTj4=n*YX%d
z$JyB_D?PlY5ESP{%GY+a3G5#p><s)TF`lsVs)Q&j*DC7#7*!ETI^hl87hal4kZs27
z!a9*r<`qxhe2yCxdz2QjK-U+sr|Q_ipUBmDTc4I8R~UL3DRydjqSYi_u%qEYpC}_<
zaWD&_A3SO34S(*Ij(4+P;>kKEySWC~vRU~gEQY2Y*a5K6bCw8&g$Zb76wXK&E-$E7
z47CK!{ULGwS*;W+mg90qo#$Sa;GI#2b#d22RaOt@f=d^E<woPeV3BjGNu&&l@wHMD
zSRhtIl_hMYI$GeQVlk66$Ey4W2kWybDIA<o&@~~|2!CPk1cKw++eWIrBrivtN<*4q
zaRW_pQpD0d(aD|A8Jj;ye231U%Hpl*i`^Y7F6#?VLQIE)L@F-cP-XlS&J~NvL`D*%
z!ho3~C8E(oeYh7*Yleq{UCfGOf5Ku}tF%)vepvd%4NZvRVV+h5_x@w7Vak~44^<$@
zR|{$ahkrF9(@xYg)hW#vh5}}wI~tcMQa|^1sEoG0D5=@f5M=G60Fs+ie^Ju@TGsbJ
z(Z1%%cFu9Di0>JwZcIJMgo<jn!}Z;r*{*P1nyAQTNSI8ZF_Sg}pHblYJs~4s?^s*d
z`e+t!C#Vk4d<rx0OwTcLvsmHxE;H;oHBy08D}RJSOWpC_2N+ykRu%%a6Yk5#d8LZ{
z^ui&>2QqJ@Hg0g=O|m;ctxX<E*VKBX!DoC-RRCKvp1V7LUM3XBmw6Z-4CCP$y+uJ~
zv*0~DVRAz+8j+#%brEG#w2RcxYx}WO+!x7tADo_^P#H1ynS$3@aHL@Q&d3~-(*SR3
zh=2ITcMQ-LL;pZB3?{varswfp3C_atbzldu0tAGsPyl8*nE;Cr@(?&6A+cWX{POUt
zCGVZ=_Bj@VUQ7j$xLi(ii8)`Sn#VU&2kiZ|!Kh;j^~g^Enn<hwG_K$&tSOpGg)hr|
zuyWXfS^mFJ4%<20KgFe=kP6?9X4u^k{(p*Q@P>*uTaSMR8HG5{yV(}D9vJ<B96=5U
z9$!NcKeoa56FzaFx_5gnY^NgNR7`}jSh4i9bj8?H4VqX+TZ}t*clf_dkXTxJ6A=Qx
z!XW6XppDP81jiGs6ISu#i*BJHsH#ixP06%X`Q0IC7jp$u#wvl9(Tadc<!Be>Xn&6c
znoc$;RLFOw@(N2}oE(4|DL&MC0W)LRFek2aW$Sh4I+fAl6FvRC+tYKC6%aK&zo9x5
zhVNf*iHbWcd}vUSyhcU&OxQ$xGa8niPz@MFeZZ^?kyhtq{1dX7OTpc5zL|>bP71Vs
zIk$GMjrR|^gSNSAWRuFQ(2zaG?0?NNZ>QY)qGCM;jLoR@&vR!AEE+@_Gs*r%t4VvP
zu>nVP0G&nQRHh#3)~qH0?cp)ep3fPFlrg2G0_8*161#vndLY&DnVRub`cg$o9K*88
z3ErNC@0rKJ$w+lq5;>bJDydoeglfrP$4@~eMr+>A-3U{6S3$CDG=Xm1=YJ!cj6}RL
zn~MmYhw2y-IRi4OGP<5T^>Y;w!TnGYR!ZrQi02d@Hv1Rcq*9azn_zzpCTkU!)^Y_S
zfPD#BTBD0(%B+sCf1zM=z#b82fnO{WT+wWk@WBQ8=tngZ3OVoHTcZUi?DUkXGRfGe
z{X97YRlbS|8*zW+cPrMn4u7B4#-&xzJ);+<fwSHFUmV>(KI(lk;{M+4)x$>Xc`Ehr
zt<az%yg$87Q@*=uolgql77F6#dVn>GlC3xDYhPgsh5C3no(NrjT7khRI4fV)(W<}?
