Last update time equal to pp start time
All templates that appear from day 1 will be affected. Next templates will be uploaded with new times of upload
This commit is contained in:
Lior Tamir
Родитель
031b83f99a
Коммит
41b497012a
|
|
@ -5,7 +5,7 @@
|
|||
"title": "Block AAD user - Alert",
|
||||
"description": "For each account entity included in the alert, this playbook will disable the user in Azure Active Directoy and add a comment to the incident that contains this alert",
|
||||
"prerequisites": "",
|
||||
"lastUpdateTime": "2021-05-30T10:00:00.000Z",
|
||||
"lastUpdateTime": "2021-07-14T00:00:00.000Z",
|
||||
"entities": ["Account"],
|
||||
"tags": ["Remidiation"],
|
||||
"support": {
|
||||
|
|
|
|||
|
|
@ -5,7 +5,7 @@
|
|||
"title": "Block AAD user - Incident",
|
||||
"description": "For each account entity included in the incident, this playbook will disable the user in Azure Active Directoy and add a comment to the incident",
|
||||
"prerequisites": "",
|
||||
"lastUpdateTime": "2021-05-30T10:00:00.000Z",
|
||||
"lastUpdateTime": "2021-07-14T00:00:00.000Z",
|
||||
"entities": ["Account"],
|
||||
"tags": ["Remediation"],
|
||||
"support": {
|
||||
|
|
|
|||
|
|
@ -5,7 +5,7 @@
|
|||
"title": "Confirm AAD Risky User",
|
||||
"description": "For each account entity included in the incident, this playbook will set the Risky User property in AAD using Graph API using a Beta API.",
|
||||
"prerequisites": ["After playbook is deployed, add the managed identity that is created by the logic app to the Security Administrator role in Azure AD."],
|
||||
"lastUpdateTime": "2021-05-30T10:00:00.000Z",
|
||||
"lastUpdateTime": "2021-07-14T00:00:00.000Z",
|
||||
"entities": [ "Account" ],
|
||||
"tags": [ "Remediation" ],
|
||||
"support": {
|
||||
|
|
|
|||
|
|
@ -5,7 +5,7 @@
|
|||
"title": "Create-AzureDevOpsTask",
|
||||
"description": "This playbook will create the Azure DevOps task filled with the Azure Sentinel incident details.",
|
||||
"prerequisites": "",
|
||||
"lastUpdateTime": "2021-05-30T10:00:00.000Z",
|
||||
"lastUpdateTime": "2021-07-14T00:00:00.000Z",
|
||||
"entities": [],
|
||||
"tags": ["Sync"],
|
||||
"support": {
|
||||
|
|
|
|||
|
|
@ -5,7 +5,7 @@
|
|||
"title": "Create Jira Issue",
|
||||
"description": "This playbook will open a Jira Issue when a new incident is opened in Azure Sentinel.",
|
||||
"prerequisites": "We will need following data to make Jira connector: 1. Jira instance (ex. xyz.atlassian.net); 2. Jira API; 3. Username.; After deployment assign Azure Sentinel Reader role to the Playbooks Managed Identity.",
|
||||
"lastUpdateTime": "2021-06-10T10:00:15.123Z",
|
||||
"lastUpdateTime": "2021-07-14T00:00:00.000Z",
|
||||
"entities": [],
|
||||
"tags": [ "Sync" ],
|
||||
"support": {
|
||||
|
|
|
|||
|
|
@ -7,7 +7,7 @@
|
|||
"prerequisites": ["1. Jira instance (ex. xyz.atlassian.net)",
|
||||
"2. Jira API",
|
||||
"3. Username."],
|
||||
"lastUpdateTime": "2021-06-10T10:00:15.123Z",
|
||||
"lastUpdateTime": "2021-07-14T00:00:00.000Z",
|
||||
"entities": [],
|
||||
"tags": [ "Sync" ],
|
||||
"support": {
|
||||
|
|
|
|||
|
|
@ -5,7 +5,7 @@
|
|||
"title": "Create SNOW record",
|
||||
"description": "This playbook will open a Service Now incident when a new incident is opened in Azure Sentinel.",
|
||||
"prerequisites": "We will need following data to make SNOW connector: 1. SNOW instance (ex. xyz.service-now.com); 2. Username; 3. Password.; After deployment assign Azure Sentinel Reader role to the Playbooks Managed Identity.",
