История

Lior Tamir aad48299ca Update playbook trigger names		2022-02-22 17:02:56 +02:00
..
images	Update Comment-RemediationSteps	2021-05-27 22:36:59 +00:00
azuredeploy_alert.json	Update playbook trigger names	2022-02-22 17:02:56 +02:00
azuredeploy_incident.json	Update playbook trigger names	2022-02-22 17:02:56 +02:00
readme.md	Updating Deploy buttons and links part 1	2021-06-16 00:25:40 +00:00

readme.md

Comment-RemediationSteps

authors: Jordan Ross and Nicholas DiCola

This playbook will provide analysts with guidance to properly respond to an incident. This will add a comment to a Sentinel Incident with the remediation steps for alerts related to Microsoft Defender for Endpoint and Azure Security Center / Azure Defender. With these steps users will be able to respond to threats and prevent similar suspicious activity from occurring in the future.

Quick Deployment

Deploy with incident trigger (recommended)

After deployment, attach this playbook to an automation rule so it runs when the incident is created.

Learn more about automation rules

Deploy with alert trigger

After deployment, you can run this playbook manually on an alert or attach it to an analytics rule so it will rune when an alert is created.

Prerequisites

This playbook requires the enablement of at least one of the following data connections: Microsoft Defender for Endpoint or Azure Defender. This playbook uses a managed identity to access the API.
You will need to add the playbook to the subscriptions or management group with Security Reader Role

Screenshots

Incident Trigger

Alert Trigger