32 строки
1.6 KiB
JSON
32 строки
1.6 KiB
JSON
{
|
|
"$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
|
|
"contentVersion": "1.0.0.0",
|
|
"parameters": {
|
|
"workspace": {
|
|
"type": "String"
|
|
}
|
|
},
|
|
"resources": [
|
|
{
|
|
"id": "[concat(resourceId('Microsoft.OperationalInsights/workspaces/providers', parameters('workspace'), 'Microsoft.SecurityInsights'),'/alertRules/71fec017-1d21-49b7-9c53-d2245e3e4f25')]",
|
|
"name": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/71fec017-1d21-49b7-9c53-d2245e3e4f25')]",
|
|
"type": "Microsoft.OperationalInsights/workspaces/providers/alertRules",
|
|
"kind": "MicrosoftSecurityIncidentCreation",
|
|
"apiVersion": "2021-09-01-preview",
|
|
"properties": {
|
|
"displayName": "Create incidents based on Microsoft Defender for IoT alerts on excessive login attempts",
|
|
"description": "Excessive login attempts may indicate improper service configuration, human error, or malicious activity on the network; a cyber threat attempting to manipulate the SCADA network.",
|
|
"enabled": true,
|
|
"productFilter": "Azure Security Center for IoT",
|
|
"severitiesFilter": null,
|
|
"displayNamesFilter": [
|
|
"Excessive Login Attempts",
|
|
"Excessive SMB login attempts",
|
|
"Password Guessing Attempt Detected"
|
|
],
|
|
"displayNamesExcludeFilter": null,
|
|
"alertRuleTemplateName": null
|
|
}
|
|
}
|
|
]
|
|
} |