525d001024
|
||
|---|---|---|
| .. | ||
| azuredeploy.json | ||
| readme.md | ||
readme.md
Get-SentinelAlertsEvidence
This playbook will Logic will automatically attach alert evidence from Azure Sentinel alerts and send them to an Event Hub that can be consumed by a 3rd party SIEM solution.
Author: Yaniv Shasha
Deploy the solution
- Create an Event Hub using the article "Create an event hub using Azure portal"
https://docs.microsoft.com/azure/event-hubs/event-hubs-create or use an existing Event Hub. - Go to the Playbook GitHub page.
- Press the "deploy to azure" button.
- Fill the above information:
- Azure Sentinel Workspace Name
- Azure Sentinel Workspace resource group name
- Number of events to pulls from Azure Sentinel (default value is 10 latest events )
- Once the playbook is deployed, Modify the “Run query and list results” actions and point it to your Azure sentinel workspace.
- Next, configure the "send event" actions to use your Event Hub that created earlier.
<