Azure-Sentinel icon indicating copy to clipboard operation
Azure-Sentinel copied to clipboard
verified publisher icon Azure

The Hive playbooks

Open vu-socprime opened this issue 3 years ago • 3 comments

Added The Hive Custom API Logic App Connector and 3 playbooks

vu-socprime avatar May 24 '22 13:05 vu-socprime

@rushriva : Please provide your comments

v-spadarthi avatar Jun 24 '22 08:06 v-spadarthi

@rushriva : Could you please review the playbooks. Thanks!

v-spadarthi avatar Jul 27 '22 06:07 v-spadarthi

Hi @vu-socprime - Can you please make following changes. Thanks in advance

  1. For all playbooks, metadata object is missing. With the new template spec (for gallery), this is mandatory. Please look at the latest guide for playbooks contribution
  2. For all playbooks custom connector name must be included in the Parameters and use the parameter directly in "id" attribute of API. For example
 "id": "[concat('/subscriptions/', subscription().subscriptionId, '/resourceGroups/', resourceGroup().name, '/providers/Microsoft.Web/customApis/', variables('customApis_vendorproduct_name'))]"
 "id": "[concat('/subscriptions/', subscription().subscriptionId, '/resourceGroups/', resourceGroup().name, '/providers/Microsoft.Web/customApis/', parameter('customApis_rapid7'))]"
  1. In Custom Connector - name of the custom connector must be a parameter and keep default value (same as the current) also we suggest making host url also as parameter
  2. Wherever sentinel connection used, use Managed Identity always - refer template for an example
  3. Please consider limited actions for Custom connector actions (whatever relevant or closer to SOAR perspective). Also please describe in readme (if it is missing)
  4. (If not implemented) Make sure playbook should not fail in case of API does not find entity / specified identity. Rather it should write in Sentinel comment that "Unable to find ......., hence no action taken)
  5. Make sure images are loading in readme files

Hi @anki-narravula The playbooks were updated according to the feedback

vu-socprime avatar Aug 12 '22 08:08 vu-socprime

Hi @vu-socprime - We are good now. Can you please change the azure deploy links to point to master now. Also please see the readme file of TheHive-CreateCase, screenshot is not loading

Hi @anki-narravula - Screenshot loading fixed. Links already point to master.

vu-socprime avatar Aug 23 '22 14:08 vu-socprime

Hi @vu-socprime - We are good now. Can you please change the azure deploy links to point to master now. Also please see the readme file of TheHive-CreateCase, screenshot is not loading

Hi @anki-narravula - Screenshot loading fixed. Links already point to master.

Hi @vu-socprime - I am somehow seeing that it is referencing to socprime branch. Below is the screenshot attached image

anki-narravula avatar Aug 24 '22 05:08 anki-narravula

Hi @vu-socprime - We are good now. Can you please change the azure deploy links to point to master now. Also please see the readme file of TheHive-CreateCase, screenshot is not loading

Hi @anki-narravula - Screenshot loading fixed. Links already point to master.

Hi @vu-socprime - I am somehow seeing that it is referencing to socprime branch. Below is the screenshot attached image

@anki-narravula - Fixed

vu-socprime avatar Aug 24 '22 14:08 vu-socprime