Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Playbook - Isolate an Azure VM #521

Closed
preetikr opened this issue Mar 12, 2020 · 1 comment · Fixed by #532
Closed

Playbook - Isolate an Azure VM #521

preetikr opened this issue Mar 12, 2020 · 1 comment · Fixed by #532

Comments

@preetikr
Copy link
Contributor

Requirements

  • Create an Azure Logic Apps playbook for Azure Sentinel that includes the following workflow:
    • Triggers on an Azure Sentinel alert.
    • If the alert has host(s), isolate the respective machine(s)/host(s)
    • Update the incident associated with the alert with the isolated VMs and outcome of each action.
  • Validate the playbook works as expected per the functional requirement mentioned above.
  • Submit the playbook as a GitHub Pull Request per the playbook contribution guidance.
  • Attach a screenshot of the working playbook with your submission.
  • Provide a readme with the steps with your submission to document any prerequisite steps required before running this playbook.

The first submission that meets the requirements gets the reward. Rewards are subject to Microsoft terms and conditions.

Hint: Feel free to leverage HTTP Connector for Azure Logic Apps as needed.

Helpful resources
@preetikr preetikr added Reward Wish List Item Identifies an item for contribution as part of Rewards Program Reward:$250 $250 Reward for the contribution labels Mar 12, 2020
@preetikr preetikr removed Reward Wish List Item Identifies an item for contribution as part of Rewards Program Reward:$250 $250 Reward for the contribution labels Mar 23, 2020
@preetikr preetikr linked a pull request Mar 23, 2020 that will close this issue
New Playbook - Isolate-AzureVMtoNSG #532
Merged
@preetikr
Copy link
Contributor Author

Resolved by #532

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

New Playbook - Isolate-AzureVMtoNSG swiftsolves-msft/Azure-Sentinel
1 participant
@preetikr