Add updated schemas, which has been updated as manual_review content was resolved

Author: pyth0n1c

schemas/EventBasedDetection.schema.json

@@ -133,7 +133,9 @@
             "Baseline Of Kubernetes Process Resource",
             "Baseline Of Kubernetes Process Resource Ratio",
             "Baseline Of Open S3 Bucket Decommissioning",
+            "Baseline of Network ACL Activity by ARN",
             "Baseline of S3 Bucket deletion activity by ARN",
+            "Baseline of Security Group Activity by ARN",
             "Baseline of blocked outbound traffic from AWS",
             "BishopFox Sliver Adversary Emulation Framework",
             "Black Basta Ransomware",
@@ -216,6 +218,7 @@
             "ConnectWise ScreenConnect Vulnerabilities",
             "Count of Unique IPs Connecting to Ports",
             "Count of assets by category",
+            "Create a list of approved AWS service accounts",
             "Credential Dumping",
             "Critical Alerts",
             "CrowdStrike Falcon Stream Alert",
@@ -227,6 +230,7 @@
             "DHS Report TA18-074A",
             "DNS Amplification Attacks",
             "DNS Hijacking",
+            "DNSTwist Domain Names",
             "DarkCrystal RAT",
             "DarkGate Malware",
             "DarkSide Ransomware",
@@ -241,6 +245,7 @@
             "Detect Zerologon Attack",
             "Dev Sec Ops",
             "Disabling Security Tools",
+            "Discover DNS records",
             "Disk Wiper",
             "Domain Trust Discovery",
             "Double Zero Destructor",
@@ -439,6 +444,7 @@
             "Previously Seen Zoom Child Processes - Initial",
             "Previously Seen Zoom Child Processes - Update",
             "Previously seen S3 bucket access by remote IP",
+            "Previously seen command line arguments",
             "PrintNightmare CVE-2021-34527",
             "Prohibited Traffic Allowed or Protocol Mismatch",
             "PromptFlux",
@@ -2892,10 +2898,15 @@
             "Baseline Of Kubernetes Process Resource",
             "Baseline Of Kubernetes Process Resource Ratio",
             "Baseline Of Open S3 Bucket Decommissioning",
+            "Baseline of Network ACL Activity by ARN",
             "Baseline of S3 Bucket deletion activity by ARN",
+            "Baseline of Security Group Activity by ARN",
             "Baseline of blocked outbound traffic from AWS",
             "Count of Unique IPs Connecting to Ports",
             "Count of assets by category",
+            "Create a list of approved AWS service accounts",
+            "DNSTwist Domain Names",
+            "Discover DNS records",
             "Identify Systems Creating Remote Desktop Traffic",
             "Identify Systems Receiving Remote Desktop Traffic",
             "Identify Systems Using Remote Desktop",
@@ -2920,6 +2931,7 @@
             "Previously Seen Zoom Child Processes - Initial",
             "Previously Seen Zoom Child Processes - Update",
             "Previously seen S3 bucket access by remote IP",
+            "Previously seen command line arguments",
             "Windows Updates Install Failures",
             "Windows Updates Install Successes"
          ],

schemas/Playbook.schema.json

@@ -2361,7 +2361,8 @@
          "description": "PlayBook Type field.\n\nThis is intentionally different than the Type Enum\nabove due to legacy naming in the playbook files.",
          "enum": [
             "Automation",
-            "Input"
+            "Input",
+            "Enterprise Security"
          ],
          "title": "PlaybookType",
          "type": "string"