VirusTotal playbooks to gallery
* Removed parameters for connections and changed display name * Update tags, title
This commit is contained in:
Родитель
4fce63f980
Коммит
70a3bd1835
|
@ -2,12 +2,12 @@
|
|||
"$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
|
||||
"contentVersion": "1.0.0.0",
|
||||
"metadata": {
|
||||
"title": "Get-VirusTotalDomainReport",
|
||||
"title": "URL Enrichment - Virus Total domain report",
|
||||
"description": "This playbook will take each URL entity and query VirusTotal for Domain Report (https://developers.virustotal.com/v3.0/reference#domain-info). It will write the results to Log Analytics and add a comment to the incident.",
|
||||
"prerequisites": "You will need to register to Virus Total community for an API key.",
|
||||
"lastUpdateTime": "2021-06-08T00:00:00.000Z",
|
||||
"prerequisites": "Register to Virus Total community for an API key.",
|
||||
"lastUpdateTime": "2021-05-08T00:00:00.000Z",
|
||||
"entities": [ "URL" ],
|
||||
"tags": [ "Enrich" ],
|
||||
"tags": [ "Enrichment" ],
|
||||
"support": {
|
||||
"tier": "Community"
|
||||
},
|
||||
|
@ -19,16 +19,6 @@
|
|||
"PlaybookName": {
|
||||
"defaultValue": "Get-VirusTotalDomainReport",
|
||||
"type": "string"
|
||||
},
|
||||
"VirusTotalAPIKey": {
|
||||
"defaultValue": "<APIKey>",
|
||||
"type": "string"
|
||||
},
|
||||
"workspaceId": {
|
||||
"type": "string"
|
||||
},
|
||||
"workSpaceKey": {
|
||||
"type": "string"
|
||||
}
|
||||
},
|
||||
"variables": {
|
||||
|
@ -43,14 +33,10 @@
|
|||
"name": "[variables('AzureLogAnalyticsDataCollectorConnectionName')]",
|
||||
"location": "[resourceGroup().location]",
|
||||
"properties": {
|
||||
"displayName": "[parameters('workspaceId')]",
|
||||
"displayName": "[variables('AzureLogAnalyticsDataCollectorConnectionName')]",
|
||||
"customParameterValues": {},
|
||||
"api": {
|
||||
"id": "[concat('/subscriptions/', subscription().subscriptionId, '/providers/Microsoft.Web/locations/', resourceGroup().location, '/managedApis/azureloganalyticsdatacollector')]"
|
||||
},
|
||||
"parameterValues": {
|
||||
"username": "[parameters('workspaceId')]",
|
||||
"password": "[parameters('workSpaceKey')]"
|
||||
}
|
||||
}
|
||||
},
|
||||
|
@ -60,9 +46,6 @@
|
|||
"name": "[variables('VirusTotalConnectionName')]",
|
||||
"location": "[resourceGroup().location]",
|
||||
"properties": {
|
||||
"customParameterValues": {
|
||||
"api_key": "[parameters('VirusTotalAPIKey')]"
|
||||
},
|
||||
"api": {
|
||||
"id": "[concat('/subscriptions/', subscription().subscriptionId, '/providers/Microsoft.Web/locations/', resourceGroup().location, '/managedApis/virustotal')]"
|
||||
}
|
||||
|
|
Двоичный файл не отображается.
До Ширина: | Высота: | Размер: 44 KiB |
|
@ -26,6 +26,6 @@ After deployment, you can run this playbook manually on an alert or attach it to
|
|||
|
||||
## Screenshots
|
||||
**Incident Trigger**<br>
|
||||
![Incident Trigger](./incident-trigger/images/Get-VirusTotalDomainReport_incident.png)<br>
|
||||
![Incident Trigger](./incident-trigger/images/designerLight.png)<br>
|
||||
**Alert Trigger**<br>
|
||||
![Alert Trigger](./alert-trigger/images/Get-VirusTotalDomainReport_alert.png)<br>
|
|
@ -2,12 +2,12 @@
|
|||
"$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
|
||||
"contentVersion": "1.0.0.0",
|
||||
"metadata": {
|
||||
"title": "Get-VirusTotalFileReport",
|
||||
"title": "FileHash Enrichment - Virus Total report",
|
||||
"description": "This playbook will take each File Hash entity and query VirusTotal for File Report (https://developers.virustotal.com/v3.0/reference#file-info). It will write the results to Log Analytics and add a comment to the incident.",
|
||||
"prerequisites": "You will need to register to Virus Total community for an API key.",
|
||||
"lastUpdateTime": "2021-06-08T00:00:00.000Z",
|
||||
"prerequisites": "Register to Virus Total community for an API key.",
|
||||
"lastUpdateTime": "2021-05-08T00:00:00.000Z",
|
||||
"entities": [ "FileHash" ],
|
||||
"tags": [ "Enrich" ],
|
||||
"tags": [ "Enrichment" ],
|
||||
"support": {
|
||||
"tier": "community"
|
||||
},
|
||||
|
@ -19,16 +19,6 @@
|
|||
"PlaybookName": {
|
||||
"defaultValue": "Get-VirusTotalFileInfo",
|
||||
"type": "string"
|
||||
},
|
||||
"VirusTotalAPIKey": {
|
||||
"defaultValue": "<APIKey>",
|
||||
"type": "string"
|