|
||||
"lastUpdateTime": "2021-06-10T10:00:15.123Z",
|
||||
"lastUpdateTime": "2021-07-14T00:00:00.000Z",
|
||||
"entities": [],
|
||||
"tags": [ "Sync" ],
|
||||
"support": {
|
||||
|
|
|
|||
|
|
@ -5,7 +5,7 @@
|
|||
"title": "Create SNOW record",
|
||||
"description": "This playbook will open a Service Now incident when a new incident is opened in Azure Sentinel.",
|
||||
"prerequisites": ["1. Existing SNOW instance (ex. xyz.service-now.com)", "2. SNOW credentials: Username and Password"],
|
||||
"lastUpdateTime": "2021-06-10T10:00:15.123Z",
|
||||
"lastUpdateTime": "2021-07-14T00:00:00.000Z",
|
||||
"entities": [],
|
||||
"tags": [ "Sync" ],
|
||||
"support": {
|
||||
|
|
|
|||
|
|
@ -5,7 +5,7 @@
|
|||
"title": "Create Zendesk ticket",
|
||||
"description": "This playbook will create a Zendesk ticket when a new incident is created in Azure Sentinel.",
|
||||
"prerequisites": ["Create a Zendesk user (for example, call it Azure Sentinel) which on behalf of its requester id new tickets will be created."],
|
||||
"lastUpdateTime": "2021-05-30T10:00:00.000Z",
|
||||
"lastUpdateTime": "2021-07-14T00:00:00.000Z",
|
||||
"entities": [],
|
||||
"tags": ["Sync"],
|
||||
"support": {
|
||||
|
|
|
|||
|
|
@ -5,7 +5,7 @@
|
|||
"title": "Dismiss AAD Risky User",
|
||||
"description": "This playbook will dismiss the Risky User property in AAD using AAD Connectors.",
|
||||
"prerequisites": ["After playbook is deployed, add the managed identity that is created by the logic app to the Security Administrator role in Azure AD."],
|
||||
"lastUpdateTime": "2021-05-30T10:00:00.000Z",
|
||||
"lastUpdateTime": "2021-07-14T00:00:00.000Z",
|
||||
"entities": [ "Account" ],
|
||||
"tags": [ "Remediation" ],
|
||||
"support": {
|
||||
|
|
|
|||
|
|
@ -5,7 +5,7 @@
|
|||
"title": "Get-MDEInvestigationPackage",
|
||||
"description": "This playbook will call the collect invesitgation package in MDE. It will then loop until thats complete, once complete it will add a comment to the incident and post a message in teams with the URL to download the package.",
|
||||
"prerequisites": "1. You will need the Team Id and Chat Id. 2. You will need to grant Machine.CollectForensics permissions to the managed identity.",
|
||||
"lastUpdateTime": "2021-06-03T00:00:00.000Z",
|
||||
"lastUpdateTime": "2021-07-14T00:00:00.000Z",
|
||||
"entities": [ "Host" ],
|
||||
"tags": [ "Remediation" ],
|
||||
"support": {
|
||||
|
|
|
|||
|
|
@ -5,7 +5,7 @@
|
|||
"title": "Get-MDEStatistics",
|
||||
"description": "This playbook will get IP, File and Domain statistics from Microsoft Defender for Endpoint and them to a comment on the Incident in Azure Sentinel.",
|
||||
"prerequisites": "You will need to grant Ip.Read.All, Url.Read.All, and File.Read.All permissions to the managed identity.",
|
||||
"lastUpdateTime": "2021-06-11T00:00:00.000Z",
|
||||
"lastUpdateTime": "2021-07-14T00:00:00.000Z",
|
||||
"entities": [ "Ip", "Dns", "File" ],
|
||||
"tags": [ "Enrich" ],
|
||||
"support": {
|
||||
|
|
|
|||
|
|
@ -7,7 +7,7 @@
|
|||
"prerequisites": ["1. Using the riskyUsers API requires an Azure AD Premium P2 license.",
|
||||
"2. Have a user which has permissions on Identity Protection API. [Learn more](https://docs.microsoft.com/graph/api/riskyuser-confirmcompromised?view=graph-rest-1.0#permissions)",
|
||||
