История

v-amolpatil 10f239299b migrate app insights to log analytic workspace code change in azure deploy files		2024-01-10 15:30:29 +05:30
..
Data	Update Solution_CohesitySecurity.json	2023-07-04 11:36:14 +05:30
Data Connectors/Helios2Sentinel	migrate app insights to log analytic workspace code change in azure deploy files	2024-01-10 15:30:29 +05:30
Package	Updating Zip for solution	2023-07-18 18:26:38 +05:30
Playbooks	Cohesity security (#6599 )	2023-02-23 10:45:02 +05:30
Tests	Squashed commit of the following:	2023-03-31 13:10:12 -07:00
Tools	Squashed commit of the following:	2023-03-31 13:10:12 -07:00
ReleaseNotes.md	Updating ReleaseNotes for solution	2023-07-18 17:04:51 +05:30
SolutionMetadata.json	Cohesity: Fixed Pkg	2023-02-24 10:54:51 -08:00
build.ps1	Cohesity security (#6599 )	2023-02-23 10:45:02 +05:30
build_one_solution.ps1	Cohesity security (#6599 )	2023-02-23 10:45:02 +05:30
cohesity.json	Squashed commit of the following:	2023-03-31 13:10:12 -07:00
json_parser.sh	Squashed commit of the following:	2023-03-31 13:10:12 -07:00
readme.md	Cohesity security (#6599 )	2023-02-23 10:45:02 +05:30

readme.md

Cohesity Data Cloud Integration with Microsoft Sentinel

You can integrate Cohesity Data Cloud with Microsoft Sentinel to provide security operators and IT operation teams with the automation and operational simplicity to respond to threats and recover from ransomware incidents through Microsoft Sentinel. This integration allows you to:

Send ransomware alerts into Microsoft Sentinel.
View incidents with the alert details.
Escalate to ITSM tool.
Initiate recovery of clean snapshot.
Closed loop integration resolves alerts in Cohesity Data Cloud.

Package Building and Validation Instructions

Disclaimer: You can skip these steps and use one of the pre-built packages from this directory. These steps are required only if you want to rebuild the package.

Follow this readme.md to set up the build prerequisites.
Edit cohesity.json to add the required values. Note: The dummy values are provided to protect Personal Identifiable Information (PII) information.
Run build.ps1 to build the package.
Follow readme.md for post-build manual validation.

Deployment

This package contains the following Azure functions to communicate with Microsoft Sentinel and Cohesity Data Cloud, and playbooks to automate workflows.

The package consists of the following Azure functions:

IncidentProducer to retrieve Cohesity Data Cloud alerts through REST API. For more information, see IncidentProducer.
IncidentConsumer to create incidents in Microsoft Sentinel. For more information, see IncidentConsumer.

You can refer to the Azure Functions file to learn more about the pre-requisites and the deployment of Azure functions.

The package contains the following playbooks:

Cohesity Send Incident Email allows you to send an email to the recipient with the incident details. For more information, see Cohesity Send Incident Email.
Cohesity Create or Update ServiceNow Incident allows you to create and update the incident in the ServiceNow platform. For more information, see Cohesity Create or Update ServiceNow Incident.
Cohesity Restore From Last Snapshot allows you to restore data from the latest clean snapshot in Cohesity Data Cloud. For more information, see Cohesity Restore From Last Snapshot.
Cohesity Close Helios Incident allows you to resolve the corresponding Cohesity Data Cloud alerts. For more information, see Cohesity Close Helios Incident.
Cohesity Delete Incident Blobs allows you to deletes the blobs on Azure storage created by an incident that is generated by Cohesity function apps. For more information, see Cohesity Delete Incident Blobs.

Misc

This GitHub file directory also includes build_one_solution.ps1 that is required to build a solution if the default build-script, provided by Microsoft, takes more time than expected.