Team Cymru Scout Create Incident And Notify
Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · 📊
This playbook will create an incident for suspicious or malicious ip and notify to pre-defined or user customizable email id.
| Attribute | Value |
|---|---|
| Type | Playbook |
| Solution | Team Cymru Scout |
| Source | View on GitHub |
Additional Documentation
Summary
This playbook will create an incident for suspicious or malicious ip and notify to pre-defined or user customizable email id.
Prerequisites
- User should have an outlook mail account in order to use this playbook.
Deployment instructions
- To deploy the Playbook, click the Deploy to Azure button. This will launch the ARM Template deployment wizard.
- Fill in the required parameters: * PlaybookName: Please do not change the playbook name, else you will not be able to run playbook from workbook. * EmailId: Enter valid comma separated email ID(s) of receiver without space. (e.g. person1@gmail.com,person2@gmail.com) * WorkspaceName: Enter workspace name in which you want to create an incidents.
Post-Deployment instructions
a. Authorize connections
Once deployment is complete, authorize each connection. 1. Go to your logic app → API connections → Select outlook connection resource 2. Go to General → Edit API connection. 3. Click Authorize 5. Sign in. 6. Click Save. 7. Repeat steps for other connections.
b. Assign Role to add a comment in the incident
After authorizing each connection, assign a role to this playbook. 1. Go to Log Analytics Workspace → your workspace → Access Control → Add 2. Add role assignment 3. Assignment type: Job function roles 4. Role: Microsoft Sentinel Contributor 5. Members: select managed identity for "assigned access to" and add your logic app as a member. 6. Click on review+assign
Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · 📊