Forum Discussion
Sentinel Playbook: Lock suspicious User Account
Hello toghether, I hope somebody had the same Use case. In Sentinel I like to run an Playbook which lock an User in the Azure (Cloud) and on Prem (AD), after an Analytic rule has triggerd / fou...
Hello,
There is a block user (Entra) example https://github.com/Azure/Azure-Sentinel/tree/3a2c56770d6dcf43028d34c90ae5d00a92200942/Solutions/Microsoft%20Entra%20ID/Playbooks
Here is another example: https://github.com/Azure/Azure-Sentinel/tree/3a2c56770d6dcf43028d34c90ae5d00a92200942/Playbooks/Block-OnPremADUser
Searching for keywords like "lock" in the Github may help you find more, example: https://github.com/search?q=repo%3AAzure%2FAzure-Sentinel%20lock&type=code
There is a block user (Entra) example https://github.com/Azure/Azure-Sentinel/tree/3a2c56770d6dcf43028d34c90ae5d00a92200942/Solutions/Microsoft%20Entra%20ID/Playbooks
Here is another example: https://github.com/Azure/Azure-Sentinel/tree/3a2c56770d6dcf43028d34c90ae5d00a92200942/Playbooks/Block-OnPremADUser
Searching for keywords like "lock" in the Github may help you find more, example: https://github.com/search?q=repo%3AAzure%2FAzure-Sentinel%20lock&type=code
