Microsoft Security Tech Accelerator
Dec 06 2023, 07:00 AM - 12:00 PM (PST)
Microsoft Tech Community

IP Block on on-premises Firewall using Sentinel Playbooks

Brass Contributor

Hello- I was wondering if we can block IP address on on-prem firewall that has no internet connectivity. Can we achieve this using Sentinel playbook? I don't want my on-prem firewall to be exposed.

1 Reply
Are looking to manage a list of IPs that are blocked by your OnPremises Firewall in Sentinel or do you want a Remediation Action to write IPs that you find to be Suspicios through Hunting on demand?
Either way, if you do not want to expose your Firewall to the internet your firewall vendor will either have to support REST API Calls originating from the Firewall or you need an API that is Accessible from OnPremises and a Hybrid Worker - Here is an Article by John Joyner about what I think you want to achieve -