1432932ad3
updated params fields |
||
---|---|---|
.. | ||
azuredeploy.json | ||
readme.md |
readme.md
Close-Incident-ASCAlert
author: Nathan Swift
This playbook will close the Sentinel incident and will also dismiss the corresponding Azure Security Center alert
Additional Post Install Notes:
The Logic App uses a Managed System Identity to authenticate and authorize against management.azure.com to dismiss the ASC Alert. Be sure to turn on the System Assigned Identity in the Logic App.
Assign RBAC 'Security Admin' role to the Logic App at the Subscription level.