Azure-Sentinel/Playbooks/Close-Incident-ASCAlert
dicolanl 1432932ad3
Merge pull request #506 from swiftsolves-msft/nateswi_playbook
updated params fields
2020-02-27 08:56:52 -05:00
..
azuredeploy.json removed closereason 2020-02-26 21:26:15 -05:00
readme.md Fixing Playbook Deploy URLs 2020-02-24 10:06:59 -05:00

readme.md

Close-Incident-ASCAlert

author: Nathan Swift

This playbook will close the Sentinel incident and will also dismiss the corresponding Azure Security Center alert

Additional Post Install Notes:

The Logic App uses a Managed System Identity to authenticate and authorize against management.azure.com to dismiss the ASC Alert. Be sure to turn on the System Assigned Identity in the Logic App.

Assign RBAC 'Security Admin' role to the Logic App at the Subscription level.