Azure
/
Azure-Sentinel
зеркало из
1
0
Форкнуть 0
Код Задачи Пакеты Проекты Релизы Вики Активность
Azure-Sentinel/Playbooks/F5BigIP
История
Lior Tamir 9a78ac9dee Revert change for F5, HaveIBeenPwned 
Moving back to old name the trigger do avoid validations
 		2022-02-27 12:04:52 +02:00
..
Playbooks Update playbook trigger names 2022-02-22 17:02:56 +02:00
azuredeploy.json Revert change for F5, HaveIBeenPwned 2022-02-27 12:04:52 +02:00
linkedTemplate.json F5 Big IP Playbooks 2021-08-16 19:41:10 +05:30
readme.md Modified md and json files 2021-08-17 12:39:45 +05:30

readme.md

F5 BIG-IP Playbook Templates

F5 BIG-IP

Table of Contents

  1. Overview
  2. Deploy 4 Playbook templates
  3. Authentication
  4. Prerequisites
  5. Deployment
  6. Post Deployment Steps
  7. References

Overview

F5 BIG-IP Advanced Firewall Manager protects network against incoming threats, including complex DDOS attacks.

Deploy 4 Playbook templates

This package includes:

  • Four playbook templates leverage F5 BIG-IP's APIs.

You can choose to deploy the whole package : all four playbook templates, or each one seperately from it's specific folder.

Deploy to Azure Deploy to Azure Gov

F5 BIG-IP documentation

Authentication

API Key Authentication

Prerequisites for using and deploying 4 playbooks

  1. F5 BIG-IP Host url should be known.
  2. F5 BIG-IP firewall username and password should be known.
  3. F5 BIG-IP environment should be accessible with the credentials.
  4. A Firewall policy rule should be created for blocking of IP.
  5. An address list should be created for blocking IP and the address list should be a part of Firewall policy rule.
  6. URL Blocklist Category should be created for blocking URLs.

Deployment instructions

  1. Deploy the playbooks by clicking on "Deploy to Azure" button. This will take you to deploying an ARM Template wizard.
  2. Fill in the required parameters for deploying custom connector and playbooks
Parameter Description
For Playbooks
Block IP Playbook Name Enter the name of Block IP playbook without spaces
Block URL Playbook Name Enter the name of Block URL playbook without spaces
Enrichment IP Playbook Name Enter the name of Enrichment IP playbook without spaces
IP Address List Name Enter IP Address List name to block IP
URL Blocklist Category Name Enter URL Blocklist Category name to block URL
For Base Playbook
Base Playbook Name Enter name for F5 BIG-IP base Playbook without spaces.
Host URL Enter value for F5 BIG-IP Host URL.
Username Enter the F5 BIG-IP username.
Password Enter the F5 BIG-IP password.

Post-Deployment Instructions

Configurations in Sentinel

  1. In Azure sentinel analytical rules should be configured to trigger an incident with risky IP address, URL or Hosts.
  2. Configure the automation rules to trigger the playbooks.

References

Base Playbook

Playbooks