…
|
||
---|---|---|
.. | ||
images | ||
azuredeploy.json | ||
readme.md |
readme.md
Enrich-AzureResourceGraph-Incident
This logicapp calls Enrich-AzureResourceGraph to comment Sentinel Incident based on ResourceGraph data
Quick Deployment
After deployment,
- Allow logicapp managed identity to update incident by adding IAM role Sentinel Responder or above
- attach this playbook to an automation rule so it runs when the incident is created.
Learn more about automation rules
Prerequisites
- Enrich-AzureResourceGraph logicapp
- Adapt query to your context
Screenshots
Workflow explained
- Azure Sentinel incident trigger
- Get Hosts entities
- For each host, call Enrich-AzureResourceGraph
- Add comment and tag found/notfound depending on output