Azure-Sentinel/Playbooks/Comment-OriginAlertURL
dicolanl 525d001024 Updating Deploy buttons and links part 1 2021-06-16 00:25:40 +00:00
..
azuredeploy.json Placing JSON in folder for Comment-OriginAlertURL 2020-04-22 15:12:35 -07:00
readme.md Updating Deploy buttons and links part 1 2021-06-16 00:25:40 +00:00

readme.md

Comment-OriginAlertURL

author: Jordan Ross

This playbook will add a comment to Sentinel Incidents with the Origin Alert URL for Incidents related to Azure Advanced Threat Protection, Microsoft Cloud App Security, and Microsoft Defender Advanced Threat Protection. With this URL users will be able to unify and expand their investigation experience and view data such as related activities from the detection source (e.g., MCAS).

NOTE: This playbook requires the enablement of at least one of the following data connections: AATP, MCAS, or MDATP. This playbook uses a managed identity to access the API. You will need to add the playbook to the subscriptions or management group with Security Reader Role

Deploy to Azure Deploy to Azure Gov