Azure-Sentinel/Playbooks/HaveIBeenPwned-Email
Rod Trent daa61ec5de
Update readme.md
2021-01-26 10:40:02 -05:00
..
azuredeploy.json Create azuredeploy.json 2021-01-21 14:09:12 -05:00
readme.md Update readme.md 2021-01-26 10:40:02 -05:00

readme.md

HaveIBeenPwned-Email

This Playbook for Azure Sentinel uses the API for haveibeenpwned.com and checks to see if an email address entity in an Incident has been compromised online and returns a quick note to the Comments tab in the Incident as to whether or not the email address (or addresses) has been compromised.

The HaveIBeenPwned API is not free. Theres a nominal $3.50 per month recurring fee to continue using it, but you can also just pay for a single month to determine if its valuable enough to continue using it. The single month usage is also a handy option if your organization has recently been breached and you need to determine which accounts are compromised. To get the API key, go here: https://haveibeenpwned.com/API/Key

See How to Query HaveIBeenPwned Using an Azure Sentinel Playbook for more information.

Deploy to Azure Deploy to Azure