Skip to content

Latest commit

 

History

History
30 lines (22 loc) · 1.69 KB

Readme_en.md

File metadata and controls

30 lines (22 loc) · 1.69 KB

AutoClosing-SAMPLEALERT-FromMDfC

This automation (Logics Apps) provides to close SAMPLE ALERTS from Microsoft Defender for Cloud. Playbook will act the following sequences:

  1. Detect [SAMPLE ALERTS] naming from Incident Title
  2. Change to Severity as Informational.
  3. Incident Close and reason as "Undetermined" and comments as "サンプルアラートのためクローズ"
  4. Add Tag as "SAMPLE".

image

Deploy to Azure

Here is a instruction to install Automation template for Sentinel.

1. Install Template

This button will provide deploys playbook.

Deploy to Azure

2. Require 'Microsoft Sentinel Responder' rule for Managed ID of Logic Apps

This template create Logic Apps that is used authentication by Managed ID. The workflow requires 'Microsoft.SecurityInsights/incidents/read' to the target Microsoft Sentinel, so please assign suitable role for managed id. image Here is a sample image

3. Create Automation rule for the trigger

Create Automation rule to trigger LogicApps. image