6af5c0c3b9
removed locale in url en-us restored arm deploy function calls for Sentinel-RG and Sentinel-Sub, removed parameter asks for these. |
||
|---|---|---|
| .. | ||
| azuredeploy.json | ||
| readme.md | ||
readme.md
AutoConnect-ASCSubscriptions
author: Lior Tamir modifiedby: Nathan Swift
The playbook is triggered on a scheduled basis.
It is running as a Managed Service Identity - MSI, which monitors a certain management group.
For each subscription this Logic App has access to, if the subscription doesn't have an Azure Security Center connection enabled, a connection to Azure Sentinel is created, and Bi-directional sync is enabled.
See expanded guidance in the following blogpost: Azure Security Center Auto-connect to Sentinel
The Logic App as a Managed Service Indetity - MSI needs to have the following RBAC Roles:
-
Security Admin Role on the Management Group which ASC subscriptions are under. This is required for listing all available subscriptions, including new ones which are not connected yet. In addition subscriptions will be enabled for Bi-directional sync. In some organizations, it is the Root Management Group.
-
Azure Sentinel Contributor Role on the Azure Sentinel workspace. This is required for checking if a connection exists for a certain subscription, and for creating the connection rule from a not connected subscription to Azure Sentinel.
Documentation references: