1b2f7b6ac2
|
||
|---|---|---|
| .. | ||
| azuredeploy.json | ||
| readme.md | ||
readme.md
Enrich-SentinelIncident-MDATPTVM
author: Yaniv Shasha
This playbook will enrich the Client machine that is part of sentinel incident with thread vulnerabilities data (TVM) with CVE that their score is grater then 7.5.
Also it automatically add this information to the incident as comments and change the incident severity to High.
This logic app use Oauth2 to authenticate against MDATP API. Learn more about authenticating with Oauth2 in Logic Apps
Prerequisite:
- Create AAD app and give the Permissions based on this article
Deploy to Azure