Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · 📊
Use this playbook to send Microsoft Sentinel alerts to Salem Virtual Cyber Analyst
| Attribute | Value |
|---|---|
| Type | Playbook |
| Solution | SalemCyber |
| Source | View on GitHub |
📄 Source: SendAlertToSalem/readme.md
This playbook is designed to make it simple to send new Microsoft Sentinel alerts to Salem for investigation. This playbook will forward alerts to the EventHub instance in the Salem managed resource group.
Collect the Salem Event Hub send key. This value will be required during playbook deployment and will enable the playbook to forward new Microsoft Sentinel Alerts to Salem.
The key from the 'alerts' EventHub namespace in the Salem EventHub. You can find this key in the Azure portal for the event hub resource in the Salem managed resource group. The key will already exist, however, you can generate a new key if you wish. If you do create a new key, ensure the key has 'send' permissions.
When deploying the playbook, a new API connection resource was created and needs to be authorized.
The Salem Event Hub has default network rules that may prevent this playbook from connecting. One way to allow network traffic to the Event Hub is to update the Event Hub network settings to allow inbound connections from the IP addresses associated with the region in which you deploy the playbook. You can find the IP ranges based on the region you deployed this playbook, here
The Event Hub used by Salem is located in the Salem managed resource group. You can find this resource group in the overview page of the Salem application.
It is also possible to use vNet integration or private endpoints to communicate between the playbook and the Salem Event Hub
For support, contact support@salemcyber.com
Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · 📊