Rubrik Update Anomaly Status

Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · 📊

Back to Content Index

This playbook will resolve or report false positive to unresolved anomaly and update status as resolved.

Attribute Value
Type Playbook
Solution RubrikSecurityCloud
Source View on GitHub

Additional Documentation

📄 Source: RubrikUpdateAnomalyStatus/readme.md

Summary

This playbook will resolve or report false positive to unresolved anomaly and update status as resolved.

Prerequisites

  1. The Rubrik Security Cloud data connector should be configured to send appropriate events to Microsoft Sentinel.
  2. The Rubrik Security Cloud solution should be configured to connect to Rubrik Security Cloud API end points using a Service Account, the service account should be assigned a role that includes the relevant privileges necessary to perform the desired operations (see Roles and Permissions in the Rubrik Security Cloud user guide).
  3. Obtain Teams GroupId and ChannelId
    • Create a Team with public channel.
    • Click on three dots (...) present on right side of the your newly created teams channel and Get link to the channel.
    • Copy the text from the link between /channel and /, decode it using online url decoder and copy it to use as channelId.
    • Copy the text of groupId parameter from link to use as groupId.

Deployment instructions

  1. To deploy the Playbook, click the Deploy to Azure button. This will launch the ARM Template deployment wizard.
  2. Fill in the required parameters:
    • PlaybookName: Enter the playbook name here.
    • Teams Group Id: Id of the Teams Group where the adaptive card will be posted
    • Teams Channel Id: Id of the Teams Channel where the adaptive card will be posted

Deploy to Azure Deploy to Azure

Post-Deployment instructions

a. Authorize connections

Once deployment is complete, authorize each connection. 1. Go to your logic app -> API connections -> Select teams connection resource 2. Go to General -> edit API connection 3. Click Authorize 4. Sign in 5. Click Save

Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · 📊

Back to Playbooks · Back to RubrikSecurityCloud