cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Microsoft Security Tech Accelerator
Dec 06 2023, 07:00 AM - 12:00 PM (PST)
Microsoft Tech Community
Find out more

IP Block on on-premises Firewall using Sentinel Playbooks

Usama_Saleem
Brass Contributor

‎Sep 24 2023 11:50 PM

‎Sep 24 2023 11:50 PM

IP Block on on-premises Firewall using Sentinel Playbooks

Hello- I was wondering if we can block IP address on on-prem firewall that has no internet connectivity. Can we achieve this using Sentinel playbook? I don't want my on-prem firewall to be exposed.

308 Views
0 Likes
1 Reply
Reply
1 Reply
juliansperling

‎Sep 25 2023 12:16 AM

‎Sep 25 2023 12:16 AM

Re: IP Block on on-premises Firewall using Sentinel Playbooks

Are looking to manage a list of IPs that are blocked by your OnPremises Firewall in Sentinel or do you want a Remediation Action to write IPs that you find to be Suspicios through Hunting on demand?
Either way, if you do not want to expose your Firewall to the internet your firewall vendor will either have to support REST API Calls originating from the Firewall or you need an API that is Accessible from OnPremises and a Hybrid Worker - Here is an Article by John Joyner about what I think you want to achieve - https://blog.johnjoyner.net/azure-sentinel-soar-worker-azure-arc-azure-automation/
0 Likes
Reply