Skip to content

Commit

Permalink
Update azuredeploy.json
Browse files Browse the repository at this point in the history
  • Loading branch information
@AcceleryntSecurityDev
AcceleryntSecurityDev committed Apr 21, 2023
1 parent 13b32ac commit ff89f7a
Showing 1 changed file with 5 additions and 5 deletions.
10 changes: 5 additions & 5 deletions Playbooks/AS-Incident-Spiderfoot-Scan/azuredeploy.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -5,7 +5,7 @@
"title": "AS-Incident-Spiderfoot-Scan",
"description": "This playbook will pull email addresses from the account entities in a Microsoft Sentinel incident and use them as targets in a Spiderfoot scan. By default, the scan is created using the HaveIBeenPwned module. The resulting report of that scan will be emailed to a recipient specified upon deployment.",
"prerequisites": "1. A Spiderfoot account is needed, along with an API key for this account. Support for the set up and configuration of each of these items can be found here: https://github.com/Accelerynt-Security/AS-Incident-Spiderfoot-Scan",
"lastUpdateTime": "2023-04-19T15:23:18Z",
"lastUpdateTime": "2023-04-21T1:38:11Z",
"entities": ["Account"],
"tags": ["Microsoft Sentinel", "Incident", "Spiderfoot"],
"support": {
Expand Down Expand Up @@ -162,7 +162,7 @@
},
"type": "ApiConnection",
"inputs": {
"body": "@triggerBody()?['Entities']",
"body": "@triggerBody()?['object']?['properties']?['relatedEntities']",
"host": {
"connection": {
"name": "@parameters('$connections')['azuresentinel']['connectionId']"
Expand Down Expand Up @@ -226,7 +226,7 @@
"type": "Http",
"inputs": {
"method": "GET",
"uri": "[concat('https://', parameters('SpiderfootSubdomain'), '.hx.spiderfoot.net/api?func=scanstart&apikey=@{body('Get_Secret_API_Key')?['value']}&name=ScanFromSentinel@{formatDateTime(utcNow(), 'MMddyyyy')}&target=@{variables('Scan Targets')}&options=iterate_names=0,correlations=1&modules=sfp_haveibeenpwned')]"
"uri": "[concat('https://', parameters('SpiderfootSubdomain'), '.hx.spiderfoot.net/api?func=scanstart&apikey=@{body(''Get_Secret_API_Key'')?[''value'']}&name=ScanFromSentinel@{formatDateTime(utcNow(), ''MMddyyyy'')}&target=@{variables(''Scan Targets'')}&options=iterate_names=0,correlations=1&modules=sfp_haveibeenpwned')]"
}
},
"Initialize_variable-_Scan_Status": {
Expand Down Expand Up @@ -345,7 +345,7 @@
"type": "ApiConnection",
"inputs": {
"body": {
"Body": "<p>Scan on the following targets is complete:<br>\n@{variables('Scan Targets')}<br>\n<br>\n<br>\nThese entities were run against the following modules:<br>\nHaveIBeenPwned<br>\n<br>\nSpiderfoot report:<br>\nhttps://@{parameters('SpiderfootSubdomain')}/scaninfo?id=@{variables('Scan ID')}<br>\n</p>",
"Body": "[concat('<p>Scan on the following targets is complete:<br>\n@{variables(''Scan Targets'')}<br>\n<br>\n<br>\nThese entities were run against the following modules:<br>\nHaveIBeenPwned<br>\n<br>\nSpiderfoot report:<br>\nhttps://', parameters('SpiderfootSubdomain'), '/scaninfo?id=@{variables(''Scan ID'')}<br>\n</p>')]",
"Subject": "Spiderfoot Scan Report ",
"To": "[parameters('RecipientEmail')]"
},
Expand Down Expand Up @@ -377,7 +377,7 @@
"type": "Http",
"inputs": {
"method": "GET",
"uri": "[concat('https://', parameters('SpiderfootSubdomain'), '.hx.spiderfoot.net/api?func=scanstatus&apikey=@{body('Get_Secret_API_Key')?['value']}&id=@{variables('Scan ID')}')]"
"uri": "[concat('https://', parameters('SpiderfootSubdomain'), '.hx.spiderfoot.net/api?func=scanstatus&apikey=@{body(''Get_Secret_API_Key'')?[''value'']}&id=@{variables(''Scan ID'')}')]"
}
},
"Parse_JSON-_Status": {
Expand Down

0 comments on commit ff89f7a

Please sign in to comment.