z<sHpZ`#Sp!kIY4y-k#zgg@>@6>ZtSJcHyh`TPiR;++F3<GX2RknSUa8-qy^(E#+gG
zQq9q%bk_-d!qFFN%J)I&>lIQ><yaEvR-JTKIOyoLhkqk9APYGxkIkzSULXC&ef-|Y
z75<F|u_{f8Sy#L|4)qjqQ<qS21)k>48mGCqnrw)w{7RT_b;92nDNxU0A*9^u_<%C%
zI-$FIGGP#gQ|db`<bS3rVqMrz7-P?oNfqwyqD%0e`r<B~3?FT$i0s+vd38Fx6=iXB
zcPhp3=xWJk0@d&nK%hpnKQZ!$N!~L+<UR9s7N^2qIi0g}qn(a)%DN!9-q3#qjfZg-
zGzvUb*-lm#mvR5fB+^jC1MOeuAF^-GzCT<p7^}=XZVgtYpnqmS9b$ljm^G}9x<XPS
z)TlHv61OMFySZ=&7_gm^sOpn6TRf*Z+Fkk6DnP+lIkO;u2XvKgDx#?cBXB>Dz9IvH
zj_A<}QfHyE>D+xst<K$L(|bmCdEokSI1CeBG!FLo!^}_ha%V7{J}kXQCN=g6k~Q_q
zA1OPwQ#tfo6n_jI-JOD=->{f?P-kw+QsO&SM||rd;*&UrkTx3&^T8FvpPa+;&yC2x
zo!X|5-rur=cz3FsKC)y|RW2Nf;i$u&XJaF<g0Ov9OuEFf`T)mz^7_K7R!Cab5_`Az
z26|&nR*8<6nhGHBzW$J!RB<Q?u*ZXu8nhEps7f`-2!G@Ux-ee)HVQtlJuS0mD?PI^
zv*vqNM%pV_2;TG=GU|U#_5E+8thSl?s()11!?o(ugB}qrLe?L+95g=j+Ic~KTK7G_
z>Ign4ev9#azwFo-zZAg8@(H}yFNdGkBQJddl0M^DuA%h_$4+Zy<&SQwN&T@+Y_n#x
l^4p;#Qw8`R{P#bzhY?IP4VQE`SzZ+mQBn~A0Fsm7MS*~@tC;`*

delta 4031
zcmV;w4?ytYi~-?{0T)n90|XQR000O8U1c{}GU|xvQV{?Eh_M$60)Jc{!-cT0$1La3
z6)=L$Wty_w=$VWKTj&BVxG9@)BXwcfFNH8tSO)MCF$2+3AC8YxVf!#JcZ}nXS$Y)a
zGA*EQm<hCzDNHDaM#u(cBcZTUJ7oXR#U2a_BEo*~DXC_{I+*}#7|@DY!A&%!ez?*Z
zPjN0ha&iWIgz0GD6Ms!*&oZHm1RlpM=8pI2@kBTjL@sH3&7#6OoypgtS`UvRZQ>wa
zn7U!ORltEk1S_>ekJPg)*RT(;BE;*3&IHpFf?C;+mjK8e80`E_*eY9XRmQIbc8j-O
zJS=4D22!z~xQnK#w2obhEKhk0q_K_wRFy_Su#(2A5VJooAAcVN1=gcg(@rYw*j$?{
zRw&paOOu7A8ewy-Xu;LffJ_#VrizE`2WV)jWg&u%_@w{=LL1O@39ePcb$HgxOQ@MN
zTA@Z|vB2FfrS@Hc^Gw*^eP<}TqkDMk#S_?8#WKVxAM3)gN^w>oUEv9>y<B>a{fn*k
zQc?Bo4_8bB34ixG{f3^j#ki>`8!8lTLI<$kNSu3)kcxiMY{8la;0ItXr%|3(7H7X2
zxjE`}5AyU(S=5_$A2-qhQH9;l%hC5a7#;VlfZcsdZ>=uIT3@}bF{pDHQOgNZxzlX;
zvi|X=DY8^Ye66^^jB#Y*@(r|@GL8jVqVFU@vFxPJ=6}MI7IcTv8KE}S3Ba1C3kQac
zRibFk?oDe^otd-}G)ie5ubFzeq2C%^<SX+hb@uob@B?NDcbzGk9hLtK|0p}I?QaE*
zrXf~f-ErNp#wRB~RZD5k$}Muy_9ZG<4^K>XlFLV+xs6WSPidWAN?b+f5;e~RGz@@*
