Azure-Sentinel Tenable Playbooks

Changes:

added Tenable Platform API Logic Apps Custom connector
added Tenable Vulnerability Management API Logic Apps Custom connector
added Tenable-EnrichIncidentWithAssetsInfo playbook
added Tenable-EnrichIncidentWithVulnInfo playbook
added Tenable-LaunchScan playbook

Jul 07 '22 09:07 vu-socprime

Hi @vu-socprime We wanted to check on the status of PR #5566. PR is pending from more than 28 days. Let us know if any assistance is required for this PR. As per our standard operating procedures if no response is received in the next 7 business days we will close this PR. Thank you for your cooperation.

Sep 05 '22 06:09 v-mchatla

Hi @vu-socprime We wanted to check on the status of PR #5566. PR is pending from more than 28 days. Let us know if any assistance is required for this PR. As per our standard operating procedures if no response is received in the next 7 business days we will close this PR. Thank you for your cooperation.

Hi @v-mchatla @anki-narravula Playbooks require some updates and they are still under development.

Sep 05 '22 08:09 vu-socprime

Hi @vu-socprime, We wanted to you know any ETA for this ?

Sep 08 '22 08:09 v-spadarthi

HI @vu-socprime You can move this PR into draft and reopen once it is ready for review.

Sep 08 '22 19:09 NikTripathi

Hey @vu-socprime, this Pr is in draft, can you please check and make it open if needed, thanks.

Sep 30 '22 05:09 v-sabiraj

Hey @vu-socprime, this Pr is in draft, can you please check and make it open if needed, thanks.

Hi, @v-sabiraj, I will finish some updates and then open PR, thanks.

Oct 03 '22 06:10 vu-socprime

Hey @vu-socprime, this Pr is in draft, can you please check and make it open if needed, thanks.

Hi, @v-sabiraj, I will finish some updates and then open PR, thanks.

Ok sure, @vu-socprime please let us know once done.

Oct 11 '22 13:10 v-sabiraj

Hi @vu-socprime - Can you please make following changes. Thanks in advance

For all playbooks, metadata object is missing. With the new template spec (for gallery), this is mandatory. Please look at the latest guide for playbooks contribution

For all playbooks custom connector name must be included in the Parameters and use the parameter directly in "id" attribute of API. For example
 "id": "[concat('/subscriptions/', subscription().subscriptionId, '/resourceGroups/', resourceGroup().name, '/providers/Microsoft.Web/customApis/', variables('customApis_vendorproduct_name'))]"
 "id": "[concat('/subscriptions/', subscription().subscriptionId, '/resourceGroups/', resourceGroup().name, '/providers/Microsoft.Web/customApis/', parameter('customApis_rapid7'))]"
In CustomConnector - name of the custom connector must be a parameter and keep default value (same as the current) also we suggest to make host url also as parameter

Wherever sentinel connection used, use ManagedIdentity always - refer template for an example

Please consider limited actions for Custom connector actions (whatever relavant or closer to SOAR perspective). Also please describe in readme (if it is missing)

@anki-narravula Done

Oct 13 '22 16:10 vu-socprime

Hey @vu-socprime, this Pr is in draft, can you please check and make it open if needed, thanks.

Hi, @v-sabiraj, I will finish some updates and then open PR, thanks.

Ok sure, @vu-socprime please let us know once done.

@v-sabiraj Done

Oct 13 '22 16:10 vu-socprime

@manishkumar1991 / @rahul0216 : Please review the playbooks and provide an update. Thanks!

Oct 18 '22 11:10 v-spadarthi

@anki-narravula, can you please review this, thanks.

Oct 21 '22 05:10 v-sabiraj

@anki-narravula, can you please review this, thanks.

Oct 25 '22 08:10 v-spadarthi

Merging this as already approved by @anki-narravula, thanks.

Oct 28 '22 06:10 v-sabiraj