Azure
/
Azure-Sentinel
зеркало из
1
0
Форкнуть 0
Код Задачи Пакеты Проекты Релизы Вики Активность
Azure-Sentinel/Playbooks/Get-AD4IoTDeviceCVEs
История
..
alert-trigger
incident-trigger
readme.md

readme.md

Get-AD4IoTDeviceCVEs

author: Nicholas DiCola

This playbook will get device CVEs from the Azure Defender for IoT sensor. The CVEs will be written to a JSON blob in Azure Storage and a link will be added to the Azure Sentinel Incident comments.

Quick Deployment

Deploy with incident trigger (recommended)

After deployment, attach this playbook to an automation rule so it runs when the incident is created.

Learn more about automation rules

Deploy to Azure Deploy to Azure Gov

Deploy with alert trigger

After deployment, you can run this playbook manually on an alert or attach it to an analytics rule so it will rune when an alert is created.

Deploy to Azure Deploy to Azure Gov

Prerequisites

  • The Azure Defender for IoT Sensor must be accessible from the Azure Logic App.
  • You will need to generate an API key. The Key will be stored in Azure Key Vault with only the Logic App system identity able to access it. For instructions to generate an API Key see.

Screenshots

Incident Trigger
Incident Trigger Alert Trigger
Alert Trigger