zjTg1Vf`670uZZ)Cg!?SWfRPYD-=-o0J<#eqLWNQK4lfeY6sDUBmAGlQCB$xTh%4;%
z4|*><ZBc_pv2GnmrW(DN&bN;*+sFi8$W3WP7$4x#ZITlPl5u~p!G@a>=&wANgW!dI
zeRObiFgW;faB#Q>6JEEw)s)ul;{1ji_(*3NIDe0)M(3wsURteFJ{Bo9UylYb3Xz!V
zH1-bW1?>;x?3$sMP!Pk2F&Z>738d?_N*j=9Ai~}f64n`TOq^ZWQzDLtf8;4_Ic;FZ
z^R5SE*VCiB*CxPTZ#cu|eHPmF*w=p{4+Vy>U8kQwk0#uMo$rCm5w5MpUk@5|r4t$T
z1Aivjif%yB-mfDs^HJw`)Y<DZY(`J@+1{wrA9ZLZ>+inVgRWmL;WXICcvVL<C047X
zW}^VKm!<Xqk28O#@|b$N8f^4>G%eZQR-<vsV{s`R&E~BwVe8RutysEcg}#1f11Da&
z6?1bfJuad3L$Cx_E05^h8_g9<g5BX5C4b&4$3J+#b}5z!^DEt(Av>7>pstH8`pgtW
z32@t%o@{%#<k%8_ysfY2fg#C|b=tFj)BM@CTsIUfOm$UC8x|~$vF1h-Wwi&k+%>f;
zjO;Wb@OL}3VVRxfzTUJie3$?ihc_491*kqWe9I415;&o#ghCMt8^Gi`o+J=%aDU5w
zJUd@`@;XZ4pLMccyMVRKqUN^;0X_B>Aoy+r%PyuE;sICIt+g~D_)mYk4l&5iOnDr_
zI20JgmmK0jbl`(mf$bDK7&4-BlXMFRE^?t_67)kc<uj?xN#z!zr-=qb!G-}PyQ?kE
z(F#C#XV@i1o4pl~t-x&M!pr8*+kfNkXydpmqhSyUI6a_?GT02<1qiW0If3(+8wizC
zft!R|vK2TU?HZ1CJ|MtsCYTbK8W;<qz`YSs;euoUpI$oshR8rroaEy{IR&S&mYn@K
z(RgozXgmcmBH%EaQqbSDBMTqI6)K{B7~M3Bt$^^}jzJi=MPOMMGcY6wQGWt2<)8@<
zzdQhZENst%HK4>xikBh^eg*h0(xCQ~na_v$ERJsikgO!zLN=mG+U3Xb=h?+MJ!Ub}
z^D%<@{suu^tJtt;RI{{As2|ebMz`MIF|2D-9{`#Fo)rRx8;7gwv-wm;Q?GQnSDiA0
zpbkS#0-ZJqSMqh4;F;=Do_{_k%UK!1T?cxlRhe&<2DCQL252TMrlO_W29nQWbV=Rf
zOilD1fc58Ffpw}A&>NMm)<(i_%mVwpeyE)iu)mkE@Z9KE*n&M;bz(LF^Urq-^CeMq
zZ9({&6e%ux!hz;-Z$(1m^%Cj_*VZvSpFti7ws#3p|6V<U^qHw`V1IY_aQ$L~aQ$A)
zYquhfgU*OE*sg@~w%dT?7dwOFNmyz)k7;=h56ExuZUca(Ee(nJI6#E;V)<ZP-7yXL
zV1tml6ebHa##1-F5F*$Ul+|}=!6<pjPQb#fCa^XEum?K>*!2;-TNO){6K;s?admH9
zbYF*JeB$GIwAp3X=zl>0(8R~7_P*R8Mo(H1)Y`3in}D|h+AlwW_TvNXSDOTF<ysaw
zN{szYEI^eOX(J;rUicVcOeW3nSQd7B;nP=l0kYS~0`V53Z@83w;@$)`1vF%5zTBkt
zA8jLjwI*)rLZ^7C2=Hnp2zqp7smF$Mi>`1;pjk|yg_5E&@qh3!(%|r5D?F&{S{{Sw
zI6FIKrHA(vg5tbL`P!~Ff&IgSoq_)(#uIj4l@Mj+T1A~7qbedvC%nP?!b>v=vdx%X
zSSK>dyyEGb&vBz-kJ2I*==vh|R2>`m6S+EX>(esi3PUd=#ZC=Rw3?&~b~HTb6J^9J
z4rW30gC`BW!GGP-@ox4@JXz;tH`f4LHY=Zm#n99PI{+4X&Jv-pFafQM!Wrqp<ptG>
