0ebf5958d0
|
||
|---|---|---|
| .. | ||
| images | ||
| azuredeploy.json | ||
| readme.md | ||
readme.md
Enrich-AzureResourceGraph-Incident
This logicapp calls Enrich-AzureResourceGraph to comment Sentinel Incident based on ResourceGraph data
Quick Deployment
After deployment,
- Allow logicapp managed identity to update incident by adding IAM role Sentinel Responder or above
- attach this playbook to an automation rule so it runs when the incident is created.
Learn more about automation rules
Prerequisites
- Enrich-AzureResourceGraph logicapp
- Adapt query to your context
Screenshots
Workflow explained
- Azure Sentinel incident trigger
- Get Hosts entities
- For each host, call Enrich-AzureResourceGraph
- Add comment and tag found/notfound depending on output