"3. (optional) Create policies in Azure AD Identity protection to run when users are confirmed as compromised. [Learn more](https://docs.microsoft.com/azure/active-directory/identity-protection/concept-identity-protection-policies)"],
|
||||
"lastUpdateTime": "2021-05-18T10:00:15.123Z",
|
||||
"lastUpdateTime": "2021-07-14T00:00:00.000Z",
|
||||
"entities": ["Account"],
|
||||
"tags": ["Identity protection", "Teams bot"],
|
||||
"source": {
|
||||
|
|
|
|||
|
|
@ -9,7 +9,7 @@
|
|||
"3. Have user account or Service Principal or Managed Identity with Azure Sentinel Responder role for HTTP and Azure Sentinel connectors",
|
||||
"4. Have user account or Service Principal with Log Analytics Reader role on Azure Sentinel workspace for Azure Monitor Logs connector",
|
||||
"5. Have An O365 account to be used to send email notification"],
|
||||
"lastUpdateTime": "2021-05-18T10:00:15.123Z",
|
||||
"lastUpdateTime": "2021-07-14T00:00:00.000Z",
|
||||
"entities": [],
|
||||
"tags": ["Incident management"],
|
||||
"support": {
|
||||
|
|
|
|||
|
|
@ -5,7 +5,7 @@
|
|||
"title": "Isolate MDE Machine",
|
||||
"description": "This playbook will isolate (full) the machine in Microsoft Defender for Endpoint.",
|
||||
"prerequisites": ["You will need to grant Machine.Isolate permissions to the managed identity."],
|
||||
"lastUpdateTime": "2021-06-08T00:00:00.000Z",
|
||||
"lastUpdateTime": "2021-07-14T00:00:00.000Z",
|
||||
"entities": [ "Host" ],
|
||||
"tags": [ "Remediation" ],
|
||||
"support": {
|
||||
|
|
|
|||
|
|
@ -5,7 +5,7 @@
|
|||
"title": "Isolate endpoint - MDE",
|
||||
"description": "This playbook will isolate (full) the machine in Microsoft Defender for Endpoint.",
|
||||
"prerequisites": "You will need to grant Machine.Isolate permissions to the managed identity.",
|
||||
"lastUpdateTime": "2021-06-08T00:00:00.000Z",
|
||||
"lastUpdateTime": "2021-07-14T00:00:00.000Z",
|
||||
"entities": [ "Host" ],
|
||||
"tags": [ "Remediation" ],
|
||||
"support": {
|
||||
|
|
|
|||
|
|
@ -5,7 +5,7 @@
|
|||
"title": "Post Message Slack",
|
||||
"description": "This playbook will post a message in a Slack channel when an alert is created in Azure Sentinel",
|
||||
"prerequisites": "Slack connector will require a Slack account and user credentials",
|
||||
"lastUpdateTime": "2021-06-16T10:00:15.123Z",
|
||||
"lastUpdateTime": "2021-07-14T00:00:00.000Z",
|
||||
"entities": [],
|
||||
"tags": [ "Basics", "Notification" ],
|
||||
"support": {
|
||||
|
|
|
|||
|
|
@ -5,7 +5,7 @@
|
|||
"title": "Post Message Slack",
|
||||
"description": "This playbook will post a message in a Slack channel when an Incident is created in Azure Sentinel",
|
||||
"prerequisites": "Slack connector will require a Slack account and user credentials",
|
||||
"lastUpdateTime": "2021-06-16T10:00:15.123Z",
|
||||
"lastUpdateTime": "2021-07-14T00:00:00.000Z",
|
||||
"entities": [],
|
||||
"tags": [ "Basics", "Notification" ],
|
||||
"support": {
|
||||
|
|
|
|||
|
|
@ -6,7 +6,7 @@
|
|||
"title": "Post Message Teams",
|
||||
"description": "This playbook will post a message in a Microsoft Teams channel when an Alert is created in Azure Sentinel.",
|
||||
"prerequisites": "MS teams Account that allow to post messages",
|
||||
"lastUpdateTime": "2021-06-10T10:00:15.123Z",
|
||||
"lastUpdateTime": "2021-07-14T00:00:00.000Z",
|
||||
"entities": [],
|
||||
"tags": [ "Basics", "Notification" ],
|
||||
"support": {
|
||||
|
|
|
|||
|
|
@ -5,7 +5,7 @@
|
|||
"title": "Post Message Teams",
|
||||