zp_ZVzKP1jStCeEKa$N4H^W3Wvyff;sF7A4$%Ie`<aOuLY+-O`FEOJhjh?GGwzE)}i
z3&d)uvV^TvM+=-(EM}7CSe4)4V0|_vg@Y3cx+bI=A%E<hKyZ9}+ej6c<mHG{X-G3H
zZlEbnidecQI=K@%WAg`z@6Z`kPrNmKvAbi%WqsjEi0N>UNX5k)s*In)xnePy$Vh@z
z7%)?$L^OJ+5BH*J&G1mBi&=5(PgpE#m39io4@;l8p$Snu%+reC-hYfWOc^u%p$Y`~
zYC%oluzyBm+KGCmI;Hu-P{0gyN8>U@>gWCrmC@E0B{f?bf~<WMKyq{HFG|{9%liH&
z+SfeU&N*%s@jV08jj0EjP*Lr6xW2nH+ZC=$6BXGE36lvlX3}QhGYVY4CuHR79cv3)
zAI;+J1l0kWPhke0={ZJj7AySTWrjVcMk<hMg?~_JsXN~L0E4T`%0i%a!hP8|uT+tr
zUO43VK<16q#trVfNp=UQwaG*2np%%E_>7OK3Seu-b9d*@%Y@?i3J=4BVLUvew<xG=
z7QAOCOm67)A~JNoE~0FTc99x-Z9kTZ`yx5-gVWO!DkH`|Q}8+qjub548JS~p8sJS0
z5r5zKjse<Y=pRUi!K63Q^gO;R!C5%I4(tF{fPion3cxHU6JQZS9s&m>B-ZPlUmkw7
z<h_&KKF4Cvi>Uw-m&<7`G3Sd^^Y~`!fW5yq7<Ejc9{CAC6Nwdo#uYq;HAPdY@MW0~
zRt{S*%l{Y3VLONWr?~VJQsLXt47)qRUw_dI-cZqI>+#PZqY&qLH`~J21EW8XBgg^4
z<7)`w$2RzW!Y3|N_ioRH?NkJuiiuDbE0&&?t{8i&K@-bpi*e`f4*!=45=%>OB0}I-
z7zAAvwDFmi;CO;{!YY1z(Jd4NRdp%8DVeq^zdHo&Vy<AySS8RhS`jd*9POeU?SGL#
z)5#`<3i+;7USSE0lLIg##fMriU}g*(=EQZbY`yMWr!rc6qNl%idwOoN0-~npH&lnh
z@U81DQE`Wb4-G1k*Qh9;37d%TL&LHYssV$j515r9((0Uye?m5MDY*O1H&c<_NrBcc
z=hn`(@%|xq&^C9CY*LvO8nVZjy?<He?UY+zRIJB<u^E;AdG1VsMT1CVCfUDeHE9nu
zHsFX3ptC5P%G4v>n$;wrJv=7b^Eu;?GNzPNpnRxWViyoc52QLiQ!}1QU#dunV^~%>
z!P~R&J@Ys?8L93{B4?9DB{fT*P%Rnk_$jEwXwBQX8)541DoB=%CeV%he1Bw<k%(7j
za}lBQP#r@eXFw)ZM%R<4ey$=SxF1TwN-6yj@tnfLX8(elREqLo6YQ_SWUb=TTCQLO
zurDD?YjlxJnbi^YFBEJJ*dyXB@QY=FE1GQ*KC?id`lx0?A?Lk&YqS7`ot{!vCK(&G
zpC^Z)%2zRABkqs<ZpHf6;eXTGxU>qoXY|4}aJGB@i=+F;N4-x*+~2#sde~?^Po*Bd
z6&h58_ougM%6C_-^GQM6LP6YI53oj2vh_xN?JG>7P#+J+6QRpbD=-)ZXXVQ}S{3-A
zyrWraUuU1;k-13I+f)3b@DR3B9d#buE_~H~O9iHfyQ_R!raze`Q-9>n+nO1;rF<+?
zsyUjJ?mB@_IQn8u`927Jy+W#~97_V-s*}zN2OYik@Na|$WFd#;v3YgE>!aVekKY@)
z!oSfVR;4L1>xx&$p`Idc>Jlohz|-7W<1`mnlMPXoUkUTAPWU?`1?o90gp^wyA5cbJ
zCv;a&CJe%GN_~fg+<#O>tPA@IW9&IHslwe|bP3*5U)-gW;iK&okv%&-uTF=zqAZT?
