Azure
/
Azure-Sentinel
зеркало из
1
0
Форкнуть 0
Код Задачи Пакеты Проекты Релизы Вики Активность
Azure-Sentinel/Playbooks/Isolate-AzureStorageAccount
История
Lior Tamir aad48299ca Update playbook trigger names 2022-02-22 17:02:56 +02:00
..
azuredeploy.json Update playbook trigger names 2022-02-22 17:02:56 +02:00
readme.md Updating Deploy buttons and links part 1 2021-06-16 00:25:40 +00:00

readme.md

Isolate-AzureStorageAccount

author: Ryan Graham

This playbook will take Storage Account host entites from triggered incident and search for matches in the enterprises subscriptions. An email for approval will be sent to isolate Azure Storage Account. Upon approval, the Storage Account firewall virtualNetworkRules and ipRules will be cleared, bypass rule set to None, and defaultAction set to Deny.

Deploy to Azure Deploy to Azure Gov

Additional Post Install Notes:

The Logic App creates and uses a Managed System Identity (MSI) to search the Azure Resource Graph and update the Storage Account.

Assign RBAC 'Reader' role to the Logic App at the root Management Group level. Assign RBAC 'Storage Account Contributor' role to the Logic App at the root Management Group level.