Azure
/
Azure-Sentinel
зеркало из
1
0
Форкнуть 0
Код Задачи Пакеты Проекты Релизы Вики Активность
Azure-Sentinel/Playbooks/F5BigIP/linkedTemplate.json

229 строки
8.4 KiB
JSON
Исходник Ответственный История

{
"$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
"contentVersion": "1.0.0.0",
"metadata": {
"title": "Four Playbook templates - F5BigIP",
"description": "This is a linked json file for deploying 4 playbooks.",
"mainSteps": [
" Base Playbook: 1. Generates Access Token from F5BigIP using Login Provider Name, Host URL, Username and Password as inputs.",
" BlockIP Playbook: 1. Fetches a list of potentially malicious IP addresses 2.If IP address not present in IP address list, then adds the IP address to IP address list.",
" Block URL: 1. Fetches a list of potentially malicious URLs 2. If URL not present in URL Blocklist Category, then adds the URL to URL Blocklist Category.",
" Enrichment IP: 1. Fetches a list of potentially malicious IP addresses 2. Enriches Incident Comment with IP status information."
],
"prerequisites": [
"1. F5BigIP Host url should be known.",
"2. F5BigIP firewall username and password should be known.",
"3. F5BigIP environment should be accessible with the credentials.",
"4. A Firewall Policy Rule should be created for blocking of IP.",
"5. An address list should be created for blocking IP.",
"6. The address list should be a part of Firewall Policy Rule.",
"7. URL Blocklist Category should be created for blocking URLs."
],
"lastUpdateTime": "2021-07-26T00:00:00.000Z",
"entities": [ "Url", "Ip" ],
"tags": [ "Enrichment", "Remediation" ],
"support": {
"tier": "community"
},
"author": {
"name": "Accenture"
}
},
"parameters": {
"linkedTemplatePlaybookBlockIPURI": {
"type": "string",
"metadata": {
"description": "The Uri of the linked template for Block IP playbook"
}
},
"linkedTemplatePlaybookBlockURLURI": {
"type": "string",
"metadata": {
"description": "The Uri of the linked template for Block URL playbook"
}
},
"linkedTemplatePlaybookEnrichmentIPURI": {
"type": "string",
"metadata": {
"description": "The Uri of the linked template for Enrichment IP playbook"
}
},
"linkedTemplatePlaybookBasePlaybookURI": {
"type": "string",
"metadata": {
"description": "The Uri of the linked template for Enrichment IP playbook"
}
},
"BlockIPPlaybookName": {
"defaultValue": "F5BigIP-Block-IP",
"type": "String",
"metadata": {
"description": "Enter name for Block IP playbook without spaces"
},
"minLength": 3
},
"BlockURLPlaybookName": {
"defaultValue": "F5BigIP-Block-URL",
"type": "String",
"metadata": {
"description": "Enter name for Block URL playbook without spaces"
},
"minLength": 3
},
"EnrichmentIPPlaybookName": {
"defaultValue": "F5BigIP-Enrichment-IP",
"type": "String",
"metadata": {
"description": "Enter name for Enrichment IP playbook without spaces"
},
"minLength": 3
},
"BasePlaybookName": {
"defaultValue": "F5BigIP_Base",
"type": "String",
"metadata": {
"description": "Enter name for Base playbook name without spaces"
},
"minLength": 3
},
"IPAddressListName": {
"type": "string",
"metadata": {
"description": "Enter ip address list name"
},
"minLength": 3
},
"URLBlocklistcategoryName": {
"type": "String",
"metadata": {
"description": "Enter URL Blocklist Category name"
},
"minLength": 3
},
"HostURL": {
"type": "string",
"metadata": {
"description": "Enter host url"
}
},
"Username": {
"type": "string",
"metadata": {
"description": "Enter Username"
}
},
"Password": {
"type": "securestring",
"metadata": {
"description": "Enter password"
}
}
},
"variables": {},
"resources": [
{
"name": "linkedTemplatePlaybookBasePlaybookURI",
"type": "Microsoft.Resources/deployments",
"apiVersion": "2018-05-01",
"properties": {
"mode": "Incremental",
"templateLink": {
"uri": "[parameters('linkedTemplatePlaybookBasePlaybookURI')]"
},
"parameters": {
"PlaybookName": {
"Value": "[parameters('BasePlaybookName')]"
},
"HostURL": {
"Value": "[parameters('HostURL')]"
},
"Username": {
"Value": "[parameters('Username')]"
},
"Password": {
"Value": "[parameters('Password')]"
}
}
}
},
{
"name": "linkedTemplatePlaybookBlockIPURI",
"dependsOn": [
"[resourceId('Microsoft.Resources/deployments', 'linkedTemplatePlaybookBasePlaybookURI')]"
],
"type": "Microsoft.Resources/deployments",
"apiVersion": "2018-05-01",
"properties": {
"mode": "Incremental",
"templateLink": {
"uri": "[parameters('linkedTemplatePlaybookBlockIPURI')]"
},
"parameters": {
"PlaybookName": {
"Value": "[parameters('BlockIPPlaybookName')]"
},
"BasePlaybookName": {
"Value": "[parameters('BasePlaybookName')]"
},
"IPAddressListName": {
"Value": "[parameters('IPAddressListName')]"
}
}
}
},
{
"name": "linkedTemplatePlaybookBlockURLURI",
"dependsOn": [
"[resourceId('Microsoft.Resources/deployments', 'linkedTemplatePlaybookBasePlaybookURI')]"
],
"type": "Microsoft.Resources/deployments",
"apiVersion": "2018-05-01",
"properties": {
"mode": "Incremental",
"templateLink": {
"uri": "[parameters('linkedTemplatePlaybookBlockURLURI')]"
},
"parameters": {
"PlaybookName": {
"Value": "[parameters('BlockURLPlaybookName')]"
},
"BasePlaybookName": {
"Value": "[parameters('BasePlaybookName')]"
},
"URLBlocklistcategoryName": {
"Value": "[parameters('URLBlocklistcategoryName')]"
}
}
}
},
{
"name": "linkedTemplatePlaybookEnrichmentIPURI",
"dependsOn": [
"[resourceId('Microsoft.Resources/deployments', 'linkedTemplatePlaybookBasePlaybookURI')]"
],
"type": "Microsoft.Resources/deployments",
"apiVersion": "2018-05-01",
"properties": {
"mode": "Incremental",
"templateLink": {
"uri": "[parameters('linkedTemplatePlaybookEnrichmentIPURI')]"
},
"parameters": {
"PlaybookName": {
"Value": "[parameters('EnrichmentIPPlaybookName')]"
},
"BasePlaybookName": {
"Value": "[parameters('BasePlaybookName')]"
},
"IPAddressListName": {
"Value": "[parameters('IPAddressListName')]"
}
}
}
}
]
}
Ссылка в новой задаче Показать git blame Копировать постоянную ссылку