Azure
/
Azure-Sentinel
зеркало из
1
0
Форкнуть 0
Код Задачи Пакеты Проекты Релизы Вики Активность
Azure-Sentinel/Playbooks/Notify-ASCAlertAzureResource
История
..
azuredeploy.json
readme.md

readme.md

Notify-ASCAlertAzureResource

author: Nathan Swift

This playbook will notify RBAC assigned Owners and Contributors both user and mail enabled security groups on the Azure Resource via a ASC alert generated Sentinel Incident.

Deploy to Azure Deploy to Azure Gov

Additional Post Install Notes:

The Logic App creates and uses a Managed System Identity (MSI) to authenticate and authorize against management.azure.com to obtain PrincipalIDs assigned to the Azure Resource. The MSI is also used to authenticate and authorize against graph.windows.net to obtains RBAC Objects by PrincipalIDs.

Assign RBAC 'Reader' role to the Logic App at the Subscription level. Assign AAD Directory Role 'Directory readers' role to the Logic App.