Rubrik IOC Scan

Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · 📊

Back to Content Index

This playbook interacts with Rubrik Security Cloud to scan backups for specified IOCs. This playbook is used by other playbooks that leverage this capability.

Attribute Value
Type Playbook
Solution RubrikSecurityCloud
Source View on GitHub

Additional Documentation

📄 Source: RubrikIOCScan/readme.md

Summary

This playbook interacts with Rubrik Security Cloud to scan backups for specified IOCs. This playbook is used by other playbooks that leverage this capability.

Prerequisites

  1. The Rubrik Security Cloud data connector should be configured to send appropriate events to Microsoft Sentinel.
  2. The Rubrik Security Cloud solution should be configured to connect to Rubrik Security Cloud API end points using a Service Account, the service account should be assigned a role that includes the relevant privileges necessary to perform the desired operations (see Roles and Permissions in the Rubrik Security Cloud user guide).
  3. Store Service account credentials in Key Vault and obtain keyvault name and tenantId a. Create a Key Vault with unique name b. Go to KeyVault -> secrets -> Generate/import and create 'Rubrik-AS-Int-ClientId' & 'Rubrik-AS-Int-ClientSecret' for storing client_id and client_secret respectively

Deployment instructions

  1. To deploy the Playbook, click the Deploy to Azure button. This will launch the ARM Template deployment wizard.
  2. Fill in the required paramteres:
    • Playbook Name: Enter the playbook name here
    • Rubrik Connector name: Name of the Rubrik Custom Connector deployed previously
    • keyvaultname: Name of keyvault where secrets are stored.
    • tenantId: TenantId where keyvault is located.

Deploy to Azure Deploy to Azure

Post-Deployment instructions

a. Authorize connections

Once deployment is complete, authorize each connection keyvault.

  1. Click the connection resource
  2. Click edit API connection
  3. Click Authorize
  4. Sign in
  5. Click Save
  6. Repeat steps for other connections

Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · 📊

Back to Playbooks · Back to RubrikSecurityCloud