"description": "This playbook will post a message in a Microsoft Teams channel when an Incident is created in Azure Sentinel.",
|
||||
"prerequisites": "MS teams Account that allow to post messages",
|
||||
"lastUpdateTime": "2021-06-10T10:00:15.123Z",
|
||||
"lastUpdateTime": "2021-07-14T00:00:00.000Z",
|
||||
"entities": [],
|
||||
"tags": [ "Basics", "Notification" ],
|
||||
"support": {
|
||||
|
|
|
|||
|
|
@ -6,7 +6,7 @@
|
|||
"title": "Prompt User - Alert",
|
||||
"description": "This playbook will ask the user if they completed the action from the alert in Azure Sentinel. If so, it will close the incident and add a comment. If not, it will post a message to teams for the SOC to investigate and add a comment to the incident.",
|
||||
"prerequisites": "1. You will need the Team Id and Channel Id.",
|
||||
"lastUpdateTime": "2021-06-03T00:00:00.000Z",
|
||||
"lastUpdateTime": "2021-07-14T00:00:00.000Z",
|
||||
"entities": [ "Account" ],
|
||||
"tags": [ "Remediation" ],
|
||||
"support": {
|
||||
|
|
|
|||
|
|
@ -6,7 +6,7 @@
|
|||
"title": "Prompt User - Incident",
|
||||
"description": "This playbook will ask the user if they completed the action from the Incident in Azure Sentinel. If so, it will close the incident and add a comment. If not, it will post a message to teams for the SOC to investigate and add a comment to the incident.",
|
||||
"prerequisites": "1. You will need the Team Id and Channel Id.",
|
||||
"lastUpdateTime": "2021-06-03T00:00:00.000Z",
|
||||
"lastUpdateTime": "2021-07-14T00:00:00.000Z",
|
||||
"entities": [ "Account" ],
|
||||
"tags": [ "Remediation" ],
|
||||
"support": {
|
||||
|
|
|
|||
|
|
@ -5,7 +5,7 @@
|
|||
"title": "Alert trigger empty playbook",
|
||||
"description": "Use this template to quickly create a new playbook which starts with an Azure Sentinel alert. The playbook is deployed with Managed Identity enabled.",
|
||||
"prerequisites": "This playbook is configured to work with Managed Identity for the Azure Sentinel Logic Apps connector steps. After playbook is deployed, assign permissions for this playbook to Azure Sentinel workspace. [Learn more](https://docs.microsoft.com/connectors/azuresentinel/#authentication)",
|
||||
"lastUpdateTime": "2021-06-07T10:00:15.123Z",
|
||||
"lastUpdateTime": "2021-07-14T00:00:00.000Z",
|
||||
"entities": [],
|
||||
"tags": ["Basics"],
|
||||
"support": {
|
||||
|
|
|
|||
|
|
@ -5,7 +5,7 @@
|
|||
"title": "Incident trigger empty playbook",
|
||||
"description": "Use this template to quickly create a new playbook which starts with an Azure Sentinel incident. The playbook is deployed with Managed Identity enabled.",
|
||||
"prerequisites": "This playbook is configured to work with Managed Identity for the Azure Sentinel Logic Apps connector steps. After playbook is deployed, assign permissions for this playbook to Azure Sentinel workspace. [Learn more](https://docs.microsoft.com/connectors/azuresentinel/#authentication)",
|
||||
"lastUpdateTime": "2021-06-07T10:00:15.123Z",
|
||||
"lastUpdateTime": "2021-07-14T00:00:00.000Z",
|
||||
"entities": [],
|
||||
"tags": ["Basics"],
|
||||
"support": {
|
||||
|
|
|
|||
|
|
@ -5,7 +5,7 @@
|
|||
"title": "Remove-MDEAppExecution",
|
||||
"description": "This playbook will remove restrict app execution on the machine in Microsoft Defender for Endpoint.",
|
||||
"prerequisites": "You will need to grant Machine.RestrictExecution permissions to the managed identity.",
|
||||
"lastUpdateTime": "2021-06-08T00:00:00.000Z",
|
||||
