Azure-Sentinel icon indicating copy to clipboard operation
Azure-Sentinel copied to clipboard
verified publisher icon Azure

New Playbook - Add IP Entity to Network Security Group

Open briandelmsft opened this issue 3 years ago • 6 comments

Change(s):

  • Added a new Playbook which works on an incident trigger to update a Network Security Group with the IP entities from the Sentinel incident
  • If an NSG rule with the priority you define already exists, the rule will be updated with the additional source IP addresses
  • If the NSG rule does not exist a new deny inbound rule will be created, blocking the source IP addresses
  • Sentinel incident will be updated with comments based on the outcome

Reason for Change(s):

  • No playbooks available to add IP entities to an NSG rule

Testing Completed:

  • Yes, multiple test cases performed with both new and existing rules

briandelmsft avatar Sep 30 '22 13:09 briandelmsft

Hi @devikamehra @rushriva Can you please review and provide your comments Thanks

v-mchatla avatar Oct 04 '22 12:10 v-mchatla

Hi @devikamehra, @rushriva Did you get a chance to work on it. Let me know if you need any other details. Thanks

v-mchatla avatar Oct 07 '22 04:10 v-mchatla

Hi @devikamehra, @rushriva Did you get a chance to work on it. Let me know if you need any other details. Thanks

v-spadarthi avatar Oct 12 '22 05:10 v-spadarthi

Hi @manishkumar1991, Can you please review the playbook content and provide your feedback. Thanks

v-mchatla avatar Oct 14 '22 05:10 v-mchatla

@briandelmsft , please confirm if you have used, our "playbook arm template generator tool" for generating the arm template of provided playbook, if not requesting you to please use the below link to generate the arm template and update the PR

https://github.com/Azure/Azure-Sentinel/tree/master/Tools/Playbook-ARM-Template-Generator

manishkumar1991 avatar Oct 17 '22 08:10 manishkumar1991

@manishkumar1991 I used the manual instructions outlined in the contribution guidelines for this section of the repo as I have done with other submissions in the past. Is there a problem with the current template as I have tested the deployment and haven't seen any issues

briandelmsft avatar Oct 17 '22 09:10 briandelmsft

Hi @manishkumar1991, Can you please address authors queries, so that they will be more clear on why to go for "playbook arm template generator tool" instead of regular process they follow. Thanks

v-mchatla avatar Oct 19 '22 06:10 v-mchatla

Hi @manishkumar1991, Can you please address authors queries, so that they will be more clear on why to go for "playbook arm template generator tool" instead of regular process they follow. Thanks

v-mchatla avatar Oct 21 '22 05:10 v-mchatla