Close Cohesity Helios Incident

Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · 📊

Back to Content Index

This playbook closes the corresponding Cohesity DataHawk (Helios) ticket.

Attribute Value
Type Playbook
Solution CohesitySecurity
Source View on GitHub

Additional Documentation

📄 Source: Cohesity_Close_Helios_Incident/readme.md

Cohesity Close Helios Incident Playbook

Summary

This playbook closes the Cohesity Data Cloud alert. Remember: It works only if you have installed the Function Apps and have received a few incidents that require closure.

Deployment Instructions

  1. Click on the "Deploy to Azure" button to deploy the playbook. This step directs you to deploy an ARM Template wizard. Deploy to Azure
  2. Fill the required parameters: * Playbook Name: Enter the playbook name here.

Post-deployment Instructions

  1. The user who runs the playbook must have the role Microsoft Sentinel Playbook Operator. To assign the role: * Under the Subscriptions tab from the Home page, choose your subscription name. * Choose the Access Control (IAM) option from the left pane. * Click on Add > Add Role Assignment and add Microsoft Sentinel Playbook Operator to the user.

  2. Grant KeyVault permissions to your playbook. Follow the steps below. * Go to Key vaults and choose your keyvault, which starts from cohesitypro and is followed by a sequence of letters and numbers, for example, cohesityprofnxj32cucakwk. * On the right pane, select Access Policies and click +Create. * Choose Get permission in the Secret Permissions section and press Next. * Enter your playbook name and press Next. * Press Next and then Create to finish granting permissions.

Troubleshooting

  1. If your API key expired, then you have to replace it with a new one. * Create the Cohesity Data Cloud API key: * Go to the Cohesity Data Cloud login page. * Enter your credentials and select Log In. The Summary page is displayed. * Navigate to Settings > Access Management. The Users tab is displayed. * Select Add API Key. The API Key Details is displayed. * Enter a name for the API key. * Select Save. * Go to Key vaults and choose your keyvault, which starts from cohesitypro and is followed by a sequence of letters and numbers, for example, cohesityprofnxj32cucakwk. * Assign the API Key secret to the API Key value from the previous step. Now your API key is securely saved in the Microsoft Azure KeyVault.
  2. If you see the Forbidden error message in the Keyvault block when you run the playbook, you can authorize it manually. * Choose your app (playbook) in the Logic Apps. * Authorize your KeyVault connection by selecting it and clicking on General\Edit API Connection. * Click on the Authorize button and select the appropriate account. Enter your key vault name if prompted. You can find your key vault name here. * Note: If you can't authorize the connections using the steps above, then you can follow the steps below. * Open your playbook in Development Tools\Logic App Designer * Click on the connection block. * Click on the Change connection link in the right pane. * Create a new connection or choose a different one or authorize the one that is marked with an "i" sign.

References

Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · 📊

Back to Playbooks · Back to CohesitySecurity