"lastUpdateTime": "2021-07-14T00:00:00.000Z",
|
||||
"entities": [ "Host" ],
|
||||
"tags": [ "Remediation" ],
|
||||
"support": {
|
||||
|
|
|
|||
|
|
@ -5,7 +5,7 @@
|
|||
"title": "Reset-AADUserPassword",
|
||||
"description": "This playbook will reset the user password using Graph API. It will send the password (which is a random guid substring) to the user's manager. The user will have to reset the password upon login.",
|
||||
"prerequisites": "1. You will need to grant User.ReadWrite.All permissions to the managed identity.",
|
||||
"lastUpdateTime": "2021-06-10T00:00:00.000Z",
|
||||
"lastUpdateTime": "2021-07-14T00:00:00.000Z",
|
||||
"entities": [ "Account" ],
|
||||
"tags": [ "Remediation" ],
|
||||
"support": {
|
||||
|
|
|
|||
|
|
@ -5,7 +5,7 @@
|
|||
"title": "Reset-AADUserPassword",
|
||||
"description": "This playbook will reset the user password using Graph API. It will send the password (which is a random guid substring) to the user's manager. The user will have to reset the password upon login.",
|
||||
"prerequisites": "1. You will need to grant User.ReadWrite.All permissions to the managed identity.",
|
||||
"lastUpdateTime": "2021-06-10T00:00:00.000Z",
|
||||
"lastUpdateTime": "2021-07-14T00:00:00.000Z",
|
||||
"entities": [ "Account" ],
|
||||
"tags": [ "Remediation" ],
|
||||
"support": {
|
||||
|
|
|
|||
|
|
@ -5,7 +5,7 @@
|
|||
"title": "Restrict MDE App Execution",
|
||||
"description": "This playbook will restrict app execution on the machine in Microsoft Defender for Endpoint.",
|
||||
"prerequisites": "You will need to grant Machine.RestrictExecution permissions to the managed identity.",
|
||||
"lastUpdateTime": "2021-06-08T00:00:00.000Z",
|
||||
"lastUpdateTime": "2021-07-14T00:00:00.000Z",
|
||||
"entities": [ "Host" ],
|
||||
"tags": [ "Remediation" ],
|
||||
"support": {
|
||||
|
|
|
|||
|
|
@ -5,7 +5,7 @@
|
|||
"title": "Restrict MDE App Execution",
|
||||
"description": "This playbook will restrict app execution on the machine in Microsoft Defender for Endpoint.",
|
||||
"prerequisites": "You will need to grant Machine.RestrictExecution permissions to the managed identity.",
|
||||
"lastUpdateTime": "2021-06-08T00:00:00.000Z",
|
||||
"lastUpdateTime": "2021-07-14T00:00:00.000Z",
|
||||
"entities": [ "Host" ],
|
||||
"tags": [ "Remediation" ],
|
||||
"support": {
|
||||
|
|
|
|||
|
|
@ -5,7 +5,7 @@
|
|||
"title": "Restrict MDE Domain",
|
||||
"description": "This play book will take DNS entities and generate alert and block threat indicators for each domain in Microsoft Defender for Endpoint for 90 days.",
|
||||
"prerequisites": "You will need to grant Ti.ReadWrite permissions to the managed identity.",
|
||||
"lastUpdateTime": "2021-06-10T00:00:00.000Z",
|
||||
"lastUpdateTime": "2021-07-14T00:00:00.000Z",
|
||||
"entities": [ "Dns" ],
|
||||
"tags": [ "Remediation" ],
|
||||
"support": {
|
||||
|
|
|
|||
|
|
@ -5,7 +5,7 @@
|
|||
"title": "Restrict MDE Domain",
|
||||
"description": "This play book will take DNS entities and generate alert and block threat indicators for each domain in Microsoft Defender for Endpoint for 90 days.",
|
||||
"prerequisites": ["You will need to grant Ti.ReadWrite permissions to the managed identity."],
|
||||
"lastUpdateTime": "2021-06-10T00:00:00.000Z",
|
||||
"lastUpdateTime": "2021-07-14T00:00:00.000Z",
|
||||
"entities": [ "DnsResolution" ],
|
||||
"tags": [ "Remediation" ],
|
||||
"support": {
|
||||
|
|
|
|||
|
|
@ -5,7 +5,7 @@
|
|||
