Showing posts with label deployment. Show all posts
Showing posts with label deployment. Show all posts

Wednesday, September 8, 2021

Azure Sentinel- Most common Use cases deployment

 Ready to go . Just import them, configure any additional permissions needed. Take advantage of Azure Sentinel right now.


Disable Users from OnPrem Active Directory:

https://github.com/Azure/Azure-Sentinel/tree/master/Playbooks/Block-OnPremADUser


Block Azure AD Users:

https://github.com/Azure/Azure-Sentinel/tree/master/Playbooks/Block-AADUser


Integrate Azure Sentinel alerts with Service Now:

https://github.com/Azure/Azure-Sentinel/tree/master/Playbooks/Close-SentinelIncident-fromSNOW


Add Comments (Guidelines) on Incidents:

https://github.com/Azure/Azure-Sentinel/tree/master/Playbooks/Comment-RemediationSteps


Confirm Risks for Azure Active Directory Users:

https://github.com/Azure/Azure-Sentinel/tree/master/Playbooks/Confirm-AADRiskyUser


Collect Threat Vulnerability Management report from compromised Machine:

https://github.com/Azure/Azure-Sentinel/tree/master/Playbooks/Enrich-SentinelIncident-MDATPTVM


Send all details (Machine Vulnerabilities, Missing KBs, Security Recommendations, Alerts, Software Inventory) from a compromised Machine and send it via Teams:

https://github.com/Azure/Azure-Sentinel/tree/master/Playbooks/Get-MachineData-EDR-SOAR-ActionsOnMachine


Send scheduled report focused on Cost Management:

https://github.com/Azure/Azure-Sentinel/tree/master/Playbooks/Send-IngestionCostAlert


Start Packet Capture from a compromised Machine:

https://github.com/Azure/Azure-Sentinel/tree/master/Playbooks/Run-AzureVMPacketCapture


Send scheduled report focused on Connector Heath:

https://github.com/Azure/Azure-Sentinel/tree/master/Playbooks/Send-ConnectorHealthStatus


Restrict App Execution in a compromised Machine:

https://github.com/Azure/Azure-Sentinel/tree/master/Playbooks/Restrict-MDATPAppExectution