Ready to go . Just import them, configure any additional permissions needed. Take advantage of Azure Sentinel right now.
Disable Users from OnPrem Active Directory:
https://github.com/Azure/Azure-Sentinel/tree/master/Playbooks/Block-OnPremADUser
Block Azure AD Users:
https://github.com/Azure/Azure-Sentinel/tree/master/Playbooks/Block-AADUser
Integrate Azure Sentinel alerts with Service Now:
https://github.com/Azure/Azure-Sentinel/tree/master/Playbooks/Close-SentinelIncident-fromSNOW
Add Comments (Guidelines) on Incidents:
https://github.com/Azure/Azure-Sentinel/tree/master/Playbooks/Comment-RemediationSteps
Confirm Risks for Azure Active Directory Users:
https://github.com/Azure/Azure-Sentinel/tree/master/Playbooks/Confirm-AADRiskyUser
Collect Threat Vulnerability Management report from compromised Machine:
https://github.com/Azure/Azure-Sentinel/tree/master/Playbooks/Enrich-SentinelIncident-MDATPTVM
Send all details (Machine Vulnerabilities, Missing KBs, Security Recommendations, Alerts, Software Inventory) from a compromised Machine and send it via Teams:
Send scheduled report focused on Cost Management:
https://github.com/Azure/Azure-Sentinel/tree/master/Playbooks/Send-IngestionCostAlert
Start Packet Capture from a compromised Machine:
https://github.com/Azure/Azure-Sentinel/tree/master/Playbooks/Run-AzureVMPacketCapture
Send scheduled report focused on Connector Heath:
https://github.com/Azure/Azure-Sentinel/tree/master/Playbooks/Send-ConnectorHealthStatus
Restrict App Execution in a compromised Machine:
https://github.com/Azure/Azure-Sentinel/tree/master/Playbooks/Restrict-MDATPAppExectution
No comments:
Post a Comment