"title": "Restrict MDE FileHash",
|
||||
"description": "This playbook will take FileHash entities and generate alert and block threat indicators for each file hash in MDE for 90 days.",
|
||||
"prerequisites": "You will need to grant Ti.ReadWrite permissions to the managed identity.",
|
||||
"lastUpdateTime": "2021-06-10T00:00:00.000Z",
|
||||
"lastUpdateTime": "2021-07-14T00:00:00.000Z",
|
||||
"entities": [ "FileHash" ],
|
||||
"tags": [ "Remediation" ],
|
||||
"support": {
|
||||
|
|
|
|||
|
|
@ -5,7 +5,7 @@
|
|||
"title": "Restrict MDE FileHash",
|
||||
"description": "This playbook will take FileHash entities and generate alert and block threat indicators for each file hash in MDE for 90 days.",
|
||||
"prerequisites": "You will need to grant Ti.ReadWrite permissions to the managed identity.",
|
||||
"lastUpdateTime": "2021-06-10T00:00:00.000Z",
|
||||
"lastUpdateTime": "2021-07-14T00:00:00.000Z",
|
||||
"entities": [ "FileHash" ],
|
||||
"tags": [ "Remediation" ],
|
||||
"support": {
|
||||
|
|
|
|||
|
|
@ -5,7 +5,7 @@
|
|||
"title": "Restrict MDE Ip Address",
|
||||
"description": "This playbook will take IP entities and generate alert and block threat indicators for each IP in MDE for 90 days.",
|
||||
"prerequisites": "You will need to grant Ti.ReadWrite permissions to the managed identity.",
|
||||
"lastUpdateTime": "2021-06-10T00:00:00.000Z",
|
||||
"lastUpdateTime": "2021-07-14T00:00:00.000Z",
|
||||
"entities": [ "Ip" ],
|
||||
"tags": [ "Remediation" ],
|
||||
"support": {
|
||||
|
|
|
|||
|
|
@ -5,7 +5,7 @@
|
|||
"title": "Restrict MDE Ip Address",
|
||||
"description": "This playbook will take IP entities and generate alert and block threat indicators for each IP in MDE for 90 days.",
|
||||
"prerequisites": "You will need to grant Ti.ReadWrite permissions to the managed identity.",
|
||||
"lastUpdateTime": "2021-06-10T00:00:00.000Z",
|
||||
"lastUpdateTime": "2021-07-14T00:00:00.000Z",
|
||||
"entities": [ "Ip" ],
|
||||
"tags": [ "Remediation" ],
|
||||
"support": {
|
||||
|
|
|
|||
|
|
@ -5,7 +5,7 @@
|
|||
"title": "Restrict MDE Url",
|
||||
"description": "This playbook will take Url entities and generate alert and block threat indicators for each IP in MDE for 90 days.",
|
||||
"prerequisites": "You will need to grant Ti.ReadWrite permissions to the managed identity.",
|
||||
"lastUpdateTime": "2021-06-10T00:00:00.000Z",
|
||||
"lastUpdateTime": "2021-07-14T00:00:00.000Z",
|
||||
"entities": [ "Url" ],
|
||||
"tags": [ "Remediation" ],
|
||||
"support": {
|
||||
|
|
|
|||
|
|
@ -5,7 +5,7 @@
|
|||
"title": "Restrict MDE Url",
|
||||
"description": "This playbook will take Url entities and generate alert and block threat indicators for each IP in MDE for 90 days.",
|
||||
"prerequisites": "You will need to grant Ti.ReadWrite permissions to the managed identity.",
|
||||
"lastUpdateTime": "2021-06-10T00:00:00.000Z",
|
||||
"lastUpdateTime": "2021-07-14T00:00:00.000Z",
|
||||
"entities": [ "Url" ],
|
||||
"tags": [ "Remediation" ],
|
||||
"support": {
|
||||
|
|
|
|||
|
|
@ -5,7 +5,7 @@
|
|||
"title": "Revoke-AADSignInSessions",
|
||||
"description": "This playbook will revoke all signin sessions for the user using Graph API. It will send an email to the user's manager.",
|
||||
"prerequisites": "1. You will need to grant User.ReadWrite.All permissions to the managed identity.",
|
||||
"lastUpdateTime": "2021-06-03T00:00:00.000Z",
|
||||
"lastUpdateTime": "2021-07-14T00:00:00.000Z",
|
||||
