Azure-Sentinel

История

ngchi 9daca3c24a change image path		2021-03-16 15:54:51 -07:00
..
C19ImportToSentinel.json	Queryandplaybook (#685 )	2020-05-14 18:26:55 +01:00
C19IndicatorProcessor.json	Queryandplaybook (#685 )	2020-05-14 18:26:55 +01:00
playbookparameter.PNG	update important instructions on playbook order of deployment	2021-03-16 15:18:15 -07:00
readme.md	change image path	2021-03-16 15:54:51 -07:00

readme.md

Microsoft released threat indicators related to Covid19 as described at https://www.microsoft.com/security/blog/2020/05/14/open-sourcing-covid-threat-intelligence/

These playbooks automate the ingest of these threat indicators into the ThreatIntelligenceIndicator table of an Azure Sentinel workspace. Detailed instructions for deploying these workbooks can be found at https://aka.ms/sentinelc19blog Note: You must deploy the C19ImportToSentinel playbook before deploying the C19IndicatorProcessor playbook. You must also make sure the Playbook2Name parameter uses the exact name you chose when importing the C19ImportToSentinel playbook.

Here is the order of deployment:

Deploy the C19ImportToSentinel playbook template:

Deploy the C19IndicatorProcessor playbook template: