Block user in Onprem NVA

Copper Contributor

I am looking for a playbook which block the user identity in on-premises Network Virtual Appliance

6 Replies

@Reddy585 Without knowing what NVA you are using it would be very difficult to point you in the correct direction.   With that being said, take a look at the listing of playbooks in the Azure Sentinel GitHub repository

 

https://github.com/Azure/Azure-Sentinel

@Gary BusheyCan we block user in onprem Active Directory/ onprem Firewall using Playbook?

@Reddy585 I know you can block a user via PowerShell and you can run a PowerShell script via a Playbook but I am not sure if you can use that PowerShell command in a Playbook.  Other than that I do not know if it is possible.

Thank you.
I would recommend triggering an Automation Runbook from your Playbook, which uses a Hybrid Worker. This can interact with on-prem servers:
https://docs.microsoft.com/en-us/azure/automation/automation-hybrid-runbook-worker
Thank you I let you know the result once I have done my testing