Azure
/
Azure-Sentinel
зеркало из
1
0
Форкнуть 0
Код Задачи Пакеты Проекты Релизы Вики Активность

Update azuredeploy.json

This commit is contained in:
AcceleryntSecurityDev 2022-09-29 12:09:01 -07:00 коммит произвёл GitHub
Родитель 7baa9a9a37
Коммит 511dea2dcf
Не найден ключ, соответствующий данной подписи
Идентификатор ключа GPG: 4AEE18F83AFDEB23
1 изменённых файлов: 29 добавлений и 8 удалений
Показать статистику Скачать Patch файл Скачать Diff файл Показать все файлы Свернуть все файлы

37
Playbooks/AS-Compromised-Machine-Tagging/azuredeploy.json
Просмотреть файл

@ -2,17 +2,26 @@
"$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
"contentVersion": "1.0.0.0",
"metadata": {
"comments": "This playbook is intended to be run from a Microsoft Sentinel incident. It will match the hosts from an incident with machines in Microsoft Defender and tag those machines as compromised.",
"author": "Accelerynt"
"title": "AS-Compromised-Machine-Tagging",
"description": "This playbook is intended to be run from a Microsoft Sentinel incident. It will match the hosts from an incident with machines in Microsoft Defender and tag those machines as compromised.",
"lastUpdateTime": "2022-09-29T18:18:05Z",
"entities": ["Host"],
"tags": ["Microsoft Sentinel", "Incident", "Microsoft Defender"],
"support": {
"tier": "developer"
},
"author": {
"name": "Accelerynt"
}
},
"parameters": {
"PlaybookName": {
"defaultValue": "AS-Compromised-Machine-Tagging",
"type": "String"
"type": "string"
},
"MachineTagName": {
"defaultValue": "Compromised",
"type": "String",
"type": "string",
"metadata": {
"description": "Name of the tag to be added to the Microsoft Defender machine"
}
@ -28,10 +37,11 @@
"apiVersion": "2016-06-01",
"name": "[variables('azuresentinel')]",
"location": "[resourceGroup().location]",
"kind": "V1",
"properties": {
"displayName": "[parameters('PlaybookName')]",
"customParameterValues": {
},
"customParameterValues": {},
"parameterValueType": "Alternative",
"api": {
"id": "[concat('/subscriptions/', subscription().subscriptionId, '/providers/Microsoft.Web/locations/', resourceGroup().location, '/managedApis/azuresentinel')]"
}
@ -56,6 +66,12 @@
"apiVersion": "2017-07-01",
"name": "[parameters('PlaybookName')]",
"location": "[resourceGroup().location]",
"tags": {
"LogicAppsCategory": "security"
},
"identity": {
"type": "SystemAssigned"
},
"dependsOn": [
"[resourceId('Microsoft.Web/connections', variables('azuresentinel'))]",
"[resourceId('Microsoft.Web/connections', variables('wdatp'))]"
@ -72,7 +88,7 @@
}
},
"triggers": {
"Microsoft_Sentinel_Incident": {
"Microsoft_Sentinel_incident": {
"type": "ApiConnectionWebhook",
"inputs": {
"body": {
@ -226,7 +242,12 @@
"azuresentinel": {
"connectionId": "[resourceId('Microsoft.Web/connections', variables('azuresentinel'))]",
"connectionName": "[variables('azuresentinel')]",
"id": "[concat('/subscriptions/', subscription().subscriptionId,'/providers/Microsoft.Web/locations/', resourceGroup().location, '/managedApis/azuresentinel')]"
"id": "[concat('/subscriptions/', subscription().subscriptionId, '/providers/Microsoft.Web/locations/', resourceGroup().location, '/managedApis/azuresentinel')]",
"connectionProperties": {
"authentication": {
"type": "ManagedServiceIdentity"
}
}
},
"wdatp": {
"connectionId": "[resourceId('Microsoft.Web/connections', variables('wdatp'))]",