Yaniv Shasha
GitHub
Коммит
713bc050c7
|
|
@ -7,7 +7,7 @@
|
|||
},
|
||||
"parameters": {
|
||||
"PlaybookName": {
|
||||
"defaultValue": "Choose playbook name",
|
||||
"defaultValue": "TritonPlayook",
|
||||
"type": "string"
|
||||
},
|
||||
"UserName": {
|
||||
|
|
|
|||
|
|
@ -105,7 +105,7 @@
|
|||
"type": "ApiConnection",
|
||||
"inputs": {
|
||||
"body": {
|
||||
"Value": "## Safe Ips\n###The following IPs were found in the Watchlist @{variables('WatchlistName')} :\n@{body('Create_HTML_table_-_safe')}\n\n## Not safe Ips\n###The following IPs were not found in the Watchlist @{variables('WatchlistName')} :\n@{body('Create_HTML_table_-_not_safe')}"
|
||||
"Value": "## Safe Ips\n### The following IPs were found in the Watchlist @{variables('WatchlistName')} :\n@{body('Create_HTML_table_-_safe')}\n\n ## Not safe Ips\n### The following IPs were not found in the Watchlist @{variables('WatchlistName')} :\n@{body('Create_HTML_table_-_not_safe')}"
|
||||
},
|
||||
"host": {
|
||||
"connection": {
|
||||
|
|
@ -206,7 +206,9 @@
|
|||
"type": "AppendToArrayVariable",
|
||||
"inputs": {
|
||||
"name": "SafeIPs",
|
||||
"value": "@items('For_each')?['Address']"
|
||||
"value": {
|
||||
"SafeIPs": "@{items('For_each')?['Address']}"
|
||||
}
|
||||
}
|
||||
}
|
||||
},
|
||||
|
|
@ -222,7 +224,9 @@
|
|||
"type": "AppendToArrayVariable",
|
||||
"inputs": {
|
||||
"name": "notSafeIPs",
|
||||
"value": "@items('For_each')?['Address']"
|
||||
"value": {
|
||||
"NotSafeIPs": "@{items('For_each')?['Address']}"
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
|
|
@ -244,7 +248,7 @@
|
|||
"runAfter": {},
|
||||
"type": "ApiConnection",
|
||||
"inputs": {
|
||||
"body": "_GetWatchlist(\"@{variables('WatchlistName')}\") \n| extend IpAddress = tostring(parse_json(WatchlistItem).IpAddress)\n| where IpAddress == ''@{items('For_each')?['Address']}\"",
|
||||
"body": "_GetWatchlist(\"@{variables('WatchlistName')}\") \n| where ipaddress == \"@{items('For_each')?['Address']}\"",
|
||||
"host": {
|
||||
"connection": {
|
||||
"name": "@parameters('$connections')['azuremonitorlogs']['connectionId']"
|
||||
|
|
@ -256,7 +260,7 @@
|
|||
"resourcegroups": "@variables('ResourceGroupName')",
|
||||
"resourcename": "@variables('WorkspaceName')",
|
||||
"resourcetype": "Log Analytics Workspace",
|
||||
"subscriptions": "@variables('SubscriptionName')",
|
||||
"subscriptions": "@variables('subscriptionid')",
|
||||
"timerange": "Last 12 hours"
|
||||
}
|
||||
},
|
||||
|
|
@ -287,7 +291,7 @@
|
|||
]
|
||||
}
|
||||
},
|
||||
"Initialize_variable_-_Subscription_disaply_name": {
|
||||
"Initialize_variable_-_Subscription_ID": {
|
||||
"runAfter": {
|
||||
"Initialize_variable_-_Resource_Group": [
|
||||
"Succeeded"
|
||||
|
|
@ -297,16 +301,16 @@
|
|||
"inputs": {
|
||||
"variables": [
|
||||
{
|
||||
"name": "SubscriptionName",
|
||||
"name": "subscriptionid",
|
||||
"type": "string",
|
||||
"value": "[subscription().displayname]"
|
||||
"value": "[subscription().subscriptionId]"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
"Initialize_variable_-_Watchlist_name": {
|
||||
"runAfter": {
|
||||
"Initialize_variable_-_Subscription_disaply_name": [
|
||||
"Initialize_variable_-_Subscription_ID": [
|
||||
"Succeeded"
|
||||
]
|
||||
},
|
||||
|
|
|
|||
|
|
@ -17,8 +17,8 @@
|
|||
},
|
||||
"variables": {
|
||||
"AzureSentinelConnectionName": "[concat('azuresentinel-', parameters('PlaybookName'))]",
|
||||
"Office365ConnectionName": "[concat('teams', parameters('PlaybookName'))]",
|
||||
"MicrosoftTeamsConnectionName": "[concat('teams', parameters('PlaybookName'))]",
|
||||
"Office365ConnectionName": "[concat('office365-', parameters('PlaybookName'))]",
|
||||
"MicrosoftTeamsConnectionName": "[concat('teams-', parameters('PlaybookName'))]",
|
||||
"AzureMonitorLogsConnectionName": "[concat('azuremonitorlogs-', parameters('PlaybookName'))]"
|
||||
},
|
||||
"resources": [
|
||||
|
|
|
|||
Загрузка…
Ссылка в новой задаче