||||
},
|
||||
"workspaceId": {
|
||||
"type": "string"
|
||||
},
|
||||
"workSpaceKey": {
|
||||
"type": "string"
|
||||
}
|
||||
},
|
||||
"variables": {
|
||||
|
@ -43,14 +33,10 @@
|
|||
"name": "[variables('AzureLogAnalyticsDataCollectorConnectionName')]",
|
||||
"location": "[resourceGroup().location]",
|
||||
"properties": {
|
||||
"displayName": "[parameters('workspaceId')]",
|
||||
"displayName": "[variables('AzureLogAnalyticsDataCollectorConnectionName')]",
|
||||
"customParameterValues": {},
|
||||
"api": {
|
||||
"id": "[concat('/subscriptions/', subscription().subscriptionId, '/providers/Microsoft.Web/locations/', resourceGroup().location, '/managedApis/azureloganalyticsdatacollector')]"
|
||||
},
|
||||
"parameterValues": {
|
||||
"username": "[parameters('workspaceId')]",
|
||||
"password": "[parameters('workSpaceKey')]"
|
||||
}
|
||||
}
|
||||
},
|
||||
|
@ -60,9 +46,6 @@
|
|||
"name": "[variables('VirusTotalConnectionName')]",
|
||||
"location": "[resourceGroup().location]",
|
||||
"properties": {
|
||||
"customParameterValues": {
|
||||
"api_key": "[parameters('VirusTotalAPIKey')]"
|
||||
},
|
||||
"api": {
|
||||
"id": "[concat('/subscriptions/', subscription().subscriptionId, '/providers/Microsoft.Web/locations/', resourceGroup().location, '/managedApis/virustotal')]"
|
||||
}
|
||||
|
|
Двоичный файл не отображается.
До Ширина: | Высота: | Размер: 46 KiB |
|
@ -28,6 +28,6 @@ After deployment, you can run this playbook manually on an alert or attach it to
|
|||
|
||||
## Screenshots
|
||||
**Incident Trigger**<br>
|
||||
![Incident Trigger](./incident-trigger/images/Get-VirusTotalFileInfo_incident.png)<br>
|
||||
![Incident Trigger](./incident-trigger/images/designerLight.png)<br>
|
||||
**Alert Trigger**<br>
|
||||
![Alert Trigger](./alert-trigger/images/Get-VirusTotalFileInfo_alert.png)<br>
|
|
@ -2,12 +2,12 @@
|
|||
"$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
|
||||
"contentVersion": "1.0.0.0",
|
||||
"metadata": {
|
||||
"title": "Get-VirusTotalIPReport",
|
||||
"title": "IP Enrichment - Virus Total report",
|
||||
"description": "This playbook will take each IP entity and query VirusTotal for IP Address Report (https://developers.virustotal.com/v3.0/reference#ip-info). It will write the results to Log Analytics and add a comment to the incident.",
|
||||
"prerequisites": "You will need to register to Virus Total community for an API key.",
|
||||
"lastUpdateTime": "2021-06-03T00:00:00.000Z",
|
||||
"prerequisites": "Register to Virus Total community for an API key.",
|
||||
"lastUpdateTime": "2021-05-08T00:00:00.000Z",
|
||||
"entities": ["IP"],
|
||||
"tags": ["Enrich"],
|
||||
"tags": ["Enrichment"],
|
||||
"support": {
|
||||
"tier": "community"
|
||||
},
|
||||
|
@ -19,16 +19,6 @@
|
|||
"PlaybookName": {
|
||||
"defaultValue": "Get-VirusTotalIPReport",
|
||||
"type": "string"
|
||||
},
|
||||
"VirusTotalAPIKey": {
|
||||
"defaultValue": "<APIKey>",
|
||||
"type": "string"
|
||||
},
|
||||
"workspaceId": {
|
||||
"type": "string"
|
||||
},
|
||||
"workSpaceKey": {
|
||||
"type": "string"
|
||||
}
|
||||
},
|
||||
"variables": {
|
||||
|
@ -43,14 +33,10 @@
|
|||
"name": "[variables('AzureLogAnalyticsDataCollectorConnectionName')]",
|
||||
"location": "[resourceGroup().location]",
|
||||
"properties": {
|
||||
"displayName": "[parameters('workspaceId')]",
|
||||
"displayName": "[variables('AzureLogAnalyticsDataCollectorConnectionName')]",
|
||||
"customParameterValues": {},
|
||||
"api": {
|
||||
"id": "[concat('/subscriptions/', subscription().subscriptionId, '/providers/Microsoft.Web/locations/', resourceGroup().location, '/managedApis/azureloganalyticsdatacollector')]"
|
||||
},
|
||||
"parameterValues": {
|
||||
"username": "[parameters('workspaceId')]",
|
||||
"password": "[parameters('workSpaceKey')]"
|
||||
}
|
||||
}
|
||||
},
|
||||
|
@ -75,9 +61,6 @@
|
|||
"name": "[variables('VirusTotalConnectionName')]",
|
||||
"location": "[resourceGroup().location]",
|
||||
"properties": {
|
||||
"customParameterValues": {
|
||||
"api_key": "[parameters('VirusTotalAPIKey')]"
|
||||
},
|
||||
"api": {
|
||||
"id": "[concat('/subscriptions/', subscription().subscriptionId, '/providers/Microsoft.Web/locations/', resourceGroup().location, '/managedApis/virustotal')]"
|
||||
}
|
||||
|
|
Двоичный файл не отображается.