zPNf(gT`k#6pc;Mx2-Jx7Cr17-$$JKfyl1}7;#Alxr*n30w9}DJSr-J?8~Sgb@i5MU
zMuDd)+sVq}GVWiQL>h{Cp#AIoL-x(t_lL^`W0iTwt--1k)PD@9Lkv(5vxe1CS4c{P
z8kI&y;`Ri2Hy7>z1GZBVReh3Xi{~^)yDNWM1t=IRXBGtTfUeR_MKrZw1n%e2S7boY
z5j|Q#>MT??oxAU-)w#QDde6u%4_rSEhhf5t#=#zcnE9z*?hJ<0ho$$(q{co$vZj9d
zBW1^SDu;fHf`6f-yHhaq8x|7}>dZ}9N_@xah;Lm)d=keH(q>~}KDc7|lXF=9xe@ud
zQ`;2M`&)Jp?@o2oN0v;g%7r5_9Cg_9Y-|Kp5VjACNtakwAK+L|USD|C3Q5aaV(<3e
zKyR$cD$(&$Qvn3t*B?@oDh?$9_INN-gLWbcRjDQ!fq(o!7sgB9M!^TRr)BnRrDs-V
z)_l*(NP7hf!J9rqM*Xj;zW<Gs)iyI<^^fX$xK@37&?BNn$od19gT`lGJ1@vj>%Qk#
z9l;01Z!x~_mmT}!mjW1BK7kke<?!=*<fTtQ(q|mYHMBnA*lDe-{LyVSsXw-fZPtud
lemj(83I+dz|NaNFhY?IP4P9k7Su*N~=u!~?0Em;|MS++UmdpSE

diff --git a/Solutions/UEBA Essentials/Package/createUiDefinition.json b/Solutions/UEBA Essentials/Package/createUiDefinition.json
index 2dabeb26a3..6698438e9d 100644
--- a/Solutions/UEBA Essentials/Package/createUiDefinition.json	
+++ b/Solutions/UEBA Essentials/Package/createUiDefinition.json	
@@ -6,7 +6,7 @@
     "config": {
       "isWizard": false,
       "basics": {
-        "description": "<img src=\"https://raw.githubusercontent.com/Azure/Azure-Sentinel/master/Logos/Azure_Sentinel.svg\"width=\"75px\"height=\"75px\">\n\n**Note:** Please refer to the following before installing the solution: \n\n• Review the solution [Release Notes](https://github.com/Azure/Azure-Sentinel/tree/master/Solutions/UEBA%20Essentials/ReleaseNotes.md)\n\n • There may be [known issues](https://aka.ms/sentinelsolutionsknownissues) pertaining to this Solution, please refer to them before installing.\n\nThe Sentinel UEBA content package will provide you with various queries based on UEBA tables, that allows you to hunt for tailored threat scenarios. You'll be able to investigate and search for anomalous activities over UEBA's enriched data, and get inspired to customize queries according to your own use-cases.\n\n**Important :** Some of the queries that are part of this solution, make use of [Built-in Watchlist Templates](https://docs.microsoft.com/azure/sentinel/watchlist-schemas) and will not work unless the corresponding watchlist is created. Other queries may requires changes to match your environment details.\n\n**Hunting Queries:** 23\n\n[Learn more about Microsoft Sentinel](https://aka.ms/azuresentinel) | [Learn more about Solutions](https://aka.ms/azuresentinelsolutionsdoc)",
+        "description": "<img src=\"https://raw.githubusercontent.com/Azure/Azure-Sentinel/master/Logos/Azure_Sentinel.svg\"width=\"75px\"height=\"75px\">\n\n**Note:** Please refer to the following before installing the solution: \n\n• Review the solution [Release Notes](https://github.com/Azure/Azure-Sentinel/tree/master/Solutions/UEBA%20Essentials/ReleaseNotes.md)\n\n • There may be [known issues](https://aka.ms/sentinelsolutionsknownissues) pertaining to this Solution, please refer to them before installing.\n\nThe Microsoft Sentinel UEBA content package will provide you with various queries based on UEBA tables, that allows you to hunt for tailored threat scenarios. You'll be able to investigate and search for anomalous activities over UEBA's enriched data, and get inspired to customize queries according to your own use-cases.\n\n**Important :** Some of the queries that are part of this solution, make use of [Built-in Watchlist Templates](https://docs.microsoft.com/azure/sentinel/watchlist-schemas) and will not work unless the corresponding watchlist is created. Other queries may requires changes to match your environment details.\n\n**Hunting Queries:** 23\n\n[Learn more about Microsoft Sentinel](https://aka.ms/azuresentinel) | [Learn more about Solutions](https://aka.ms/azuresentinelsolutionsdoc)",
         "subscription": {
           "resourceProviders": [
             "Microsoft.OperationsManagement/solutions",