Azure
/
Azure-Sentinel
зеркало из
1
0
Форкнуть 0
Код Задачи Пакеты Проекты Релизы Вики Активность
Azure-Sentinel/Playbooks/Send-Slack-Message-Webhook
История
Anki Narravula 96abda46d5
Updated with Managed identity 		2022-09-01 12:33:44 +05:30
..
incident-trigger Updated with Managed identity 2022-09-01 12:33:44 +05:30
readme.md Adding changes 2022-03-31 08:29:52 -07:00

readme.md

Send Slack Message Via Webhook

author: Zachi Neuman

This playbook will be sending slack with basic incidents details (Incident title, severity, tactics, link,…) when incident is created in Azure Sentinel. The playbook includes functionality to:

  1. Close Incident As False Positive
  2. Close Incident As Benign Positve
  3. Change Incident Status To Active
  4. White List Entities

Pre-requisites:

Slack application with:

  1. Webhook installed 1.1 How to install webhook - https://api.slack.com/messaging/webhooks
  2. Interactivity Enbaled

Deployment:

[![Deploy to Azure Gov](https://aka.ms/deploytoazuregovbutton)]()

Post-deployment

Configure connections

Edit the Logic App or go to Logic app designer.

Attach the playbook

After deployment, attach this playbook to an automation rule so it runs when the incident is created. Learn more about automation rules


Screenshot

Playbook screenshoot

Email screenshot