До Ширина: | Высота: | Размер: 82 KiB |
|
@ -26,6 +26,6 @@ After deployment, you can run this playbook manually on an alert or attach it to
|
|||
|
||||
## Screenshots
|
||||
**Incident Trigger**<br>
|
||||
![Incident Trigger](./incident-trigger/images/Get-VirusTotalIPReport_incident.png)<br>
|
||||
![Incident Trigger](./incident-trigger/images/designerLight.png)<br>
|
||||
**Alert Trigger**<br>
|
||||
![Alert Trigger](./alert-trigger/images/Get-VirusTotalIPReport_alert.png)<br>
|
||||
|
|
|
@ -2,12 +2,12 @@
|
|||
"$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
|
||||
"contentVersion": "1.0.0.0",
|
||||
"metadata": {
|
||||
"title": "Get-VirusTotalURLReport",
|
||||
"title": "URL Enrichment - Virus Total report",
|
||||
"description": "This playbook will take each URL entity and query VirusTotal for URL Report (https://developers.virustotal.com/v3.0/reference#url-info). It will write the results to Log Analytics and add a comment to the incident.",
|
||||
"prerequisites": "You will need to register to Virus Total community for an API key.",
|
||||
"lastUpdateTime": "2021-06-08T00:00:00.000Z",
|
||||
"prerequisites": "Register to Virus Total community for an API key.",
|
||||
"lastUpdateTime": "2021-05-08T00:00:00.000Z",
|
||||
"entities": [ "URL" ],
|
||||
"tags": [ "Enrich" ],
|
||||
"tags": [ "Enrichment" ],
|
||||
"support": {
|
||||
"tier": "Community"
|
||||
},
|
||||
|
@ -19,16 +19,6 @@
|
|||
"PlaybookName": {
|
||||
"defaultValue": "Get-VirusTotalURLReport",
|
||||
"type": "string"
|
||||
},
|
||||
"VirusTotalAPIKey": {
|
||||
"defaultValue": "<APIKey>",
|
||||
"type": "string"
|
||||
},
|
||||
"workspaceId": {
|
||||
"type": "string"
|
||||
},
|
||||
"workSpaceKey": {
|
||||
"type": "string"
|
||||
}
|
||||
},
|
||||
"variables": {
|
||||
|
@ -43,14 +33,10 @@
|
|||
"name": "[variables('AzureLogAnalyticsDataCollectorConnectionName')]",
|
||||
"location": "[resourceGroup().location]",
|
||||
"properties": {
|
||||
"displayName": "[parameters('workspaceId')]",
|
||||
"displayName": "[variables('AzureLogAnalyticsDataCollectorConnectionName')]",
|
||||
"customParameterValues": {},
|
||||
"api": {
|
||||
"id": "[concat('/subscriptions/', subscription().subscriptionId, '/providers/Microsoft.Web/locations/', resourceGroup().location, '/managedApis/azureloganalyticsdatacollector')]"
|
||||
},
|
||||
"parameterValues": {
|
||||
"username": "[parameters('workspaceId')]",
|
||||
"password": "[parameters('workSpaceKey')]"
|
||||
}
|
||||
}
|
||||
},
|
||||
|
@ -60,9 +46,7 @@
|
|||
"name": "[variables('VirusTotalConnectionName')]",
|
||||
"location": "[resourceGroup().location]",
|
||||
"properties": {
|
||||
"customParameterValues": {
|
||||
"api_key": "[parameters('VirusTotalAPIKey')]"
|
||||
},
|
||||
"displayName": "[variables('VirusTotalConnectionName')]",
|
||||
"api": {
|
||||
"id": "[concat('/subscriptions/', subscription().subscriptionId, '/providers/Microsoft.Web/locations/', resourceGroup().location, '/managedApis/virustotal')]"
|
||||
}
|
||||
|
|
Двоичный файл не отображается.
До Ширина: | Высота: | Размер: 46 KiB |
|
@ -26,6 +26,6 @@ After deployment, you can run this playbook manually on an alert or attach it to
|
|||
|
||||
## Screenshots
|
||||
**Incident Trigger**<br>
|
||||
![Incident Trigger](./incident-trigger/images/Get-VirusTotalURLReport_incident.png)<br>
|
||||
![Incident Trigger](./incident-trigger/images/designerLight.png)<br>
|
||||
**Alert Trigger**<br>
|
||||
![Alert Trigger](./alert-trigger/images/Get-VirusTotalURLReport_alert.png)<br>
|
Загрузка…
Ссылка в новой задаче