Azure-Sentinel/Playbooks/Enrich-SentinelIncident-MDA...
Lior Tamir aad48299ca Update playbook trigger names 2022-02-22 17:02:56 +02:00
..
azuredeploy.json Update playbook trigger names 2022-02-22 17:02:56 +02:00
readme.md Merge branch 'master' into 1506-logicapp-fix 2021-06-20 10:07:35 +03:00

readme.md

Enrich-SentinelIncident-MDATPTVM

author: Yaniv Shasha

This playbook will enrich the Client machine that is part of sentinel incident with thread vulnerabilities data (TVM) with CVE that their score is grater then 7.5. Also it automatically add this information to the incident as comments and change the incident severity to High.
This logic app use Oauth2 to authenticate against MDATP API. Learn more about authenticating with Oauth2 in Logic Apps

Prerequisite:

  • Create AAD app and give the Permissions based on this article

Deploy to Azure

Deploy to Azure Deploy to Azure Gov