efdd232a75
Update Open-Zendesk-Ticket.json |
||
|---|---|---|
| .. | ||
| Block-AADUser.json | ||
| Change-Incident-Severity.json | ||
| Confirm-AADRiskyUser.json | ||
| Get-GeoFromIpAndTagIncident.json | ||
| Get-IPReputation.json | ||
| Get-MDATPInvestigationPackage.json | ||
| Isolate-MDATPMachine.json | ||
| Open-JIRA-Ticket.json | ||
| Open-SNOW-Ticket.json | ||
| Open-Zendesk-Ticket.json | ||
| Post-Message-Slack.json | ||
| Post-Message-Teams.json | ||
| Prompt-User.json | ||
| ReadMe.md | ||
| Reset-AADUserPassword.json | ||
| Restrict-MDATPAppExectution.json | ||
| Revoke-AADSignInSessions.json | ||
| Run-MDATPAntivirus.json | ||
ReadMe.md
About
This repo contains sample security playbooks for automation, orchestration and response
This folder contains security playbooks ARM templates that can be used using Microsoft Azure Sentinel connector. After selecting a playbook, in the Azure Sentinel portal:
- Search for deploy a custom template
- Click build your own template in the editor
- Paste the conents from the GitHub playbook
- Click Save
- Fill in needed data and click purchase
Once deployment is complete, you will need to authorize each connection.
- Click the Azure Sentinel connection resource
- Click edit API connection
- Click Authorize
- Sign in
- Click Save
- Repeat steps for other connections a. For Azure Log Analytics Data Collector, you will need to add the workspace ID and Key
You can now edit the playbook in Logic apps.
Suggestions and feedback
We value your feedback. Let us know if you run into any problems or share your suggestions and feedback by sending email to AzureSentinel@microsoft.com