Update azuredeploy.json
This commit is contained in:
Родитель
504030ae7b
Коммит
9ce7d0aa8d
|
@ -2,34 +2,44 @@
|
|||
"$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
|
||||
"contentVersion": "1.0.0.0",
|
||||
"metadata": {
|
||||
"comments": "This playbook is intended to be run from a Microsoft Sentinel Incident. It will add the IP address from Microsoft Sentinel Incidents to an Okta Network Zone of your choosing.",
|
||||
"author": "Accelerynt"
|
||||
"title": "AS-Okta-NetworkZoneUpdate",
|
||||
"description": "This playbook is intended to be run from a Microsoft Sentinel Incident. It will add the IP address from Microsoft Sentinel Incidents to an Okta Network Zone of your choosing.",
|
||||
"prerequisites": "1. An Okta admin account is needed, along with an API token. 2. The id of an Okta network zone is also needed. 3. A Microsoft Azure key vault containing the Okta API token must also be set up. Support for the set up and configuration of each of these items can be found here: https://github.com/Accelerynt-Security/AS-Okta-NetworkZoneUpdate",
|
||||
"lastUpdateTime": "2022-09-29T18:18:05Z",
|
||||
"entities": ["IP"],
|
||||
"tags": ["Microsoft Sentinel", "Incident", "Okta", "Network Zone"],
|
||||
"support": {
|
||||
"tier": "developer"
|
||||
},
|
||||
"author": {
|
||||
"name": "Accelerynt"
|
||||
}
|
||||
},
|
||||
"parameters": {
|
||||
"PlaybookName": {
|
||||
"defaultValue": "AS-Okta-NetworkZoneUpdate",
|
||||
"type": "String"
|
||||
"type": "string"
|
||||
},
|
||||
"OktaSubdomain": {
|
||||
"type": "String",
|
||||
"type": "string",
|
||||
"metadata" : {
|
||||
"description" : "Name of the subdomain (tenant) in the Okta Org URL"
|
||||
}
|
||||
},
|
||||
"OktaNetworkZone": {
|
||||
"type": "String",
|
||||
"type": "string",
|
||||
"metadata" : {
|
||||
"description" : "Name of the Okta Network Zone that the Sentinel IPs will be added to"
|
||||
}
|
||||
},
|
||||
"KeyVaultName": {
|
||||
"type": "String",
|
||||
"type": "string",
|
||||
"metadata" : {
|
||||
"description" : "Name of the Key Vault that stores the Okta API token"
|
||||
}
|
||||
},
|
||||
"SecretName": {
|
||||
"type": "String",
|
||||
"type": "string",
|
||||
"metadata": {
|
||||
"description": "Name of Key Vault Secret that contains the value of the Okta API token"
|
||||
}
|
||||
|
@ -45,10 +55,11 @@
|
|||
"apiVersion": "2016-06-01",
|
||||
"name": "[variables('azuresentinel')]",
|
||||
"location": "[resourceGroup().location]",
|
||||
"kind": "V1",
|
||||
"properties": {
|
||||
"displayName": "[parameters('PlaybookName')]",
|
||||
"customParameterValues": {
|
||||
},
|
||||
"customParameterValues": {},
|
||||
"parameterValueType": "Alternative",
|
||||
"api": {
|
||||
"id": "[concat('/subscriptions/', subscription().subscriptionId, '/providers/Microsoft.Web/locations/', resourceGroup().location, '/managedApis/azuresentinel')]"
|
||||
}
|
||||
|
@ -77,6 +88,9 @@
|
|||
"apiVersion": "2017-07-01",
|
||||
"name": "[parameters('PlaybookName')]",
|
||||
"location": "[resourceGroup().location]",
|
||||
"tags": {
|
||||
"LogicAppsCategory": "security"
|
||||
},
|
||||
"identity": {
|
||||
"type": "SystemAssigned"
|
||||
},
|
||||
|
@ -421,9 +435,14 @@
|
|||
"$connections": {
|
||||
"value": {
|
||||
"azuresentinel": {
|
||||
"connectionId": "[resourceId('Microsoft.Web/connection', variables('azuresentinel'))]",
|
||||
"connectionId": "[resourceId('Microsoft.Web/connections', variables('azuresentinel'))]",
|
||||
"connectionName": "[variables('azuresentinel')]",
|
||||
"id": "[concat('/subscriptions/', subscription().subscriptionId, '/providers/Microsoft.Web/locations/', resourceGroup().location, '/managedApis/azuresentinel')]"
|
||||
"id": "[concat('/subscriptions/', subscription().subscriptionId, '/providers/Microsoft.Web/locations/', resourceGroup().location, '/managedApis/azuresentinel')]",
|
||||
"connectionProperties": {
|
||||
"authentication": {
|
||||
"type": "ManagedServiceIdentity"
|
||||
}
|
||||
}
|
||||
},
|
||||
"keyvault": {
|
||||
"connectionId": "[resourceId('Microsoft.Web/connections', variables('keyvault'))]",
|
||||
|
|
Загрузка…
Ссылка в новой задаче