Azure-Sentinel

История

dicolanl 525d001024 Updating Deploy buttons and links part 1		2021-06-16 00:25:40 +00:00
..
C19ImportToSentinel.json	Queryandplaybook (#685 )	2020-05-14 18:26:55 +01:00
C19IndicatorProcessor.json	Queryandplaybook (#685 )	2020-05-14 18:26:55 +01:00
playbookparameter.PNG	update important instructions on playbook order of deployment	2021-03-16 15:18:15 -07:00
readme.md	Updating Deploy buttons and links part 1	2021-06-16 00:25:40 +00:00

readme.md

Microsoft released threat indicators related to Covid19 as described at https://www.microsoft.com/security/blog/2020/05/14/open-sourcing-covid-threat-intelligence/

These playbooks automate the ingest of these threat indicators into the ThreatIntelligenceIndicator table of an Azure Sentinel workspace. Detailed instructions for deploying these workbooks can be found at https://aka.ms/sentinelc19blog Note: You must deploy the C19ImportToSentinel playbook before deploying the C19IndicatorProcessor playbook. You must also make sure the Playbook2Name parameter uses the exact name you chose when importing the C19ImportToSentinel playbook.

Here is the order of deployment:

Deploy the C19ImportToSentinel playbook template:

Deploy the C19IndicatorProcessor playbook template: