Azure
/
Azure-Sentinel
зеркало из
1
0
Форкнуть 0
Код Задачи Пакеты Проекты Релизы Вики Активность
Azure-Sentinel/Solutions/GoogleDirectory/Playbooks
История
Vitalii Uslystyi bf67d16cf2 add SystemAssigned to workflows 2022-08-19 10:43:43 +03:00
..
GoogleDirectoryAPIConnector update connector 2022-08-09 15:26:03 +03:00
Playbooks add SystemAssigned to workflows 2022-08-19 10:43:43 +03:00
azuredeploy.json add connector name as parameter 2022-08-09 13:32:13 +03:00
readme.md add connector name as parameter 2022-08-09 13:32:13 +03:00

readme.md

Tenable Logic Apps connector and playbook templates

drawing

Table of Contents

  1. Overview
  2. Custom Connector + 3 Playbook templates deployment
  3. Authentication
  4. Prerequisites
  5. Deployment
  6. Post-Deployment Steps

Overview

This custom connector connects to Google Directory Users API.

Custom Connector + 3 Playbook templates deployment

This package includes:

You can choose to deploy the whole package: connector + all three playbook templates, or each one seperately from its specific folder.

Deploy to Azure Deploy to Azure

Tenable connectors documentation

Authentication

  • OAuth2.0 authentication

Prerequisites

To configure the connector follow the instructions:

  1. Deploy the connector using Deploy to Azure button.
  2. Create authorization credentials (see instructions). As a redirection url, use the redirection url that you can find on the connector page (in Azure go to Logic Apps Custom Connector -> GoogleDirectory -> click Edit -> Security -> copy Redirect URL). If this is your first time creating a client ID, you can also configure your consent screen by clicking Consent Screen. (The following procedure explains how to set up the Consent screen.) You won't be prompted to configure the consent screen after you do it the first time. Note that the scope https://www.googleapis.com/auth/admin.directory.user has to be enabled in the consent screen.
  3. In Azure go to Logic Apps Custom Connector -> GoogleDirectory -> click Edit -> Security -> fill the Client id and Client secret, obtained in the previous step -> click Update connector.

Deployment instructions

  1. To deploy Custom Connectors and Playbooks, click the Deploy to Azure button. This will launch the ARM Template deployment wizard.
  2. Fill in the required parameters for deploying Custom Connectors and Playbooks
Parameters Description
GoogleDirectoryConnectorName Logic App Connector Name
Google-SuspendUser Name of the Playbook
Google-SignOutUser Name of the Playbook
Google-EnrichIncidentWithUserInfo Name of the Playbook
TeamsGroupId Value of TeamsGroupId parameter in Google-SuspendUser playbook. Id of the Teams Group where the adaptive card will be posted.
TeamsChannelId Value of TeamsChannelId parameter in Google-SuspendUser playbook. Id of the Teams Channel where the adaptive card will be posted.

Post-Deployment instructions

a. Authorize connections

Once deployment is complete, authorize each connection. Check documentation for each Playbook.

b. Configurations in Sentinel

  1. In Microsoft sentinel, analytical rules should be configured to trigger an incident that contains Accounts. In the Entity maping section of the analytics rule creation workflow, user email should be mapped to FullName identitfier of the Account entity type. Check the documentation to learn more about mapping entities.
  2. Configure the automation rules to trigger the playbook. Check the documentation to learn more about automation rules.