422e84b16d
|
||
|---|---|---|
| .. | ||
| azuredeploy.json | ||
| readme.md | ||
readme.md
Ingest and Reference Azure Global IP's
Author: Julian Gonzalez
The Azure IP Watchlist template provides a compiled list of IP's that are used by Azure Services. This template is meant to be used in conjunction with Azure Sentinel Analytic Rules in order to decrease false positive alerts for services and activities that come from Azure based IP addresses.
Pre-requisites
To deploy, users will need:
- An Azure Subscription
- An Azure Sentinel workspace and instance
- A user that has Azure Sentinel Contirbutor permissions on the Resource Group that Azure Sentinel is located in
Deployment Process
Option 1
- Click on the "Deploy to Azure" button.
- Once in the Azure Portal, select the Subscription and Resource Group that Azure Sentinel is under.
- Click "Review and Create".
- Click "Create".
- Within a minute or two, the template should deploy and the Watchlist should appear within the Azure Sentinel environment.
Option 2
- Enter the template within the GitHub folder.
- In the top right corner, select Raw.
- Copy the raw text within the template.
- Go to the Azure Portal.
- Within the search bar at the top, type "Deploy" and select "Deploy a custom template".
- Select "build my own template".
- Within the template space, paste the text copied from GitHub.
- Select the Subscription and Resource Group that Azure Sentinel is under.
- Click "Review and Create".
- Click "Create".
- Within a minute or two, the template should deploy and the Watchlist should appear within the Azure Sentinel environment.