Azure
/
Azure-Sentinel
зеркало из
1
0
Форкнуть 0
Код Задачи Пакеты Проекты Релизы Вики Активность
Azure-Sentinel/Playbooks/Close-Incident-MCAS
История
Benjamin Kovacevic 3421c2125f Added Deploy to Azure button, change name of json to reflect it. 2021-02-15 13:52:06 +00:00
..
media Add in close incident mcas playbook 2021-02-12 09:22:19 +00:00
README.md Added Deploy to Azure button, change name of json to reflect it. 2021-02-15 13:52:06 +00:00
azuredeploy.json Added Deploy to Azure button, change name of json to reflect it. 2021-02-15 13:52:06 +00:00

README.md

Close Incident MCAS Playbook

Author: Benjamin Kovacevic

This playbook will close the Sentinel incident and will also dismiss the corresponding Microsoft Cloud App Security alert.

Before you start deploying this playbook, we first need to generate MCAS API Token and to get MCAS URL.

Go to MCAS portal (https://portal.cloudappsecurity.com/), click on Settings (Gear icon) and choose Security Extensions.

Click on +Add token, enter token name (like SentinelMCAS) and click on Generate. In next screen COPY API token - after you close, you are not able to see this token again! Copy as well you URL.

screenshot

Now we can deploy playbook template!