Azure
/
Azure-Sentinel
зеркало из
1
0
Форкнуть 0
Код Задачи Пакеты Проекты Релизы Вики Активность

Update azuredeploy.json

This commit is contained in:
AcceleryntSecurityDev 2022-09-29 12:11:16 -07:00 коммит произвёл GitHub
Родитель 504030ae7b
Коммит 9ce7d0aa8d
Не найден ключ, соответствующий данной подписи
Идентификатор ключа GPG: 4AEE18F83AFDEB23
1 изменённых файлов: 30 добавлений и 11 удалений
Показать статистику Скачать Patch файл Скачать Diff файл Показать все файлы Свернуть все файлы

41
Playbooks/AS-Okta-NetworkZoneUpdate/azuredeploy.json
Просмотреть файл

@ -2,34 +2,44 @@
"$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
"contentVersion": "1.0.0.0",
"metadata": {
"comments": "This playbook is intended to be run from a Microsoft Sentinel Incident. It will add the IP address from Microsoft Sentinel Incidents to an Okta Network Zone of your choosing.",
"author": "Accelerynt"
"title": "AS-Okta-NetworkZoneUpdate",
"description": "This playbook is intended to be run from a Microsoft Sentinel Incident. It will add the IP address from Microsoft Sentinel Incidents to an Okta Network Zone of your choosing.",
"prerequisites": "1. An Okta admin account is needed, along with an API token. 2. The id of an Okta network zone is also needed. 3. A Microsoft Azure key vault containing the Okta API token must also be set up. Support for the set up and configuration of each of these items can be found here: https://github.com/Accelerynt-Security/AS-Okta-NetworkZoneUpdate",
"lastUpdateTime": "2022-09-29T18:18:05Z",
"entities": ["IP"],
"tags": ["Microsoft Sentinel", "Incident", "Okta", "Network Zone"],
"support": {
"tier": "developer"
},
"author": {
"name": "Accelerynt"
}
},
"parameters": {
"PlaybookName": {
"defaultValue": "AS-Okta-NetworkZoneUpdate",
"type": "String"
"type": "string"
},
"OktaSubdomain": {
"type": "String",
"type": "string",
"metadata" : {
"description" : "Name of the subdomain (tenant) in the Okta Org URL"
}
},
"OktaNetworkZone": {
"type": "String",
"type": "string",
"metadata" : {
"description" : "Name of the Okta Network Zone that the Sentinel IPs will be added to"
}
},
"KeyVaultName": {
"type": "String",
"type": "string",
"metadata" : {
"description" : "Name of the Key Vault that stores the Okta API token"
}
},
"SecretName": {
"type": "String",
"type": "string",
"metadata": {
"description": "Name of Key Vault Secret that contains the value of the Okta API token"
}
@ -45,10 +55,11 @@
"apiVersion": "2016-06-01",
"name": "[variables('azuresentinel')]",
"location": "[resourceGroup().location]",
"kind": "V1",
"properties": {
"displayName": "[parameters('PlaybookName')]",
"customParameterValues": {
},
"customParameterValues": {},
"parameterValueType": "Alternative",
"api": {
"id": "[concat('/subscriptions/', subscription().subscriptionId, '/providers/Microsoft.Web/locations/', resourceGroup().location, '/managedApis/azuresentinel')]"
}
@ -77,6 +88,9 @@
"apiVersion": "2017-07-01",
"name": "[parameters('PlaybookName')]",
"location": "[resourceGroup().location]",
"tags": {
"LogicAppsCategory": "security"
},
"identity": {
"type": "SystemAssigned"
},
@ -421,9 +435,14 @@
"$connections": {
"value": {
"azuresentinel": {
"connectionId": "[resourceId('Microsoft.Web/connection', variables('azuresentinel'))]",
"connectionId": "[resourceId('Microsoft.Web/connections', variables('azuresentinel'))]",
"connectionName": "[variables('azuresentinel')]",
"id": "[concat('/subscriptions/', subscription().subscriptionId, '/providers/Microsoft.Web/locations/', resourceGroup().location, '/managedApis/azuresentinel')]"
"id": "[concat('/subscriptions/', subscription().subscriptionId, '/providers/Microsoft.Web/locations/', resourceGroup().location, '/managedApis/azuresentinel')]",
"connectionProperties": {
"authentication": {
"type": "ManagedServiceIdentity"
}
}
},
"keyvault": {
"connectionId": "[resourceId('Microsoft.Web/connections', variables('keyvault'))]",