980b128a5e
|
||
|---|---|---|
| .. | ||
| HaveIBeenPwnedCustomConnector | ||
| Playbooks | ||
| HaveIBeenPwned.jpg | ||
| azuredeploy.json | ||
| azuredeploylinkedtemplate.json | ||
| readme.md | ||
readme.md
HaveIBeenPwned Logic Apps Custom Connector and playbook templates
Table of Contents
- Overview
- Deploy Custom Connector + 4 Playbook templates
- Authentication
- Prerequisites
- Deployment
- Post Deployment Steps
- References
- Limitations
Overview
Have I Been Pwned is a website that allows Internet users to check whether their personal data has been compromised by data breaches.
Deploy Custom Connector + 4 Playbook templates
This package includes:
- Custom connector for HaveIBeenPwned.
- Four playbook templates leverage HaveIBeenPwned custom connector.
You can choose to deploy the whole package : connector + all four playbook templates, or each one seperately from it's specific folder.
HaveIBeenPwned connector documentation
Authentication
Authentication methods this connector supports- API Key authentication
Prerequisites for using and deploying Custom Connector + 4 playbooks
- HaveIBeenPwned service end point should be known. (e.g. https://{haveibeenpwned.com})
- Generate an API key. Refer this link on how to generate the API Key
Deployment instructions
- Deploy the Custom Connector and playbooks by clicking on "Deploy to Azure" button. This will take you to deploying an ARM Template wizard.
- Fill in the required parameters for deploying custom connector and playbooks
| Parameters | Description |
|---|---|
| For Custom Connector | |
| Custom Connector name: | Enter the Custom connector name (e.g. contoso HaveIBeenPwned connector) |
| Service Endpoint: | Enter the HaveIBeenPwned service end point (e.g. https://{haveibeenpwned.com}) |
| For Playbooks | |
| HaveIBeenPwned Enrichment GetAccountBreaches: | Enter the playbook name for account breaches (e.g. HaveIBeenPwned Playbook) |
| HaveIBeenPwned Enrichment GetSiteBreaches: | Enter the playbook name for site breaches (e.g. HaveIBeenPwned Playbook) |
| HaveIBeenPwned Response On Teams: | Enter the playbook name for response on teams (e.g. HaveIBeenPwned Playbook) |
| HaveIBeenPwned Send Email : | Enter the playbook name for sending email (e.g. HaveIBeenPwned Playbook) |
Post-Deployment instructions
After deploying response from Teams playbook, we need to select the Teams group and Teams channel from the dropdown in logic app designer.
a. Authorize connections
Once deployment is complete, you will need to authorize each connection.
- Click the Teams connection resource
- Click edit API connection
- Click Authorize
- Sign in
- Click Save
- Repeat steps for other connections such as Office 365 connection and HaveIBeenPwned API Connection (For authorizing the HaveIBeenPwned API connection, API Key needs to be provided)
b. Configurations in Sentinel
- In Azure sentinel analytical rules should be configured to trigger an incident with risky user account or site.
- Configure the automation rules to trigger the playbooks.
Reference to the playbook templates and the connector
Connector *HaveIBeenPwnedCustomConnector
Playbooks
- HaveIBeenPwned_Enrichment_GetAccountBreaches : Playbook to Get Account Breaches and update to incident
- HaveIBeenPwned_Enrichment_GetSiteBreaches : Playbook to Get Site Breaches and update to incident
- HaveIBeenPwned_ResponseOnTeams : Playbook to act based on Response from Teams
- HaveIBeenPwned_SendEmail : Playbook to send email automatically
Known Issues and Limitations
- We need to authorize the connections after deploying the playbooks.