Merge pull request #2111 from swiftsolves-msft/nateswift-Enrich-SentinelIncident-GreyNoise-IP

Enrich-SentinelIncident-GreyNoise-IP - Update readme.md
This commit is contained in:
Sreedhar Ande 2021-04-08 14:35:29 -07:00 коммит произвёл GitHub
Родитель 7d5e7825ea 49ebc502c7
Коммит 7ab547bd60
Не найден ключ, соответствующий данной подписи
Идентификатор ключа GPG: 4AEE18F83AFDEB23
1 изменённых файлов: 4 добавлений и 4 удалений

Просмотреть файл

@ -1,9 +1,9 @@
# Enrich-SentinelIncident-GreyNoise-IP # Enrich-SentinelIncident-GreyNoiseCommunity-IP
author: Nathan Swift author: Nathan Swift
This playbook uses the GreyNoise Community API to automatically enrich incidents generated by Sentinel for IP addresses. Optionally to prevent rate limits you may want to obtain a valid GreyNoise API Key. To learn more about the service and request a trial key, see the [Setting up an Account](https://developer.greynoise.io/docs/setting-up-an-account). This playbook uses the GreyNoise Community API to automatically enrich incidents generated by Sentinel for IP addresses. Optionally to prevent rate limits you may want to obtain a valid GreyNoise API Key. To learn more about the service and request a trial key, see the [Setting up an Account](https://developer.greynoise.io/docs/setting-up-an-account).
For details around the APIs used see the [RIOT API documentation](https://developer.greynoise.io/reference/ip-lookup-1#riotip) and the [IP Context API documentation](https://developer.greynoise.io/reference/ip-lookup-1#noisecontextip-1). For details around the API used see the [Community API documentation](https://developer.greynoise.io/reference/community-api#get_v3-community-ip).
<a href="https://portal.azure.com/#create/Microsoft.Template/uri/https%3A%2F%2Fraw.githubusercontent.com%2FAzure%2FAzure-Sentinel%2Fmaster%2FPlaybooks%2FEnrich-SentinelIncident-GreyNoiseCommunity-IP%2Fazuredeploy.json" target="_blank"> <a href="https://portal.azure.com/#create/Microsoft.Template/uri/https%3A%2F%2Fraw.githubusercontent.com%2FAzure%2FAzure-Sentinel%2Fmaster%2FPlaybooks%2FEnrich-SentinelIncident-GreyNoiseCommunity-IP%2Fazuredeploy.json" target="_blank">
<img src="https://aka.ms/deploytoazurebutton""/> <img src="https://aka.ms/deploytoazurebutton""/>
@ -40,8 +40,8 @@ Be sure under Actions to choose Run playbook and choose the GreyNoise-IP-Enrichm
Once completed press Apply button at bottom to add the Automation rule. Once completed press Apply button at bottom to add the Automation rule.
## Manually update Logic App with GreyNoise API Key ## (Optional) Manually update Logic App with GreyNoise API Key
Open the Logic App and Edit. Within the UI editor go to Parameters button towards top and add the key ass a default value as shown below. In addition open the CommunityIP action and add Key and the Parameter GreyNoiseKey. To prevent rate limits you may want to obtain a valid GreyNoise API Key. Open the Logic App and Edit. Within the UI editor go to Parameters button towards top and add the key ass a default value as shown below. In addition open the CommunityIP action and add Key and the Parameter GreyNoiseKey.
![apikey](Images/apikey.png) ![apikey](Images/apikey.png)