Azure
/
Azure-Sentinel
зеркало из
1
0
Форкнуть 0
Код Задачи Пакеты Проекты Релизы Вики Активность
Azure-Sentinel/Playbooks/Enrich-Sentinel-Incident-Al...
История
Lior Tamir aad48299ca Update playbook trigger names 2022-02-22 17:02:56 +02:00
..
images Adapt alienvault playbook to gallery 2021-07-15 18:20:39 +03:00
azuredeploy.json Update playbook trigger names 2022-02-22 17:02:56 +02:00
readme.md Update readme.md 2021-07-15 16:54:19 -04:00

readme.md

Enrich-Sentinel-Incident-AlienVault-OTX

author: Brian Delaney

This playbook will enrich a Sentinel Incident with pulse information from AlienVault OTX. If any pulses are found the Incident will also be tagged and the severity raised to High.

The following entity types will be enriched with this playbook:

  • IP
  • URL
  • File hash
  • DNS

Quick Deployment

After deployment, attach this playbook to an automation rule so it runs when the incident is created.

Learn more about automation rules

Deploy to Azure Deploy to Azure Gov

Prerequisites

  • After deploying the the playbook you will need to grant the playbook's Managed Identity Azure Sentinel Responder (or greater) access to the resource group where Azure Sentinel is installed. This gives the Managed Identity the necessary permissions to add comments, tags, and change incident severity.

Screenshots

Designer

Incident Comments