"entities": [ "Account" ],
|
||||
"tags": [ "Remediation" ],
|
||||
"support": {
|
||||
|
|
|
|||
|
|
@ -5,7 +5,7 @@
|
|||
"title": "Run MDE Antivirus",
|
||||
"description": "This playbook will run a antivirus (full) scan on the machine in Microsoft Defender for Endpoint.",
|
||||
"prerequisites": "You will need to grant Machine.Scan permissions to the managed identity.",
|
||||
"lastUpdateTime": "2021-06-10T00:00:00.000Z",
|
||||
"lastUpdateTime": "2021-07-14T00:00:00.000Z",
|
||||
"entities": [ "Host" ],
|
||||
"tags": [ "Remediation" ],
|
||||
"support": {
|
||||
|
|
|
|||
|
|
@ -5,7 +5,7 @@
|
|||
"title": "Run MDE Antivirus",
|
||||
"description": "This playbook will run a antivirus (full) scan on the machine in Microsoft Defender for Endpoint.",
|
||||
"prerequisites": "You will need to grant Machine.Scan permissions to the managed identity.",
|
||||
"lastUpdateTime": "2021-06-10T00:00:00.000Z",
|
||||
"lastUpdateTime": "2021-07-14T00:00:00.000Z",
|
||||
"entities": [ "Host" ],
|
||||
"tags": [ "Remediation" ],
|
||||
"support": {
|
||||
|
|
|
|||
|
|
@ -5,7 +5,7 @@
|
|||
"title": "Send basic email",
|
||||
"description": "This playbook will be sending email with basic incidents details (Incident title, severity, tactics, link,…) when incident is created in Azure Sentinel.",
|
||||
"prerequisites": " An O365 account to be used to send email notification (The user account will be used in O365 connector: Send an email step.)",
|
||||
"lastUpdateTime": "2021-06-08T10:00:15.123Z",
|
||||
"lastUpdateTime": "2021-07-14T00:00:00.000Z",
|
||||
"entities": [],
|
||||
"tags": [ "Basics", "Notification" ],
|
||||
"support": {
|
||||
|
|
|
|||
|
|
@ -5,7 +5,7 @@
|
|||
"title": "Send email with formatted incident report",
|
||||
"description": "This playbook will be sending email with formated incidents report (Incident title, severity, tactics, link,…) when incident is created in Azure Sentinel. Email notification is made in HTML.",
|
||||
"prerequisites": "An O365 account to be used to send email notification (The user account will be used in O365 connector (Send an email).) Link with company logo. No formating since size is defined in the Playbook. Linke example - https://azure.microsoft.com/svghandler/azure-sentinel",
|
||||
"lastUpdateTime": "2021-06-08T10:00:15.123Z",
|
||||
"lastUpdateTime": "2021-07-14T00:00:00.000Z",
|
||||
"entities": [],
|
||||
"tags": [ "Basics", "Notification" ],
|
||||
"support": {
|
||||
|
|
|
|||
|
|
@ -5,7 +5,7 @@
|
|||
"title": "Unisolate MDE Machine",
|
||||
"description": "This playbook will release a machine from isolation in Microsoft Defender for Endpoint.",
|
||||
"prerequisites": "You will need to grant Machine.Isolate permissions to the managed identity.",
|
||||
"lastUpdateTime": "2021-06-08T00:00:00.000Z",
|
||||
"lastUpdateTime": "2021-07-14T00:00:00.000Z",
|
||||
"entities": [ "Host" ],
|
||||
"tags": [ "Remediation" ],
|
||||
"support": {
|
||||
|
|
|
|||
|
|
@ -5,7 +5,7 @@
|
|||
"title": "Unisolate MDE Machine",
|
||||
"description": "This playbook will release a machine from isolation in Microsoft Defender for Endpoint.",
|
||||
"prerequisites": "You will need to grant Machine.Isolate permissions to the managed identity.",
|
||||
"lastUpdateTime": "2021-06-08T00:00:00.000Z",
|
||||
"lastUpdateTime": "2021-07-14T00:00:00.000Z",
|
||||
"entities": [ "Host" ],
|
||||
"tags": [ "Remediation" ],
|
||||
"support": {
|
||||
|
|
|
|||
Загрузка…
Ссылка в новой задаче