466d619981
|
||
|---|---|---|
| .. | ||
| Readme.md | ||
| azuredeploy.json | ||
Readme.md
Author: Rudi Jubran
Based on original playbook by: Nicholas DiCola (Get-GeoFromIPAndTagIncident)
This playbook will take the IP address entities from the Incident and query a Geo-IP API to geo-locate the IP Address. It will then write the City, Country, and Account entites to tags on the Incident. Then, these tags are compared to a user-defined condition, and unexpected City/Country/User become alerts. Expected incidents are closed.
In summary, according to Incident tags, the playbook will either:
- Close the incident (If incident matches expected country/city/user)
- Set the Incident to "In Progress", and email an alert containing the user, IP, geo tag and timestamp. (If incident does not match defined country/city/user)
Configure the following via Logic App Designer:
Define expected tags:
Define "to" address for alerts:
