Azure
/
Azure-Sentinel
зеркало из
1
0
Форкнуть 0
Код Задачи Пакеты Проекты Релизы Вики Активность

Update readme.md

This commit is contained in:
Sarah Young 2021-08-13 10:22:28 +12:00 коммит произвёл GitHub
Родитель 6fa0555160
Коммит d45179bc85
Не найден ключ, соответствующий данной подписи
Идентификатор ключа GPG: 4AEE18F83AFDEB23
1 изменённых файлов: 1 добавлений и 1 удалений
Показать статистику Скачать Patch файл Скачать Diff файл Показать все файлы Свернуть все файлы

2
Playbooks/Export-Report-CSV/readme.md
Просмотреть файл

@ -12,7 +12,7 @@ Do you have a need to run scheduled exports of data from your Azure Sentinel env
----
###### SMTP Email
This Playbook uses the built in SMTP connector for Azure Logic Apps. Unlike the built-in Outlook mail connector, you do not need to have an O365 account to send email via the SMTP connector, but you need to do some configuration and make some decisions. If you're using O365, you can send email via your public facing SMTP server endpoint (See: https://docs.microsoft.com/en-us/exchange/mail-flow-best-practices/how-to-set-up-a-multifunction-device-or-application-to-send-email-using-microsoft-365-or-office-365 for more details. You will need to decide if you are going to need to send *authenticated* or *unauthenticated* email. For example, if the email your sending is going to an internal only email address, then you can send it unauthenticated and do not even need a mailbox in O365. However, if you want to send an email to an address outside of your domain, then you can **only** send it as an authenticated user and that will require that the user account have a mailbox.
This Playbook uses the built in SMTP connector for Azure Logic Apps. Unlike the built-in Outlook mail connector, you do not need to have an O365 account to send email via the SMTP connector, but you need to do some configuration and make some decisions. If you're using O365, you can send email via your public facing SMTP server endpoint (See: https://docs.microsoft.com/exchange/mail-flow-best-practices/how-to-set-up-a-multifunction-device-or-application-to-send-email-using-microsoft-365-or-office-365 for more details. You will need to decide if you are going to need to send *authenticated* or *unauthenticated* email. For example, if the email your sending is going to an internal only email address, then you can send it unauthenticated and do not even need a mailbox in O365. However, if you want to send an email to an address outside of your domain, then you can **only** send it as an authenticated user and that will require that the user account have a mailbox.
###### Watchlist
Report items are based on a schedule of daily, weekly, or monthly, stored in a watchlist called "Reporting". The Playbook executes an Azure Monitor Logs query for the various reports using a query like this: "\_GetWatchlist("Reporting") | where Schedule == "Daily"". It then iterates through the returned values to run the reports and send the emails out.