AS-Block-GitHub-User

Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · Logic Apps · 📊

Back to Content Index

This playbook is intended to be run from a Microsoft Sentinel Incident. It will look up the GitHub users associated with the Incident Account Entities and block them from your GitHub organization. If they are members of the GitHub organization, they will also be removed. A comment noting the affected GitHub users will be added to the Incident.

Attribute Value
Type Playbook
Solution Standalone Content
Source View on GitHub

Logic App Connectors

This playbook uses 4 Logic App connectors / built-in actions:

Connector / Action Type Connections Actions
azuresentinel Managed 1 2
keyvault Managed 1 1
function Built-in 0 1
http Built-in 0 3
Action parameters (URLs, paths, function IDs)

azuresentinel (Managed)

Action Method Endpoint Other
Add_comment_to_incident_(V3) post /Incidents/Comment
Entities_-_Get_Accounts post /entities/account

keyvault (Managed)

Action Method Endpoint Other
Get_secret get [concat('/secrets/@{encodeURIComponent(''', parameters('SecretName'), ''')}/value')]

function (Built-in)

Action Method Endpoint Other
CreateJWT functionId=[concat('/subscriptions/', subscription().subscriptionId,'/resourceGroups/', resourceGroup().name ,'/providers/Microsoft.Web/sites/', parameters('FunctionAppName'), '/functions/CreateJWT')]

http (Built-in)

Action Method Endpoint Other
HTTP_-_Block_GitHub_user_from_organization PUT [concat('https://api.github.com/orgs/', parameters('GitHubOrganizationName'), '/blocks/@{items(''For_each_-_Account_entity'')?[''Name'']}')]
HTTP_-_Remove_GitHub_user_as_a_member_from_organization DELETE [concat('https://api.github.com/orgs/', parameters('GitHubOrganizationName'),'/members/@{items(''For_each_-_Account_entity'')?[''Name'']}')]
HTTP_-_Authenticate_as_a_GitHub_App_installation POST [concat('https://api.github.com/app/installations/', parameters('GitHubAppInstallationID'), '/access_tokens')]

Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · Logic Apps · 📊

Back to Playbooks